1 .\" Copyright (c) 1980, 1986, 1988, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 .\" @(#)3.t 8.1 (Berkeley) 7/27/93
37 .ds RH "Upgrading a \*(Ps System
39 .Sh 1 "Upgrading a \*(Ps system"
41 This section describes the procedure for upgrading a \*(Ps
42 system to \*(4B. This procedure may vary according to the version of
43 the system running before conversion.
44 If you are converting from a
45 System V system, some of this section will still apply (in particular,
46 the filesystem conversion). However, many of the system configuration
47 files are different, and the executable file formats are completely
50 In particular be wary when using this information to upgrade
52 There are at least four different versions of ``\*(Ps'' out there:
56 This was the original version of \*(Ps for HP300s from which the
57 other variants (and \*(4B) are derived.
58 It is largely a \*(Ps system with Sun's NFS 3.0 filesystem code and
59 some \*(Ps-Tahoe features (e.g. networking code).
60 Since the filesystem code is 4.2/4.3 vintage and the filesystem
61 hierarchy is largely \*(Ps, most of this section should apply.
63 MORE/bsd from Mt. Xinu.
65 This is a \*(Ps-Tahoe vintage system with Sun's NFS 4.0 filesystem code
66 upgraded with Tahoe UFS features.
67 The instructions for \*(Ps-Tahoe should largely apply.
71 At least one site bootstrapped HP300 support from the Reno distribution.
72 The Reno filesystem code was somewhere between \*(Ps and \*(4B: the VFS switch
73 had been added but many of the UFS features (e.g. ``inline'' symlinks)
75 The filesystem hierarchy reorganization first appeared in this release.
76 Be extremely careful following these instructions if you are
77 upgrading from the Reno distribution.
81 As if things were not bad enough already,
82 this release has the \*(4B filesystem and networking code
83 as well as some utilities, but still has a \*(Ps hierarchy.
84 No filesystem conversions are necessary for this upgrade,
85 but files will still need to be moved around.
86 .Sh 2 "Installation overview"
88 If you are running \*(Ps, upgrading your system
89 involves replacing your kernel and system utilities.
90 In general, there are three possible ways to install a new \*(Bs distribution:
91 (1) boot directly from the distribution tape, use it to load new binaries
92 onto empty disks, and then merge or restore any existing configuration files
94 (2) use an existing \*(Ps or later system to extract the root and
96 filesystems from the distribution tape,
97 boot from the new system, then merge or restore existing
98 configuration files and filesystems; or
99 (3) extract the sources from the distribution tape onto an existing system,
100 and use that system to cross-compile and install \*(4B.
101 For this release, the second alternative is strongly advised,
102 with the third alternative reserved as a last resort.
103 In general, older binaries will continue to run under \*(4B,
104 but there are many exceptions that are on the critical path
105 for getting the system running.
106 Ideally, the new system binaries (root and
108 filesystems) should be installed on spare disk partitions,
109 then site-specific files should be merged into them.
110 Once the new system is up and fully merged, the previous root and
112 filesystems can be reused.
113 Other existing filesystems can be retained and used,
114 except that (as usual) the new
116 should be run before they are mounted.
118 It is \fBSTRONGLY\fP advised that you make full dumps of each filesystem
119 before beginning, especially any that you intend to modify in place
121 It is also desirable to run filesystem checks
122 of all filesystems to be converted to \*(4B before shutting down.
123 This is an excellent time to review your disk configuration
124 for possible tuning of the layout.
125 Most systems will need to provide a new filesystem for system use
131 filesystem can be an MFS virtual-memory-resident filesystem,
132 potentially freeing an existing disk partition.
133 (Additional swap space may be desirable as a consequence.)
137 The recommended installation procedure includes the following steps.
138 The order of these steps will probably vary according to local needs.
142 filesystems from the distribution tapes.
144 Extract kernel and/or user-level sources from the distribution tape
146 This can serve as the backup documentation as needed.
148 Configure and boot a kernel for the local system.
149 This can be delayed if the generic kernel from the distribution
150 supports enough hardware to proceed.
157 Merge site-dependent configuration files from
164 Note that many file formats and contents have changed; see section 3.4
167 Copy or merge files from
172 and other locations into
175 Merge local macros, dictionaries, etc. into
178 Merge and update local software to reflect the system changes.
180 Take off the rest of the morning, you've earned it!
182 Section 3.2 lists the files to be saved as part of the conversion process.
183 Section 3.3 describes the bootstrap process.
184 Section 3.4 discusses the merger of the saved files back into the new system.
185 Section 3.5 gives an overview of the major
186 bug fixes and changes between \*(Ps and \*(4B.
187 Section 3.6 provides general hints on possible problems to be
188 aware of when converting from \*(Ps to \*(4B.
189 .Sh 2 "Files to save"
191 The following list enumerates the standard set of files you will want to
192 save and suggests directories in which site-specific files should be present.
193 This list will likely be augmented with non-standard files you
194 have added to your system.
195 If you do not have enough space to create parallel
196 filesystems, you should create a
198 image of the following files before the new filesystems are created.
199 The rest of this subsection describes where theses files
200 have moved and how they have changed.
203 /.cshrc \(dg root csh startup script (moves to \f(CW/root/.cshrc\fP)
204 /.login \(dg root csh login script (moves to \f(CW/root/.login\fP)
205 /.profile \(dg root sh startup script (moves to \f(CW/root/.profile\fP)
206 /.rhosts \(dg for trusted machines and users (moves to \f(CW/root/.rhosts\fP)
207 /etc/disktab \(dd in case you changed disk partition sizes
208 /etc/fstab * disk configuration data
209 /etc/ftpusers \(dg for local additions
210 /etc/gettytab \(dd getty database
211 /etc/group * group data base
212 /etc/hosts \(dg for local host information
213 /etc/hosts.equiv \(dg for local host equivalence information
214 /etc/hosts.lpd \(dg printer access file
215 /etc/inetd.conf * Internet services configuration data
216 /etc/named* \(dg named configuration files
217 /etc/netstart \(dg network initialization
218 /etc/networks \(dg for local network information
219 /etc/passwd * user data base
220 /etc/printcap * line printer database
221 /etc/protocols \(dd in case you added any local protocols
222 /etc/rc * for any local additions
223 /etc/rc.local * site specific system startup commands
224 /etc/remote \(dg auto-dialer configuration
225 /etc/services \(dd for local additions
226 /etc/shells \(dd list of valid shells
227 /etc/syslog.conf * system logger configuration
228 /etc/securettys * merged into ttys
229 /etc/ttys * terminal line configuration data
230 /etc/ttytype * merged into ttys
231 /etc/termcap \(dd for any local entries that may have been added
232 /lib \(dd for any locally developed language processors
233 /usr/dict/* \(dd for local additions to words and papers
234 /usr/include/* \(dd for local additions
235 /usr/lib/aliases * mail forwarding data base (moves to \f(CW/etc/aliases\fP)
236 /usr/lib/crontab * cron daemon data base (moves to \f(CW/etc/crontab\fP)
237 /usr/lib/crontab.local * local cron daemon data base (moves to \f(CW/etc/crontab.local\fP)
238 /usr/lib/lib*.a \(dg for local libraries
239 /usr/lib/mail.rc \(dg system-wide mail(1) initialization (moves to \f(CW/etc/mail.rc\fP)
240 /usr/lib/sendmail.cf * sendmail configuration (moves to \f(CW/etc/sendmail.cf\fP)
241 /usr/lib/tmac/* \(dd for locally developed troff/nroff macros (moves to \f(CW/usr/share/tmac/*\fP)
242 /usr/lib/uucp/* \(dg for local uucp configuration files
243 /usr/man/manl * for manual pages for locally developed programs (moves to \f(CW/usr/local/man\fP)
244 /usr/spool/* \(dg for current mail, news, uucp files, etc. (moves to \f(CW/var/spool\fP)
245 /usr/src/local \(dg for source for locally developed programs
246 /sys/conf/HOST \(dg configuration file for your machine (moves to \f(CW/sys/<arch>/conf\fP)
247 /sys/conf/files.HOST \(dg list of special files in your kernel (moves to \f(CW/sys/<arch>/conf\fP)
248 /*/quotas * filesystem quota files (moves to \f(CW/*/quotas.user\fP)
251 \(dg\|Files that can be used from \*(Ps without change.
252 \(dd\|Files that need local changes merged into \*(4B files.
253 *\|Files that require special work to merge and are discussed in section 3.4.
255 .Sh 2 "Installing \*(4B"
257 The next step is to build a working \*(4B system.
258 This can be done by following the steps in section 2 of
259 this document for extracting the root and
261 filesystems from the distribution tape onto unused disk partitions.
262 For the SPARC, the root filesystem dump on the tape could also be
264 For the HP300 and DECstation, the raw disk image can be copied
265 into an unused partition and this partition can then be dumped
266 to create an image that can be restored.
267 The exact procedure chosen will depend on the disk configuration
268 and the number of suitable disk partitions that may be used.
269 It is also desirable to run filesystem checks
270 of all filesystems to be converted to \*(4B before shutting down.
271 In any case, this is an excellent time to review your disk configuration
272 for possible tuning of the layout.
275 are required reading.
277 The filesystem in \*(4B has been reorganized in an effort to
280 The root filesystem should be small.
282 There should be a per-architecture centrally-shareable read-only
286 Variable per-machine directories should be concentrated below
287 a single mount point named
290 Site-wide machine independent shareable text files should be separated
291 from architecture specific binary files and should be concentrated below
292 a single mount point named
295 These goals are realized with the following general layouts.
296 The reorganized root filesystem has the following directories:
300 /bin (user binaries needed when single-user)
301 /sbin (root binaries needed when single-user)
302 /local (locally added binaries used only by this machine)
303 /tmp (mount point for memory based filesystem)
305 /home (mount point for AMD)
306 /var (mount point for per-machine variable directories)
307 /usr (mount point for multiuser binaries and files)
312 filesystem has the following directories:
315 /usr/bin (user binaries)
316 /usr/contrib (software contributed to \*(4B)
317 /usr/games (binaries for games, score files in \f(CW/var\fP)
318 /usr/include (standard include files)
319 /usr/lib (lib*.a from old \f(CW/usr/lib\fP)
320 /usr/libdata (databases from old \f(CW/usr/lib\fP)
321 /usr/libexec (executables from old \f(CW/usr/lib\fP)
322 /usr/local (locally added binaries used site-wide)
323 /usr/old (deprecated binaries)
324 /usr/sbin (root binaries)
325 /usr/share (mount point for site-wide shared text)
326 /usr/src (mount point for sources)
331 filesystem has the following directories:
334 /usr/share/calendar (various useful calendar files)
335 /usr/share/dict (dictionaries)
336 /usr/share/doc (\*(4B manual sources)
337 /usr/share/games (games text files)
338 /usr/share/groff_font (groff font information)
339 /usr/share/man (typeset manual pages)
340 /usr/share/misc (dumping ground for random text files)
341 /usr/share/mk (templates for \*(4B makefiles)
342 /usr/share/skel (template user home directory files)
343 /usr/share/tmac (various groff macro packages)
344 /usr/share/zoneinfo (information on time zones)
349 filesystem has the following directories:
352 /var/account (accounting files, formerly \f(CW/usr/adm\fP)
353 /var/at (\fIat\fP\|(1) spooling area)
354 /var/backups (backups of system files)
355 /var/crash (crash dumps)
356 /var/db (system-wide databases, e.g. tags)
357 /var/games (score files)
359 /var/mail (users mail)
360 /var/obj (hierarchy to build \f(CW/usr/src\fP)
361 /var/preserve (preserve area for vi)
362 /var/quotas (directory to store quota files)
363 /var/run (directory to store *.pid files)
364 /var/rwho (rwho databases)
365 /var/spool/ftp (home directory for anonymous ftp)
366 /var/spool/mqueue (sendmail spooling directory)
367 /var/spool/news (news spooling area)
368 /var/spool/output (printer spooling area)
369 /var/spool/uucp (uucp spooling area)
370 /var/tmp (disk-based temporary directory)
371 /var/users (root of per-machine user home directories)
374 The \*(4B bootstrap routines pass the identity of the boot device
375 through to the kernel.
376 The kernel then uses that device as its root filesystem.
377 Thus, for example, if you boot from
381 as its root filesystem. If
383 is configured as a swap partition,
384 it will be used as the initial swap area,
385 otherwise the normal primary swap area (\c
388 The \*(4B bootstrap is backward compatible with \*(Ps,
389 so you can replace your old bootstrap if you use it
390 to boot your first \*(4B kernel.
391 However, the \*(Ps bootstrap cannot access \*(4B filesystems,
392 so if you plan to convert your filesystems to \*(4B,
393 you must install a new bootstrap \fIbefore\fP doing the conversion.
394 Note that SPARC users cannot build a \*(4B compatible version
395 of the bootstrap, so must \fInot\fP convert their root filesystem
396 to the new \*(4B format.
398 Once you have extracted the \*(4B system and booted from it,
399 you will have to build a kernel customized for your configuration.
400 If you have any local device drivers,
401 they will have to be incorporated into the new kernel.
402 See section 4.1.3 and ``Building 4.3BSD UNIX Systems with Config'' (SMM:2).
404 If converting from \*(Ps, your old filesystems should be converted.
405 If you've modified the partition
406 sizes from the original \*(Ps ones, and are not already using the
407 \*(4B disk labels, you will have to modify the default disk partition
408 tables in the kernel. Make the necessary table changes and boot
409 your custom kernel \fBBEFORE\fP trying to access any of your old
410 filesystems! After doing this, if necessary, the remaining filesystems
411 may be converted in place by running the \*(4B version of
413 on each filesystem and allowing it to make the necessary corrections.
416 is more strict about the size of directories than
417 the version supplied with \*(Ps.
418 Thus the first time that it is run on a \*(Ps filesystem,
419 it will produce messages of the form:
421 \fBDIRECTORY ...: LENGTH\fP xx \fBNOT MULTIPLE OF 512 (ADJUSTED)\fP
423 Length ``xx'' will be the size of the directory;
424 it will be expanded to the next multiple of 512 bytes.
427 will also set default \fIinterleave\fP and
428 \fInpsect\fP (number of physical sectors per track) values on older
429 filesystems, in which these fields were unused spares; this correction
430 will produce messages of the form:
432 \fBIMPOSSIBLE INTERLEAVE=0 IN SUPERBLOCK (SET TO DEFAULT)\fP\**
433 \fBIMPOSSIBLE NPSECT=0 IN SUPERBLOCK (SET TO DEFAULT)\fP
436 The defaults are to set \fIinterleave\fP to 1 and
437 \fInpsect\fP to \fInsect\fP.
438 This is correct on most drives;
439 it affects only performance (usually virtually unmeasurably).
441 Filesystems that have had their interleave and npsect values
442 set will be diagnosed by the old
444 as having a bad superblock; the old
446 will run only if given an alternate superblock
448 in which case it will re-zero these fields.
449 The \*(4B kernel will internally set these fields to their defaults
450 if fsck has not done so; again, the \fI\-b32\fP option may be
451 necessary for running the old
454 In addition, \*(4B removes several limits on filesystem sizes
455 that were present in \*(Ps.
456 The limited filesystems
457 continue to work in \*(4B, but should be converted
458 as soon as it is convenient
461 with the \fI\-c 2\fP option.
462 The sequence \fIfsck \-p \-c 2\fP will update them all,
463 fix the interleave and npsect fields,
464 fix any incorrect directory lengths,
465 expand maximum uid's and gid's to 32-bits,
466 place symbolic links less than 60 bytes into their inode,
467 and fill in directory type fields all at once.
468 The new filesystem formats are incompatible with older systems.
469 If you wish to continue using these filesystems with the older
470 systems you should make only the compatible changes using
472 .Sh 2 "Merging your files from \*(Ps into \*(4B"
474 When your system is booting reliably and you have the \*(4B root and
476 filesystems fully installed you will be ready
477 to continue with the next step in the conversion process,
478 merging your old files into the new system.
480 If you saved the files on a
482 tape, extract them into a scratch directory, say
485 \fB#\fP \fImkdir /usr/convert\fP
486 \fB#\fP \fIcd /usr/convert\fP
490 The data files marked in the previous table with a dagger (\(dg)
491 may be used without change from the previous system.
492 Those data files marked with a double dagger (\(dd) have syntax
493 changes or substantial enhancements.
494 You should start with the \*(4B version and carefully
495 integrate any local changes into the new file.
496 Usually these local changes can be incorporated
497 without conflict into the new file;
498 some exceptions are noted below.
499 The files marked with an asterisk (*) require
500 particular attention and are discussed below.
502 As described in section 3.3,
503 the most immediately obvious change in \*(4B is the reorganization
504 of the system filesystems.
505 Users of certain recent vendor releases have seen this general organization,
506 although \*(4B takes the reorganization a bit further.
507 The directories most affected are
509 that now contains only system configuration files;
511 a new filesystem containing per-system spool and log files; and
513 that contains most of the text files shareable across architectures
514 such as documentation and macros.
515 System administration programs formerly in
521 Various programs and data files formerly in
528 Administrative files formerly in
532 and, similarly, log files are now in
538 and the sources for programs in
541 .Pn /usr/src/usr.bin .
542 Other source directories parallel the destination directories;
544 has been greatly expanded, and
547 The source for the manual pages, in general, are with the source
548 code for the applications they document.
549 Manual pages not closely corresponding to an application program
551 .Pn /usr/src/share/man .
552 The locations of all man pages is listed in
553 .Pn /usr/src/share/man/man0/man[1-8] .
556 has been updated and made more detailed;
557 it is included in the printed documentation.
558 You should review it to familiarize yourself with the new layout.
562 is provided to build and check filesystem hierarchies
563 with the proper contents, owners and permissions.
564 Scripts are provided in
567 .Pn /usr/src/etc/mtree )
573 Once a filesystem has been made for
576 can be used to create a directory hierarchy there
577 or you can simply use tar to extract the prototype from
578 the second file of the distribution tape.
579 .Sh 3 "Changes in the \f(CW/etc\fP directory"
583 directory now contains nearly all the host-specific configuration
585 Note that some file formats have changed,
586 and those configuration files containing pathnames are nearly all affected
587 by the reorganization.
588 See the examples provided in
593 The following table lists some of the local configuration files
594 whose locations and/or contents have changed.
598 \*(Ps and Earlier \*(4B Comments
600 /etc/fstab /etc/fstab new format; see below
601 /etc/inetd.conf /etc/inetd.conf pathnames of executables changed
602 /etc/printcap /etc/printcap pathnames changed
603 /etc/syslog.conf /etc/syslog.conf pathnames of log files changed
604 /etc/ttys /etc/ttys pathnames of executables changed
605 /etc/passwd /etc/master.passwd new format; see below
606 /usr/lib/sendmail.cf /etc/sendmail.cf changed pathnames
607 /usr/lib/aliases /etc/aliases may contain changed pathnames
608 /etc/*.pid /var/run/*.pid
613 New in \*(Ps-Tahoe \*(4B Comments
615 /usr/games/dm.config /etc/dm.conf configuration for games (see \fIdm\fP\|(8))
616 /etc/zoneinfo/localtime /etc/localtime timezone configuration
617 /etc/zoneinfo /usr/share/zoneinfo timezone configuration
623 New in \*(4B Comments
625 /etc/aliases.db database version of the aliases file
626 /etc/amd-home location database of home directories
627 /etc/amd-vol location database of exported filesystems
628 /etc/changelist \f(CW/etc/security\fP files to back up
629 /etc/csh.cshrc system-wide csh(1) initialization file
630 /etc/csh.login system-wide csh(1) login file
631 /etc/csh.logout system-wide csh(1) logout file
632 /etc/disklabels directory for saving disklabels
633 /etc/exports NFS list of export permissions
634 /etc/ftpwelcome message displayed for ftp users; see ftpd(8)
635 /etc/man.conf lists directories searched by \fIman\fP\|(1)
636 /etc/mtree directory for local mtree files; see mtree(8)
637 /etc/netgroup NFS group list used in \f(CW/etc/exports\fP
638 /etc/pwd.db non-secure hashed user data base file
639 /etc/spwd.db secure hashed user data base file
640 /etc/security daily system security checker
643 System security changes require adding several new ``well-known'' groups to
645 The groups that are needed by the system as distributed are:
650 wheel 0 users allowed superuser privilege
651 daemon 1 processes that need less than wheel privilege
652 kmem 2 read access to kernel memory
653 sys 3 access to kernel sources
654 tty 4 access to terminals
655 operator 5 read access to raw disks
656 bin 7 group for system binaries
657 news 8 group for news
658 wsrc 9 write access to sources
659 games 13 access to games
660 staff 20 system staff
661 guest 31 system guests
662 nobody 39 the least privileged group
663 utmp 45 access to utmp files
664 dialer 117 access to remote ports and dialers
666 Only users in the ``wheel'' group are permitted to
669 Most programs that manage directories in
671 now run set-group-id to ``daemon'' so that users cannot
672 directly access the files in the spool directories.
673 The special files that access kernel memory,
677 are made readable only by group ``kmem''.
678 Standard system programs that require this access are
679 made set-group-id to that group.
680 The group ``sys'' is intended to control access to kernel sources,
681 and other sources belong to group ``wsrc.''
682 Rather than make user terminals writable by all users,
683 they are now placed in group ``tty'' and made only group writable.
684 Programs that should legitimately have access to write on user terminals
689 now run set-group-id to ``tty''.
690 The ``operator'' group controls access to disks.
691 By default, disks are readable by group ``operator'',
692 so that programs such as
694 can access the filesystem information without being set-user-id to ``root''.
697 program is executable only by group operator
698 and is setuid to root so that members of group operator may shut down
699 the system without root access.
701 The ownership and modes of some directories have changed.
704 programs now run set-user-id ``root'' instead of ``daemon.''
705 Also, the uucp directory no longer needs to be publicly writable,
708 reverts to privileged status to remove its lock files.
709 After copying your version of
713 \fB#\fP \fIchown \-R root /var/spool/at\fP
714 \fB#\fP \fIchown \-R uucp:daemon /var/spool/uucp\fP
715 \fB#\fP \fIchmod \-R o\-w /var/spool/uucp\fP
718 The format of the cron table,
720 has been changed to specify the user-id that should be used to run a process.
721 The userid ``nobody'' is frequently useful for non-privileged programs.
722 Local changes are now put in a separate file,
723 .Pn /etc/crontab.local .
725 Some of the commands previously in
729 several new functions are now handled by
734 You should look closely at the prototype version of these files
735 and read the manual pages for the commands contained in it
736 before trying to merge your local copy.
737 Note in particular that
739 has had many changes,
740 and that host names are now fully specified as domain-style names
741 (e.g., vangogh.CS.Berkeley.EDU) for the benefit of the name server.
743 Some of the commands previously in
747 and several new functions have been added to
749 to do nightly security checks on the system.
754 each night, and mails the output to the super-user.
755 Some of the checks done by
759 \(bu Syntax errors in the password and group files.
760 \(bu Duplicate user and group names and id's.
761 \(bu Dangerous search paths and umask values for the superuser.
762 \(bu Dangerous values in various initialization files.
763 \(bu Dangerous .rhosts files.
764 \(bu Dangerous directory and file ownership or permissions.
765 \(bu Globally exported filesystems.
766 \(bu Dangerous owners or permissions for special devices.
768 In addition, it reports any changes to setuid and setgid files, special
769 devices, or the files in
771 since the last run of
773 Backup copies of the files are saved in
775 Finally, the system binaries are checksummed and their permissions
776 validated against the
781 The C-library and system binaries on the distribution tape
782 are compiled with new versions of
786 that use the name server,
788 If you have only a small network and are not connected
789 to a large network, you can use the distributed library routines without
790 any problems; they use a linear scan of the host table
792 if the name server is not running.
793 If you are on the Internet or have a large local network,
794 it is recommend that you set up
795 and use the name server.
796 For instructions on how to set up the necessary configuration files,
797 refer to ``Name Server Operations Guide for BIND'' (SMM:10).
798 Several programs rely on the host name returned by
800 to determine the local domain name.
802 If you are using the name server, your
804 configuration file will need some updates to accommodate it.
805 See the ``Sendmail Installation and Operation Guide'' (SMM:8) and
808 configuration files in
809 .Pn /usr/src/usr.sbin/sendmail/cf .
812 has also been changed to add certain well-known addresses.
813 .Sh 3 "Shadow password files"
815 The password file format adds change and expiration fields
816 and its location has changed to protect
817 the encrypted passwords stored there.
818 The actual password file is now stored in
819 .Pn /etc/master.passwd .
820 The hashed dbm password files do not contain encrypted passwords,
821 but contain the file offset to the entry with the password in
822 .Pn /etc/master.passwd
823 (that is readable only by root).
828 functions will no longer return an encrypted password string to non-root
830 An old-style passwd file is created in
840 Several new users have also been added to the group of ``well-known'' users in
857 The ``daemon'' user is used for daemon processes that
858 do not need root privileges.
859 The ``operator'' user-id is used as an account for dumpers
860 so that they can log in without having the root password.
861 By placing them in the ``operator'' group,
862 they can get read access to the disks.
863 The ``uucp'' login has existed long before \*(4B,
864 and is noted here just to provide a common user-id.
865 The password entry ``nobody'' has been added to specify
866 the user with least privilege. The ``games'' user is a pseudo-user
867 that controls access to game programs.
869 After installing your updated password file, you must run
871 to create the password database.
877 .Sh 3 "The \f(CW/var\fP filesystem"
879 The spooling directories saved on tape may be restored in their
880 eventual resting places without too much concern. Be sure to
881 use the `\-p' option to
883 so that files are recreated with the same file modes.
884 The following commands provide a guide for copying spool and log files from
885 an existing system into a new
888 At least the following directories should already exist on
900 cd $SRC; tar cf - msgs preserve | (cd /var && tar xpf -)
904 # copy $SRC/spool to /var
906 tar cf - at mail rwho | (cd /var && tar xpf -)
907 tar cf - ftp mqueue news secretmail uucp uucppublic | \e
908 (cd /var/spool && tar xpf -)
912 # everything else in spool is probably a printer area
914 mv at ftp mail mqueue rwho secretmail uucp uucppublic .save
915 tar cf - * | (cd /var/spool/output && tar xpf -)
922 mv syslog.7 /var/log/maillog.7
923 mv syslog.6 /var/log/maillog.6
924 mv syslog.5 /var/log/maillog.5
925 mv syslog.4 /var/log/maillog.4
926 mv syslog.3 /var/log/maillog.3
927 mv syslog.2 /var/log/maillog.2
928 mv syslog.1 /var/log/maillog.1
929 mv syslog.0 /var/log/maillog.0
930 mv syslog /var/log/maillog
934 # move $SRC/adm to /var
936 tar cf - . | (cd /var/account && tar xpf -)
939 mv messages messages.[0-9] ../log
940 mv wtmp wtmp.[0-9] ../log
943 .Sh 2 "Bug fixes and changes between \*(Ps and \*(4B"
945 The major new facilities available in the \*(4B release are
946 a new virtual memory system,
947 the addition of ISO/OSI networking support,
948 a new virtual filesystem interface supporting filesystem stacking,
949 a freely redistributable implementation of NFS,
950 a log-structured filesystem,
951 enhancement of the local filesystems to support
952 files and filesystems that are up to 2^63 bytes in size,
953 enhanced security and system management support,
954 and the conversion to and addition of the IEEE Std1003.1 (``POSIX'')
955 facilities and many of the IEEE Std1003.2 facilities.
956 In addition, many new utilities and additions to the C
957 library are present as well.
958 The kernel sources have been reorganized to collect all machine-dependent
959 files for each architecture under one directory,
960 and most of the machine-independent code is now free of code
961 conditional on specific machines.
962 The user structure and process structure have been reorganized
963 to eliminate the statically-mapped user structure and to make most
964 of the process resources shareable by multiple processes.
965 The system and include files have been converted to be compatible
966 with ANSI C, including function prototypes for most of the exported
968 There are numerous other changes throughout the system.
969 .Sh 3 "Changes to the kernel"
971 This release includes several important structural kernel changes.
972 The kernel uses a new internal system call convention;
973 the use of global (``u-dot'') variables for parameters and error returns
975 and interrupted system calls no longer abort using non-local goto's (longjmp's).
976 A new sleep interface separates signal handling from scheduling priority,
977 returning characteristic errors to abort or restart the current system call.
978 This sleep call also passes a string describing the process state,
979 that is used by the ps(1) program.
980 The old sleep interface can be used only for non-interruptible sleeps.
981 The sleep interface (\fItsleep\fP) can be used at any priority,
982 but is only interruptible if the PCATCH flag is set.
983 When interrupted, \fItsleep\fP returns EINTR or ERESTART.
985 Many data structures that were previously statically allocated
986 are now allocated dynamically.
987 These structures include mount entries, file entries,
988 user open file descriptors, the process entries, the vnode table,
989 the name cache, and the quota structures.
991 To protect against indiscriminate reading or writing of kernel
992 memory, all writing and most reading of kernel data structures
993 must be done using a new ``sysctl'' interface.
994 The information to be accessed is described through an extensible
995 ``Management Information Base'' (MIB) style name,
996 described as a dotted set of components.
999 retrieves kernel state and allows processes with appropriate
1000 privilege to set kernel state.
1003 The kernel runs with four different levels of security.
1004 Any superuser process can raise the security level, but only
1007 Security levels are defined as follows:
1009 Permanently insecure mode \- always run system in level 0 mode.
1011 Insecure mode \- immutable and append-only flags may be turned off.
1012 All devices may be read or written subject to their permissions.
1014 Secure mode \- immutable and append-only flags may not be cleared;
1015 disks for mounted filesystems,
1021 Highly secure mode \- same as secure mode, plus disks are always
1022 read-only whether mounted or not.
1023 This level precludes tampering with filesystems by unmounting them,
1024 but also inhibits running
1026 while the system is multi-user.
1029 and the \-\fBo\fP option to
1031 for information on setting and displaying the immutable and append-only
1034 Normally, the system runs in level 0 mode while single user
1035 and in level 1 mode while multiuser.
1036 If the level 2 mode is desired while running multiuser,
1037 it can be set in the startup script
1041 If it is desired to run the system in level 0 mode while multiuser,
1042 the administrator must build a kernel with the variable
1044 in the kernel source file
1045 .Pn /sys/kern/kern_sysctl.c
1047 .Sh 4 "Virtual memory changes"
1049 The new virtual memory implementation is derived from the Mach
1050 operating system developed at Carnegie-Mellon,
1051 and was ported to the BSD kernel at the University of Utah.
1052 It is based on the 2.0 release of Mach
1053 (with some bug fixes from the 2.5 and 3.0 releases)
1054 and retains many of its essential features such as
1055 the separation of the machine dependent and independent layers
1056 (the ``pmap'' interface),
1057 efficient memory utilization using copy-on-write
1058 and other lazy-evaluation techniques,
1059 and support for large, sparse address spaces.
1060 It does not include the ``external pager'' interface instead using
1061 a primitive internal pager interface.
1062 The Mach virtual memory system call interface has been replaced with the
1063 ``mmap''-based interface described in the ``Berkeley Software
1064 Architecture Manual'' (see UNIX Programmer's Manual,
1065 Supplementary Documents, PSD:5).
1066 The interface is similar to the interfaces shipped
1067 by several commercial vendors such as Sun, USL, and Convex Computer Corp.
1068 The integration of the new virtual memory is functionally complete,
1069 but still has serious performance problems under heavy memory load.
1070 The internal kernel interfaces have not yet been completed
1071 and the memory pool and buffer cache have not been merged.
1072 Some additional caveats:
1074 Since the code is based on the 2.0 release of Mach,
1075 bugs and misfeatures of the BSD version should not be considered
1076 short-comings of the current Mach virtual memory system.
1078 Because of the disjoint virtual memory (page) and IO (buffer) caches,
1079 it is possible to see inconsistencies if using both the mmap and
1080 read/write interfaces on the same file simultaneously.
1082 Swap space is allocated on-demand rather than up front and no
1083 allocation checks are performed so it is possible to over-commit
1084 memory and eventually deadlock.
1086 The semantics of the
1088 system call are slightly different.
1089 The synchronization between parent and child is preserved,
1090 but the memory sharing aspect is not.
1091 In practice this has been enough for backward compatibility,
1092 but newer code should just use
1094 .Sh 4 "Networking additions and changes"
1096 The ISO/OSI Networking consists of a kernel implementation of
1097 transport class 4 (TP-4),
1098 connectionless networking protocol (CLNP),
1099 and 802.3-based link-level support (hardware-compatible with Ethernet\**).
1101 Ethernet is a trademark of the Xerox Corporation.
1103 We also include support for ISO Connection-Oriented Network Service,
1105 The session and presentation layers are provided outside
1106 the kernel using the ISO Development Environment by Marshall Rose,
1107 that is available via anonymous FTP
1108 (but is not included on the distribution tape).
1109 Included in this development environment are file
1110 transfer and management (FTAM), virtual terminals (VT),
1111 a directory services implementation (X.500),
1112 and miscellaneous other utilities.
1114 Kernel support for the ISO OSI protocols is enabled with the ISO option
1115 in the kernel configuration file.
1118 manual page describes the protocols and addressing;
1124 The OSI equivalent to ARP is ESIS (End System to Intermediate System Routing
1125 Protocol); running this protocol is mandatory, however one can manually add
1126 translations for machines that do not participate by use of the
1129 Additional information is provided in the manual page describing
1134 has a new syntax and several new capabilities:
1135 it can install routes with a specified destination and mask,
1136 and can change route characteristics such as hop count, packet size
1139 Several important enhancements have been added to the TCP/IP
1140 protocols including TCP header prediction and
1141 serial line IP (SLIP) with header compression.
1142 The routing implementation has been completely rewritten
1143 to use a hierarchical routing tree with a mask per route
1144 to support the arbitrary levels of routing found in the ISO protocols.
1145 The routing table also stores and caches route characteristics
1146 to speed the adaptation of the throughput and congestion avoidance
1151 structure (the structure used to describe a generic network address with an
1152 address family and family-specific data)
1153 has changed from previous releases,
1154 as have the address family-specific versions of this structure.
1157 family field has been split into a length,
1161 System calls that pass a
1163 structure into the kernel (e.g.
1167 have a separate parameter that specifies the
1169 length, and thus it is not necessary to fill in the
1171 field for those system calls.
1172 System calls that pass a
1174 structure back from the kernel (e.g.
1178 receive a completely filled-in
1180 structure, thus the length field is valid.
1181 Because this would not work for old binaries,
1182 the new library uses a different system call number.
1183 Thus, most networking programs compiled under \*(4B are incompatible
1186 Although this change is mostly source and binary compatible
1187 with old programs, there are three exceptions.
1188 Programs with statically initialized
1191 (usually the Internet form, a
1194 Generally, such programs should be changed to fill in the structure
1195 at run time, as C allows no way to initialize a structure without
1196 assuming the order and number of fields.
1197 Also, programs with use structures to describe a network packet format
1198 that contain embedded
1200 structures also require change; a definition of an
1202 structure is provided for this purpose.
1203 Finally, programs that use the
1205 ioctl to get a complete list of interface addresses
1208 field when iterating through the array of addresses returned,
1209 as not all the structures returned have the same length
1210 (this variance in length is nearly guaranteed by the presence of link-layer
1211 address structures).
1212 .Sh 4 "Additions and changes to filesystems"
1214 The \*(4B distribution contains most of the interfaces
1215 specified in the IEEE Std1003.1 system interface standard.
1216 Filesystem additions include IEEE Std1003.1 FIFOs,
1217 byte-range file locking, and saved user and group identifiers.
1219 A new virtual filesystem interface has been added to the
1220 kernel to support multiple filesystems.
1221 In comparison with other interfaces,
1222 the Berkeley interface has been structured for more efficient support
1223 of filesystems that maintain state (such as the local filesystem).
1224 The interface has been extended with support for stackable
1225 filesystems done at UCLA.
1226 These extensions allow for filesystems to be layered on top of each
1227 other and allow new vnode operations to be added without requiring
1228 changes to existing filesystem implementations.
1230 the umap filesystem (see
1232 is used to mount a sub-tree of an existing filesystem
1233 that uses a different set of uids and gids than the local system.
1234 Such a filesystem could be mounted from a remote site via NFS or it
1235 could be a filesystem on removable media brought from some foreign
1236 location that uses a different password file.
1238 Other new filesystems that may be stacked include the loopback filesystem
1240 the kernel filesystem
1241 .Xr mount_kernfs (8),
1242 and the portal filesystem
1243 .Xr mount_portal (8).
1245 The buffer cache in the kernel is now organized as a file block cache
1246 rather than a device block cache.
1247 As a consequence, cached blocks from a file
1248 and from the corresponding block device would no longer be kept consistent.
1249 The block device thus has little remaining value.
1250 Three changes have been made for these reasons:
1252 block devices may not be opened while they are mounted,
1253 and may not be mounted while open, so that the two versions of cached
1254 file blocks cannot be created,
1256 filesystem checks of the root now use the raw device
1257 to access the root filesystem, and
1259 the root filesystem is initially mounted read-only
1260 so that nothing can be written back to disk during or after change to
1261 the raw filesystem by
1264 The root filesystem may be made writable while in single-user mode
1270 The mount command has an option to update the flags on a mounted filesystem,
1271 including the ability to upgrade a filesystem from read-only to read-write
1272 or downgrade it from read-write to read-only.
1274 In addition to the local ``fast filesystem'',
1275 we have added an implementation of the network filesystem (NFS)
1276 that fully interoperates with the NFS shipped by Sun and its licensees.
1277 Because our NFS implementation was implemented
1278 by Rick Macklem of the University of Guelph
1279 using only the publicly available NFS specification,
1280 it does not require a license from Sun to use in source or binary form.
1281 By default it runs over UDP to be compatible with Sun's implementation.
1282 However, it can be configured on a per-mount basis to run over TCP.
1283 Using TCP allows it to be used quickly and efficiently through
1284 gateways and over long-haul networks.
1285 Using an extended protocol, it supports Leases to allow a limited
1286 callback mechanism that greatly reduces the network traffic necessary
1287 to maintain cache consistency between the server and its clients.
1288 Its use will be familiar to users of other implementations of NFS.
1289 See the manual pages
1299 and the document ``The 4.4BSD NFS Implementation'' (SMM:6)
1300 for further information.
1303 has changed from previous \*(Bs releases
1304 to a blank-separated format to allow colons in pathnames.
1306 A new local filesystem, the log-structured filesystem (LFS),
1307 has been added to the system.
1308 It provides near disk-speed output and fast crash recovery.
1309 This work is based, in part, on the LFS filesystem created
1310 for the Sprite operating system at Berkeley.
1311 While the kernel implementation is almost complete,
1312 only some of the utilities to support the
1313 filesystem have been written,
1314 so we do not recommend it for production use.
1319 .Xr lfs_cleanerd (8)
1320 for more information.
1321 For an in-depth description of the implementation and performance
1322 characteristics of log-structured filesystems in general,
1323 and this one in particular, see Dr. Margo Seltzer's doctoral thesis,
1324 available from the University of California Computer Science Department.
1326 We have also added a memory-based filesystem that runs in
1327 pageable memory, allowing large temporary filesystems without
1328 requiring dedicated physical memory.
1330 The local ``fast filesystem'' has been enhanced to do
1331 clustering that allows large pieces of files to be
1332 allocated contiguously resulting in near doubling
1333 of filesystem throughput.
1334 The filesystem interface has been extended to allow
1335 files and filesystems to grow to 2^63 bytes in size.
1336 The quota system has been rewritten to support both
1337 user and group quotas (simultaneously if desired).
1338 Quota expiration is based on time rather than
1339 the previous metric of number of logins over quota.
1340 This change makes quotas more useful on fileservers
1341 onto which users seldom login.
1343 The system security has been greatly enhanced by the
1344 addition of additional file flags that permit a file to be
1345 marked as immutable or append only.
1346 Once set, these flags can only be cleared by the super-user
1347 when the system is running in insecure mode (normally, single-user).
1348 In addition to the immutable and append-only flags,
1349 the filesystem supports a new user-settable flag ``nodump''.
1350 (File flags are set using the
1355 will omit the file from incremental backups
1356 but retain them on full backups.
1357 See the ``-h'' flag to
1359 for details on how to change this default.
1360 The ``nodump'' flag is usually set on core dumps,
1361 system crash dumps, and object files generated by the compiler.
1362 Note that the flag is not preserved when files are copied
1363 so that installing an object file will cause it to be preserved.
1365 The filesystem format used in \*(4B has several additions.
1366 Directory entries have an additional field,
1368 that identifies the type of the entry
1369 (normally found in the
1374 This field is particularly useful for identifying
1375 directories without the need to use
1378 Short (less than sixty byte) symbolic links are now stored
1379 in the inode itself rather than in a separate data block.
1380 This saves disk space and makes access of symbolic links faster.
1381 Short symbolic links are not given a special type,
1382 so a user-level application is unaware of their special treatment.
1383 Unlike pre-\*(4B systems, symbolic links do
1384 not have an owner, group, access mode, times, etc.
1385 Instead, these attributes are taken from the directory that contains the link.
1386 The only attributes returned from an
1388 that refer to the symbolic link itself are the file type (S_IFLNK),
1389 size, blocks, and link count (always 1).
1391 An implementation of an auto-mounter daemon,
1393 was contributed by Jan-Simon Pendry of the
1394 Imperial College of Science, Technology & Medicine.
1395 See the document ``AMD \- The 4.4BSD Automounter'' (SMM:13)
1396 for further information.
1400 contains special files
1404 that, when opened, duplicate the corresponding file descriptor.
1410 refer to file descriptors 0, 1 and 2.
1415 for more information.
1416 .Sh 4 "POSIX terminal driver changes"
1418 The \*(4B system uses the IEEE P1003.1 (POSIX.1) terminal interface
1419 rather than the previous \*(Bs terminal interface.
1420 The terminal driver is similar to the System V terminal driver
1421 with the addition of the necessary extensions to get the
1422 functionality previously available in the \*(Ps terminal driver.
1425 calls and old options to
1428 This emulation is expected to be unavailable in many vendors releases,
1429 so conversion to the new interface is encouraged.
1431 \*(4B also adds the IEEE Std1003.1 job control interface,
1432 that is similar to the \*(Ps job control interface,
1433 but adds a security model that was missing in the
1434 \*(Ps job control implementation.
1437 creates a job-control session consisting of a single process
1438 group with one member, the caller, that becomes a session leader.
1439 Only a session leader may acquire a controlling terminal.
1440 This is done explicitly via a
1443 call, not implicitly by an
1446 The call fails if the terminal is in use.
1447 Programs that allocate controlling terminals (or pseudo-terminals)
1448 require change to work in this environment.
1451 provided in the X11R5 release includes the necessary changes.
1452 New library routines are available for allocating and initializing
1453 pseudo-terminals and other terminals as controlling terminal; see
1454 .Pn /usr/src/lib/libutil/pty.c
1456 .Pn /usr/src/lib/libutil/login_tty.c .
1458 The POSIX job control model formalizes the previous conventions
1459 used in setting up a process group.
1460 Unfortunately, this requires that changes be made in a defined order
1461 and with some synchronization that were not necessary in the past.
1462 Older job control shells (csh, ksh) will generally not operate correctly
1463 with the new system.
1465 Most of the other kernel interfaces have been changed to correspond
1466 with the POSIX.1 interface, although that work is not complete.
1467 See the relevant manual pages and the IEEE POSIX standard.
1468 .Sh 4 "Native operating system compatibility"
1470 Both the HP300 and SPARC ports feature the ability to run binaries
1471 built for the native operating system (HP-UX or SunOS) by emulating
1473 Building an HP300 kernel with the HPUXCOMPAT and COMPAT_OHPUX options
1474 or a SPARC kernel with the COMPAT_SUNOS option will enable this feature
1475 (on by default in the generic kernel provided in the root filesystem image).
1476 Though this native operating system compatibility was provided by the
1477 developers as needed for their purposes and is by no means complete,
1478 it is complete enough to run several non-trivial applications including
1479 those that require HP-UX or SunOS shared libraries.
1480 For example, the vendor supplied X11 server and windowing environment
1481 can be used on both the HP300 and SPARC.
1483 It is important to remember that merely copying over a native binary
1484 and executing it (or executing it directly across NFS) does not imply
1486 All but the most trivial of applications are likely to require access
1487 to auxiliary files that do not exist under \*(4B (e.g.
1488 .Pn /etc/ld.so.cache )
1489 or have a slightly different format (e.g.
1491 However, by using system call tracing and
1492 through creative use of symlinks,
1493 many problems can be tracked down and corrected.
1495 The DECstation port also has code for ULTRIX emulation
1496 (kernel option ULTRIXCOMPAT, not compiled into the generic kernel)
1497 but it was used primarily for initially bootstrapping the port and
1498 has not been used since.
1499 Hence, some work may be required to make it generally useful.
1500 .Sh 3 "Changes to the utilities"
1502 We have been tracking the IEEE Std1003.2 shell and utility work
1503 and have included prototypes of many of the proposed utilities
1504 based on draft 12 of the POSIX.2 Shell and Utilities document.
1505 Because most of the traditional utilities have been replaced
1506 with implementations conformant to the POSIX standards,
1507 you should realize that the utility software may not be as stable,
1508 reliable or well documented as in traditional Berkeley releases.
1509 In particular, almost the entire manual suite has been rewritten to
1510 reflect the POSIX defined interfaces, and in some instances
1511 it does not correctly reflect the current state of the software.
1512 It is also worth noting that, in rewriting this software, we have generally
1513 been rewarded with significant performance improvements.
1514 Most of the libraries and header files have been converted
1515 to be compliant with ANSI C.
1516 The shipped compiler (gcc) is a superset of ANSI C,
1517 but supports traditional C as a command-line option.
1518 The system libraries and utilities all compile
1519 with either ANSI or traditional C.
1520 .Sh 4 "Make and Makefiles"
1522 This release uses a completely new version of the
1524 program derived from the
1526 program developed by the Sprite project at Berkeley.
1527 It supports existing makefiles, although certain incorrect makefiles
1529 The makefiles for the \*(4B sources make extensive use of the new
1530 facilities, especially conditionals and file inclusion, and are thus
1531 completely incompatible with older versions of
1533 (but nearly all the makefiles are now trivial!).
1534 The standard include files for
1541 .Pn /usr/src/share/mk .
1543 Another global change supported by the new
1545 is designed to allow multiple architectures to share a copy of the sources.
1546 If a subdirectory named
1548 is present in the current directory,
1550 descends into that directory and creates all object and other files there.
1551 We use this by building a directory hierarchy in
1559 as symbolic links to the corresponding directories in
1561 (This step is automated.
1562 The command ``make obj'' in
1564 builds both the local symlink and the shadow directory,
1567 that may be a symbolic link, as the root of the shadow tree.
1570 is for historic reasons only, and the system make configuration files in
1572 can trivially be modified to use
1577 hierarchy on the local system, and another on each
1578 system that shares the source filesystem.
1582 .Pn /usr/src/contrib
1585 have been converted to use the new make and
1588 this change allows compilation for multiple
1589 architectures from the same source tree
1590 (that may be mounted read-only).
1593 The Kerberos authentication system designed by MIT (version 5)
1594 is included in this release.
1597 for a general introduction.
1598 Pluggable Authentication Modules (PAM) can use Kerberos
1599 at the system administrator's discretion.
1600 If it is configured,
1607 can use it automatically.
1609 Each system needs the file
1611 to set its realm and local servers,
1612 and a private key stored in
1613 .Pn /etc/krb5.keytab
1616 The Kerberos server should be set up on a single,
1619 Users and hosts may be added and modified with
1622 Note that the password-changing program
1624 can change the Kerberos password,
1625 if configured by the administrator using PAM.
1630 changes the ``local'' password if one exists.
1631 .Sh 4 "Timezone support"
1633 The timezone conversion code in the C library uses data files installed in
1634 .Pn /usr/share/zoneinfo
1635 to convert from ``GMT'' to various timezones. The data file for the default
1636 timezone for the system should be copied to
1637 .Pn /etc/localtime .
1638 Other timezones can be selected by setting the TZ environment variable.
1640 The data files initially installed in
1641 .Pn /usr/share/zoneinfo
1642 include corrections for leap seconds since the beginning of 1970.
1643 Thus, they assume that the
1644 kernel will increment the time at a constant rate during a leap second;
1645 that is, time just keeps on ticking. The conversion routines will then
1646 name a leap second 23:59:60. For purists, this effectively means that
1647 the kernel maintains TAI (International Atomic Time) rather than UTC
1648 (Coordinated Universal Time, aka GMT).
1650 For systems that run current NTP (Network Time Protocol) implementations
1651 or that wish to conform to the letter of the POSIX.1 law, it is possible
1652 to rebuild the timezone data files so that leap seconds are not counted.
1653 (NTP causes the time to jump over a leap second, and POSIX effectively
1654 requires the clock to be reset by hand when a leap second occurs.
1655 In this mode, the kernel effectively runs UTC rather than TAI.)
1657 The data files without leap second information
1658 are constructed from the source directory,
1659 .Pn /usr/src/share/zoneinfo .
1660 Change the variable REDO in Makefile
1661 from ``right'' to ``posix'', and then do
1663 make obj (if necessary)
1668 You will then need to copy the correct default zone file to
1669 .Pn /etc/localtime ,
1670 as the old one would still have used leap seconds, and because the Makefile
1673 each time ``make install'' is done.
1675 It is possible to install both sets of timezone data files. This results
1677 .Pn /usr/share/zoneinfo/right
1679 .Pn /usr/share/zoneinfo/posix .
1680 Each contain a complete set of zone files.
1682 .Pn /usr/src/share/zoneinfo/Makefile
1684 .Sh 4 "Additions and changes to the libraries"
1686 Notable additions to the libraries include functions to traverse a
1687 filesystem hierarchy, database interfaces to btree and hashing functions,
1688 a new, faster implementation of stdio and a radix and merge sort
1693 functions will do either physical or logical traversal of
1694 a file hierarchy as well as handle essentially infinite depth
1695 filesystems and filesystems with cycles.
1696 All the utilities in \*(4B which traverse file hierarchies
1697 have been converted to use
1699 The conversion has always resulted in a significant performance
1700 gain, often of four or five to one in system time.
1704 functions are intended to be a family of database access methods.
1705 Currently, they consist of
1707 an extensible, dynamic hashing scheme,
1709 a sorted, balanced tree structure (B+tree's), and
1711 a flat-file interface for fixed or variable length records
1712 referenced by logical record number.
1713 Each of the access methods stores associated key/data pairs and
1714 uses the same record oriented interface for access.
1718 function has been rewritten for additional performance.
1719 In addition, three new types of sorting functions,
1724 have been added to the system.
1727 function is optimized for data with pre-existing order,
1728 in which case it usually significantly outperforms
1732 functions are variants of most-significant-byte radix sorting.
1733 They take time linear to the number of bytes to be
1734 sorted, usually significantly outperforming
1736 on data that can be sorted in this fashion.
1737 An implementation of the POSIX 1003.2 standard
1742 .Pn /usr/src/contrib/sort .
1744 Some additional comments about the \*(4B C library:
1746 The floating point support in the C library has been replaced
1747 and is now accurate.
1749 The C functions specified by both ANSI C, POSIX 1003.1 and
1750 1003.2 are now part of the C library.
1751 This includes support for file name matching, shell globbing
1752 and both basic and extended regular expressions.
1754 ANSI C multibyte and wide character support has been integrated.
1755 The rune functionality from the Bell Labs' Plan 9 system is provided
1760 functions have been generalized and replaced with a general
1761 purpose interface named
1766 routines have been replaced, and are usually much faster.
1769 interface permits applications to provide their own I/O stream
1774 library has been largely rewritten.
1775 Important additional features include support for scrolling and
1778 An application front-end editing library, named libedit, has been
1779 added to the system.
1781 A superset implementation of the SunOS kernel memory interface library,
1782 libkvm, has been integrated into the system.
1784 .Sh 4 "Additions and changes to other utilities"
1786 There are many new utilities, offering many new capabilities,
1788 Skimming through the section 1 and section 8 manual pages is sure
1790 The additions to the utility suite include greatly enhanced versions of
1791 programs that display system status information, implementations of
1792 various traditional tools described in the IEEE Std1003.2 standard,
1793 new tools not previous available on Berkeley UNIX systems,
1795 Also, with only a very few exceptions, all the utilities from
1796 \*(Ps that included proprietary source code have been replaced,
1797 and their \*(4B counterparts are freely redistributable.
1798 Normally, this replacement resulted in significant performance
1799 improvements and the increase of the limits imposed on data by
1800 the utility as well.
1802 A summary of specific additions and changes are as follows:
1805 amd An auto-mounter implementation.
1806 ar Replacement of the historic archive format with a new one.
1807 awk Replaced by gawk; see /usr/src/old/awk for the historic version.
1808 bdes Utility implementing DES modes of operation described in FIPS PUB 81.
1809 calendar Addition of an interface for system calendars.
1810 cap_mkdb Utility for building hashed versions of termcap style databases.
1811 cc Replacement of pcc with gcc suite.
1812 chflags A utility for setting the per-file user and system flags.
1813 chfn An editor based replacement for changing user information.
1814 chpass An editor based replacement for changing user information.
1815 chsh An editor based replacement for changing user information.
1816 cksum The POSIX 1003.2 checksum utility; compatible with sum.
1817 column A columnar text formatting utility.
1818 cp POSIX 1003.2 compatible, able to copy special files.
1819 csh Freely redistributable and 8-bit clean.
1820 date User specified formats added.
1821 dd New EBCDIC conversion tables, major performance improvements.
1822 dev_mkdb Hashed interface to devices.
1824 find Several new options and primaries, major performance improvements.
1825 fstat Utility displaying information on files open on the system.
1826 ftpd Connection logging added.
1827 hexdump A binary dump utility, superseding od.
1828 id The POSIX 1003.2 user identification utility.
1830 jot A text formatting utility.
1831 kdump A system-call tracing facility.
1832 ktrace A system-call tracing facility.
1833 kvm_mkdb Hashed interface to the kernel name list.
1834 lam A text formatting utility.
1835 lex A new, freely redistributable, significantly faster version.
1836 locate A database of the system files, by name, constructed weekly.
1837 logname The POSIX 1003.2 user identification utility.
1838 mail.local New local mail delivery agent, replacing mail.
1839 make Replaced with a new, more powerful make, supporting include files.
1840 man Added support for man page location configuration.
1841 mkdep A new utility for generating make dependency lists.
1842 mkfifo The POSIX 1003.2 FIFO creation utility.
1843 mtree A new utility for mapping file hierarchies to a file.
1844 nfsstat An NFS statistics utility.
1845 nvi A freely redistributable replacement for the ex/vi editors.
1846 pax The POSIX 1003.2 replacement for cpio and tar.
1847 printf The POSIX 1003.2 replacement for echo.
1848 roff Replaced by groff; see /usr/src/old/roff for the historic versions.
1849 rs New utility for text formatting.
1850 shar An archive building utility.
1851 sysctl MIB-style interface to system state.
1852 tcopy Fast tape-to-tape copying and verification.
1853 touch Time and file reference specifications.
1854 tput The POSIX 1003.2 terminal display utility.
1855 tr Addition of character classes.
1856 uname The POSIX 1003.2 system identification utility.
1857 vis A filter for converting and displaying non-printable characters.
1858 xargs The POSIX 1003.2 argument list constructor utility.
1859 yacc A new, freely redistributable, significantly faster version.
1866 (``zoo'') should be installed early on if attempting to
1867 cross-compile \*(4B on another system.
1870 program is not completely backward compatible with historic versions of
1872 although it is believed that all documented features are supported.
1876 utility has two new options that are important to be aware of if you
1878 The ``fstype'' and ``prune'' options can be used together to prevent
1879 find from crossing NFS mount points.
1882 for an example of their use.
1883 .Sh 2 "Hints on converting from \*(Ps to \*(4B"
1885 This section summarizes changes between
1886 \*(Ps and \*(4B that are likely to
1887 cause difficulty in doing the conversion.
1888 It does not include changes in the network;
1889 see section 5 for information on setting up the network.
1891 Since the stat st_size field is now 64-bits instead of 32,
1892 doing something like:
1897 and then (improperly) defining foo with an ``int'' or ``long'' parameter:
1906 will fail miserably (well, it might work on a little endian machine).
1907 This problem showed up in
1909 as well as several other programs.
1910 A related problem is improperly casting (or failing to cast)
1911 the second argument to
1919 lseek(fd, (long)off, 0);
1926 The best solution is to include
1928 which has prototypes that catch these types of errors.
1930 Determining the ``namelen'' parameter for a
1932 call on a unix domain socket should use the ``SUN_LEN'' macro from
1934 One old way that was used:
1937 addrlen = strlen(unaddr.sun_path) + sizeof(unaddr.sun_family);
1939 no longer works as there is an additional
1943 The kernel's limit on the number of open files has been
1944 increased from 20 to 64.
1945 It is now possible to change this limit almost arbitrarily.
1946 The standard I/O library
1947 autoconfigures to the kernel limit.
1948 Note that file (``_iob'') entries may be allocated by
1952 this allocation has been known to cause problems with programs
1953 that use their own memory allocators.
1954 Memory allocation does not occur until after 20 files have been opened
1955 by the standard I/O library.
1958 can be used with more than 32 descriptors
1959 by using arrays of \fBint\fPs for the bit fields rather than single \fBint\fPs.
1962 as their first argument to
1964 will no longer work correctly.
1965 Usually the program can be modified to correctly specify the number
1966 of bits in an \fBint\fP.
1967 Alternatively the program can be modified to use an array of \fBint\fPs.
1968 There are a set of macros available in
1974 Old core files will not be intelligible by the current debuggers
1975 because of numerous changes to the user structure
1976 and because the kernel stack has been enlarged.
1979 header that was in the user structure is no longer present.
1980 Locally-written debuggers that try to check the magic number
1981 will need to be changed.
1983 Files may not be deleted from directories having the ``sticky'' (ISVTX) bit
1985 except by the owner of the file or of the directory, or by the superuser.
1986 This is primarily to protect users' files in publicly-writable directories
1991 All publicly-writable directories should have their ``sticky'' bits set
1994 The following two sections contain additional notes about
1995 changes in \*(4B that affect the installation of local files;
1996 be sure to read them as well.