HP-UX Reference

Section 1M: System Administration Commands

(N-Z)
HP-UX 11i Version 3

Volume 4 of 10

Manufacturing Part Number : B2355-91020

E0207

Printed in USA
© Copyright 1983-2007 Hewlett-Packard Development Company LP.
 Legal Notices
The information in this document is subject to change without notice.

Warranty
The only warranties for HP products and services are set forth in the
express warranty statements accompanying such products and services.
Nothing herein should be construed as constituting an additional
warranty. HP shall not be liable for technical or editorial errors or
omissions contained herein.

U.S. Government License

Confidential computer software. Valid license from HP required for
possession, use, or copying. Consistent with FAR 12.211 and 12.212,
Commercial Computer Software, Computer Software Documentation,
and Technical Data forCommercial Items are licensed to the U.S.
Government under vendor’s standard commercial license.

Additional Copyright Notices

This document and the software it describes may also be protected under
one or more of the following copyrights. Additional copyrights are
acknowledged in some individual manpages.
 Copyright 1979, 1980, 1983, 1985-1993 The Regents of the University
of California.
 Copyright 1980, 1984, 1986 Novell, Inc.
 Copyright 1985, 1986, 1988 Massachusetts Institute of Technology
 Copyright 1986-2000 Sun Microsystems, Inc.
 Copyright 1988 Carnegie Mellon University
 Copyright 1989-1991 The University of Maryland
 Copyright 1989-1993 The Open Software Foundation, Inc.
 Copyright 1990 Motorola, Inc.
 Copyright 1990-1992 Cornell University
 Copyright 1991-2003 Mentat, Inc.

2
 Copyright 1996 Morning Star Technologies, Inc.
 Copyright 1996 Progressive Systems, Inc.

Trademark Notices
Intel and Itanium are registered trademarks of Intel Corporation in the
US and other countries and are used under license.
Java is a US trademark of Sun Microsystems, Inc.
Microsoft and MS-DOS are U.S. registered trademarks of Microsoft
Corporation.
OSF/Motif is a trademark of The Open Group in the US and other
countries.
UNIX is a registered trademark of The Open Group.
X Window System is a trademark of The Open Group.

3
4
 Preface
HP-UX is the Hewlett-Packard Company’s implementation of a UNIX
operating system that is compatible with various industry standards. It
is based on the System V Release 4 operating system and includes
important features from the Fourth Berkeley Software Distribution.
The ten volumes of this manual contain the system reference
documentation, made up of individual entries called manpages, named
for the man command (see man (1)) that displays them on the system.
The entries are also known as manual pages or reference pages.

General For a general introduction to HP-UX and the structure and format of the
Introduction manpages, please see the introduction (9) manpage in volume 9.

Section The manpages are divided into sections that also have introduction
Introductions (intro) manpages that describe the contents. These are:
intro (1) Section 1: User Commands
(A-M in volume 1; N-Z in volume 2)
intro (1M) Section 1M: System Administration Commands
(A-M in volume 3; N-Z in volume 4)
intro (2) Section 2: System Calls
(in volume 5)
intro (3C) Section 3: Library Functions
(A-M in volume 6; N-Z in volume 7)
intro (4) Section 4: File Formats
(in volume 8)
intro (5) Section 5: Miscellaneous Topics
(in volume 9)
intro (7) Section 7: Device (Special) Files
(in volume 10)
intro (9) Section 9: General Information
(in volume 10)
Index Index, All Volumes
(in volume 10)

5
 Typographical Conventions
audit (5) An HP-UX manpage reference. For example, audit is
the name and 5 is the section in the HP-UX Reference.
On the web and on the Instant Information CD, it may
be a hyperlink to the manpage itself. From the HP-UX
command line, you can enter “man audit” or “man 5
audit” to view the manpage. See man (1).
Book Title The title of a book. On the web and on the Instant
Information CD, it may be a hyperlink to the book
itself.
Command A command name or qualified command phrase.
ComputerOutput Text displayed by the computer.
Emphasis Text that is emphasized.
Emphasis Text that is strongly emphasized.
ENVIRONVAR The name of an environment variable.
[ERRORNAME] The name of an error number, usually returned in the
errno variable.
KeyCap The name of a (usually) nonprinting keyboard key, such
as Ctrl-X or Tab. Note that Return and Enter both refer to
the same key.
Replaceable The name for a value that you replace in a command or
function, or information in a display that represents
several possible values.
Term The defined use of an important word or phrase.
UserInput Commands and other text that you type.
$ User command prompt.
# Superuser (root) command prompt.

6
Command Syntax
Literal A word or character that you enter literally.
Replaceable A word or phrase that you replace with an appropriate
value.
-chars One or more grouped command options, such as -ikx.
The chars are usually a string of literal characters
that each represent a specific option. For example, the
entry -ikx is equivalent to the individual options -i,
-k, and -x. The plus character (+) is sometimes used as
an option prefix.
-word A single command option, such as -help. The word is a
literal keyword. The difference from -chars is usually
obvious and is clarified in an Options description. The
plus character (+) and the double hyphen (--) are
sometimes used as option prefixes.
[ ] The bracket metacharacters enclose optional content in
formats and command descriptions.
{ } The brace metacharacters enclose required content in
formats and command descriptions.
| The bar metacharacter separates alternatives in a list
of choices, usually in brackets or braces.
... The ellipsis metacharacter after a token (abc...) or a
right bracket ([ ]...) or a right brace ({ }...)
metacharacter indicates that the preceding element
and its preceding whitespace, if any, may be repeated
an arbitrary number of times.
... Ellipsis is sometimes used to indicate omitted items in
a range.

7
 Function Synopsis and Syntax
HP-UX functions are described in a definition format rather than a
usage format. The definition format includes type information that is
omitted when the function call is actually included in a program.
The function syntax elements are the same as for commands, except for
the options; see “Command Syntax” on page 7.

Function General The general definition form is:

Definition
type func ( type param [ , type param ]... );
For example:
int setuname ( const char *name , size_t namelen );

Function Usage The usage form is:

func ( param [ , param ]... );
For example:
setuname ( name [ , namelen ]... );

8
Revision History
Part Number Release; Date; Format; Distribution
B2355-60130 HP-UX 11i Version 3; February 2007; one volume
HTML; http://docs.hp.com and Instant Information.
B2355-91017-26 HP-UX 11i Version 3; February 2007; ten volumes
PDF; http://docs.hp.com, Instant Information and
print.
B2355-60127 HP-UX 11i Version 1; September 2005 Update; one
volume HTML; http://docs.hp.com and Instant
Information.
B2355-90902-11 HP-UX 11i Version 1; September 2005 Update; ten
volumes PDF; http://docs.hp.com and print.
B2355-60105 HP-UX 11i Version 2; September 2004 Update; one
volume HTML; http://docs.hp.com and Instant
Information.
B2355-90839-48 HP-UX 11i Version 2; September 2004 Update; ten
volumes PDF; http://docs.hp.com and print.
B2355-60103 HP-UX 11i Version 2; August 2003; one volume HTML;
http://docs.hp.com and Instant Information.
B2355-90779-87 HP-UX 11i Version 2; August 2003; nine volumes PDF;
http://docs.hp.com and print.
B9106-90010 HP-UX 11i Version 1.6; June 2002; one volume HTML;
http://docs.hp.com and Instant Information.
B9106-90007 HP-UX 11i Version 1.5; June 2001; seven volumes
HTML; http://docs.hp.com and Instant Information.
B2355-90688 HP-UX 11i Version 1; December 2000; nine volumes.
B2355-90166 HP-UX 11.0; October 1997; five volumes.
B2355-90128 HP-UX 10.X; July 1996; five volumes; online only.
B2355-90052 HP-UX 10.0; July 1995; four volumes.

9
10
 Volume Four
Table of Contents

Section 1M
Volume Four
Table of Contents

Section 1M
 Table of Contents
Volumes Three and Four

Section 1M: System Administration Commands

Entry Name(Section): name Description
intro(1M): intro ............................ introduction to system maintenance commands and application programs
accept(1M): accept, reject ..................................................... allow or prevent LP printer queuing requests
acct(1M): acctdisk, acctdusg, accton, acctwtmp, closewtmp,
utmp2wtmp ........................................... overview of accounting and miscellaneous accounting commands
acctcms(1M): acctcms ............................................. command summary from per-process accounting records
acctcom(1M): acctcom ...................................................................... search and print process accounting files
acctcon(1M): acctcon1, acctcon2 ............................................................................ connect-time accounting
acctcon1: connect-time accounting ........................................................................................ see acctcon(1M)
acctcon2: connect-time accounting ........................................................................................ see acctcon(1M)
acctdisk: overview of accounting and miscellaneous accounting commands ................................ see acct(1M)
acctdusg: overview of accounting and miscellaneous accounting commands ................................ see acct(1M)
acctmerg(1M): acctmerg ........................................................................... merge or add total accounting files
accton: overview of accounting and miscellaneous accounting commands .................................... see acct(1M)
acctprc(1M): acctprc1, acctprc2 .................................................................................... process accounting
acctprc1: convert process accounting .................................................................................... see acctprc(1M)
acctprc2: summarize process accounting .............................................................................. see acctprc(1M)
acctsh(1M): chargefee, ckpacct, dodisk, lastlogin, monacct, nulladm, prctmp, prdaily,
prtacct, shutacct, startup, turnacct .............................................. shell procedures for accounting
acctwtmp: overview of accounting and miscellaneous accounting commands ................................ see acct(1M)
arp(1M): arp .......................................................................................... address resolution display and control
asecure(1M): asecure ................................................ control access to audio on a workstation; OBSOLETED
aserver(1M): Aserver ................................................................................................... start the audio server
audevent(1M): audevent ..................................... change or display profile, event, or system call audit status
audisp(1M): audisp ........................................................................... display the requested audit information
audomon(1M): audomon .................................................................................. audit overflow monitor daemon
audsys(1M): audsys .................................... start/halt the auditing system; set/display audit trail information
audusr(1M): audusr ......................................................................................................... select users to audit
authadm(1M): authadm ....... non-interactive editing of the authorization information in the RBAC databases
authck(1M): authck ..................................................... check internal consistency of Authentication database
auto_parms(1M): auto_parms .............................. initial system configuration plus DHCP support command
automount(1M): automount ............................................................................ install automatic mount points
automountd(1M): automountd ....................................................................... autofs mount/unmount daemon
autopush(1M): autopush .................... manage system database of automatically pushed STREAMS modules
backup(1M): backup .......................................................................................... backup or archive file system
bastille(1M): bastille .................................................................................................. system lockdown tool
bastille_drift(1M): bastille_drift ........................................................ system configuration drift analyzer
bdf(1M): bdf .................................................................... report number of free disk blocks (Berkeley version)
bgpd(1M): bgpd ................................................................................................. BGP routing daemon for IPv6
biod(1M): biod ............................................................................................................................ NFS daemon
boot(1M): boot ...................................................................................................................... bootstrap process
bootpd(1M): bootpd ........................................................................................... Internet Boot Protocol server
bootpquery(1M): bootpquery .......................................................... send BOOTREQUEST to BOOTP server
cachefspack(1M): cachefspack ......................................................... pack files and file systems in the cache
cachefsstat(1M): cachefsstat ........................................................................... Cache File System statistics
captoinfo(1M): captoinfo ...................................... convert a termcap description into a terminfo description
catman(1M): catman ............................................................... create cat and whatis files for online manpages
cfsadmin(1M): cfsadmin
....................................... administer disk space used for caching file systems with the CacheFS statistics
ch_rc(1M): ch_rc ........................................................................................... change system configuration file
chargefee: shell procedures for accounting; charge fee to user ................................................ see acctsh(1M)
check_patches(1M): check_patches .......................................................... HP-UX 11i V3 patch check utility
chnlspath(1M): chnlspath ............................................................................. configure message catalog path
chroot(1M): chroot ................................................................................ change root directory for a command
ckpacct: shell procedures for accounting; check size of accounting file ..................................... see acctsh(1M)
cleanup(1M): cleanup ........................................................................................ HP-UX patch cleanup utility

HP-UX 11i Version 3: February 2007 Hewlett-Packard Company 13

Table of Contents
Volumes Three and Four

Entry Name(Section): name Description

clear_locks(1M): clear_locks ...................................................... clear locks held on behalf of an NFS client
closewtmp: overview of accounting and miscellaneous accounting commands .............................. see acct(1M)
clri(1M): clri ................................................................................................................................. clear inode
clrsvc(1M): clrsvc ....................................................................................... clear x25 switched virtual circuit
cmdprivadm(1M): cmdprivadm
noninteractive editing of a command’s authorization and privilege information in the privrun database
cmpt_tune(1M): cmpt_tune ....................................... query, enable, or disable compartmentalization feature
convert_awk(1M): convert_awk ................................................. converts old sendmail.cf files to new format
convertfs(1M): convertfs ............................................... convert an HFS file system to allow long file names
coreadm(1M): coreadm ............................................................................................... core file administration
cplxmodify(1M): cplxmodify ........................................................... modify an attribute of a system complex
cpset(1M): cpset .................................................................................. install object files in binary directories
crashconf(1M): crashconf .............................................................................. configure system crash dumps
crashutil(1M): crashutil .................................................................................. manipulate crash dump data
create_sysfile(1M): create_sysfile .................................................................... create a kernel system file
cron(1M): cron ..................................................................................................... timed-job execution daemon
dcopy(1M): dcopy ................................................................................. copy HFS file system with compaction
devnm(1M): devnm ....................................................................................................................... device name
df(1M): df .................................................................................... report number of free file system disk blocks
df_hfs(1M): df ............................................ report number of free CDFS, HFS, or NFS file system disk blocks
dhcpclient(1M): dhcpclient ..................................... Client for Dynamic Host Configuration Protocol Server
dhcpdb2conf(1M): dhcpdb2conf .................................................................. DHCP client database converter
dhcptools(1M): dhcptools .................................................... comand line tools for DHCP elements of bootpd
dhcpv6clientd(1M): dhcpv6clientd .......................................................................... DHCPv6 client daemon
dhcpv6d(1M): dhcpv6d .................................... Dynamic Host Configuration Protocol Server daemon for IPv6
dhcpv6db2conf(1M): dhcpv6db2conf ....................................................... DHCPv6 client database converter
dig(1M): dig ........................................................................................................... domain information groper
diskinfo(1M): diskinfo ..................................................................... describe characteristics of a disk device
disksecn(1M): disksecn ............................................................................ calculate default disk section sizes
diskusg(1M): diskusg ..................................................................... generate disk accounting data by user ID
dmesg(1M): dmesg ........................................................... collect system diagnostic messages to form error log
dodisk: shell procedures for accounting; perform disk accounting ............................................ see acctsh(1M)
dpp(1M): dpp ........................................................................... dedicated ports parser used by DDFA software
dump(1M): dump, rdump .................................................................................... incremental file system dump
dumpfs(1M): dumpfs .......................................................................................... dump file system information
edquota(1M): edquota ............................................................................................................ edit disk quotas
efi_cp(1M): efi_cp ...................................................................................................... copy to or from EFI file
efi_fsinit(1M): efi_fsinit .................................................... write an EFI file system header on a device file
efi_ls(1M): efi_ls ...................................................... list EFI file information or contents of an EFI directory
efi_mkdir(1M): efi_mkdir .......................................................................................... make an EFI directory
efi_rm(1M): efi_rm ............................................................................................................ remove an EFI file
efi_rmdir(1M): efi_rmdir ........................................................................................ remove an EFI directory
envd(1M): envd ...................................................................................... system physical environment daemon
esmd(1M): esmd ........................................................................................ Essential Services Monitor Daemon
evmchmgr(1M): evmchmgr .......................................................................... Event Manager channel manager
evmd(1M): evmd .......................................................................................................... Event Manager daemon
evmlogger(1M): evmlogger .......................................................................................... Event Manager logger
evmreload(1M): evmreload ............................................................. reload Event Manager configuration files
evmstart(1M): evmstart .......................................................................................... start the Event Manager
evmstop(1M): evmstop .............................................................................................. stop the Event Manager
exportfs(1M): exportfs ............................................ translates exportfs options to share/unshare commands
extendfs(1M): extendfs ............................................................................. extend a file system size (generic)
extendfs_hfs(1M): extendfs ................................................................................ extend HFS file system size
fbackup(1M): fbackup ................................................................................................ selectively back up files
fcmsutil(1M): fcmsutil .......................................................... Fibre Channel Mass Storage Utility Command
fdetach(1M): fdetach ............................................. detach a STREAMS-based file descriptor from a filename
ff(1M): ff ........................................................................................ list file names and statistics for file system
ff_hfs(1M): ff ......................................................................... list file names and statistics for HFS file system
fingerd(1M): fingerd ..................................................................................... remote user information server
fixman(1M): fixman ......................................................... fix manpages for faster viewing with man command
format(1M): format ................................................................................... format an HP SCSI disk array LUN

14 Hewlett-Packard Company HP-UX 11i Version 3: February 2007

 Table of Contents
Volumes Three and Four

Entry Name(Section): name Description

frecover(1M): frecover .............................................................................................. selectively recover files
frupower(1M): frupower ..................... turn on/off or display current status of power for cells and I/O chassis
fsadm(1M): fsadm ................................................................................... file system administration command
fsadm_hfs(1M): fsadm_hfs ............................................................ HFS file system administration command
fsck(1M): fsck .................................................................. file system consistency check and interactive repair
fsck: HFS file system consistency check and interactive repair ............................................. see fsck_hfs(1M)
fsck_cachefs(1M): fsck_cachefs .............................................. check integrity of data cached with CacheFS
fsck_hfs(1M): fsck ................................................... HFS file system consistency check and interactive repair
fsclean(1M): fsclean ....................................................... determine the shutdown status of HFS file systems
fsdaemon(1M): fsdaemon ........................................... pass-through daemon for processing system commands
fsdb(1M): fsdb ................................................................................................... file system debugger (generic)
fsdb_hfs(1M): fsdb .................................................................................................. HFS file system debugger
fsirand(1M): fsirand ........................................................................ install random inode generation numbers
fstadm: fstadm ...................................................................... defines and manages file system stack templates
fstyp(1M): fstyp .................................................................................................... determine file system type
fsweb(1M): fsweb
...................... launch the Disks and File Systems tool of HP System Management Homepage (HP SMH)
ftpd(1M): ftpd ....................................................................................................... file transfer protocol server
fuser(1M): fuser .............................................................................. list processes using a file or file structure
fwtmp(1M): fwtmp, wtmpfix ............................................................... manipulate connect accounting records
gated(1M): gated ...................................................................................................... gateway routing daemon
gdc(1M): gdc .............................................................................................. operational user interface for gated
geocustoms(1M): geocustoms ..................................... configure system language on multi-language systems
getfilexsec(1M): getfilexsec ............................................ display security attributes of binary executable(s)
getmemwindow(1M): getmemwindow
...................................................... extract window IDs of user processes from /etc/services.window
getprocxsec(1M): getprocxsec .......................................................... display security attributes of a process
getprpw(1M): getprpw ........................................................................... display protected password database
getrules(1M): getrules ......................................................................................... display compartment rules
getty(1M): getty .............................................................. set terminal type, modes, speed, and line discipline
getx25(1M): getx25 ....................................................................................................................... get x25 line
groupadd(1M): groupadd ................................................................................ add a new group to the system
groupdel(1M): groupdel ................................................................................ delete a group from the system
groupmod(1M): groupmod ................................................................................. modify a group on the system
grpck: password/group file checkers ........................................................................................... see pwck(1M)
gsscred(1M): gsscred .................................................................. add, remove and list gsscred table entries
gsscred_clean(1M): gsscred_clean .......................... remove duplicate entries from gsscred mapping table
gssd(1M): gssd .......................................................... generates and validates GSS-API tokens for kernel RPC
hosts_to_named(1M): hosts_to_named ................................. translate host table to name server file format
hotplugd(1M): hotplugd ................................................... PCI I/O hotplug (attention button) events daemon
hpsmh(1M): hpsmh ........................................... starts or stops the HP System Management Homepage server
hpux(1M): hpux ................................................................................. HP-UX bootstrap and installation utility
hpux.efi(1M): hpux.efi .............................................................. HP-UX bootstrap for Itanium-based systems
identd(1M): identd ......................................................................................... TCP/IP IDENT protocol server
idisk(1M): idisk .................................................................. create partitions for disks on an Integrity system
ifconfig(1M): ifconfig ...................................................................... configure network interface parameters
inetd(1M): inetd ...................................................................................................... Internet services daemon
inetsvcs_sec(1M): inetsvcs_sec ................................................... enable or disable secure internet services
infocmp(1M): infocmp .................................................................. compare or print out terminfo descriptions
init(1M): init ...................................................................................................... process control initialization
insf(1M): insf ......................................................................................................... install special (device) files
install(1M): install ............................................................................................................ install commands
intctl(1M): intctl ............................................................... manage the interrupt configuration of the system
io_redirect_dsf(1M): io_redirect_dsf
......................................... redirect the persistent device special file from one device to a different device
iobind(1M): iobind .................................................................................................... bind a driver to a device
iofind(1M): iofind ..................................... search for or replace legacy device special files or hardware paths
ioinit(1M): ioinit
..................... test and maintain consistency between the kernel I/O data structures and the ioconfig files
ioscan(1M): ioscan .......................................................................................................... scan the I/O system
isisd(1M): isisd ............................. the Intermediate System to Intermediate System (IS-IS) routing daemon

HP-UX 11i Version 3: February 2007 Hewlett-Packard Company 15

Table of Contents
Volumes Three and Four

Entry Name(Section): name Description

isl(1M): isl ...................................................................................................................... initial system loader
itemap(1M): itemap ............................................... load a keymap into the Internal Terminal Emulator (ITE)
kclog(1M): kclog ..................................................................................... manage kernel configuration log file
kcmodule(1M): kcmodule ................................................................. manage kernel modules and subsystems
kconfig(1M): kconfig ........................................................................................ manage kernel configurations
kcpath(1M): kcpath .............................................................................. print kernel configuration pathnames
kctune(1M): kctune .................................................................................. manage kernel tunable parameters
kcweb(1M): kcweb .............................................. starts the HP-UX kernel configuration tool (a Web interface)
keyenvoy(1M): keyenvoy ...................................................................................... talk to the keyserv process
keyserv(1M): keyserv .................................................................... server for storing private encryption keys
killall(1M): killall .................................................................................................... kill all active processes
killsm(1M): killsm ................................................................................................. kills the sendmail daemon
kl(1M): kl ....................................................................................................................... control kernel logging
krs_flush(1M): krs_flush .............................................................. flush kernel registry services data to disk
krsd(1M) ........................................................................................................... kernel registry services daemon
kwdb(1M): kwdb ............................ invoke KWDB, the source level kernel debugger and crash dump analyzer
labelit: copy a file system with label checking ..................................................................... see volcopy(1M)
labelit: copy file systems with label checking ............................................................... see volcopy_hfs(1M)
lanadmin(1M): lanadmin ............................................................. local area network administration program
lanadmin_vlan(1M): lanadmin_vlan .......................................................................... virtual LANs (VLANs)
lanadmin_vlan: virtual LANs (VLANs) .................................................................... see lanadmin_vlan(1M)
lanscan(1M): lanscan ................................................................. display LAN device configuration and status
lastlogin: shell procedures for accounting; show last login date ............................................. see acctsh(1M)
ldapclientd(1M): ldapclientd .......................................................................... LDAP client daemon process
libcadmin(1M): libcadmin ................................................................................ libc administration command
link(1M): link, unlink ........................... execute link() and unlink() system calls without error checking
linkloop(1M): linkloop ....................................................... verify LAN connectivity with link-level loopback
livedump(1M): livedump ............................................................... initiates, configures, and stops Live Dump
localedef(1M): localedef ................................................................................ generate a locale environment
lockd(1M): rpc.lockd .................................................................................................... network lock daemon
logins(1M): logins .................................................................................... display system and user login data
lpadmin(1M): lpadmin ................................................................................. configure the LP spooling system
lpana(1M): lpana ........................................................... display LP spooler performance analysis information
lpfence: define the minimum priority for printing ................................................................ see lpsched(1M)
lpmove: move requests between LP destinations .................................................................... see lpsched(1M)
lpsched(1M): lpsched, lpshut, lpmove, lpfence ...................... start the LP request scheduler; stop the LP
request scheduler; move requests between LP destinations; define the minimum priority for printing
lpshut: stop the LP request scheduler ................................................................................... see lpsched(1M)
lsdev(1M): lsdev ............................................................................................ list device drivers in the system
lssf(1M): lssf ......................................................................................................................... list a special file
lugadmin(1M): lugadmin .................................................. long user and group name enablement and display
lvchange(1M): lvchange ............................................................... change LVM logical volume characteristics
lvcreate(1M): lvcreate ............................................................... create logical volume in LVM volume group
lvdisplay(1M): lvdisplay ...................................................... display information about LVM logical volumes
lvextend(1M): lvextend ................................ stripe, increase space, increase mirrors for LVM logical volume
lvlnboot(1M): lvlnboot ............ prepare LVM logical volume to be root, boot, primary swap, or dump volume
lvmchk(1M): lvmchk ....................... check if disk volume is under HP Logical Volume Manager (LVM) control
lvmerge(1M): lvmerge .............................................. merge two LVM logical volumes into one logical volume
lvreduce(1M): lvreduce ........................................ decrease physical extents allocated to LVM logical volume
lvremove(1M): lvremove ..................................................... remove logical volumes from LVM volume group
lvrmboot(1M): lvrmboot ................. remove LVM logical volume link to root, primary swap, or dump volume
lvsplit(1M): lvsplit ............................................ split mirrored LVM logical volume into two logical volumes
lvsync(1M) : lvsync ............................................................ synchronize stale mirrors in LVM logical volumes
lwresd(1M): lwresd ............................................................................................ lightweight resolver daemon
makedbm(1M): makedbm ......................................................... make a Network Information System database
makemap(1M): makemap .......................................................................... creates database maps for sendmail
map-mbone(1M): map-mbone, .................................................................. multicast router connection mapper
mc(1M): mc ................................................................................................ media changer manipulation utility
mk_kernel(1M): mk_kernel ...................................................... load a kernel configuration from a system file
mkboot(1M): mkboot, rmboot ........................................... install, update or remove boot programs from disk
mkfs(1M): mkfs ............................................................................................... construct a file system (generic)

16 Hewlett-Packard Company HP-UX 11i Version 3: February 2007

 Table of Contents
Volumes Three and Four

Entry Name(Section): name Description

mkfs_hfs(1M): mkfs ............................................................................................ construct an HFS file system
mklost+found(1M): mklost+found ............................. make a lost+found directory for the fsck command
mknod(1M): mknod .............................................................................................. create special and FIFO files
mksf(1M): mksf ...................................................................................................... make a special (device) file
modprpw(1M): modprpw ......................................................................... modify protected password database
monacct: shell procedures for accounting; create accounting summary .................................... see acctsh(1M)
mount(1M): mount, umount .......................................................................... mount and unmount file systems
mount: mount and unmount CDFS file systems ............................................................... see mount_cdfs(1M)
mount: mount and unmount HFS file systems ................................................................... see mount_hfs(1M)
mount: mount and unmount remote NFS resources ........................................................... see mount_nfs(1M)
mount: mount CacheFS file systems ........................................................................... see mount_cachefs(1M)
mount_cachefs(1M): mount, umount ............................................. mount and unmount CacheFS file systems
mount_cdfs(1M): mount, umount ....................................................... mount and unmount CDFS file systems
mount_hfs(1M): mount, umount ........................................................... mount and unmount HFS file systems
mount_lofs(1M): mount ......................................................................................... mount an LOFS file system
mount_nfs(1M): mount, umount ................................................... mount and unmount remote NFS resources
mountall(1M): mountall, umountall ............................................ mount and unmount multiple file systems
mountd(1M): mountd, rpc.mountd ........................................... NFS mount request and access checks server
mrinfo(1M): mrinfo, ............................................................. multicast routing configuration information tool
mrouted(1M): mrouted ....................................................................................... IP multicast routing daemon
mtail(1M): mtail ..................................................................................... displays the last part of the mail log
mvdir(1M): mvdir .................................................................................................................. move a directory
naaagt(1M): naaagt ......................................................................................... Native Agent Adapter for SNMP
named(1M): named ............................................................................................. Internet domain name server
ncheck(1M): ncheck ....................................................................... generate path names from inode numbers
ncweb(1M): ncweb ............................................................... launch the Network Interfaces Configuration and
Network Services Configuration tools of HP System Management Homepage (HP SMH)
ndd(1M): ndd ............................................................................................................................. network tuning
ndp(1M): ndp ..................................................................... IPv6 Neighbor Discovery cache display and control
netfmt(1M): netfmt ............................................................................. format tracing and logging binary files
nettl(1M): nettl ....................................................................................... control network tracing and logging
nettladm(1M): nettladm ............................................... network tracing and logging administration manager
nettlconf(1M): nettlconf ................................................................ configure tracing and logging commands
newaliases(1M): newaliases .................................................... rebuilds the database for the mail aliases file
newfs(1M): newfs .................................................................................................. construct a new file system
newfs: construct a new HFS file system ............................................................................. see newfs_hfs(1M)
newfs_hfs(1M): newfs ................................................................................... construct a new HFS file system
newkey(1M): newkey ................................................................. create a new key in publickey database file
nfs4cbd(1M): nfs4cbd .................................................................................... NFS Version 4 callback daemon
nfsd(1M): nfsd ............................................................................................................................ NFS daemon
nfslogd(1M): nfslogd ........................................................................................................ nfs logging daemon
nfsmapid(1M): nfsmapid ................................................................. NFS user and group id mapping daemon
nfsstat(1M): nfsstat ....................................................................................... Network File System statistics
ntpdate(1M): ntpdate ............................................................................................ set time and date via NTP
ntpq(1M): ntpq .................................................................................... Network Time Protocol query program
nulladm: shell procedures for accounting; create null file ......................................................... see acctsh(1M)
nwmgr(1M): nwmgr ......................... network interface management command for LAN and RDMA interfaces
nwmgr: network interface management command for VLAN interface ............................ see nwmgr_vlan(1M)
nwmgr: network interface management command for btlan driver ................................ see nwmgr_btlan(1M)
nwmgr: network interface management command for intl100 driver ........................... see nwmgr_intl100(1M)
nwmgr_btlan(1M): nwmgr ...................................... network interface management command for btlan driver
nwmgr_intl100(1M): nwmgr ................................ network interface management command for intl100 driver
nwmgr_vlan(1M): nwmgr .................................. network interface management command for VLAN interface
ocd(1M): ocd .................................................................. outbound connection daemon used by DDFA software
ocdebug(1M): ocdebug ............................. outbound connection daemon debug utility used by DDFA software
olrad(1M): olrad
command for Online Addition/Replacement/Deletion of PCI I/O cards and Online Addition of I/O chassis
opx25(1M): opx25 ................................................................................................. execute HALGOL programs
ospf_monitor(1M): ospf_monitor ............................................................................ monitor OSPF gateways
owners(1M): owners .................................................................. lists owners of outgoing network connections
parcreate(1M): parcreate ........................................................................................... create a new partition

HP-UX 11i Version 3: February 2007 Hewlett-Packard Company 17

Table of Contents
Volumes Three and Four

Entry Name(Section): name Description

parmodify(1M): parmodify ................................................................................. modify an existing partition
parolrad(1M): parolrad ..................... online activation of a cell from nPartition; cancel online cell operation;
monitor online cell operation; reset hung cell during cell activation
parremove(1M): parremove ............................................................................... remove an existing partition
parunlock(1M): parunlock ............... unlock stable complex profile or cancel pending changes to complex or
partition configuration data
pcnfsd(1M): rpc.pcnfsd ...................................................... PC-NFS authentication and print request server
pcserver(1M): pcserver .................................................................. Basic Serial and HP AdvanceLink server
pdc(1M): pdc ........................................................................................... processor-dependent code (firmware)
pdweb(1M): pdweb ............................ start the HP-UX Peripheral Device tool, part of the SMH Web interface
ping(1M): ping ........................................... send echo request packets to a network host; test host availability
power_onoff(1M): power_onoff ........................................................................... timed, system power on/off
pppoerd(1M): pppoerd .................................................... PPPoE (Point to Point Protocol over Ethernet) relay
pppoesd(1M): pppoesd ..................................... PPPoE (Point-to-Point Protocol over Ethernet) server daemon
prctmp: shell procedures for accounting; print session record file ............................................. see acctsh(1M)
prdaily: shell procedures for accounting; print daily report .................................................... see acctsh(1M)
privedit(1M): privedit ........................................ let authorized users edit files that are under access control
privrun(1M): privrun ...................... invoke another application with privileges after performing appropriate
authorization checks and optionally reauthenticating the user
prtacct: shell procedures for accounting; print accounting file ................................................ see acctsh(1M)
psfontpf(1M): psfontpf ..................................................................... internationalized PostScript print filter
psmsgen(1M): psmsgen .............................................................. model script configuration utility for psfontpf
psrset(1M): psrset ...................................................................................... create and manage processor sets
pvchange(1M): pvchange .... change characteristics and access path of physical volume in LVM volume group
pvck(1M): pvck ......................................................... check or repair a physical volume in LVM volume group
pvcreate(1M): pvcreate ................................................ create physical volume for use in LVM volume group
pvdisplay(1M): pvdisplay ........................ display information about physical volumes in LVM volume group
pvmove(1M): pvmove ........... move physical extents from one LVM physical volume to other physical volumes
pvremove(1M): pvremove ............................................................................. remove an LVM physical volume
pwck(1M): pwck, grpck ....................................................................................... password/group file checkers
pwconv(1M): pwconv .................................................................... install, update or check the /etc/shadow file
pwgr_stat(1M): pwgr_stat ............................................... password and group hashing and caching statistics
pwgrd(1M): pwgrd .............................................................. password and group hashing and caching daemon
pwunconv(1M): pwunconv ....................................................... convert passwords from shadow to nonshadow
quot(1M): quot ............................................................................................. summarize file system ownership
quot_hfs(1M): quot .............................................................................. summarize HFS file system ownership
quotacheck(1M): quotacheck ............................................................... file system quota consistency checker
quotacheck_hfs(1M): quotacheck ......................................... quota consistency checker for HFS file systems
quotaoff: turn HFS file system quotas off ............................................................................ see quotaon(1M)
quotaon(1M): quotaon, quotaoff ...................................................... turn HFS file system quotas on and off
rad(1M): rad ......................................................................................... rad features have been moved to olrad
ram_monitor(1M): ram_monitor ........................................... Route Administration Manager (RAM) monitor
ramd(1M): ramd ................................................................... Route Administration Manager Daemon for IPv6
rarpc(1M): rarpc .......................................................................... Reverse Address Resolution Protocol client
rarpd(1M): rarpd ...................................................................... Reverse Address Resolution Protocol daemon
rbacdbchk(1M): rbacdbchk .......... verify the syntax of the Role-Based Access Control (RBAC) database files
rc(1M): rc ...................................................... general purpose sequencer invoked upon entering new run level
rcancel(1M): rcancel .......................................... remove requests from a remote line printer spooling queue
rdc(1M): rdc ........................................................ user interface for Routing Administration Manager (RAMD)
rdpd(1M): rdpd ............................................................................................ router discovery protocol daemon
rdump: incremental file system dump across network ................................................................ see dump(1M)
reboot(1M): reboot ............................................................................................................. reboot the system
reject: prevent LP printer queuing requests ........................................................................... see accept(1M)
remshd(1M): remshd ......................................................................................................... remote shell server
renice(1M): renice ..................................................................................... alter priority of running processes
repquota(1M): repquota ................................................................................... summarize file system quotas
restore(1M): restore, rrestore ........................... restore file system incrementally, local or over a network
rexd(1M): rexd ......................................................................................... RPC-based remote execution server
rexecd(1M): rexecd ................................................................................................... remote execution server
ripngd(1M): ripngd ........................................................................................ RIPng routing daemon for IPv6
ripquery(1M): ripquery .................................................................................................. query RIP gateways

18 Hewlett-Packard Company HP-UX 11i Version 3: February 2007

 Table of Contents
Volumes Three and Four

Entry Name(Section): name Description

rlogind(1M): rlogind ....................................................................................................... remote login server
rlp(1M): rlp ........................................................................... send LP line printer request to a remote system
rlpdaemon(1M): rlpdaemon .................................. line printer daemon for LP requests from remote systems
rlpstat(1M): rlpstat .................................................. print status of LP spooler requests on a remote system
rmboot: install, update or remove boot programs from disk ................................................... see mkboot(1M)
rmsf(1M): rmsf .................................................................................................... remove a special (device) file
rmt(1M): rmt ........................................................................................ remote magnetic-tape protocol module
roleadm(1M): roleadm ......................... noninteractive editing of role-related information in RBAC databases
route(1M): route ..................................................................................... manually manipulate routing tables
rpc.lockd: network lock daemon .............................................................................................. see lockd(1M)
rpc.mountd: NFS mount requests and access checks server .................................................. see mountd(1M)
rpc.nisd_resolv(1M): rpc.nisd_resolv ........................................................... DNS service daemon for NIS
rpc.pcnfsd: PC-NFS authentication and print request server ................................................ see pcnfsd(1M)
rpc.statd: network status monitor ........................................................................................... see statd(1M)
rpc.yppasswdd: daemon for modifying Network Information Service passwd database
................................................................................................................................ see yppasswdd(1M)
rpc.ypupdated: hex encryption and utility routines ........................................................ see ypupdated(1M)
rpcbind(1M): rpcbind .................................................. universal addresses to RPC program number mapper
rpcinfo(1M): rpcinfo ................................................................................................. report RPC information
rquotad(1M): rquotad ..................................................................................................... remote quota server
rrestore: restore file system incrementally over a network ..................................................... see restore(1M)
rstatd(1M): rstatd ......................................................................................................... kernel statistics server
rtradvd(1M): rtradvd ........................................................................ Router Advertisement daemon for IPv6
runacct(1M): runacct ..................................................................................................... run daily accounting
rusersd(1M): rusersd ................................................................................................ network username server
rwall(1M): rwall ......................................................................................... write to all users over a network
rwalld(1M): rwalld ........................................................................................................... network rwall server
rwhod(1M): rwhod ........................................................................................................... system status server
sa1(1M): sa1, sa2, sadc ................................................................................... system activity report package
sa2: system activity report package ............................................................................................... see sa1(1M)
sadc: system activity report package ............................................................................................. see sa1(1M)
sam(1M): sam .................................................................................................. system administration manager
sar(1M): sar ............................................................................................................... system activity reporter
savecrash(1M): savecrash ........................................................... save a crash dump of the operating system
scsictl(1M): scsictl ...................................................................................................... control a SCSI device
scsimgr(1M): scsimgr ...................................................................... SCSI management and diagnostic utility
sd: create and monitor jobs ........................................................................................................ see swjob(1M)
security_patch_check(1M): security_patch_check
.................................................. check security-bulletin compliance state of HP-UX 11.x system or depot
secweb(1M): secweb .............................................. invokes the HP-UX Security Attributes Configuration tool
sendmail(1M): sendmail ...................................................................................... send mail over the Internet
service.switch(1M): service.switch ................................. indicate lookup sources and fallback mechanism
set_parms(1M): set_parms
................... set system initial identity parameters: hostname, date/time, root password, and networking
setboot(1M): setboot ........................................................ display and modify boot variables in stable storage
setfilexsec(1M): setfilexsec ............................................... set extended security attributes on a binary file
setmemwindow(1M): setmemwindow
........................... change window ID of running program or start program in particular memory window
setoncenv(1M): setoncenv ............................................................ NFS environment configuration command
setprivgrp(1M): setprivgrp ......................................................................... set special privileges for groups
setrules(1M): setrules ............................................................................................... set compartment rules
setuname(1M): setuname ................................................................................... change machine information
share(1M): share ............................................ make local resource available for mounting by remote systems
share: make local NFS file systems available for mounting by remote systems .................. see share_nfs(1M)
share_nfs(1M): share ........................ make local NFS file systems available for mounting by remote systems
shareall(1M): shareall, unshareall ....................................................... share, unshare multiple resources
showmount(1M): showmount ..................................................................................... show all remote mounts
shutacct: shell procedures for accounting; turn off accounting ................................................ see acctsh(1M)
shutdown(1M): shutdown .......................................................................................... terminate all processing
sig_named(1M): sig_named ............................................................... send signals to the domain name server
slpd(1M): slpd .................................................................................. Service Location Protocol (SLP) Daemon

HP-UX 11i Version 3: February 2007 Hewlett-Packard Company 19

Table of Contents
Volumes Three and Four

Entry Name(Section): name Description

slpdc(1M): slpdc ......................................................................................................... send signals to the slpd
slweb(1M): slweb ............................................ start the HP-UX hardware event viewer tool (a Web interface)
smh(1M): smh .......................................................................... HP System Management Homepage (HP SMH)
smhstartconfig(1M): smhstartconfig
............. configures the startup mode of the HPSMH server and of the Tomcat instance used by HPSMH
smrsh(1M): smrsh ................................................................................................ restricted shell for sendmail
snmpd(1M): snmpd ........................................................................... daemon that responds to SNMP requests
softpower(1M): softpower ........................................................ determine if softpower hardware is installed
spray(1M): spray ....................................................................................................................... spray packets
sprayd(1M): rpc.sprayd, sprayd ............................................................................................... spray server
sprayd: spray server ............................................................................................................... see sprayd(1M)
st(1M): st ............................................................................................................... shared tape administration
startup: shell procedures for accounting; start up accounting ................................................. see acctsh(1M)
statd(1M): statd, rpc.statd ..................................................................................... network status monitor
strace(1M): strace ................................................ write STREAMS event trace messages to standard output
strchg(1M): strchg, strconf ............................................................... change or query stream configuration
strclean(1M): strclean ................................................................. remove outdated STREAMS error log files
strconf: query stream configuration ....................................................................................... see strchg(1M)
strerr(1M): strerr ...................................................... receive error messages from the STREAMS log driver
strvf(1M): strvf .................................................................................................... STREAMS verification tool
swacl(1M): swacl ..................................................................................... view or modify Access Control Lists
swagent: perform software management tasks as the agent of an SD command ................. see swagentd(1M)
swagentd(1M): swagentd, swagent ....................... serve local or remote SD-UX software management tasks
swapinfo(1M): swapinfo .............................................................................. system paging space information
swapon(1M): swapon ............................................................................ enable device or file system for paging
swask(1M): swask .......................................................................................... ask for user response for SD-UX
swconfig(1M): swconfig ........................................... configure, unconfigure, or reconfigure installed software
swcopy: copy software products for subsequent installation or distribution .......................... see swinstall(1M)
swgettools(1M): swgettools ................................... utility for retrieving the SD product from new SD media
swinstall(1M): swcopy, swinstall ............... install and configure software products, copy software products
swjob(1M): swjob, sd ........................................ display job information, remove jobs, create and monitor jobs
swlist(1M): swlist ...................................................................... display information about software products
swmodify(1M): swmodify .................................................. modify software products in a target root or depot
swpackage(1M): swpackage ......................................... package software products into a target depot or tape
swreg(1M): swreg ................................................................................ register or unregister depots and roots
swremove(1M): swremove ............................................................. unconfigure and remove software products
swverify(1M): swverify ............................................................................................ verify software products
sync(1M): sync ........................................................................................................... synchronize file systems
syncer(1M): syncer .......................................................................... periodically sync for file system integrity
sysdef(1M): sysdef ................................................................................................... display system definition
syslogd(1M): syslogd ..................................................................................................... log system messages
talkd(1M): talkd ....................................................................................... remote user communication server
tcpd(1M): tcpd ................................................................................ access control facility for internet services
telnetd(1M): telnetd ................................................................................................ TELNET protocol server
tftpd(1M): tftpd ......................................................................................... trivial file transfer protocol server
tic(1M): tic .......................................................................................................................... terminfo compiler
tsm.lpadmin(1M): tsm.lpadmin ..................................................... add or remove a printer for use with tsm
tunefs(1M): tunefs .................................................................................. tune up an existing HFS file system
turnacct: shell procedures for accounting; turn on or off process accounting ........................... see acctsh(1M)
udpublickey(1M): udpublickey ................................ updates the publickey database file and the NIS map
ugweb(1M): ugweb ............................................ starts the HP-UX User and Group Account Configuration tool
umount: mount and unmount CDFS file systems ............................................................. see mount_cdfs(1M)
umount: mount and unmount remote NFS resources ......................................................... see mount_nfs(1M)
umount: unmount CacheFS file systems ..................................................................... see mount_cachefs(1M)
umount: unmount file systems .................................................................................................. see mount(1M)
umount: unmount HFS file systems ................................................................................... see mount_hfs(1M)
unlink: execute unlink() system call without error checking .................................................... see link(1M)
unshare(1M): unshare ................................ make local resource unavailable for mounting by remote systems
unshare_nfs(1M): unshare_nfs
............................................... make local NFS file systems unavailable for mounting by remote systems
unshareall: share, unshare multiple resources .................................................................... see shareall(1M)

20 Hewlett-Packard Company HP-UX 11i Version 3: February 2007

 Table of Contents
Volumes Three and Four

Entry Name(Section): name Description

untic(1M): untic ............................................................................................................. terminfo de-compiler
update-ux(1M): update-ux ................................................................... updates the HP-UX operating system
updaters(1M): updaters ........................................................................... configuration file for NIS updating
ups_mond(1M): ups_mond ..................................................... Uninterruptible Power System monitor daemon
useradd(1M): useradd .............................................................................. add a new user login to the system
userdbck(1M): userdbck ................................ verify or fix information in the user database, /var/adm/userdb
userdbget(1M): userdbget ................. display information residing in the user database, /var/adm/userdb
userdbset(1M): userdbset ............................... modify information in the user database, /var/adm/userdb
userdel(1M): userdel ............................................................................... delete a user login from the system
usermod(1M): usermod ............................................................................... modify a user login on the system
userstat(1M): userstat ............................................................................. check status of local user accounts
utmp2wtmp: overview of accounting and miscellaneous accounting commands .............................. see acct(1M)
utmpd(1M): utmpd ....................................................................................... user accounting database daemon
uucheck(1M): uucheck ........................................................... check the uucp directories and permissions file
uucico(1M): uucico ...................................................................................... transfer files for the uucp system
uuclean(1M): uuclean ....................................................................................... uucp spool directory clean-up
uucleanup(1M): uucleanup .............................................................................. uucp spool directory clean-up
uucpd(1M): uucpd ..................................................................................... UUCP over TCP/IP server daemon
uugetty(1M): uugetty ....................................................... set terminal type, modes, speed and line discipline
uuls(1M): uuls .............................................................. list spooled uucp transactions grouped by transaction
uusched(1M): uusched ....................................................................................... schedule uucp transport files
uusnap(1M): uusnap ................................................................................ show snapshot of the UUCP system
uusnaps(1M): uusnaps ................................................................................ sort and embellish uusnap output
uusub(1M): uusub ......................................................................................................... monitor uucp network
uuxqt(1M): uuxqt ................................................................... execute remote uucp or uux command requests
vgcfgbackup(1M): vgcfgbackup ..................... create or update LVM volume group configuration backup file
vgcfgrestore(1M): vgcfgrestore ............................................................ restore volume group configuration
vgchange(1M): vgchange ........................................................................... set LVM volume group availability
vgchgid(1M): vgchgid ........................ modify the Volume Group ID (VGID) on a given set of physical devices
vgcreate(1M): vgcreate ......................................................................................... create LVM volume group
vgdisplay(1M): vgdisplay ...................................................... display information about LVM volume groups
vgexport(1M): vgexport ............................... export an LVM volume group and its associated logical volumes
vgextend(1M): vgextend ....................................... extend an LVM volume group by adding physical volumes
vgimport(1M): vgimport ......................................................... import an LVM volume group onto the system
vgmodify(1M): vgmodify
handle physical volume size changes and modify configuration parameters of an existing LVM volume group
vgreduce(1M): vgreduce .............................................. remove physical volumes from an LVM volume group
vgremove(1M): vgremove ............................................ remove LVM volume group definition from the system
vgscan(1M): vgscan ................................................................. scan physical volumes for LVM volume groups
vgsync(1M): vgsync ...................................... synchronize stale logical volume mirrors in LVM volume groups
vhardlinks(1M): vhardlinks
.......................................... checks the consistency of compartment rules for files with multiple hardlinks
vipw(1M): vipw ............................................................................................................... edit the password file
volcopy(1M): volcopy, labelit ........................................................... copy a file system with label checking
volcopy_hfs(1M): volcopy, labelit ..................................................... copy file systems with label checking
vtdaemon(1M): vtdaemon ............................................................................................ respond to vt requests
wall(1M): wall ......................................................................................................... write message to all users
whodo(1M): whodo ................................................................................................ which users are doing what
wtmpfix: manipulate connect accounting records ..................................................................... see fwtmp(1M)
xntpd(1M): xntpd ........................................................................................... Network Time Protocol daemon
xntpdc(1M): xntpdc .............................................................................................. special NTP query program
ypbind: Network Information Service (NIS) server, binder, and transfer processes ................. see ypserv(1M)
ypinit(1M): ypinit .................................................. build and install Network Information Service databases
ypmake(1M): ypmake ............................................... create or rebuild Network Information Service databases
yppasswdd(1M): rpc.yppasswdd ........ daemon for modifying Network Information Service passwd database
yppoll(1M): yppoll .............................................................. query NIS server for information about NIS map
yppush(1M): yppush ............................................ force propagation of Network Information Service database
ypserv(1M): ypserv, ypbind, ypxfrd ...................................................... Network Information Service (NIS)
server, binder, and transfer processes
ypset(1M): ypset ......................................................... bind to particular Network Information Service server
ypupdated(1M): ypupdated, rpc.ypupdated ....................................... server for changing NIS information

HP-UX 11i Version 3: February 2007 Hewlett-Packard Company 21

Table of Contents
Volumes Three and Four

Entry Name(Section): name Description

ypxfr(1M): ypxfr, ypxfr_1perday, ypxfr_1perhour, ypxfr_2perday
....................................................................................... transfer NIS database from server to local node
ypxfr_1perday: transfer NIS database from server to local node ............................................. see ypxfr(1M)
ypxfr_1perhour: transfer NIS database from server to local node ........................................... see ypxfr(1M)
ypxfr_2perday: transfer NIS database from server to local node ............................................. see ypxfr(1M)
ypxfrd: Network Information Service (NIS) server, binder, and transfer processes ................. see ypserv(1M)

22 Hewlett-Packard Company HP-UX 11i Version 3: February 2007

 Section 1M
Part 2

System Administration Commands

N-Z
Section 1M
Part 2

System Administration Commands

N-Z
naaagt(1M) naaagt(1M)

NAME
naaagt - Native Agent Adapter (NAA)

SYNOPSIS
export HP_NAA_CNF= naaCnf
export HP_NAA_PORT= snmpPort
export HP_NAA_GET_COMMUNITY=community
/usr/sbin/naaagt [-K] [-n] [-E priority] [-m logMask] ...
/usr/sbin/naaagt { -h | -help }
DESCRIPTION
The Native Agent Adapter (naaagt ) allows third-party SNMP agents to work with the HP SNMP Master
Agent (snmpdm ).
The Native Agent Adapter runs as a subagent to the HP SNMP Master Agent. naaagt reads the
naaCnf file (see the HP_NAA_CNF environment variable, described below), and it registers each object
identifier (OID) with snmpdm . See the naaCnf File Format section.
After registration is complete, naaagt receives SNMP requests from snmpdm and forwards them to a
non-standard UDP port on the same system (see the HP_NAA_PORT environment variable, described
below). naaagt also receives SNMP responses from the third-party SNMP agent, which is listening to the
non-standard UDP port, and naaagt forwards the responses to snmpdm .
The third-party SNMP agent must listen to the same non-standard UDP port that naaagt sends to
(HP_NAA_PORT ), not the standard SNMP port number (161). Refer to third-party documentation for
instructions on how to accomplish this. The third-party SNMP agent can be started before or after starting
naaagt .
Parameters
-E priority Sets the registration priority. If two subagents register the same OIDs, requests are sent
to the subagent with the highest priority or to the subagent with the same priority that was
the last to register. The priority range is zero (high) to 255 (low). Default: zero. n
-K Causes the Native Agent Adapter (naaagt ) to continue to run, even if the HP SNMP Mas-
ter Agent (snmpdm ) terminates. When snmpdm subsequently restarts, naaagt will re-
establish communication with snmpdm and re-register its OIDs. This option is recom-
mended if the Independent Start-up procedure is used, described below. By default,
naaagt terminates automatically when snmpdm terminates.
Troubleshooting Parameters
-h
-help Displays usage information.
-m logMask Sets the logging mask. logMask may be one of the following names: APWARN , APER-
ROR , APTRACE , APALL , or APNONE . Multiple logging options can be specified by repeat-
ing the -m option. Logging data is written to the SNMP log file,
/var/adm/snmpd.log. Default: APNONE .
-n Causes naaagt to run in foreground. By default, naaagt runs in the background.

Native Agent Adapter Start-up

The Native Agent Adapter start-up procedure may be provided by the vendor of the third-party SNMP
agent. Refer to third-party documentation for instructions.
Automatic Start-up
The third-party SNMP agent and its Native Agent Adapter can be started and stopped automatically dur-
ing system start-up and shutdown. This is accomplished by providing a start-up/shutdown script under the
/sbin/init.d directory, with symbolic links to it under an appropriate /sbin/rc N .d directory. See
the rc(1M) man page for details. See the IndependentStart-up section for procedures for starting naaagt .
Manual Start-up
The third-party SNMP agent and its Native Agent Adapter can be started using the /usr/sbin/snmpd
command by providing start-up and shutdown scripts under /sbin/SnmpAgtStart.d. Normally,

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 25

 naaagt(1M) naaagt(1M)

those scripts are merely symbolic links to the automatic start-up/shutdown script under /sbin/init.d ,
following the same naming conventions documented in the rc(1M) manual page. These scripts are executed
by the /usr/sbin/snmpd command. See the IndependentStart-up section for procedures for starting
naaagt .
Independent Start-up
The third-party SNMP agent and its Native Agent Adapter can be started by entering commands directly
or by executing an arbitrary script. When this approach is used, the naaagt -K option should probably be
used because the third-party agent and adapter will not be restarted by the /usr/sbin/snmpd com-
mand.
The following procedure should be used to start naaagt for each third-party agent.
• Export HP_NAA_PORT , which must be set to a unique port number.
• Export HP_NAA_CNF , which must be set to an absolute path name for a third-party-specific
naaCnf file. Create the naaCnf file; refer to third-party documentation for a list of the OIDs
that are instrumented by the third-party SNMP agent.
• Export HP_NAA_GET_COMMUNITY, which must be set to the community name to be used in
SNMP requests forwarded from naaagt to the third-party SNMP agent. This environment vari-
able is required only if the third-party agent is configured to use a community name other than the
default ("public").
• Create a unique symbolic link to /usr/sbin/naaagt. This makes it convenient to distinguish
each Native Agent Adapter in output from the ps -ef command. Execute the symbolic link to
start naaagt .
• Start the third-party SNMP agent, following procedures in the third-party documentation. This
can be done before or after starting naaagt .

naaCnf File Format

The naaCnf file consists of a list of numeric object identifiers (OIDs), one OID per line. Each OID is a
subtree of MIB variables that are instrumented by the third-party SNMP agent. Refer to third-party docu-
mentation for the list of OIDs. Blank lines and lines beginning with "#" are treated as comments. Leading
n and trailing spaces on a line are ignored. The OID can start with an optional period.
Example
# RDBMS MIB (with leading period)
.1.3.6.1.2.1.39
# Third-party Private MIB (without leading period)
1.3.6.1.4.1.111
# application/applTable MIB
1.3.6.1.2.1.27.1.1
EXTERNAL INFLUENCES
Environment Variables
HP_NAA_CNF The absolute path name for the naaCnf file from which the Native Agent
Adapter reads the OIDs to be registered for its third-party SNMP agent. Default
(not recommended): /etc/SnmpAgent.d/naa.cnf.
HP_NAA_GET_COMMUNITY
The community name that the Native Agent Adapter uses in SNMP requests for-
warded to the third-party SNMP agent. Note that this does not have to match
any community names accepted by the SNMP Master Agent, which are defined in
/etc/SnmpAgent.d/snmpd.conf. This environment variable is required
only if the standard community name ("public") is not accepted by the third-party
SNMP agent. Refer to third-party documentation for instructions regarding
SNMP community names. Default: public.
HP_NAA_PORT The non-standard UDP port number to which the Native Agent Adapter forwards
SNMP requests to the third-party SNMP agent. This must match the port
number that the third-party agent listens to instead of the standard SNMP port
(161). Each third-party SNMP agent must listen to a different non-standard UDP
port number. Default: 8161.

26 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

naaagt(1M) naaagt(1M)

International Code Set Support

Supports single-byte character code sets except where the SNMP protocol supports only 7-bit characters
encoded in ASCII.

WARNINGS
The Native Agent Adapter only supports SNMP read requests (for example, SNMP Get). SNMP Set
requests must be sent directly to the third-party SNMP agent’s non-standard UDP port (HP_NAA_PORT ).
If the HP_NAA_PORT value is not a valid port number, naaagt terminates without writing any error
message either to the display or to /var/adm/snmpd.log.
If there are no valid OIDs in the naaCnf file, naaagt terminates. It does not register a default OID.
There may be unexpected results if the -E priority is outside the valid range.

AUTHOR
naaagt was developed by SNMP Research and Hewlett-Packard Company.
FILES
/etc/SnmpAgent.d/naa.cnf
Default naaCnf file. Not recommended.
/sbin/SnmpAgtStart.d
Directory for SNMP start-up and shutdown scripts.
/usr/sbin/naaagt Native Agent Adapter command.
/usr/sbin/snmpdm HP SNMP Master Agent command.
/var/adm/snmpd.log HP SNMP log file.

SEE ALSO
rc(1M), snmpd(1M), snmpd.conf(4).

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 27

 named(1M) named(1M)
(BIND 9.3)

NAME
named - Internet domain name server

SYNOPSIS
named [-4|-6] [-fgv ] [-c config-file] [-d debuglevel] [-n ncpus] [-p port] [-t directory]
[-u user-id]

DESCRIPTION
named is the Internet domain name system (DNS) server. See RFCs 1033, 1034, and 1035 for more infor-
mation on DNS.
The configuration file contains information about where the name server gets its initial data. See
named.conf(4) for details.
With no arguments, named reads the default configuration file, /etc/named.conf, reads any initial
data, and listens for queries.
named requires superuser privileges to execute.
Options
-4 Use IPv4 only, even if the host machine is capable of IPv6.
-6 Use IPv6 only, even if the host machine is capable of IPv4.
-c config-file
Use config-file instead of the default configuration file, /etc/named.conf. To ensure that
the configuration file can be reloaded after the server has changed its working directory (due to a
possible directory option in the configuration file), config-file should be an absolute path
name.
-d debuglevel
Set the debug level to debuglevel. Debugging traces from named become more verbose as the
debug level increases.
-f Run the server in the foreground; do not fork and daemonize. The default is to daemonize.
n -g Run the server in the foreground and force all logging to standard error.
-n ncpus
Create ncpus worker threads to take advantage of multiple CPUs. By default, named tries to
determine the number of CPUs present and create one thread per CPU. If named cannot deter-
mine the number of CPUs, it creates a single worker thread.
-p port Listen for queries on port number port. The default is port 53.
-t directory
Change root (chroot() ) to directory after processing the command line arguments, but before
reading the configuration file.
Caution: This option should be used with the -u option, because a chrooted process running as
superuser does not enhance security and could escape a "chroot jail".
-u user-id
Specify the user that the server should run as after it initializes. The value specified may be
either a user name or a numeric user ID.
-v Report the version number and exit.

Signals
You can use the following signals to reload or shut down the server process, via the kill command (see
kill(1)):
SIGHUP Causes the server to read its configuration file and reload the database.
SIGINT and SIGTERM
Cause the server to shut down gracefully.
Sending any other signals to the named server will have undefined results.
The sig_named command can also be used to send signals to the server process. See sig_named(1M).

28 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

named(1M) named(1M)
(BIND 9.3)

DIAGNOSTICS
Any errors encountered by named in the configuration file, master files, or in normal operation are logged
with syslog and in the debug file, ./named.run (if debugging is on); then named quits.

AUTHOR
named was developed by the Internet Systems Consortium (ISC).
FILES
/etc/named.conf Name server configuration file
/etc/rc.config.d/namesvrs_dns
Name server startup configuration file
/var/run/named.pid Process ID
./named.run Debug output

SEE ALSO
dnssec-keygen(1), dnssec-signzone(1), host(1), kill(1), nsupdate(1), rndc(1), hosts_to_named(1M),
sig_named(1M), chroot(2), fork(2), signal(2), gethostent(3N), named.conf(4), rndc.conf(4), hostname(5).
Requests for Comments (RFC): 882, 883, 973, 974, 1032, 1033, 1034, 1035, and 1123, available online at
http://www.rfc-editor.org/.
HP-UX IP Address and Client Management Administrator’s Guide, available online at
http://docs.hp.com.
BIND 9 Administrator Reference Manual, available from the Internet Systems Consortium at
http://www.isc.org/sw/bind/arm93.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 29

 ncheck(1M) ncheck(1M)

NAME
ncheck - generate a list of path names from inode numbers

SYNOPSIS
/usr/sbin/ncheck [-F FStype ] [-V] [-o specific_options ] [ special ... ]
DESCRIPTION
ncheck , when invoked without arguments, generates a list of path names corresponding to the inode
numbers of all files contained on the file systems listed in /etc/fstab. If special is specified, ncheck
reports on the special only. Path names generated by ncheck are relative to the given special.

Options
-F FStype Specify the file system type on which to operate (see fstyp(1M) and fs_wrapper(5)). If
this option is not included on the command line, then the file system type is deter-
mined from the file /etc/fstab by matching each special with an entry in that file.
If there is no entry in /etc/fstab , then the file system type is determined from
the file /etc/default/fs.
-o specific_options
Specify options specific to each file system type. specific_options is a list of suboptions
and/or keyword/attribute pairs intended for a specific FStype-specific module of the
command. See the file-system-specific manual pages for a description of the
specific_options supported, if any.
-V Echo the completed command line, but perform no other action. The command line is
generated by incorporating the user-specified options and other information derived
from /etc/fstab . This option allows the user to verify the command line.

EXAMPLES
Execute the ncheck command on all special in /etc/fstab:
ncheck
Execute the ncheck command on HFS file system /dev/dsk/c1d2s0:
n ncheck -F hfs /dev/dsk/c1d2s0
Display a completed command line without executing the command:
ncheck -V /dev/dsk/c1d2s0
FILES
/etc/default/fs Specifies the default system type.
/etc/fstab Static information about the file systems.

AUTHOR
ncheck was developed by AT&T and HP.
SEE ALSO
fstab(4), fstyp(1M), fs_wrapper(5), ncheck_hfs(1M), ncheck_vxfs(1M).

STANDARDS CONFORMANCE
ncheck : SVID2, SVID3

30 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

ncheck_hfs(1M) ncheck_hfs(1M)

NAME
ncheck_hfs: ncheck - generate a list of path names from inode numbers for a HFS file system

SYNOPSIS
/usr/sbin/ncheck [-F hfs ] [-V] [-S sector_ranges] [-i inode-numbers ]
[-a] [-s] [ special ... ]

DESCRIPTION
ncheck , when invoked without arguments, generates a list of path names corresponding to the inode
numbers of all files contained on the HFS file systems listed in /etc/fstab . If special is specified,
ncheck reports on the special only. Path names generated by ncheck are relative to the given special.
Names of directory files are followed by /.
Options
-a Allow printing of the names . and .. , which are ordinarily suppressed.
-F hfs Specify the HFS file system type.
-i inode-numbers
Report only on files whose inode numbers are specified on the command line, in
inode-numbers. inode-numbers is a comma separated list of inode numbers.
-s Report only on special files and regular files with set-user-ID mode. The -s option is
intended to discover concealed violations of security policy.
-V Echo the completed command line, but performs no other action. The command line
is generated by incorporating the user-specified options and other information derived
from /etc/fstab . This option allows the user to verify the command line.
-S sector_ranges
Report only on files using sector numbers specified on the command line in
sector_ranges . sector_ranges is a comma separated list of sector ranges. A sector
range is a starting sector number and an ending sector number separated by a dash,
or just a sector number. The sector numbers should be in DEV_BSIZE units. If no
pathname contains the sector number it will be reported as free or containing file sys-
tem structure. Sectors beyond the end of the file system will be reported as illegal. n
Access Control Lists
Continuation inodes (that is, inodes containing additional access control list information) are quietly
skipped since they do not correspond to any path name.

EXAMPLES
Execute the ncheck command on all special in /etc/fstab:
ncheck
Execute the ncheck command on HFS file system /dev/dsk/c1d2s0:
ncheck -F hfs /dev/dsk/c1d2s0
EXTERNAL INFLUENCES
International Code Set Support
Single- and multi-byte character code sets are supported.

DIAGNOSTICS
When the file system structure is improper, ?? denotes the ‘‘parent’’ of a parentless file and a path-name
beginning with ... denotes a loop.

AUTHOR
ncheck was developed by AT&T and HP.
FILES
/etc/default/fs Specifies the default file system type.
/etc/fstab Static information about the file systems.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 31

 ncheck_hfs(1M) ncheck_hfs(1M)

SEE ALSO
acl(5), fsck(1M), fstab(4), fs_wrapper(5), ncheck(1M), sort(1).

STANDARDS CONFORMANCE
ncheck : SVID2, SVID3

32 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

ncweb(1M) ncweb(1M)

NAME
ncweb - launch the Network Interfaces Configuration and Network Services Configuration tools of HP Sys-
tem Management Homepage (HP SMH)

SYNOPSIS
ncweb [-F] [-b]
ncweb -t
DESCRIPTION
The Network Interfaces Configuration and Network Services Configuration (ncweb ) tools are system
management tools that manage a system by configuring network interfaces and network services on HP-UX
installed systems. These tools provide both Web-based user interface (GUI) and terminal user interface
(TUI).
The ncweb command can launch both the terminal user interface (TUI) and the Web-based interface (GUI)
of the Network Interfaces Configuration and Network Services Configuration tools. In the case of TUI, the
ncweb command launches the Networking and Communications window, from where the user (superuser)
can select Network Interfaces Configuration or Network Services Configuration. In the case of GUI, the
ncweb command launches the Tools page of HP SMH, from where the user (superuser) can select Network
Interfaces Configuration or Network Services Configuration.
You must have superuser privileges to access the Network Interfaces Configuration and the Network Ser-
vices Configuration tools.
With the Network Interfaces Configuration tool, you can configure the following network interfaces:
• Auto Port Aggregation (APA)
• Network Interface Cards (NIC)
• Remote Direct Memory Access (RDMA)
• Virtual LAN (VLAN)
Note: APA and VLAN network interfaces are displayed only if the products are installed on the HP-UX
system.
With the Network Services Configuration tool, you can configure the following network services: n
• Bootable Devices
• DHCPv6
• DNS (BIND)
• Hosts
• NIS
• Name Service Switch
• Network Services
• Networked File Systems
• Routes
• System Access
• Time
When you run ncweb , it attempts to connect to a Mozilla Web browser running on the X server defined by
the DISPLAY environment variable. If ncweb finds a running Mozilla client, it uses that client. Other-
wise, ncweb initiates a new Mozilla session. The new session is initiated only if the Mozilla process is run-
ning in the same system as that referenced by the DISPLAY variable, unless the -F option is used.
Note: By default, ncweb invokes the Mozilla Web browser. To support any other browser (for example,
Netscape), set the BROWSER environment variable as shown below:
export BROWSER=/opt/netscape/netscape
The ncweb command opens the terminal user interface if any of the following conditions are true:
• The command /usr/sbin/ncweb is invoked with the -t option.
• The DISPLAY environment variable is not set.
The ncweb command opens the Web-based interface if all the following conditions are true:
• The command /usr/sbin/ncweb is invoked with -F option.
• The DISPLAY environment variable is set.
• The command /opt/hpsmh/lbin/samweb is available on the system.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 33

 ncweb(1M) ncweb(1M)

If the ncweb command cannot open the Web-based interface, the command opens the terminal user inter-
face.

Options
ncweb recognizes the following options:
-F Force a client browser to be used in less secure ways. The -F option forces the use of a client
browser, even when the X-traffic between the X-server and the Mozilla browser is not secure.
Use the -F option only when the network traffic between the host where Mozilla is running
and the host in the DISPLAY environment variable is secure.
The -F option causes ncweb to invoke the Web-based interface of the Network Interfaces
Configuration and Network Services Configuration tools.
If ncweb cannot start the Web browser, it starts the terminal interface.
-b Generate a temporary login bypass key. The bypass key enables the privileged user to access
the Web interface without having to provide login information again.
The -b option causes ncweb to invoke the Web-based interface of the Network Interfaces
Configuration and Network Services Configuration tools.
-t Open the terminal user interface for managing network interfaces and network services
regardless of the current setting of the DISPLAY environment variable.
Other Ways to Start the Tools
You can also start the Network Interfaces Configuration and Network Services Configuration tools using
one of the following methods:
• Invoke /usr/sbin/sam and select the Networking and Communications functional
area to launch the terminal user interface or press w on the keyboard to launch the Web-based
interface.
• Type the URL http:// hostname :2301/nc/ncweb.cgi in the address bar of the Web
browser to open the Web-based interface. The hostname is the name of the server.
• Open the HP-UX Systems Insight Manager on the server and select the Network Configuration
n tool from the Configure -> HP-UX Configuration menu.
Online Help
The online help is available after the Network Interfaces Configuration tool or Network Services
Configuration tool is open. The online help provides information on how to use the tool.

RETURN VALUES
Upon completion, ncweb returns one of the following values:
0 Successful
1 Error Occurred

AUTHOR
ncweb was developed by Hewlett-Packard.
SEE ALSO
sam(1M), smh(1M).

34 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

ndd(1M) ndd(1M)

NAME
ndd - network tuning

SYNOPSIS
ndd -get network_device parameter
ndd -set network_device parameter value
ndd -h sup [ported ]
ndd -h unsup [ported ]
ndd -h [parameter]
ndd -c
DESCRIPTION
The ndd command allows the examination and modification of several tunable parameters that affect net-
working operation and behavior. It accepts arguments on the command line or may be run interactively.
The -h option displays all the supported and unsupported tunable parameters that ndd provides in the fol-
lowing categories: ARP, IP, IPSEC, IPV6, IPV6 Neighbor Discovery (ND), RAWIP, RAWIP6, SOCKET,
TCP, and UDP.
The tunable parameters in each category may be accessed with the proper valid network_device name. The
network_device name is referred to as TRANSPORT_NAME[] in /etc/rc.config.d/nddconf.
The valid network_device names (and their associated parameter categories) are:
/dev/arp (ARP),
/dev/ip (IP and IPSEC),
/dev/ip6 (IPV6, IPV6 Neighbor Discovery, and IPSEC v6),
/dev/rawip (RAWIP),
/dev/rawip6 (RAWIP6),
/dev/sockets (SOCKET),
/dev/tcp (TCP), and
/dev/udp (UDP).
Set parameter to ? to get a list of parameters for a particular network_device.
n
ndd -get Get the value of the parameter for network_device and print the value to standard
output. Returned numbers are always displayed as decimal strings.
ndd -set Set parameter for network_device to value.
All times are specified in milliseconds; for example, 240000 for 4 minutes. Unless
stated otherwise, numbers are assumed to be in decimal. Use "0x" prefix to specify
hexadecimal values.
In general, all tunable parameters are global; in other words, they affect all instances
of the network module. Some settings take effect immediately, while others are used
to initialize data for an instance and will only affect newly opened streams.
ndd -h supported
Display all the supported tunable parameters. This set of parameters are supported
by HP and detailed descriptions of these tunable parameters are available through the
-h parameter command.
ndd -h unsupported
Display all the unsupported tunable parameters. This set of parameters are not sup-
ported by HP and modification of these tunable parameters are not suggested nor
recommended. Setting any unsupported tunable parameters on your system may
result in adverse effects to your networking operations.
ndd -h When parameter is specified, a detail description of the parameter, along with its
minimum, maximum, and default value are displayed. If no parameter is specified, it
displays all supported and unsupported tunable parameters.
ndd -c Read input from the configuration file /etc/rc.config.d/nddconf and set the
tunable parameters. A user may specify tunable parameters in the nddconf
configuration file, and these parameters will be set automatically each time the sys-
tem boots.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 35

 ndd(1M) ndd(1M)

DIAGNOSTICS
When the command fails, an error message is printed to the standard error and the command terminates
with an exit value of one.

WARNINGS
Care must be used when setting parameters for a network_device. Setting a tunable parameter to an inap-
propriate value can result in adverse affects to your networking operations.

EXAMPLES
To get help information on all supported tunable parameters:
ndd -h supported
To get a detail description of the tunable parameter, ip_forwarding:
ndd -h ip_forwarding
To get a list of all TCP related parameters:
ndd -get /dev/tcp ?
To get the current value of the tunable parameter, ip_forwarding:
ndd -get /dev/ip ip_forwarding
To set the value of the default TTL parameter for UDP to 128:
ndd -set /dev/udp udp_def_ttl 128
FILES
/etc/rc.config.d/nddconf Contains tunable parameters that will be set automatically each time
the system boots.

AUTHOR
ndd was developed by HP.

36 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

ndp(1M) ndp(1M)

NAME
ndp - IPv6 Neighbor Discovery cache display and control

SYNOPSIS
ndp host
ndp [-i interface] [-n ] -a
ndp [-i interface] [-n ] -A interval
ndp [-i interface] [-q ] -d host
ndp [-i interface] [-nq ] -F
ndp [-i interface] -p
ndp [-i interface] [-q ] -P
ndp -s interface host hw_addr [pub ]
ndp -f filename
DESCRIPTION
The ndp command displays and modifies the IPv6 Neighbor Discovery cache as specified in the IPv6 Neigh-
bor Discovery (ND) protocol.

Options
ndp recognizes the following options and arguments:
host Display the current Neighbor Discovery cache entries for the host specified by host, which
is either a name present in the hostname database (see hosts(4)), or an IPv6 address
expressed in colon notation (see inet6(3N)).
-i interface
Select the Neighbor Discovery cache entries for the specified interface. There is no distinc-
tion between primary and secondary interfaces. Therefore, specifying -i lan1:1 is the
same as specifying -i lan1 .
-n Display host addresses in IPv6 colon notation. If this option is not specified, ndp attempts
n
to display host addresses symbolically first, and falls back to displaying the host addresses
in IPv6 colon notation if that failed.
-a Display all Neighbor Discovery cache entries.
-A interval
Continuously display all Neighbor Discovery cache entries, updated at each interval , meas-
ured in seconds.
-d host Deletes Neighbor Discovery cache entries with IP addresses that are not associated with
local interfaces for the host specified by host.
-F Flushes all Neighbor Discovery cache entries with IP addresses that are not associated with
local interfaces. These are entries with the L flag set.
-q (Quiet) Do not write anything to standard output. This option only applies to -d , -F , and
-P options.
-p Display the prefix list in the Neighbor Discovery cache table. The prefix list defines a set of
IP address ranges that the host can reach. The prefix flags are L for on-link, and A for
autonomous. The on-link flag indicates that addresses with that prefix can be reached
directly without going through a router. The autonomous flag indicates that the prefix
came from stateless autoconfiguration.
-P Flushes all autoconfigured addresses learned from prefixes advertised by the Router Adver-
tisement Messages.
-s interface host hw_addr [pub]
Create a Neighbor Discovery cache entry for the interface specified by interface, the host
specified by host, and the hardware address (link-layer address) specified by hw_addr. The
hw_addr is specified as xx :xx :xx :xx :xx :xx, where each x is a hexadecimal digit. If pub
is specified, the entry is published, which means that this system will respond to Neighbor
Solicitation for the specified "host" even though the host address is not its own.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 37

 ndp(1M) ndp(1M)

-f filename
Create Neighbor Discovery cache entries from the specifications found in the file specified
by filename. Each entry in this file specifies the interface, host, hw_addr, and optionally
the pub flag. For example, the content of this file can be:
lan0 nodea 1:2:3:4:5:6
lan1 nodeb 2:3:4:5:6:7 pub
The use of -d, -F, -P, -s , and -f options requires root privileges.

Contents
A Neighbor Discovery cache entry includes the following fields:
• host (neighbor’s host name or IP address)
• hardware address (link layer address) of host
• interface name
• state
• flags
The state of an entry can be INCOMPLETE , REACHABLE , STALE , DELAY , or PROBE .
• An entry is in an INCOMPLETE state if address resolution is in progress and the hardware
address of the neighbor has not been determined.
• An entry is in a REACHABLE state if the neighbor is known to have been reachable recently.
• An entry is in a STALE state if the neighbor is no longer known to be reachable. However, no
attempt has been made to verify its reachability because no traffic has been sent to this neighbor.
• An entry is in a DELAY state if the neighbor is no longer known to be reachable, and traffic has
recently been sent to the neighbor.
• An entry is in a PROBE state if the neighbor is no longer known to be reachable, and unicast
Neighbor Solicitation probes have been sent to verify reachability.
The flags can be D (deprecated), L (local), or P (published). A deprecated address can be used for receiving
packets, but it should not be used for sending packets because its validity is expected to expire soon. The
n local flag indicates that this Neighbor Discovery cache entry corresponds to an interface on this host. The
published flag indicates that the host will respond to Neighbor Solicitations on this IPv6 address.

DIAGNOSTICS
ndp returns a non-zero value to indicate errors. A zero return value indicates success.
EXAMPLES
The following netstat output shows the local interfaces and the IP addresses assigned to them.
# netstat -inf inet6
Name Mtu Address/Prefix Ipkts Opkts
lan1 1500 fe80::210:83ff:fef7:3a21/10 982 759
lan1:1 1500 fec0::9:210:83ff:fef7:3a21/64 0 0
lan3 1500 fe80::210:83ff:fef7:7a9d/10 0 0
lo0 4136 ::1/128 57 57
To display the entire Neighbor Discovery cache:
# ndp -a -n
Destination Physical Address Interface State Flags
fe80::202:fdff:fe36:8720 0:2:fd:36:87:20 lan1 STALE -
fec0::9:210:83ff:fef7:3a21 0:10:83:f7:3a:21 lan1:1 REACHABLE LP
fe80::210:83ff:fef7:3a21 0:10:83:f7:3a:21 lan1 REACHABLE LP
fe80::210:83ff:fef7:7a9d 0:10:83:f7:7a:9d lan3 REACHABLE LP
To show Neighbor Discovery cache entries for a host:
# ndp fe80::210:83ff:fef7:3a21
Destination Physical Address Interface State Flags
fe80::210:83ff:fef7:3a21 0:10:83:f7:3a:21 lan1 REACHABLE LP

38 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

ndp(1M) ndp(1M)

To show Neighbor Discovery cache entries for an interface:

# ndp -n -i lan3 -a
Destination Physical Address Interface State Flags
fe80::210:83ff:fef7:7a9d 0:10:83:f7:7a:9d lan3 REACHABLE LP
To delete a Neighbor Discovery cache entries for a host and an interface:
# ndp -i lan1 -d fe80::202:fdff:fe36:8720
fe80::202:fdff:fe36:8720 (fe80::202:fdff:fe36:8720) deleted.
To show the prefix list:
# ndp -p
Prefix List Interface Valid Preferred Flags
Entries Lifetime Lifetime
fec0:0:0:9::/64 lan1 167 107 A
fe80::/10 lan1 inf inf LA
fe80::/10 lan3 inf inf LA
To add an entry in the Neighbor Discovery cache:
# ndp -s lan3 nodeb 0:1:2:3:4:5
nodeb (2001::1) added.
# ndp -a -n -i lan3
Destination Physical Address Interface State Flags
fe80::210:83ff:fef7:7a9d 0:10:83:f7:7a:9d lan3 REACHABLE LP
2001::1 0:1:2:3:4:5 lan3 - -
To flush all remote entries:
# ndp -F
nodea (fe80::202:fdff:fe36:8720) flushed.
nodeb (2001::1) flushed. n
AUTHOR
ndp was developed by HP.
SEE ALSO
hosts(4), inet6(3N), ndp(7P).
Neighbor Discovery for IP Version 6 (IPv6), RFC2461, Narten, Nordmark, Simpson.
IPv6 Stateless Address Autoconfiguration, RFC2462, Thomson, Narten.

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 39

 netfmt(1M) netfmt(1M)

NAME
netfmt - format tracing and logging binary files

SYNOPSIS
/usr/sbin/netfmt -s [-t records] [[-f] file_name]
/usr/sbin/netfmt -p [-c config_file]
/usr/sbin/netfmt [-c config_file] [-F] [-t records] [-v] [-l] [-n]
[-N  [-1 [-L] [-T]]] [[-f] file_name]

DESCRIPTION
netfmt is used to format binary trace and log data gathered from the network tracing and logging facility
(see nettl(1M)). The binary trace and log information can be read from a file or from standard input (if
standard input is a tty device, an informative message is given and netfmt quits). Formatted data is
written to standard output.
Formatting options are specified in an optional filter configuration file. Message inclusion and format can
be controlled by the filter configuration file. If no configuration commands are specified, all messages are
fully formatted.
Global filtering is done by netfmt for NetTL’s trace/log packets. A description of the filter configuration
file follows the option descriptions.

Options
netfmt recognizes the following command-line options and arguments:
-s Display a summary of the input file. The summary includes the total number of mes-
sages, the starting and ending timestamps, the types of messages, and information
about the system that the data was collected on. The contents of the input file are not
formatted; only a summary is reported.
-t records Specifies the number of records from the tail end of the input file to format. This
allows the user to bypass extraneous information at the beginning of the file, and get
to the most recent information quickly. The maximum number of records that can be
n specified is 1000. If omitted, all records are formatted. The -t option is not allowed
when the input file is a FIFO (pipe).
-f file_name Specifies the input file containing the binary log or trace data. file_name may not be
the name of a tty device. Other options may impose additional restrictions on the
type of the input file allowed. If omitted, data is read from standard input.
-p Parse input: this switch allows the user to perform a syntax check on the config_file
specified by the -c parameter. All other parameters are ignored. If the syntax is
correct, netfmt terminates with no output or warnings.
-c config_file Specifies the file containing formatter filter configuration commands. Syntax for the
commands is given below. When -c is omitted the file $HOME/.netfmtrc is read
for both logging and tracing filter configuration commands if it exists.
-F Follow the input file. Instead of closing the input file when end of file is encountered,
netfmt keeps it open and continues to read from it as new data arrives. This is
especially useful for watching events occur in real time while troubleshooting a prob-
lem. Another use would be for recording events to a console or hard-copy device for
auditing. (Note that console logging is controlled by the configuration files
/etc/nettlgen.conf and /var/adm/conslog.opts; see nettlgen.conf(4).)
The -F option is not allowed when the input file is redirected.
The following options are not supported by all subsystems. If a subsystem does not support an option, that
option is ignored during formatting of data from that subsystem. Consult the product documentation of the
subsystem for information regarding the support of these options.
-v Enables output of verbose information. This includes additional cause and action text
with formatted output. This information describes the possible cause of the message
and any actions that may be required by the subsystem.
After the contents of the input file have been formatted a summary of the file is
displayed. When this option is used with the -t option, only a summary of the last
records is reported. No summary is produced when this option is used in conjunction

40 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

netfmt(1M) netfmt(1M)

with the -F option or if formatting is interrupted.

-l (ell) Turn off inverse video highlighting of certain traced fields. Use this flag when
sending formatted trace data to a line printer. By default, certain fields in the trace
file are highlighted in inverse video when viewing the formatted trace format at a ter-
minal that supports highlighting.
-n Shows port numbers and network addresses(such as IP and x121) as numbers (nor-
mally, netfmt interprets numbers and attempts to display them symbolically).
-N Enables "nice" formatting where Ethernet/IEEE802.3, SLIP, IP, ICMP, IGMP, TCP,
UDP, ARP, Probe, and RPC packets are displayed symbolically. All remaining user
data is formatted in hexadecimal and ASCII.
-1 (one) Attempts to tersely format each traced packet on a single line. If -L and/or -T
options are used, the output lines will be more than 80 characters long.
-T Places a time stamp on terse tracing output. Used with the -1 (minus one) option.
-L Prefixes local link address information to terse tracing output. Used with the -1
(minus one) option.

Filter Configuration File

Note: Filter configuration file syntax converges the syntax used with the obsolete nettrfmt network
trace formatter and netlogfmt network log formatter commands with new netfmt syntax for control-
ling formatter options. The first section below describes the general use and syntax of the filter
configuration file. Specific options for subsystem Naming and Filtering are listed in the Subsystem Filter-
ing section below.
The filter configuration file allows specification of two types of information:
• Specify options in order to control how the input data is to be formatted. These options determine
what the output looks like and allow a user to select the best format to suit their needs.
• Specify filters in order to precisely tailor what input data is to be discarded and what is to be for-
matted. Global filters control all subsystems; subsystem filters pertain only to specific subsys-
tems. The global filtering can start with the word formatter , which means it is global to all the
NetTL’s subsystems.
n
A filter is compared against values in the input data. If the data matches a filter, the data is formatted;
otherwise, the input data is discarded. A filter can also specify NOT by using ! before the filter value in
the configuration file. If the input data matches a NOT filter, it is discarded. A filter can also be a "wild-
card" (matching any value) by specifying an asterisk * before the filter value in the configuration file. "Wild
card" filters pass all values of the input data. Specifying !* as the filter means NOT ALL.

Filter Configuration File Syntax

• The formatter ignores white space, such as spaces or tabs. However, newlines (end of line charac-
ters) are important, as they terminate comments and filter specifications.
• The formatter is not case sensitive. For example error and ERROR are treated as equivalent.
• To place comments in the file, begin each comment line with a # character. The formatter ignores
all remaining characters on that line. There are no inline comments allowed.
• An exclamation point (!) in front of an argument indicates NOT. This operator is not supported
for timestamp, log instance, and ID filtering.
• The asterisk (*), when used as an argument, indicates ALL. Since the default for all formatting
options is ALL, it is unnecessary to use the asterisk alone. It can be used along with the exclama-
tion point, (!*) to indicate NOT ALL. This operator is not available for timestamp, log instance,
and ID filtering.

Global Filtering: For NetTL’s Subsystems

The below explained global filtering options apply only to NetTL ’s subystems. NetTL ’s global filtering
commands start with the word formatter , followed by the keywords verbosity , mode , option , or
filter .
formatter verbosity value,
value should be either of

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 41

 netfmt(1M) netfmt(1M)

high Enables output of netfmt internal debugging information to standard

error. Same as the -v option.
low No internal debugging information is to be displayed.
formatter mode value,
value should be one of
raw Dumps out the messages in hex format.
nice Enables "nice" formatting. Same as -N option.
terse Attempts to tersely format each traced packet on a single line. Same
as -1 (minus one) option.
normal Normal formatting.
formatter option [!] value,
value should be
suppress Normally repeated lines in hex output are condensed into a single line
and a message stating that redundant lines have been skipped is
displayed. Specifying !suppress will print all redundant data.
This is useful when the formatted output is used as input into other
commands.
highlight Normally the formatter will highlight certain fields in its trace output
in inverse video. Specifying !highlight will turn this feature off.
Same as the -l (minus ell) option.
formatter filter type [!] value  *
Six types of filtering are provided:
class log classes
kind trace kinds
id connection, process, path, and user
log instance specific thread of events
n subsystem
time
subsystem names
specify ranges of time(s)
The following combinations are recognized:
formatter filter class value [subsystem]
value indicates the log class. This option allows the user to select one or more classes
to be formatted. Initially all log classes are formatted. Only one class is allowed per
line. Classes in multiple lines are logically ORed. The optional subsystem name sets
the class filter only for the specified subsystem. The log classes are:
INFORMATIVE Describes routine operations and current system values.
WARNING Indicates abnormal events possibly caused by subsystem
problems.
ERROR Signals an event or condition which was not affecting the
overall subsystem or network operation, but may have caused
an application program to fail.
DISASTER Signals an event or condition which did affect the overall sub-
system or network operation, caused several programs to fail
or the entire node to shut down.
formatter filter Connection_ID value
formatter filter Device_ID value
formatter filter Path_ID value
formatter filter Process_ID value
formatter filter User_ID value
value specifies the ID number of the messages to format. Last-entered value has pre-
cedence over any previous ones. See the record header in the formatted output to
determine which ID numbers to filter on. The ! operator is not allowed in value.
formatter filter kind value [subsystem]
value can either be an established trace kind or a mask. A mask is a hexadecimal
representation of a (set of) trace kind(s). Masks in multiple lines are logically ORed.

42 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

netfmt(1M) netfmt(1M)

The optional subsystem name sets the kind filter only for the specified subsystem.
Trace kinds and their corresponding masks are:

Name Mask Name Mask

hdrin 0x80000000 state 0x04000000
hdrout 0x40000000 error 0x02000000
pduin 0x20000000 logging 0x01000000
pduout 0x10000000 loopback 0x00800000
proc 0x08000000
hdrin Inbound Protocol Header.
hdrout Outbound Protocol Header.
pduin Inbound Protocol Data Unit (including header and data).
pduout Outbound Protocol Data Unit (including header and data).
proc Procedure entry and exit.
state Protocol or connection states.
error Invalid events or condition.
logging Special kind of trace that contains a log message.
loopback Packets whose source and destination system is the same.
formatter filter log_instance value
value specifies the log instance number of the messages to filter. Selecting a log
instance allows the user to see the messages from a single thread of network events.
Only one log instance is allowed per filter configuration file. The log instance can not
be negated with the ! operator.
formatter filter subsystem value
value specifies the subsystem name. Available subsystem names can be listed by
using the command:
nettlconf -status
Only one subsystem name is allowed per line; multiple lines OR the request. To elim-
inate a given subsystem name, use the ! operator, which formats all subsystems
except those excluded by the list of negated subsystems. To include all subsystems
n
(the default), use the * operator. To eliminate all subsystems, use the !* operator.
formatter filter time_from value
formatter filter time_through value
time_from indicates the inclusive starting time. time_through indicates the
inclusive ending time. value consists of time_of_day and optionally day_of_year , (usu-
ally separated by one or more blanks for readability).
time_of_day specifies the time on the 24-hour clock in hours, minutes, seconds and
decimal parts of a second (resolution is to the nearest microsecond). Hours, minutes
and seconds are required; fractional seconds are optional. time_of_day format is
hh :mm :ss .dddddd.
day_of_year specifies the day of the year in the form month/day/year in the format:
mm/dd/[ yy]yy. Specify month and day numerically, using one or two digits. For
example, January can be specified as 1 or 01 ; the third day of the month as 3 or 03 .
Specify the year in four digits or by its last two digits. Only years in the ranges
1970-2037 are accepted. Two digit years in the range 70-99 are interpreted as being in
the 20th century (19xx) and those in the range 00-37 are interpreted as being in the
21st century (20xx) (all ranges inclusive). day_of_year is an optional field; the current
date is used as a default.
The time_from specification includes only those records starting from the resolu-
tion of time given. For example, if the time_of_day for time_from is specified as
10:08:00, all times before that, from 10:07:59.999999 and earlier, are excluded from
the formatted output. Records with times of 10:08:00.000000 and later are included in
the formatted output. Similarly, the time_through specification includes only up
to the resolution of time given. For example, if the time_of_day for time_through
is specified as 10:08:00, all records with times after that, from 10:08:00.000001
onward, are excluded from the formatted output.

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 43

 netfmt(1M) netfmt(1M)

Subsystem Filtering
Note: Global filtering described above takes precedence over individual subsystem tracing and logging
filtering described below.
Subsystem filters are provided to allow filtering of data for individual subsystems or groups of subsystems.
Their behavior varies among individual subsystems. Subsystem filters are valid only when the correspond-
ing subsystems have been installed and configured on the system. See the subsystem documentation for a
description of supported subsystem filters and their behavior.
Subsystem filtering commands start with the name of the subsystem followed by the subsystem filter key-
words. However, to provide convenience and backwards compatibility, several other filter keywords are
provided for the group of LAN subsystems: NAME and FILTER . Currently, four types of subsystem
filters are provided: LAN, X25, STREAMS, and OTS. The collection of LAN subsystems use the subsystem
filters identified by the FILTER and NAME keywords and the collection of OTS subsystems use the subsys-
tem filters with the OTS keyword. The collection of X25 subsystems start their filter commands with the
X25 subsystem names.

LAN Naming and Filtering

LAN naming can be used to symbolically represent numbers with more recognizable labels.
name nodename value
nodename is a character string to be displayed in place of all occurrences of value. value is a
(IEEE802.3/Ethernet) hardware address consisting of 6 bytes specified in hexadecimal (without
leading "0x"), optionally separated by -. netfmt substitutes all occurrences of value with
nodename in the formatted output. The mapping is disabled when the -n option is used. This
option applies to tracing output only.
LAN filtering is used to selectively format packets from the input file. There are numerous filter types,
each associated with a particular protocol layer:
Filter Layer Filter Type Description
Layer 1 dest hardware destination address
source hardware source address
interface software network interface
n Layer 2 ssap IEEE802.2 source sap
dsap IEEE802.2 destination sap
type Ethernet type
Layer 3 ip_saddr IP source address
ip_daddr IP destination address
ip_proto IP protocol number
ip6_saddr IPv6 source address
ip6_daddr IPv6 destination address
ip6_proto IPv6 protocol number
Layer 4 tcp_sport TCP source port
tcp_dport TCP destination port
udp_sport UDP source port
udp_dport UDP destination port
connection a level 4 (TCP, UDP) connection
connection6 a level 4 (TCP, UDP) connection for IPv6
Layer 5 rpcprogram RPC program
rpcprocedure RPC procedure
rpcdirection RPC call or reply
Filtering occurs at each of the five layers. If a packet matches any filter within a layer, it is passed up to
the next layer. The packet must pass every layer to pass through the entire filter. Filtering starts with
Layer 1 and ends with Layer 5. If no filter is specified for a particular layer, that layer is "open" and all
packets pass through. For a packet to make it through a filter layer which has a filter specified, it must
match the filter. Filters at each layer are logically O’ed. Filters between layers are logically ANDed.
LAN trace and log filters use the following format:
filter type [!] value  *
filter is the keyword identifying the filter as a LAN subsystem filter.
The following filters are available for LAN tracing.

44 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

netfmt(1M) netfmt(1M)

filter connection value

value takes the form:
local_addr :port remote_addr :port
where local_addr and remote_addr can be a hostname or a 4-byte Internet address specified in
decimal dot notation (see inet(3N) for more information on Internet addresses and decimal dot
notations). port can be a service name or an integer. integer represents a port and can be desig-
nated by a hexadecimal integer (0x digits), an octal integer (0digits), or base-10 integers (0
through 65535).
filter connection6 value
value takes the form:
local_IPv6addr |port remote_IPv6addr |port
where local_IPv6addr and remote_IPv6addr can be a hostname or a 16-byte Internet address
specified in colon notation (see inet6(3N) for more information on IPv6 Internet addresses and
colon notations). port can be a service name or an integer. integer represents a port and can be
designated by a hexadecimal integer (0x digits), an octal integer (0digits), or base-10 integers (0
through 65535).
filter dest value
filter source value
value is a hardware address consisting of 6 bytes specified in hexadecimal (without leading 0x ),
optionally separated by -.
filter dsap value
filter ssap value
value is a hexadecimal integer of the form: 0x digit; an octal integer of the form: 0digits; or a
base-ten integer, 0 through 255.
filter interface value
value identifies a network interface and takes the form: lan n for LAN interface, or lo n for
loopback interface, where n is the logical unit number, as in lan0 .
filter ip_daddr value
filter ip_saddr value
n
value is a hostname or a 4-byte Internet address specified in decimal dot notation (see inet(3N)
for more information on Internet addresses and decimal dot notations).
filter ip6_daddr value
filter ip6_saddr value
value is a hostname or a 16-byte Internet address specified in colon notation (see inet6(3N) for
more information on Internet addresses and colon notations).
filter ip_proto value
filter ip6_proto value
value is a hexadecimal integer of the form: 0x digit; an octal integer of the form: 0digits; or a
base-ten integer, 0 through 255 (see protocols (4) for more information on protocol numbers).
filter tcp_dport value
filter tcp_sport value
filter udp_dport value
filter udp_sport value
value is a port number designated as a 2-byte integer value or a service name. The integer value
can be designated by a hexadecimal integer (0x digits), an octal integer (0digits), or a base-10
integer (0 through 65535).
filter rpcprogram value
value is a RPC program name or an integer RPC program number (see rpc(4) for more informa-
tion on RPC program names). The integer value can be designated by a hexadecimal integer
(0x digits), an octal integer (0digits), or a base-10 integer (0 through 65535).
filter rpcprocedure value
value is an integer RPC procedure number. The integer value can be designated by a hexade-
cimal integer (0xdigits), an octal integer (0digits), or a base-10 integer (0 through 65535).
filter rpcdirection value
value can be either call or reply .

HP-UX 11i Version 3: February 2007 −6− Hewlett-Packard Company 45

 netfmt(1M) netfmt(1M)

filter type value

value is a hexadecimal integer of the form: 0x digits; an octal integer of the form: 0digits; or a
base-ten integer (0 through 65535).
LAN log filtering command has the following form:
filter subsystem value
value takes the form:
subsys_name event event_list
where subsys_name is a subsystem name obtained using the nettlconf -status command or
one of the following abbreviations:
axin bufs caselib caserouter
ip ipc lan loopback
nsdiag nse probe pxp
rlbdaemon sockregd strlog tcp
timod tirdwr udp nfs
event_list takes the form:
event_spec [,event_spec ...]
where event_spec takes one of the three forms:
[!] integer [!]range [!]*
integer is an integer in hexadecimal (leading 0x ), octal (leading 0), or decimal, which specifies a
log event for the subsystem indicated.
range takes the form integer -integer, and indicates an inclusive set of events.

X25 Naming and Filtering

The X25 product provides capabilities to assign symbolic names to important numbers and to filter log
events and trace messages. See x25log(1M) and x25trace(1M) for more information about X25 naming and
filtering.
n OTS Filtering
The OTS subsystem filter allows filtering of the message ID numbers that are typically found in the data
portion of an OTS subsystem’s log or trace record. The OTS subsystem filter is effective for any subsystem
that is a member of the OTS subsystem group.
OTS trace filtering configuration commands have the following form in config_file:
OTS [subsystem] msgid [!] message_ID*
Keywords and arguments are interpreted as follows:
OTS Identifies the filter as an OTS subsystem filter.
subsystem One of the following group of OTS subsystems:
OTS ACSE_PRES NETWORK
TRANSPORT SESSION
Note: The absence of subsystem implies that the filter applies to all OTS subsystems.
message_ID is the value of the message ID to filter. A message ID is used by OTS subsystems to
identify similar types of information. It can be recognized as a 4 digit number con-
tained in brackets ([ ]) at the beginning of an OTS subsystem’s trace or log record.
Initially all message_ID s are enabled for formatting. To format records with specific
message_ID s, turn off all message IDs using the !* operator, then selectively enable
the desired message IDs. Only one message_ID is allowed on each line. Multiple lines
are ORed together.

STREAMS Filtering
The STREAMS subsystem filter allows filtering on some fields of the messages logged by STREAMS
modules and drivers. See strlog(7) for more information.

46 Hewlett-Packard Company −7− HP-UX 11i Version 3: February 2007

netfmt(1M) netfmt(1M)

EXTERNAL INFLUENCES
International Code Set Support
Single- and multi-byte character code sets are supported in data. Single-byte character codesets are sup-
ported in filenames.

DEPENDENCIES
netfmt only recognizes subsystems and filters from products which have been installed and configured.
WARNINGS
The syntax that was used for the obsolete LAN trace and log options has been mixed with the syntax for
the netfmt command such that any old options files can be used without any changes. The combination
of syntax introduces some redundancy and possible confusion. The global filtering options have the string
formatter filter as the first two fields, while the LAN filtering options merely have the string
filter as the first field. It is expected that the older LAN filtering options may change to become more
congruent with the global filtering syntax in future releases.
The nettl and netfmt commands read the /etc/nettlgen.conf file each time they are executed.
These commands will not operate if the file becomes corrupted (see nettl(1M) and netfmt(1M)).

DIAGNOSTICS
Messages describe illegal use of netfmt command and unexpected EOF encountered.

EXAMPLES
The first group of examples show how to use command line options.
1. Format the last 50 records in file /var/adm/nettl.LOG000 (the default log file):
netfmt -t 50 -f /var/adm/nettl.LOG000
2. Use the follow option to send all log messages to the console (normally, only DISASTER -class log
messages are sent to the console in console form):
netfmt -f /var/adm/nettl.LOG000 -F > /dev/console
3. Monitor all log messages in a hpterm window:
hpterm -e /usr/sbin/netfmt -F -f /var/adm/nettl.LOG000
n
4. Read file /var/adm/trace.TRC000 for binary data and use conf.file as the filter
configuration file:
netfmt -c conf.file -f /var/adm/trace.TRC000
The remaining examples show how to specify entries in the filter configuration file used with the -c option.
1. Tell netfmt to format only INFORMATIVE -class log messages coming from the NS_LS_IP
subsystem between 10:31:53 and 10:41:00 on 23 November 1993.
formatter filter time_from 10:31:53 11/23/93
formatter filter time_through 10:41:00 11/23/93
formatter filter class !*
formatter filter class INFORMATIVE
formatter filter subsystem !*
formatter filter subsystem NS_LS_IP
2. Map hardware address to name(LAN):
name node1 08-00-09-00-0e-ca
name node3 02-60-8c-01-33-58
3. Format only packets from either of the above hardware addresses:
filter source 08-00-09-00-0e-ca
filter source 02-60-8c-01-33-58
4. Format all packets transmitted from the local node, local , to the remote node, 192.6.1.3 ,
which reference local TCP service ports login or shell , or remote UDP port 777 :
filter ip_saddr local
filter ip_daddr 192.6.1.3
filter tcp_sport login
HP-UX 11i Version 3: February 2007 −8− Hewlett-Packard Company 47
 netfmt(1M) netfmt(1M)

filter tcp_sport shell

filter udp_dport 777
5. Format a TCP connection from local node node2 to 192.6.1.3 which uses node2 service port
ftp and remote port 1198 .
filter connection node2:ftp 192.6.1.3:1198
6. Format all packets except those that use interface lan0 :
filter interface ! lan0
7. Format all logged events for subsystem ip . No other events are formatted. (By default, all
events are formatted):
filter subsystem ip event *
8. Format only event 5003 for subsystem ip . Format all events except 3000 for subsystem tcp .
No other events are formatted.
filter subsystem ip event 5003
filter subsystem tcp event *,!3000
9. Format only events 5003 , 5004 , 5005 , and 5006 for subsystem ip . Format all events except
events 3000 , 3002 , and 3003 for subsystem tcp . No other events are formatted:
filter subsystem ip event 5003-5006
filter subsystem tcp event *,!3000,!3002-3003
10. Format only those records containing message IDs 9973 and 9974 for subsystem session and
those not containing message ID 9974 for subsystem transport . All records from other sub-
systems are formatted:
ots session msgid !*
ots session msgid 9973
ots session msgid 9974
ots transport msgid !9974
n 11. Combine LAN and general filtering options into one configuration file. Format 15 minutes of
pduin and pduout data starting at 3:00 PM on 2 April 1990 for data from lan0 interface.
formatter filter kind 0x30000000
formatter filter time_from 15:00:00 04/02/90
formatter filter time_through 15:15:00 04/02/90
filter interface !*
filter interface lan0
AUTHOR
netfmt was developed by HP.
FILES
/etc/nettlgen.conf default subsystem configuration file
/var/adm/conslog.opts default console logging options filter file
$HOME/.netfmtrc default filter configuration file if the -c config_file option is not used
on the command line.

SEE ALSO
nettl(1M), nettlconf(1M), nettlgen.conf(4), strlog(7).

48 Hewlett-Packard Company −9− HP-UX 11i Version 3: February 2007

nettl(1M) nettl(1M)

NAME
nettl - control network tracing and logging

SYNOPSIS
/usr/sbin/nettl -start
/usr/sbin/nettl -stop
/usr/sbin/nettl -firmlog 0|1|2 -card dev_name...
/usr/sbin/nettl -log class... -entity subsystem...
/usr/sbin/nettl -status [log |trace |all ]
/usr/sbin/nettl -traceon kind... -entity subsystem... [-card dev_name...]
[-file tracename] [-m bytes] [-size portsize] [-tracemax maxsize] [-n num_files]
[-mem init_mem [max_mem ]] [-bind cpu_id] [-timer timer_value ]
/usr/sbin/nettl -bind cpu_id
/usr/sbin/nettl -timer timer_value
/usr/sbin/nettl -traceoff -entity subsystem...
/usr/sbin/nettl -setfilter filter_file
/usr/sbin/nettl -filteron subsystem...
/usr/sbin/nettl -filteroff subsystem...
/usr/sbin/nettl -displayfilter subsystem...
/usr/sbin/nettl -removefilter subsystem...

DESCRIPTION
The nettl command is a tool used to capture network events or packets. Logging is a means of capturing
network activities such as state changes, errors, and connection establishment. Tracing is used to capture
or take a snapshot of inbound and outbound packets going through the network, as well as loopback or
header information. A subsystem is a particular network module that can be acted upon, such as n
ns_ls_driver , or SX25L2 . nettl is used to control the network tracing and logging facility.
Except for the -status option, nettl can be used only by users who have an effective user ID of 0.

Options
nettl recognizes the following options, which can be used only in the combinations indicated in
SYNOPSIS. Some option and argument keywords can be abbreviated as described below. All keywords
are case-insensitive.
-start (Abbr.: -st )
Used alone without other options.
Initialize the tracing and logging facility, start up default logging, and optionally start up
console logging. Logging is enabled for all subsystems as determined by the
/etc/nettlgen.conf file. Log messages are sent to a log file whose name is deter-
mined by adding the suffix .LOG000 to the log file name specified in the
/etc/nettlgen.conf configuration file. Console logging is started if console logging
has been configured in the /etc/nettlgen.conf file. See nettlconf(1M) and
nettlgen.conf(4) for an explanation of the configuration file. If the log file (with suffix)
already exists, it is opened in append mode; that is, new data is added to the file. The
default name is /var/adm/nettl (thus logging starts to file
/var/adm/nettl.LOG000). See Data File Management below for more information
on how the log file is handled.
A nettl -start command is performed during system startup if the NETTL variable
in the /etc/rc.config.d/nettl file has a value of 1.
Note: It is strongly recommended that the tracing and logging facility be turned on before
any networking is started and remain on as long as networking is being used. Otherwise,
information about disasters will be lost. To minimize the impact on the system, all subsys-
tems can be set with the -log option to capture only disaster -class log messages.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 49

 nettl(1M) nettl(1M)

-stop (Abbr.: -sp )

Used alone without other options.
Terminate the trace/log facility. Once this command is issued, the trace/log facility is no
longer able to accept the corresponding trace/log calls from the network subsystems.
Note: See Note for the -start option.
-timer (Abbr.: -t)
Used with first -traceon option or as a standalone option after tracing has been turned
on.
Used to set the buffer flush timer; this value is set in seconds. The default value is 5
seconds. The timer_value can be in the range of 1 to 10 seconds.
The trace buffers are written to disk when the timer_value expires or after the buffers are
filled, whichever occurs first. A larger value is better when the rate of data traced per
second is high (in the order of 100 MB per second). A lower value is preferred when the
rate of data traced per second is low and when delays in seeing the trace data cannot be
tolerated.
-bind (Abbr.: -b)
Used with first -traceon option or alone after tracing has been turned on.
Used to bind the daemon process which writes the trace messages to the file, to the proces-
sor given by cpu_id. This helps in improving performance of tracing. It is recommended
that the processor chosen satisfies one or more of the following conditions:
• receives interrupts from the disk to which trace buffers are being written
• does not receive non-disk interrupts
• is least loaded (can be found using the top command).
Note: The bind request is processed only when the disk-write daemon process is idle. This
means that -bind operation might return successfully while process is not yet bound to
the processor. Hence, check the Processor ID field in nettl -status TRACE out-
n put to know if the binding request has been serviced. Hence, it is advisable to use this
option with the first -traceon operation or while tracing activity is minimal.
-card dev_name...
(Abbr.: -c)
This option is required by the X.25 subsystems; it is optional for other subsystems. Some
subsystems do not support this option.
Limit the trace information gathered to only the data that comes from the specified net-
work interface card. More than one dev_name can be specified at a time in order to trace
multiple network interfaces.
dev_name specifies a device which corresponds to a network interface card that has been
installed and configured. It can be either an integer representing the network interface, or
the device file name of the network interface. Some subsystems do not support both types
of dev_name. For example, the X25 subsystems require that dev_name be a device file
name. The product documentation for the subsystems should explain if the -card option
is applicable and how to choose an appropriate dev_name.
If dev_name is not an integer it is assumed to be a device file name. The path prefix
/dev/ will be attached in front of dev_name if it is not an absolute path name to form the
device file name, /dev/ dev_name. dev_name must refer to a valid network device file.
-entity all
-entity subsystem ...
(Abbr.: -e)
Limit the action of -log , -traceoff , or -traceon to the specified protocol layers or
software modules specified by subsystem.
The number and names of subsystems on each system are dependent on the products that
have been installed. Use the command nettlconf -status to obtain a full listing of
supported subsystems and the products that own them.

50 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

nettl(1M) nettl(1M)

Examples of OSI subsystems:

acse_pres ftam_init mms
asn1 ftam_resp network
cm ftam_vfs ots
em ftp_ftam_gw transport
ftam_ftp_gw hps ula_utils
Examples of LAN subsystems:
ns_ls_driver ns_ls_loopback ns_ls_x25
ns_ls_icmp ns_ls_tcp ns_ls_igmp
ns_ls_nfs ns_ls_udp ns_ls_ip
ns_ls_ipv6 ns_ls_icmpv6
Two X.25-specific subsystems are used for tracing only:
SX25L2 SX25L3
-file tracename
(Abbr.: -f)
Used with the first -traceon option only.
The first time the -traceon keyword is used, it initializes tracing, creating a file
tracename .TRC000 which receives the binary tracing data. If a trace file of the name
tracename .TRC000 already exists the binary trace data is appended to the end of the file.
To start a fresh trace file, first turn off tracing then turn it back on again using a different
tracename. See Data File Management below for more information on file naming.
If -file is omitted, binary trace output goes to standard output. If standard output is a
terminal device, an error message is issued and no tracing is generated.
-firmlog 0|1|2
(Abbr.: -fm )
Requires the -card option.
HP-UX servers (Series 800) and X.25 only.
Set the X.25/800 interface card logging mask to level 0, 1, or 2. The default level is 0. The
n
X.25/800 interface logs a standard set of messages. A level of 1 specifies cautionary mes-
sages as well as the default messages. A level of 2 specifies information messages in addi-
tion to the cautionary and default messages. This option is recognized only by the
ns_ls_x25 subsystem.
-log class ... (Abbr.: -l)
Requires the -entity option.
Control the class of log messages that are enabled for the subsystems specified by the
-entity option.
class specifies the logging class. Available classes are:

Full Abbr. Mask

informative i 1
warning w 2
error e 4
disaster d 8
informative Describes routine operations and current system values.
warning Indicates abnormal events possibly caused by subsystem prob-
lems.
error Signals an event or condition which was not affecting the overall
subsystem or network operation, but may have caused an appli-
cation program to fail.
disaster Signals an event or condition which did affect the overall subsys-
tem or network operation, caused several programs to fail or the
entire node to shut down.

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 51

 nettl(1M) nettl(1M)

Classes can be specified as keywords or as a single numeric mask depicting which classes to
log. The mask is formed by adding the individual masks of the log classes. If you choose to
indicate several classes at once, be sure to separate each log class with a space.
disaster logging is always on. The default logging classes for each subsystem is
configured into the configuration file, /etc/nettlgen.conf. When the tracing/logging
facility is started, the information in the configuration file is read and subsystems are
enabled for logging with the specified classes. To change the log class, use the
"nettl -log class -entity subsystem" command with a new log class value. If
desired, the command can be run for different log classes and different entities.
-m bytes Specify the number of bytes (bytes) of each trace record to trace. This option allows you to
specify the number of bytes to be captured in the trace packet. You may prefer not to cap-
ture an entire PDU trace, such as when you are only interested in the header.
The maximum value for bytes is 2000. By default, the entire packet is traced. A value of 0
will also cause the entire packet to be traced. This option currently applies only to kernel
subsystems.
-mem init_mem [max_mem]
Used with the first -traceon option only.
Set the amount of memory (in kilobytes) used to hold the trace messages until they are
written to the file. init_mem is the memory allocated with the first -traceon operation.
If not specified, the default value of init_mem is 7% of the free memory available (can be
found using vmstat command) when tracing is first enabled. The minimum value that
can be specified for init_mem is 8 KB and the maximum value is 50% of the free memory
available.
If the memory allocated when tracing is first enabled proves to be insufficient, that is, when
trace buffers cannot accommodate more messages, additional memory may be allocated up
to a maximum limit given by max_mem . If not specified, the default value of max_mem is
init_mem itself. Hence, if the volume of trace messages is high, max_mem must be set in
order to avoid loss of trace messages. The maximum value that can be specified for
max_mem is 70% of free memory available. The minimum value for max_mem should be
n greater than or equal to the init_mem value. Please note that specifying a max_mem value
for -mem option is optional.
Setting these values too low increases the possibility of dropped messages. See the Trace
Memory Management section below to determine the size of the trace buffer and for more
details.
Note: The default unit for init_mem and max_mem is Kilobytes. Use m or M suffix to
specify the values in Megabytes. Refer to examples 9 and 10 for the usage.
-size portsize
(Abbr.: -s)
Note: This option is being maintained for backward compatibility and is currently ignored.
This option will be obsoleted in the next major release. Use -mem option to configure
memory used for trace buffers.
Used with first -traceon option only.
Set the size in kilobytes (KB) of the trace buffer used to hold trace messages until they are
written to the file. The default size for this buffer is 68 KB. The possible range for portsize
is 1 to 1024. Setting this value too low increases the possibility of dropped trace messages
from fast subsystems.
-status log
-status trace
-status [all ]
(Abbr.: -ss )
Used alone without other options.
Report the tracing and logging facility status. The facility must be operational, that is,
nettl -start has been completed. The additional options define the type of trace or
log information that is to be displayed. The default value is all .

52 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

nettl(1M) nettl(1M)

log Log status information

trace Trace status information
all Trace and log status information
-tracemax maxsize
(Abbr.: -tm )
Used with first -traceon option only.
Tracing uses a circular file method such that when one file fills up, another file is used. The
number of trace files that can exist on a system at any given time can be specified using the
-n option. See Data File Management below for more information on file behavior.
maxsize specifies the maximum size in kilobytes (KB) of any two trace files combined.
Therefore, the maximum size of each trace file will be approximately half of maxsize kilo-
bytes (KB). The default value for the combined file sizes is 1000 KB. The possible range for
maxsize is 100 to 99999.
Note: maxsize/2 should be greater than or equal to the the size of a trace buffer. If this
condition is satisfied, the default value for maxsize is 1000. If not, the file size will be
automatically adjusted to meet the requirement and nettl -status can be used to see
the actual trace file used. See Trace Memory Management for more information.
-n num_files Used with first -traceon option only.
Specifies the number of trace files that can exist on a system at any given time. However,
nettl can reduce the number of trace files depending on the available disk space. If the
option is not specified, the default value is two trace files.
-traceoff (Abbr.: -tf )
Requires the -entity option.
Disable tracing of subsystems specified by the -entity option. If all is specified as an
argument to the -entity option, all tracing is disabled. The trace file remains, and can
be formatted by using the netfmt command to view the trace messages it contains (see
netfmt(1M)).
-traceon all
n
-traceon kind ...
(Abbr.: -tn )
Requires the -entity option. The -card option is required for X.25 subsystems.
Other options are not required.
Start tracing on the specified subsystems. The tracing and logging facility must have been
initialized by nettl -start for this command to have any effect. The default trace file
is standard output; it can be overridden by the -file option. If standard output is a ter-
minal device, then an informative message is displayed and no trace data is produced.
When tracing is enabled, every operation through the subsystems is recorded if the kind
mask is matched.
kind defines the trace masks used by the tracing facility before recording a message. If
-traceon all is specified, all trace masks are enabled. kind can be entered as one or
several of the following keywords or masks:

keyword mask keyword mask

hdrin 0x80000000 state 0x04000000

hdrout 0x40000000 error 0x02000000
pduin 0x20000000 logging 0x01000000
pduout 0x10000000 loopback 0x00800000
proc 0x08000000
hdrin Inbound Protocol Header.
hdrout Outbound Protocol Header.
pduin Inbound Protocol Data Unit (including header and data).

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 53

 nettl(1M) nettl(1M)

pduout Outbound Protocol Data Unit (including header and data).

proc Procedure entry and exit.
state Protocol or connection states.
error Invalid events or condition.
logging Special kind of trace that contains a log message.
loopback Packets whose source and destination system is the same.
For multiple kinds, the masks can be specified separately or combined into a single
number. For example, to enable both pduin and pduout (to trace all packets coming
into and out of the node) use either pduin pduout or 0x10000000 0x20000000
or the combination 0x30000000 .
Not all subsystems support all trace kinds. No error is returned if a given subsystem does
not support a particular trace kind.
For example, the following NS_LS_* subsystems support only the pduin and pduout
trace kinds: NS_LS_TCP, NS_LS_UDP, NS_LS_IGMP, NS_LS_ICMP, NS_LS_IP,
NS_LS_IPV6 and NS_LS_ICMPV6.
If a -traceon is issued on a subsystem that is already being traced, the tracing mask and
optional values are changed to those specified by the new command, but the new -file ,
-size , and -tracemax options are ignored and a message is issued.
If -entity all is specified, all recognized subsystems are traced except X.25-specific
subsystems. To turn on tracing for X.25, use the command
nettl -traceon kind -e x.25_subsys -card dev_name
where the value of x.25_subsys is SX25L2 or SX25L3 .
-setfilter filter_file
(Abbr.: -sfl )
Used as a standalone option.
n This command is used to set filter expressions for subsystems. The filter expressions are
specified in the filter configuration file filter_file. Currently filters are supported for the fol-
lowing subsystems: GELAN, IGELAN, BTLAN, INTL100, IETHER, IXGBE, NS_LS_IP,
NS_LS_TCP, NS_LS_UDP, and NS_LS_ICMP. The syntax for the filter configuration file is
given below.
-filteron all
-filteron subsystem ...
(Abbr.: -flon )
Used as a standalone option.
Used to turn on a filter that has been set with the setfilter option for the subsystem.
This makes the filter active. If the attribute all is specified then filters are turned on for
all the subsystems that currently support filters as listed above.
-filteroff all
-filteroff subsystem ...
(Abbr.: -floff )
Used as a standalone option.
Used to turn off a filter that has been previously turned on with the filteron option for
the subsystem. This makes the filter inactive, but it is still set to be turned on in the
future. If the attribute all is specified then filters are removed for all the subsystems that
currently support filters as listed above.
-displayfilter all
-displayfilter subsystem ...
(Abbr.: -dfl )
Used as a standalone option.
Used to display the filters and their respective states. If the filter is set or turned on for a
subsystem, the filter expression is displayed along with the status of the filter. If no filter is
set for a subsystem then the corresponding filter status is mentioned. If the attribute all

54 Hewlett-Packard Company −6− HP-UX 11i Version 3: February 2007

nettl(1M) nettl(1M)

is specified then filter status is displayed for all the subsystems that currently support
filters as listed above.
-removefilter all
-removefilter subsystem ...
(Abbr.: -rfl )
Used as a standalone option.
This option is used to remove filter expressions for subsystems that have been set with the
setfilter command. If the attribute all is specified then filters are removed for all
the subsystems that currently support filters as listed above.

Trace Memory Management

Memory used for tracing is made up of a circular linked list of trace buffers, each of which holds the trace
messages until they are written to the file. Trace messages are written to a buffer until it is filled, after
which the buffer is written to the file as a whole. While the buffer is being written to the file, the next
buffer in the list is used to hold the incoming trace messages. If no buffer is free to hold the incoming trace
messages, the messages will be dropped. Under this condition, additional trace buffers can be allocated if
the max_mem value is specified for -mem option.
To achieve best tracing performance, the tracing algorithm imposes the following constraints:
a) Since a buffer is written to the file as a whole, the individual file size should be at least the buffer
size.
b) The additional amount of memory that can be allocated under heavy traffic given by (max_mem -
init_mem) should be at least the buffer size.
where: buffer size = MIN ( init_mem/4, 32 MB )
Refer to examples 10 and 11 for further details.

Data File Management

Data files created by the tracing and logging facility require special handling by the facility that you must
be aware of. When files are created, they have the suffix .LOG000 or .TRC000 appended to them,
depending on whether they are log or trace files, respectively. This scheme is used to keep the files distinct
for cases where you specify the same name in both places. Also, the files implement a type of circular
n
buffer, with new data always going into the file appended with .LOG000 or .TRC000 . When a
logname .LOG000 or tracename .TRC000 file is full, each log or trace is renamed to the next higher
number in its sequence; that is, a file with sequence number N is renamed as a file with sequence number
N+1 and a new file named logname .LOG000 or tracename .TRC000 is created. The number of files that
can exist simultaneously on the system can be specified by the -n option.
Note: The file name prefix (logname or tracename) specified by the user must not exceed eight charac-
ters so that the file name plus suffix does not exceed fourteen characters. Longer names are trun-
cated. To see the actual name of the trace or log file, use the nettl -status all command.

Console Logging
Console logging is used to display significant log events on the system console. The values in the
/etc/nettlgen.conf file determine if console logging is to be started and the entries in the
/var/adm/conslog.opts file determine what log messages will be reported to the console. The
nettlconf command can be used to configure and maintain the information in the
/etc/nettlgen.conf file (see nettlconf(1M)). If changes are made to these files, nettl must be
stopped and restarted for the new information to take effect.
All log messages written to the console as a result of this configuration information are in a special short
form. If more information is desired on the console, the netfmt formatter can be used to direct output to
the console device. This may be most useful in an X windows environment.
Console logging may be disabled if conservation of system resources is valued more than notification of log
events.

Trace Filters
Trace filters are a filter criteria applied on trace packets before actually capturing them. The filter criteria
is an expression consisting of a combination of header fields, (link level, TCP/IP and so on) specified in the
filter configuration file. Packets that pass the filter criteria are captured; all other packets are discarded.

HP-UX 11i Version 3: February 2007 −7− Hewlett-Packard Company 55

 nettl(1M) nettl(1M)

Filter Configuration File

This file is used to configure the filters. Entries in the file have the following syntax:
Subsystem subsystem_name filter expression
The filter expression can be constructed using operands and operators.
The supported filter operands are:
Operand Description
mac_src Source Mac Address
mac_dst Destination Mac Address
mac_type Ethernet type
ip_src Source IP Address
ip_dst Destination IP Address
ip_p IP Protocol
th_sport TCP source port
th_dport TCP destination port
th_flags TCP flags
uh_sport UDP source port
uh_dport UDP destination port
icmp_type ICMP type
icmp_code ICMP code
The supported operators are ==, !=, <, <= , >, and >= .
Note that the = (single equal) operator is not supported.
Logical operators that are supported are || and && . The logical operators are used to combine the indivi-
dual filters for a subsystem.

EXTERNAL INFLUENCES
International Code Set Support
Single and multibyte character code sets are supported in data; single-byte character code sets are sup-
n ported in file names.

EXAMPLES
1. Initialize the tracing/logging facility:
nettl -start
(See note for the -start option.)
2. Display the status of the tracing/logging facility.
nettl -status all
3. Change log class to error and warning for all the subsystems. disaster logging is always on
for all subsystems.
nettl -log e w -e all
4. Turn on inbound and outbound PDU tracing for the transport and session (OTS/9000) subsys-
tems and send binary trace messages to file /var/adm/trace.TRC000.
nettl -traceon pduin pduout -entity transport session \
-file /var/adm/trace
5. Turn on outbound PDU tracing for X.25 level two and subsystems ns_ls_ipv6 and ns_ls_ip .
Trace messages go to the trace file set up in the previous example. This example also uses the abbre-
viated options. Tracing for X.25 requires a -card option to indicate which X.25 card to trace.
nettl -tn pduout -e SX25L2 ns_ls_ipv6 ns_ls_ip -c x25_0
6. Determine status of tracing from the previous two examples.
nettl -status trace
The output should resemble the following:
Tracing Information:
Trace Filename: /var/adm/trace.TRC*
56 Hewlett-Packard Company −8− HP-UX 11i Version 3: February 2007
nettl(1M) nettl(1M)

Trace file size(Kbytes): 1000

Trace memory allocated(KB): 512
Trace memory to be allocated(KB): 0
Messages Dropped: 0
Processor ID: -1
Subsystem Name: Trace Mask: Card:
TRANSPORT 0x30000000
SESSION 0x30000000
NS_LS_IP 0x10000000
NS_LS_IPV6 0x10000000
SX25L2 0x10000000 x25_0
7. Stop tracing for all subsystems.
nettl -traceoff -e all
8. Enable pduin and pduout tracing for ns_ls_driver (LAN driver) subsystem. Binary trace
data goes to file /var/adm/LAN.TRC000.
The -file option of this command is only valid the first time tracing is called. The trace file is not
automatically reset with the -file option. To change the trace output file, stop tracing and start up
again. This example assumes that the -traceon option is being used for the first time.
nettl -tn pduin pduout -e ns_ls_driver -file /var/adm/LAN
9. Enable all kinds of tracing for gelan (GELAN driver) with initial trace memory being 256 MB. Binary
trace data goes to file /tmp/gelan.TRC000 and combined file size being 128 MB. This example
assumes that the -traceon option is being used for the first time.
nettl -tn all -e gelan -mem 256M -tm 128M -f /tmp/gelan
10. Enable all kinds of tracing for igelan (IGELAN driver) with initial trace memory being 128 MB and
maximum memory that can be allocated being 512 MB. Binary trace data goes to file
/tmp/igelan.TRC000. Also, bind the disk-write process to processor 1. This example assumes
that the -traceon option is being used for the first time.
nettl -tn all -e gelan -mem 128M 512M -b 1 -f /tmp/gelan
n
Warning: Trace file size is less than that required by the
tracing framework. Use ’nettl -status TRACE’ to see the actual
trace file size that is used.
nettl -ss TRACE
Tracing Information:
Trace Filename: /tmp/gelan.TRC*
Max Trace file size(Kbytes): 65536
Trace memory allocated(KB): 131072
Trace memory to be allocated(KB): 393216
Messages Dropped: 0
Processor ID: -1
Note that the combined trace file size used is 64 MB (as buffer size = 64 MB/2).
11. Terminate the tracing and logging facility.
nettl -stop
(See note for the -start option.)
12. Add a filter configuration file entry to capture packets that have the Syn and Ack flags set.
subsystem NS_LS_TCP th_flags==SA
13. Turn the filter on for the NS_LS_TCP subsystem.
nettl -flon NS_LS_TCP
14. Turn the filter off for the NS_LS_TCP subsystem.
nettl -floff NS_LS_TCP

HP-UX 11i Version 3: February 2007 −9− Hewlett-Packard Company 57

 nettl(1M) nettl(1M)

15. Display the filter for the GELAN subsystem.

nettl -dfl GELAN
16. Remove the filter for the NS_LS_TCP subsystem.
nettl -rfl NS_LS_TCP
WARNINGS
Although the nettl command allows the specification of all log classes and all trace kinds for all subsys-
tems, many subsystems do not support all log classes and all trace kinds. No error or warning will be
issued if a subsystem does not support a log class or trace kind. Refer to the product documentation of the
subsystem for information on supported log classes and trace kinds.
Tracing to a file that resides on a NFS file system can impact system performance and result in loss of trace
data. It is recommended that NFS file systems not be used to contain tracing output files.
Tracing to a file may not be able to keep up with a busy system, especially when extensive tracing informa-
tion is being gathered. If some data loss is encountered, the trace buffer size can be increased. Be selective
about the number of subsystems being traced, as well as the kinds of trace data being captured.
The nettl and netfmt commands read the /etc/nettlgen.conf file each time they are run (see
nettl(1M) and netfmt(1M)). If the file becomes corrupted, these commands will no longer be operational.

FILES
/dev/netlog Kernel log pseudo-device file.
/dev/nettrace Kernel trace pseudo-device file.
/etc/nettlgen.conf Tracing and logging subsystem configuration file.
/etc/rc.config.d/nettl Contains variables which control the behavior of nettl during sys-
tem startup.
/var/adm/conslog.opts Default console logging options filter file as specified in
/etc/nettlgen.conf.
n /var/adm/nettl.LOG000 Default log file as specified in /etc/nettlgen.conf.

AUTHOR
nettl was developed by HP.
SEE ALSO
netfmt(1M), nettlconf(1M), nettlgen.conf(4).

58 Hewlett-Packard Company − 10 − HP-UX 11i Version 3: February 2007

nettladm(1M) nettladm(1M)

NAME
nettladm - network tracing and logging administration manager

SYNOPSIS
/opt/nettladm/bin/nettladm [-t-l] [-c filter_file]
DESCRIPTION
The nettladm command is a tool used to administer network tracing and logging. It provides an interac-
tive user interface to the nettl , netfmt , and nettlconf commands. The interface runs in either text
terminal mode or in a Motif graphical environment. To run nettladm using Motif windows set the
DISPLAY environment variable to match the system name (for example, DISPLAY= system :0.0 ) prior to
using the command.
The nettladm command starts a menu-driven program that makes it easy to perform network tracing
and logging tasks with only limited specialized knowledge of HP-UX. nettladm is a self-guided tool, and
context-sensitive help is available at any point by pressing the f1 function key.
Options
nettladm recognizes the following options:
-l Shortcut to enter the "Logging Subsystems" (logging) area. This is the default.
-t Shortcut to enter the "Tracing Subsystems" (tracing) area.
-c filter_file Use the contents of filter_file as the default set of subsystem formatting criteria when creat-
ing reports within the "Create Report" area. The defaults can be overridden through the
interface screens. Global filters (those beginning with the word FORMATTER ) and com-
ments are ignored. See netfmt(1M) for the description and syntax of filter_file.

EXTERNAL INFLUENCES
International Code Set Support
Single and multibyte character code sets are supported in data; single-byte character code sets are sup-
ported in file names.

WARNINGS
Changes to logging and tracing levels and states are not preserved across system reboots or stops and res-
n
tarts from outside of the nettladm command. Permanent changes must be made to the
/etc/nettlgen.conf file using the nettlconf command. Note that changes to console logging and
all logging startup parameters are preserved.
Although the nettladm command allows the specification of all log classes and all trace kinds for all sub-
systems, many subsystems do not support all log classes and all trace kinds. No error or warning will be
issued if a subsystem does not support a log class or trace kind. Refer to the product documentation of the
subsystem for information on supported log classes and trace kinds.
The nettladm command reads the /etc/nettlgen.conf and /var/adm/conslog.opts files
each time it is run (see nettlgen.conf(4)). If the files become corrupted, this command will no longer be
operational.
Currently nettladm is not supported on Release 11i Version 1.6.

DEPENDENCIES
nettladm runs in an X Windows environment as well as on the following kinds of terminals or terminal
emulators:
• HP-compatible terminal with programmable function keys and on-screen display of function key
labels.
• VT-100.
FILES
/etc/nettlgen.conf Tracing and logging subsystem configuration file.
/var/adm/conslog.opts Default console logging options filter file as specified in
/etc/nettlgen.conf.
/var/adm/nettl.LOG000 Default log file as specified in /etc/nettlgen.conf.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 59

 nettladm(1M) nettladm(1M)

/var/adm/nettl.TRC000 Default trace file.

/opt/nettladm/lib/X11/app-defaults/Nettladm
X11 application defaults file.

AUTHOR
nettladm was developed by HP.
SEE ALSO
netfmt(1M), nettl(1M), nettlconf(1M), nettlgen.conf(4).

60 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

nettlconf(1M) nettlconf(1M)

NAME
nettlconf - configure network tracing and logging command subsystem database

SYNOPSIS
/usr/sbin/nettlconf -L [ -console conlog ] [ -portsize logportsize ]
[ -space maxlogspace ] [ -filename logfilename ] [ -option logoptfile ]
/usr/sbin/nettlconf [ -S ] -id ssid -name ssname [ -class logclass ]
[ -kernel|-st[reams] ] -lib sslib -msg ssmsgcat [ -fmtfn fmtfunc ]
[ -optfn optfunc ] -group ssgrpname
/usr/sbin/nettlconf -delete ssid
DESCRIPTION
nettlconf maintains the database file /etc/nettlgen.conf which contains information required
by the nettl , and netfmt commands (see nettl(1M), and netfmt(1M)). This database contains system
logging information along with a description of each subsystem that uses NetTL facility to log messages.
nettlconf can be used to update the network logging parameters or to add, update and delete subsys-
tem descriptions. If a subsystem already exists with the same ssid, the values given are substituted for
those in the database; otherwise a new entry is created.
System administrators may use the nettlconf command to customize the network logging parameters
stored in the database such as console logging behavior, the system log file name, the maximum system log
file size, and the amount of memory required by NetTL facility.
nettlconf is also called during system startup to change the database to reflect the values of any
relevant environment variables in the /etc/rc.config.d/nettl file.
Products use the nettlconf command during product installation to configure subsystems into the
NetTL facility. The installation will execute the nettlconf command for each subsystem it installs in
order to provide the information necessary for the subsystem to use the NetTL facility.
Only users with appropriate privileges can invoke nettlconf to modify the configuration file.

Options
The following option can be used to view the network logging parameters and all subsystem descriptions
n
from the nettlgen.conf database.
-status (abbrev: -s) display the contents of the database relevant to the network logging
facility only.
The following options can be used to update configuration information
about network logging.
-L This indicates that subsequent options apply to updating network logging information.
Changes to logging information will not take effect until nettl has been stopped
and restarted. This is a required field.
-console conlog (abbrev: -c) conlog is set to 1 if console logging is to be enabled when nettl is
started, 0 if not. (Console logging is used to report interesting events on the system
console.) This is an optional field.
NOTE: during system startup conlog will be changed to match the value of the
NETTL_CONSOLE variable in the /etc/rc.config.d/nettl file.
-portsize logportsize
(abbrev: -p) logportsize determines the number of outstanding messages possible in
the log queue. The value is in multiples of 1024 bytes. Valid range is 1 through 64.
The default is 8. This is an optional field.
-space maxlogspace
(abbrev: -s) maxlogspace is the maximum logging file space to be allowed. This is
the combined size of the 2 ping-ponged log files. Specify the size in multiples of 1024
bytes. Valid range is 1 through 10240. Default is 1000. This is an optional field.
-filename logfilename
(abbrev: -f) logfilename is the path and file name to be used as the system log file,
without the ping-pong extension (.LOGx). The default system log file is
/var/adm/nettl. This is an optional field.
HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 61
 nettlconf(1M) nettlconf(1M)

-option logoptfile
(abbrev: -o) logoptfile is the path and file name to be used as the console log options
file. The information in this file will be used to select logged events that will be
reported to the system console. The default console logging options file is
/var/adm/conslog.opts. This is an optional field.
The following options are used to add or update a subsystem description to the database.
-S Indicates that subsequent options apply to adding or updating a subsystem entry.
This is an optional field.
-id ssid (abbrev: -i) ssid (subsystem ID number) is used as the key field in the
nettlgen.conf database. It uniquely identifies a subsystem to the NetTL facility.
This is a required field.
-name ssname (abbrev: -n) ssname is the subsystem-name mnemonic. This string is used to iden-
tify the subsystem on the nettl command lines and also in the subsystem header
displayed by the formatter (see nettl(1M), and netfmt(1M)). This is a required field.
-class logclass (abbrev: -c) logclass is the default log class mask assigned to the subsystem at
start-up of NetTL facility. This is an optional field.
For multiple classes, the masks must be combined into a single decimal number. For
example, to initially log DISASTER and ERROR events use 12 as the logclass.
Default is an empty field in nettlgen.conf. nettl substitutes 12 (disaster
and error) for an empty class field.
Class Abbreviation
informative 1
warning 2
error 4
disaster 8
-kernel (abbrev: -k) flags the given subsystem as a kernel subsystem. nettl uses this
information to control certain tracing and logging properties of the subsystem. This is
defaulted to non-kernel unless this option is specified.
n -streams (abbrev:-st) flags the given subsystem as a streams based kernel subsystem.
nettl uses this information to control certain tracing and logging properties of the
subsystem. A subsystem is defaulted to non-kernel unless this option is used. This is
an optional field.
-lib sslib (abbrev: -l) sslib is the name of the shared library where the subsystem formatter
resides. This should be an absolute path name unless the library resides in
/usr/lib . Multiple subsystems can reference the same library. This is a required
field.
-msg ssmsgcat (abbrev: -m) ssmsgcat is the name of the subsystem formatter message catalog. If
the pathname and .cat filename extension are excluded, /usr/lib/nls/%L/%N.cat
is used to locate ssmsgcat . Otherwise, ssmsgcat must be formatted similarly to the
NLSPATH environment variable (see environ(5)). Multiple subsystems can refer to
the same message catalog. This is a required field.
-fmtfn fmtfunc (abbrev: -f) fmtfunc specifies the function to call when formatting data from the
given subsystem. Multiple subsystems can reference the same formatting function.
Default is to form the function name from the subsystem ID as follows:
subsys_ N _format
where N is the subsystem ID number. If a null function is needed for this subsystem,
specify
-f NULL
This is an optional field.
-optfn optfunc (abbrev: -o) optfunc specifies the function used to process options in the netfmt
filter configuration file (see netfmt(1M)). Multiple subsystems can reference the same
options processing function. The default is an empty field in nettlgen.conf.
netfmt assumes a NULL function for an empty optfunc field. This is an optional
field.

62 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

nettlconf(1M) nettlconf(1M)

-group ssgrpname
(abbrev: -g) ssgrpname is a group name associated with the subsystem. It is typi-
cally the product name of the subsystem. Several subsystems can be grouped
together so that a common banner is printed in the formatted header. This is a
required field.
The following option is used to remove a subsystem description from the database.
-delete ssid (abbrev: -d) Deletes all information associated with the ssid (subsystem ID) from the
database.

WARNINGS
The nettlconf utility is intended primarily for use by HP subsystems to configure themselves into the
NetTL facility at installation time. System administrators may wish to use this command to alter the
default logging class each subsystem starts up with, but no other information about the subsystem should
be changed.
The nettl , and netfmt commands read the /etc/nettlgen.conf file each time they are executed.
If the file becomes corrupted these commands cannot function.
Some changes to the /etc/nettlgen.conf file do not take effect until nettl and netfmt are
stopped and restarted.

AUTHOR
nettlconf was developed by HP.
FILES
/etc/nettlgen.conf subsystem configuration file maintained by nettlconf
/etc/rc.config.d/nettl configuration file controlling nettl during system startup

SEE ALSO
netfmt(1M), nettl(1M), nettlgen.conf(4), environ(5).

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 63

 newaliases(1M) newaliases(1M)

NAME
newaliases - rebuilds the database for the mail aliases file

SYNOPSIS
newaliases [-on ]
DESCRIPTION
newaliases rebuilds the random access database for the mail aliases file /etc/mail/aliases. It
must be run each time this file is changed in order for the change to take effect.
newaliases is identical to sendmail -bi .
Options
-on Validate addresses. When sendmail rebuilds the alias database files, it will check the legality of all
addresses to the right of the colons. Each address is validated. If the validation fails, the address is
skipped and a warning message is displayed.

RETURN VALUE
The newaliases utility exits 0 on success, and >0 if an error occurs.

AUTHOR
newaliases was developed by the University of California, Berkeley, and originally appeared in 4.0BSD.
The manual page originally came from sendmail 8.7 .

FILES
/etc/mail/aliases The mail aliases file.
/etc/mail/aliases.db
Database of alias names.

SEE ALSO
aliases(5), sendmail(1M).
n

64 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

newfs(1M) newfs(1M)

NAME
newfs - construct a new file system

SYNOPSIS
/usr/sbin/newfs [-F FStype] [-o specific_options] [-V] special
DESCRIPTION
The newfs command is a "friendly" front-end to the mkfs command (see mkfs(1M)). The newfs com-
mand calculates the appropriate parameters and then builds the file system by invoking the mkfs com-
mand.
special represents a character (raw) special device.

Options
newfs recognizes the following options:
-F FStype Specify the file system type on which to operate (see fstyp(1M) and fs_wrapper(5)). If
this option is not included on the command line, then the file system type is deter-
mined from the file /etc/fstab by matching special with an entry in that file. If
there is no entry in /etc/fstab , then the file system type is determined from the
file /etc/default/fs. Current valid Fstype values are: hfs and vxfs for the
HFS and JFS (VxFS) file systems, respectively.
-o specific_options
Specify options specific to the file system type. specific_options is a list of suboptions
and/or keyword/attribute pairs intended for an FStype-specific module of the com-
mand. See the file system specific manual entries for a description of the
specific_options that are supported, if any.
-V Echo the completed command line, but perform no other actions. The command line
is generated by incorporating the specified options and arguments and other informa-
tion derived from /etc/fstab . This option allows the user to verify the command
line.

EXAMPLES n
Execute the newfs command to create an HFS file system on /dev/rdisk/disk2
newfs -F hfs /dev/rdisk/disk2
AUTHOR
newfs was developed by HP and the University of California, Berkeley.
FILES
/etc/default/fs File that specifies the default file system type.
/etc/fstab Static information about the file systems.

SEE ALSO
fsck(1M), fstyp(1M), mkfs(1M), newfs_hfs(1M), newfs_vxfs(1M), fstab(4), fs_wrapper(5), disk(7).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 65

 newfs_hfs(1M) newfs_hfs(1M)

NAME
newfs_hfs: newfs - construct a new HFS file system

SYNOPSIS
/usr/sbin/newfs [-F hfs ] [-B] [-d] [-L-S] [-O disk_type] [-R swap] [-v] [-V]
[mkfs-options] special

DESCRIPTION
The newfs command builds a file system by invoking the mkfs command.
The newfs command creates the file system with a rotational delay value of zero (see tunefs(1M)).
special represents a character (raw) special device.
Options
newfs recognizes the following options:
-F hfs Specify the HFS file system type.
-B Reserve space for boot programs past the end of the file system. If file
/usr/lib/uxbootlf is present on the system then sufficient space to accommo-
date that file is reserved, otherwise 691 KB sectors are reserved. This option
decreases the size of the file system to be created. This option cannot be used if the
-s option is given; see mkfs Options below.
-d This option allows the newfs command to make the new file system in an ordinary
file. In this case, special is the name of an existing file in which to create the file sys-
tem. The -s option (see "mkfs Options") must be provided with this option.
-L-S There are two types of HFS file systems, distinguished mainly by directory formats
that place different limits on the length of file names.
If -L is specified, build a long-file-name file system that allows directory entries (file
names) to be up to MAXNAMLEN (255) bytes long.
If -S is specified, build a short-file-name file system that allows directory entries (file
n names) to be up to DIRSIZ (14) bytes long.
If neither -L nor -S is specified, build a file system of the same type as the root file
system.
-O disk_type Use disk parameters from the entry for the named disk type in /etc/disktab .
This option is provided for backward compatibility with previous HP-UX releases.
Any parameters specified in the command line will override the corresponding values
in /etc/disktab . Any values not given in the command line or in
/etc/disktab will be defaulted.
-R swap Reserve swap megabytes (MB) of swap space past the end of the file system. This
option decreases the size of the file system to be created by the given amount. This
option cannot be used if the -s option is given; see "mkfs Options" below.
-v Verbose; the newfs command prints out its actions, including the parameters passed
to the mkfs command.
-V Echo the completed command line, but perform no other actions. The command line
is generated by incorporating the user-specified options and other information derived
from /etc/fstab . This option allows the user to verify the command line.
Both the -R and -B options can be given in the same command line. In this case, both the requested swap
space and the space needed for boot programs are reserved. These options are for use when the file system
size defaults to the size of the entire disk.

mkfs Options
The mkfs-options argument can be zero or more of the following options that can be used to override default
values passed to the mkfs command:
-b blksize The primary block size for files on the file system. Valid values are: 4096, 8192,
16384, 32768, and 65536. The default value is 8192 bytes.
-c cylinders_per_group
The number of disk cylinders per cylinder group. This number must be in the range 1

66 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

newfs_hfs(1M) newfs_hfs(1M)

to 32. The default value is 16 cylinders per group.

-f fragsize The fragment size for files on the file system. fragsize represents the smallest amount
of disk space to be allocated to a file. It must be a power of two no smaller than
DEV_BSIZE and no smaller than one-eighth of the file system block size. The default
value is 1024 bytes.
-i number_of_bytes_per_inode
The density of inodes in the file system specified as the number of bytes per inode.
The default is 6144 bytes per inode.
This number should reflect the expected average size of files in the file system. If
fewer inodes are desired, a larger number should be used; if more inodes are desired,
a smaller number should be used.
Note: The number of inodes that will be created in each cylinder group of a file sys-
tem is approximately the size of the cylinder group divided by the number of bytes per
inode, up to a limit of 2048 inodes per cylinder group. If the size of the cylinder group
is large enough to reach this limit, the default number of bytes per inode will be
increased.
-m free_space_percent
The minimum percentage of free disk space allowed. The default value is 10 percent.
Once the file system capacity reaches this threshold, only users with appropriate
privileges can allocate disk blocks.
-r revolutions_per_minute
The disk speed in revolutions per minute (rpm). The default value is 3600 revolutions
per minute.
-s size The number of DEV_BSIZE blocks in the file system. DEV_BSIZE is defined in
<sys/param.h> . The default value is the size of the entire disk or disk section
minus any swap or boot space requested. See mkfs_hfs(1M) for limits on the size of
HFS file systems.
-t tracks_per_cylinder
The number of tracks per cylinder. The default value depends on the size of the file
n
system. For file systems of less than 500 MB, the default is 7; for file systems between
500 MB and 1 GB, the default is 12; for file systems larger than 1 GB the default is 16.
-o specific_options
Specify a list of comma separated suboptions and/or keyword/attribute pairs from the
list below.
largefiles |nolargefiles
Controls the largefile featurebit for the file system. The default is nolarge-
files . This means the bit is not set and files created on the file system will be
limited to less than 2 gigabytes in size. If largefiles is specified, the bit is
set and the maximum size for files created on the file system is not limited to 2
gigabytes (see mount_hfs(1M) and fsadm_hfs(1M)).

Access Control Lists

Every file with one or more optional ACL entries consumes an extra (continuation) inode. If you anticipate
significant use of ACLs on a new file system, you can allocate more inodes by reducing the value of the
argument to the -i option appropriately. The small default value typically causes allocation of many more
inodes than are actually necessary, even with ACLs. To evaluate the need for extra inodes, run the
bdf -i command on existing file systems. For more information on access control lists, see acl(5).
EXAMPLES
Execute the newfs command to create an HFS file system on a non-LVM disk /dev/rdisk/disk2 and
reserve 40 megabytes of swap space.
newfs -F hfs -R 40 /dev/rdisk/disk2
Create an HFS file system within a logical volume, my_lvol , whose size is identical to that of the logical
volume. (Note the use of the character (raw) special device.)

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 67

 newfs_hfs(1M) newfs_hfs(1M)

newfs -F hfs /dev/vg01/rmy_lvol

WARNINGS
The old -F option, from prior releases of newfs(1M), is no longer supported.
newfs(1M) cannot be executed specifying creation of a file system on a whole disk if that disk was previ-
ously used as an LVM disk. If you wish to do this, use mediainit(1) to reinitialize the disk first.

AUTHOR
newfs was developed by HP and the University of California, Berkeley.
FILES
/etc/disktab
/etc/fstab Static information about the file systems.

SEE ALSO
bdf(1M), fsadm_hfs(1M), mkboot(1M), mkfs(1M), mkfs_hfs(1M), mount_hfs(1M), newfs(1M), tunefs(1M),
disktab(4), acl(5), disk(7).

68 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

newkey(1M) newkey(1M)

NAME
newkey - create a new Diffie-Hellman key pair in the publickey database

SYNOPSIS
newkey -h hostname [ -s nis | files | ldap ]
newkey -u username [ -s nis | files | ldap ]
DESCRIPTION
newkey establishes new public keys for users and machines on the network. These keys are needed when
using secure RPC or secure NFS service.
newkey prompts for a password for the given username or hostname and then creates a new public/secret
Diffie-Hellman 192 bit key pair for the user or host. The secret key is encrypted with the given password.
The key pair can be stored in the /etc/publickey file, the NIS publickey map, or user/host
entries in the LDAP directory.
newkey consults the publickey entry in the name service switch configuration file (see
nsswitch.conf(4)) to determine which naming service is used to store the secure RPC keys. If the pub-
lickey entry specifies a unique name service, newkey will add the key in the specified name service.
However, if there are multiple name services listed, newkey cannot decide which source to update and
will display an error message. The user is required to specify the source explicitly with the -s option.
In the case of NIS, newkey should be run by the superuser on the master NIS server for that domain. In
the case of LDAP, newkey should be run by the superuser on a machine that has permission to update the
user/host entries in the LDAP directory.
Options
-h hostname Create a new public/secret key pair for the privileged user at the given hostname.
Prompts for a password for the given hostname.
-u username Create a new public/secret key pair for the given username. Prompts for a password
for the given username.
-s nis | files | ldap
Update the database in the specified source: nis (for NIS), files , or ldap
(LDAP). Other sources may be available in the future.
n
WARNINGS
HP-UX 11i Version 2 is the last HP-UX release on which NIS+ is supported. LDAP is the recommended
replacement for NIS+. HP fully supports the industry standard naming services based on LDAP.

AUTHOR
newkey was developed by Sun Microsystems, Inc.
SEE ALSO
chkey(1), keylogin(1), nsswitch.conf(4), publickey(4).
LDAP-UX Client Services Administrator’s Guide
LDAP-UX Client Services Release Notes

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 69

 nfs4cbd(1M) nfs4cbd(1M)

NAME
nfs4cbd - NFS Version 4 callback daemon

SYNOPSIS
/usr/sbin/nfs4cbd
DESCRIPTION
The nfs4cbd daemon manages communication endpoints for the NFS Version 4 protocol callback pro-
gram. nfs4cbd runs on the NFS Version 4 client and creates a listener port for each transport over
which callbacks can be sent.
The nfs4cbd daemon is provided for the exclusive use of the NFS version 4 client.

Notes
A directory service that provides service name data base support must have the following service entry in
its database:
nfsd 2049/tcp nfs # NFS server daemon (cots)
WARNINGS
This daemon might not exist in a future release of HP-UX.

AUTHOR
nfs4cbd was developed by Sun Microsystems, Inc.
SEE ALSO
mount_nfs(1M), getservent(3N), nsswitch.conf(4), services(4).

70 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

nfsd(1M) nfsd(1M)

NAME
nfsd - NFS daemon

SYNOPSIS
/usr/sbin/nfsd [-a] [-c #_conn] [-l listen_backlog] [-p protocol ] [-t device] [nservers ]
DESCRIPTION
nfsd is the daemon that handles client file system requests. Only users with sufficient privileges can run
this daemon.
The nfsd daemon is automatically invoked if NFS_CORE=1 and NFS_SERVER=1 in the
/etc/rc.config.d/nfsconf file.
By default, nfsd starts over the TCP and UDP transports for version 2 and version 3, and over TCP for
version 4, if NFS version 4 is enabled. One can change this with the -p option.
A previously invoked nfsd daemon started with or without options must be stopped before invoking
another nfsd command.
Administrators wanting to change startup parameters for nfsd should make changes (as root user) to the
NFS default file /etc/default/nfs, (see nfs(4)). Administrators can either edit this file or use the
setoncenv command to make changes.
Options
The following options are supported:
-a Start a NFS daemon over all available connectionless and connection-oriented tran-
sports, including UDP and TCP. Equivalent to setting the NFSD_PROTOCOL parame-
ter to ALL in the NFS default file.
-c #_conn This sets the maximum number of connections allowed to the NFS server over
connection-oriented transports. By default, the number of connections is unlimited.
Equivalent to the NFSD_MAX_CONNECTION parameter in the NFS default file.
-l Set connection queue length for the NFS TCP over a connection-oriented transport.
The default value is 32 entries. Equivalent to the NFSD_LISTEN_BACKLOG parame-
ter in the NFS default file.
n
-p protocol Start a NFS daemon over the specified protocol. Equivalent to the NFSD_PROTOCOL
parameter in the NFS default file.
-t device Start a NFS daemon for the transport specified by the given device. Equivalent to the
NFSD_DEVICE parameter in the NFS default file.
Operands
The following operands are supported:
nservers This sets the maximum number of concurrent NFS requests that the server can han-
dle. This concurrency is achieved by up to nservers threads created as needed in the
kernel. nservers should be based on the load expected on this server. 16 is the usual
number of nservers . If nservers is not specified, the maximum number of concurrent
NFS requests will default to 1. Changing the value of nservers requires stopping and
restarting nfsd . Equivalent to the NFSD_SERVERS parameter in the NFS default
file.

Notes
A directory service that provides service name data base support must have the following service entries in
its database:
nfsd 2049/udp nfs # NFS server daemon (clts)
nfsd 2049/tcp nfs # NFS server daemon (cots)
If the kernel tunable NFS_PORTMON (see nfs_portmon(5)) is set to 1, then clients are required to use
privileged ports (ports < IPPORT_RESERVED) to receive NFS services. This tunable is set to 0 by default.
Use kctune (see kctune(1M)) to set this tunable.
By default, the NFS version 4 server is disabled. In order to enable it you must stop the NFS server. As
root, either use the setoncenv command (see setoncenv(1M)) or edit /etc/default/nfs to set the
NFS_SERVER_VERSMAX parameter to 4.
HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 71
 nfsd(1M) nfsd(1M)

EXIT STATUS
0 Daemon started successfully.
1 Daemon failed to start.
WARNINGS
Manually starting and restarting nfsd is not recommended. If it is necessary to do so, use the NFS server
start/stop script (/sbin/init.d/nfs.server).

FILES
.nfsXXX client machine pointer to an open-but-unlinked file.
/sbin/init.d/nfs.server shell script for starting nfsd .
/etc/default/nfs startup parameters for nfsd .
/var/nfs4/v4_state
/var/nfs4/v4_oldstate directories used by the server to manage client state information;
these directories should not be removed.

AUTHOR
was developed by Sun Microsystems, Inc.

SEE ALSO
kctune(1M), mountd(1M), setoncenv(1M), getservent(3N), nfs(4), nsswitch.conf(4), services(4), sharetab(4),
nfs_portmon(5).

72 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

nfslogd(1M) nfslogd(1M)

NAME
nfslogd - nfs logging daemon

SYNOPSIS
/usr/sbin/nfslogd
DESCRIPTION
The nfslogd daemon provides operational logging to the HP-UX NFS server. It is the nfslogd
daemon’s job to generate the activity log by analyzing RPC operations processed by the NFS server. The
log will only be generated for file systems exported with logging enabled. This is specified at file system
export time by means of the share_nfs(1M) command.
Each record in the log file includes a time stamp, the IP address (or hostname if it can be resolved) of the
client system, the file or directory name the operation was performed on, and the type of operation.
In the basic format, the operation can either be an input (i) or output (o) operation. The basic format of the
NFS server log is compatible with the log format generated by the Washington University FTPd daemon.
The log format can be extended to include directory modification operations, such as mkdir , rmdir , and
remove . The extended format is not compatible with the Washington University FTPd daemon format.
See nfslog.conf(4) for details.
The NFS server logging mechanism is divided in two phases. The first phase is performed by the NFS ker-
nel module, which records raw RPC requests and their results in work buffers backed by permanent
storage. The location of the work buffers is specified in the /etc/nfs/nfslog.conf file. Refer to
nfslog.conf(4) for more information.
The second phase involves the nfslogd user-level daemon, which periodically reads the work buffers,
interprets the raw RPC information, groups related RPC operations into single transaction records, and
generates the output log. The nfslogd daemon then sleeps waiting for more information to be logged to
the work buffers. The amount of time that the daemon sleeps can be configured by modifying the
IDLE_TIME parameter in /etc/default/nfslogd. The work buffers are intended for internal con-
sumption of the nfslogd daemon.
NFS operations use file handles as arguments instead of path names. For this reason the nfslogd dae-
mon needs to maintain a database of file handle to path mappings in order to log the path name associated
with an operation instead of the corresponding file handle. A file handle entry is added to the database
n
when a client performs a lookup or other NFS operation that returns a file handle to the client.
Once an NFS client obtains a file handle from a server, it can hold on to it for an indefinite time, and later
use it as an argument for an NFS operation on the file or directory. The NFS client can use the file handle
even after the server reboots. Because the database needs to survive server reboots, it is backed by per-
manent storage. The location of the database is specified by the fhtable parameter in the
/etc/nfs/nfslog.conf file. This database is intended for the internal use of the nfslogd daemon.
In order to keep the size of the file handle mapping database manageable, nfslogd prunes the database
periodically. It removes file handle entries that have not been accessed in more than a specified amount of
time.
The PRUNE_TIMEOUT configurable parameter in /etc/default/nfslogd specifies the interval
length between successive runs of the pruning process. A file handle record will be removed if it has not
been used since the last time the pruning process was executed. Pruning of the database can effectively be
disabled by setting the PRUNE_TIMEOUT as high as INT_MAX .
When pruning is enabled, there is always a risk that a client may have held on to a file handle longer than
the PRUNE_TIMEOUT and perform an NFS operation on the file handle after the matching record in the
mapping database had been removed. In such case, the pathname for the file handle will not be resolved,
and the log will include the file handle instead of the pathname.
There are various configurable parameters that affect the behavior of the nfslogd daemon. These
parameters are found in /etc/default/nfslogd and are described below:
UMASK Sets the file mode for the log files, work buffer files and file handle mapping
database.
MIN_PROCESSING_SIZE
Specifies the minimum size, in bytes, that the buffer file must reach before pro-
cessing the work information and writing to the log file. The value of
MIN_PROCESSING_SIZE must be between 1 and the maximum file size that
HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 73
 nfslogd(1M) nfslogd(1M)

is supported by the file system where the buffer file resides.

IDLE_TIME Specifies the amount of time, in seconds, the daemon should sleep while waiting
for more information to be placed in the buffer file. IDLE_TIME also deter-
mines how often the configuration file will be reread. The value of IDLE_TIME
must be between 1 and INT_MAX .
MAX_LOGS_PRESERVE The nfslogd periodically cycles its logs. MAX_LOGS_PRESERVE specifies the
maximum number of log files to save. When MAX_LOGS_PRESERVE is
reached, the oldest files will be overwritten as new log files are created. These
files will be saved with a numbered extension, beginning with filename.0 .
The oldest file will have the highest numbered extension up to the value
configured for MAX_LOGS_PRESERVE. The value of MAX_LOGS_PRESERVE
must be between 1 and INT_MAX .
CYCLE_FREQUENCY Specifies how often, in hours, the log files are cycled. CYCLE_FREQUENCY is
used to insure that the log files do not get too large. The value of
CYCLE_FREQUENCY must be between 1 and INT_MAX .
MAPPING_UPDATE_INTERVAL
Specifies the time interval, in seconds, between updates of the records in the file
handle to path mapping tables. Instead of updating the atime of a record each
time that record is accessed, it is only updated if it has aged based on this
parameter. The record access time is used by the pruning routine to determine
whether the record should be removed from the database. The value of this
parameter must be between 1 and INT_MAX .
PRUNE_TIMEOUT Specifies when a database record times out, in hours. If the time that elapsed
since the record was last accessed is greater than PRUNE_TIMEOUT then the
record can be pruned from the database. The default value for
PRUNE_TIMEOUT is 168 hours (7 days). The value of PRUNE_TIMEOUT must
be between 1 and INT_MAX .

EXIT STATUS
n The following exit values are returned:
0 Daemon started successfully.
1 Daemon failed to start.
FILES
/etc/nfs/nfslogtab
system record of logged file systems
/etc/nfs/nfslog.conf
NFS server logging configuration file
/etc/default/nfslogd
default parameters for nfslogd .

AUTHOR
nfslogd was developed by Sun Microsystems, Inc.
SEE ALSO
share_nfs(1M), nfslog.conf(4).

74 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

nfsmapid(1M) nfsmapid(1M)

NAME
nfsmapid - NFS user and group id mapping daemon

SYNOPSIS
/usr/sbin/nfsmapid
DESCRIPTION
The nfsmapid daemon maps to and from NFS version 4 owner and owner_group identification attributes
and local UID and GID numbers used by both the NFS version 4 client and server.
nfsmapid uses the passwd and group entries in the /etc/nsswitch.conf file to direct how it per-
forms the mappings.
The nfsmapid daemon has no external, customer-accessible interfaces. System administrators, however,
can configure nfsmapid in one of the following ways:
• Specify the NFSMAPID_DOMAIN parameter in /etc/default/nfs.
• Specify the _nfsv4idmapdomain DNS resource record.

WARNINGS
This daemon might not exist in a future release of HP-UX.

AUTHOR
nfsmapid was developed by Sun Microsystems, Inc.
SEE ALSO
automountd(1M), mount_nfs(1M), share_nfs(1M), nfs(7).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 75

 nfsstat(1M) nfsstat(1M)

NAME
nfsstat - NFS statistics

SYNOPSIS
/bin/nfsstat [-cnrsmza ]
DESCRIPTION
nfsstat displays statistical information about the NFS and RPC (Remote Procedure Call), interfaces to
the kernel. It can also be used to reinitialize this information. If no options are given the default is:
nfsstat -csnra .
That is, display everything, but reinitialize nothing.

Options
-a Display NFS_ACL information.
-c Display client information. Only the client side NFS, RPC, and NFS_ACL information is
printed. Can be combined with the -n , -r , and -a options to print client side NFS, RPC, and
NFS_ACL information only.
-m Display statistics for each NFS mounted file system. This includes the server name, mount
flags, current read and write sizes, the retransmission count, the attribute cache timeout
values, failover information, and the timers used for dynamic retransmission. Note that the
dynamic retransmission timers are displayed only where dynamic retransmission is in use. By
default, NFS mounts over the TCP protocols and NFS Version 3 mounts over either TCP or
UDP do not use dynamic retransmission.
If you specify the -m option, this is the only option nfsstat uses. Any options specified in
addition to -m are checked for validity, then ignored.
-n Display NFS information. NFS information for both the client and server side will be printed.
Can be combined with the -c and -s options to print client or server NFS information only.
-r Display RPC information. Can be combined with the -c and -s options to print client or
server RPC information only.
n -s Display server information. Only the server side NFS, RPC, and NFS_ACL information is
printed. Can be combined with the -n , -r , and -a options to print server side NFS, RPC, and
NFS_ACL information only.
-z Zero (reinitialize) statistics. This option is for use by the super user only, and can be combined
with any of the above options to zero particular sets of statistics after printing them.

Displays
The server RPC display includes the following fields:
calls The total number of RPC calls received.
badcalls The total number of calls rejected by the RPC layer (the sum of badlen and
xdrcall as defined below).
nullrecv The number of times an RPC call was not available when it was thought to be
received.
badlen The number of RPC calls with a length shorter than a minimum-sized RPC call.
xdrcall The number of RPC calls whose header could not be XDR decoded.
dupchecks The number of RPC calls that looked up in the duplicate request cache.
dupreqs The number of RPC calls that were found to be duplicates.
The server NFS display shows the number of NFS calls received (calls ) and rejected (badcalls ), and
the counts and percentages for the various calls that were made.
The server NFS_ACL display shows the counts and percentages for the various calls that were made.
The client RPC display includes the following fields:
calls The total number of RPC calls made.

76 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

nfsstat(1M) nfsstat(1M)

badcalls The total number of calls rejected by the RPC layer.

badxid The number of times a reply from a server was received which did not correspond to
any outstanding call.
timeouts The number of times a call timed out while waiting for a reply from the server.
newcred The number of times authentication information had to be refreshed.
badverfs The number of times the call failed due to a bad verifier in the response.
timers The number of times the calculated time-out value was greater than or equal to the
minimum specified time-out value for a call.
cantconn The number of times the call failed due to a failure to make a connection to the
server.
nomem The number of times the call failed due to a failure to allocate memory.
interrupts The number of times the call was interrupted by a signal before completing.
retrans The number of times a call had to be retransmitted due to a timeout while waiting for
a reply from the server.
cantsend The number of times a client was unable to send an RPC request over a connectionless
transport when it tried to do so.
The client NFS display shows the number of calls sent and rejected, as well as the number of times a
CLIENT handle was received (clgets ), the number of times the CLIENT handle cache had no unused
entries (cltoomany ), as well as a count of the various calls and their respective percentages.
The client NFS_ACL display shows the counts and percentages for the various calls that were made.
The -m option includes information about mount flags set by mount options, mount flags internal to the
system, and other mount information. See mount_nfs(1M).
The following mount flags are set by mount options:
sec sec has one of the following values:
none No authentication. n
sys UNIX-style authentication (UID, GID).
dh des -style authentication (encrypted timestamps).
krb5 kerberos v5 -style authentication.
krb5i krb5 kerberos v5-style authentication with integrity.
krb5p krb5 kerberos v5-style authentication with privacy.
hard Hard mount.
soft Soft mount.
intr Interrupts allowed on hard mount.
nointr No interrupts allowed on hard mount.
forcedirectio
Forced direct I/O being used for the duration of the mount.
noac Client is not caching attributes.
rsize Read buffer size in bytes.
wsize Write buffer size in bytes.
retrans NFS retransmissions.
timeo Initial NFS timeout, in tenths of a second.
nocto No close-to-open consistency.
llock Local locking being used (no lock manager).
public Public handle being used.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 77

 nfsstat(1M) nfsstat(1M)

grpid System V group id inheritance.

rpctimesync
RPC time sync.
devs Allow access to local devices.
nodevs Do not allow access to local devices.
The following mount flags are internal to the system:
printed "Not responding" message printed.
down Server is down.
dynamic Dynamic transfer size adjustment.
link Server supports links.
symlink Server supports symbolic links.
readdir Use readdir instead of readdirplus .
acl Server supports NFS_ACL.
novj A private option used by the HP CIFS Client product only.
The following flags relate to additional mount information:
vers NFS version.
proto Protocol.
The -m option also provides attribute cache timeout values. The following fields in -m ouput provide
timeout values for attribute cache:
acregmin Minimum seconds to hold cached file attributes.
acregmax Maximum seconds to hold cached file attributes.
acdirmin Minimum seconds to hold cached directory attributes.
n acdirmax Maximum seconds to hold cached directory attributes.
The following fields in -m output provide failover information:
noresponse How many times servers have failed to respond.
failover How many times a new server has been selected.
remap How may times files have been re-evaluated to the new server.
currserver Which server is currently providing NFS service.
The fields in -m output shown below provide information on dynamic retransmissions. Note that these
items are displayed only where dynamic retransmission is in use.
srtt The value for the smoothed round-trip time, in milliseconds.
dev Estimated deviation, in milliseconds.
cur Current backed-off retransmission value, in milliseconds.

EXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
AUTHOR
nfsstat was developed by Sun Microsystems, Inc.
SEE ALSO
mount_nfs(1M).

78 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

ntpdate(1M) ntpdate(1M)

NAME
ntpdate - set the date and time via NTP

SYNOPSIS
ntpdate [ -Bbdpqsuv ] [ -a key# ] [ -e authdelay ] [ -k keyfile ]
[ -o version ] [ -p samples ] [ -t timeout ] server [ ... ]

DESCRIPTION
ntpdate sets the local date and time by polling those Network Time Protocol (NTP) server(s) given as the
server arguments to determine the correct time. It must be run as root on the local host. A number of sam-
ples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algo-
rithms are applied to select the best of these. Note that the accuracy and reliability of ntpdate depends
on the number of servers, the number of polls each time it is run, and the interval between the runs.
ntpdate can be run manually as necessary to set the host clock, or it can be run from the host startup
script to set the clock at boot time. This is useful in some cases to set the clock initially before starting the
NTP daemon xntpd .
It is also possible to run ntpdate from a cron script. However, it is important to note that ntpdate
with contrived cron scripts is no substitute for the NTP daemon, which uses sophisticated algorithms to
maximize accuracy and reliability while minimizing resource use. Finally, since ntpdate does not discip-
line the host clock frequency as does xntpd , the accuracy using ntpdate is limited.
Time adjustments are made by ntpdate in one of two ways. If ntpdate determines the clock is in
error more than 0.5 seconds, it will simply step the time by calling the clock_settime (see clocks(2))
system routine. If the error is less than 0.5 seconds, it will slew the time by calling the adjtime (see adj-
time(2)) system routine. The latter technique is less disruptive and more accurate when the error is small,
and works quite well when ntpdate is run by cron (see cron(1M)) every hour or two.
ntpdate will decline to set the date if an NTP server daemon (e.g., xntpd ) is running on the same host.
When running ntpdate on a regular basis from cron as an alternative to running a daemon, doing so
once every hour or two will result in precise enough timekeeping to avoid stepping the clock.

Command Line Options

ntpdate supports the following options: n
-a Enable the authentication function and specify the key identifier to be used for authentica-
tion. The keys and key identifiers must match in both the client and server key files. The
default is to disable the authentication function.
-B Force the time to always be slewed using the adjtime system call, even if the measured
offset is greater than ±128 ms. The default is to step the time using the clock_settime
system call if the offset is greater than ±128 ms. Note that, if the offset is much greater
than ±128 ms it can take a long time (hours) to slew the clock to the correct value. During
this time the host should not be used to synchronize clients.
-b Force the time to be stepped using the clock_settime system call, rather than slewed
(default) using the adjtime system call. This option should be used when called from a
startup file at boot time.
-d Enable the debugging mode, in which ntpdate will go through all the steps, but not
adjust the local clock. Information useful for general debugging will also be printed.
-e authdelay Specify the processing delay to perform an authentication function as the value authdelay,
in seconds and fraction (see xntpd(1M) for details). This number is usually small enough to
be negligible for most purposes, though specifying a value may improve timekeeping on
very slow CPU’s.
-k keyfile Specify the path for the authentication key file as the string keyfile. The default is
/etc/ntp.keys . This file should be in the format described in xntpd .
-o version Specify the NTP version for outgoing packets as the integer version, which can be 1 or 2.
The default is 3. This allows ntpdate to be used with older NTP versions.
-p samples Specify the number of samples to be acquired from each server as the integer samples, with
values from 1 to 8 inclusive. The default is 4.
-q Prints the offset measurement, stratum of the server(s) and delay measurement without
adjusting the local clock. This is similar to -d option which gives a more detailed

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 79

 ntpdate(1M) ntpdate(1M)

debugging information.
-s Divert logging output from the standard output (default) to the system syslog (see
syslog(3C)) facility. This is designed primarily for convenience of cron scripts.
-t timeout Specify the maximum waiting time for a server response as the value timeout, in seconds
and fraction. The value is rounded to a multiple of 0.2 seconds. The default is 1 second, a
value suitable for polling across a LAN.
-u Direct ntpdate to use an unprivileged port for outgoing packets. This is most useful
when behind a firewall, that blocks incoming traffic to privileged ports, and you want to
synchronise with hosts beyond the firewall. Note that the -d option always uses
unprivileged ports.
-v Prints the NTP version number and the offset measurement information.

AUTHOR
ntpdate was developed by Dennis Ferguson at the University of Toronto.
FILES
/etc/ntp.keys Contains the encryption keys used by ntpdate .

SEE ALSO
adjtime(2), clocks(2), cron(1M), syslog(3C), ntpq(1M), xntpd(1M), xntpdc(1M).
DARPA Internet Request For Comments RFC1035 Assigned Numbers.

80 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

ntpq(1M) ntpq(1M)

NAME
ntpq - standard Network Time Protocol query program

SYNOPSIS
ntpq [-dinp ] [-c command]... [host]...

DESCRIPTION
ntpq is used to query NTP servers, that implement the recommended NTP mode 6 control message for-
mat about current state and to request changes in that state. The program may be run either in interac-
tive mode or controlled mode using command line arguments. Requests to read and write arbitrary vari-
ables can be assembled, with raw and pretty-printed output options available. ntpq can also obtain and
print a list of peers in a common format by sending multiple queries to the server.
If one or more request options is included on the command line when ntpq is executed, each of the
requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or
on to localhost by default. If no request options are given, ntpq attempts to read commands from the
standard input and execute these on the NTP server running on the first host given on the command line,
again defaulting to localhost when no other host is specified. ntpq prompts for commands if the standard
input is a terminal device.
ntpq uses NTP mode 6 packets to communicate with the NTP server, and hence can be used to query any
compatible server on the network which permits it. Note that since NTP is a UDP protocol this communi-
cation is somewhat unreliable, especially over large distances in terms of network topology. ntpq makes
one attempt to retransmit requests, and will time out if the remote host is not heard from within a suitable
timeout time.
Command Line Options
The command line options supported are described below. Specifying a command line option other than -i
or -n causes the specified query (queries) to be sent to the indicated host(s) immediately. Otherwise,
ntpq attempts to read interactive format commands from the standard input.
-c command
Interactive format command. The command is added to the list of commands to be executed on the
specified host(s). Multiple -c options may be given.
-d Print debugging information.
n
-i Force ntpq to operate in interactive mode. Prompts are written to the standard output and com-
mands read from the standard input.
-n Output all host addresses in dotted-quad numeric format rather than converting to the canonical
host names.
-p Print a list of the peers known to the server as well as a summary of their state. This is equivalent
to the peers interactive command.

Interactive Commands
Interactive format commands consist of a keyword followed by zero to four arguments. Only enough char-
acters of the full keyword to uniquely identify the command needs to be typed. The output of a command is
normally sent to the standard output, but optionally the output of individual commands may be sent to a
file by appending a > followed by a file name, on the command line. A number of interactive format com-
mands are executed entirely within the ntpq program itself and do not result in NTP mode 6 requests
being sent to a server. These are described below.
? [ command_keyword ]
help [ command_keyword ]
A ? or help by itself prints a list of all the command keywords known to this version of ntpq .
A ? or help followed by a command keyword prints function and usage information about the
command.
addvars [ variable_name=value ][ ... ]
rmvars [ variable_name=value ][ ... ]
clearvars
The data carried by NTP mode 6 messages consists of a list of items of the form
variable_name = value , where the = value is ignored, and can be omitted in
requests to the server to read variables. ntpq maintains an internal list in which data to be

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 81

 ntpq(1M) ntpq(1M)

included in control messages can be assembled, and sent using the readlist and writelist
commands described below.
addvars
This command allows variables and their optional values to be added to the list. If more than
one variable is to be added, the list should be comma-separated and not contain white space.
rmvars This command can be used to remove individual variables from the list.
clearlist
This command removes all variables from the list.
authenticate [ yes |no ]
Normally ntpq does not authenticate requests unless they are write requests. The command
authenticate yes causes ntpq to send authentication with all requests it makes. Authen-
ticated requests causes some servers to handle requests slightly differently, and can occasionally
melt the CPU in fuzzballs if you turn authentication on before doing a peer display.
cooked Causes output from query commands to be cooked . Variables which are recognized by the
server have their values reformatted for human usage.
debug [ more|less|off ]
Turns internal query program debugging on and off.
delay milliseconds
Specify a time interval to be added to timestamps included in requests which require authentica-
tion. This is used to enable (unreliable) server reconfiguration over long delay network paths or
between machines whose clocks are unsynchronized. Actually the server does not now require
timestamps in authenticated requests, so this command may be obsolete.
host hostname
Set the host to which future queries will be sent. Hostname may be either a host name or a
numeric address.
hostnames [ yes |no ]
If yes is specified, host names are printed in information displays. If no is specified, numeric
n addresses are printed instead. The default is yes , unless modified using the command line -n
option.
keyid keyid-id
This command allows the specification of a key number to be used to authenticate configuration
requests. This must correspond to a key number the server has been configured to use for this
purpose.
ntpversion [ 1|2|3 ]
Sets the NTP version number which ntpq claims in packets. Defaults to 3. Note that mode 6
control messages (and modes) did not exist in NTP version 1. There appears to be no servers left
which demand version 1.
quit Exit ntpq .
passwd This command prompts you to type in a password (which is not echoed) which will be used to
authenticate configuration requests. The password must correspond to the key configured for
use by the NTP server for this purpose if such requests are to be successful.
raw Causes all output from query commands to be printed as received from the remote server. The
only formatting/interpretation done on the data is to transform nonascii data into a printable
form.
timeout milliseconds
Specify a timeout period for responses to server queries. The default is about 5000 milliseconds.
Note that since ntpq retries each query once after a timeout, the total waiting time for a
timeout is twice the timeout value set.
Control Message Commands
Each peer known to an NTP server has 16 bit integer association identifier assigned to it. NTP control mes-
sages which carry peer variables must identify the peer, the values it corresponds to by including its associ-
ation ID. An association ID of 0 is special, and indicates the variables are system variables, whose names
are drawn from a separate name space.

82 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

ntpq(1M) ntpq(1M)

Control message commands result in one or more NTP mode 6 messages being sent to the server, and
cause the data returned to be printed in some format. Most commands currently implemented send a sin-
gle message and expect a single response. The current exceptions are the peers command, which sends a
preprogrammed series of messages to obtain the data it needs, and the mreadlist and mreadvar com-
mands, which iterate over a range of associations. The supported control messages are listed below:
associations
Obtains and prints a list of association identifiers and peer status for in-spec peers of the server
being queried. The list is printed in columns. The first of these columns is an index numbering
the associations from 1 for internal use, the second column is the actual association identifier
returned by the server and the third column is the status word for the peer. This is followed by
a number of columns containing data decoded from the status word. Note that the data returned
by the associations command is cached internally in ntpq . The index is then of use when
dealing with stupid servers which use association identifiers which are hard for humans to type,
in that for any subsequent commands which require an association identifier as an argument, the
form and index may be used as an alternative.
clockvar [ assocID ][ variable_name[=value[ ... ]][ ... ]]
cv [ assocID ][ variable_name[=value[ ... ]][ ... ]]
Requests that a list of the server’s clock variables be sent. Servers which have a radio clock or
other external synchronization respond positively to this. If the association identifier is omitted
or zero, the request is for the variables of the system clock and generally gets a positive
response from all servers with a clock. If the server treats the clocks as pseudo-peers, then more
than one clock connected at once, referencing the appropriate peer association ID will show the
variables of a particular clock. Omitting the variable list causes the server to return a default
variable display.
lassociations
Obtains and prints a list of association identifiers and peer status for all associations for which
the server is maintaining state. This command differs from the associations command only
for servers which retain state for out-of-spec client associations (i.e., fuzzballs). Such associa-
tions are normally omitted from the display when the associations command is used, but
are included in the output of lassociations.
n
lpassociations
Print data for all associations, including out-of-spec client associations, from the internally
cached list of associations. This command differs from passociations command only when
dealing with fuzzballs.
lpeers Similar to peers command, except a summary of all associations for which the server is main-
taining state is printed. This can produce a much longer list of peers from fuzzball servers.
mreadlist assocID assocID
mrl assocID assocID
Similar to the readlist command, except the query is done for each range of (nonzero) associ-
ation IDs. This range is determined from the association list cached by the most recent associa-
tions command.
mreadvar assocID assocID [variable_name[ =value ][ ... ]]
mrv assocID assocID [variable_name[=value][ ... ]]
Similar to the readvar command, except the query is done for each range of (nonzero) associa-
tion IDs. This range is determined from the association list cached by the most recent associa-
tions command.
opeers An old form of the peers command with the reference ID replaced by the local interface
address.
passociations
Prints association data concerning in-spec peers from the internally cached list of associations.
This command performs identically to the associations except that it displays the internally
stored data rather than making a new query.
peers Obtains a list of in-spec peers of the server, along with a summary of each peer’s state. Sum-
mary information includes the address of the remote peer, the reference ID (0.0.0.0 if the refID
is unknown), the stratum of the remote peer, the type of the peer (local, unicast, multicast or
broadcast), when the last packet was received, the polling interval, in seconds, the reachability

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 83

 ntpq(1M) ntpq(1M)

register, in octal, and the current estimated delay, offset and dispersion of the peer, all in mil-
liseconds.
The character in the left margin indicates the fate of this peer in the clock selection process. The
codes have the following meaning:
<BLANK> Discarded due to high stratum and/or failed sanity checks.
x Designated falseticker by the intersection algorithm.
. Culled from the end of the candidate list.
- Discarded by the clustering algorithm.
+ Included in the final selection set.
# Selected for synchronization but distance exceeds maximum.
* Selected for synchronization.
o selected for synchronization, PPS signal in use.
Note that since the peers command depends on the ability to parse the values in the responses it gets, it
may fail to work from time to time with servers which poorly control the data formats. The contents of the
host field may be one of four forms. It may be a host name, an IP address, a reference clock implementa-
tion name with its parameter or REFCLK ( <implementation number>, <parameter>). On hostnames
no only IP-addresses will be displayed.
pstatus assocID
Sends a read status request to the server for the given association. The names and values of the peer
variables returned will be printed. Note that the status word from the header is displayed preceding
the variables, both in hexadecimal and in English.
readlist [ assocID ]
rl [ assocID ]
Requests that the values of the variables in the internal variable list be returned by the server. If the
association ID is omitted or is 0, the variables are assumed to be system variables. Otherwise they
n are treated as peer variables. If the internal variable list is empty, a request is sent without data,
which should induce the remote server to return a default display.
readvar assocID variable_name [ =value ][ ... ]]
rv assocID variable_name [ =value ][ ... ]]
Requests that the values of the specified variables be returned by the server by sending a read vari-
ables request. If the association ID is omitted or is given as zero, the variables are system variables.
Otherwise they are peer variables and the values returned will be those of the corresponding peer.
Omitting the variable list will send a request with no data which should induce the server to return a
default display.
writevar assocID variable_name [ =value ][ ... ]]
Similar to the readvar command, except the specified variables are written instead of read.
writelist [ assocID ]
Similar to the readlist command, except the internal list variables are written instead of read.
WARNINGS
The peers command is non-atomic and may occasionally result in spurious error messages about invalid
associations occurring and terminating the command. The timeout time is a fixed constant, which means a
long wait for timeouts since it assumes a worst case.
FILES
/etc/ntp.keys Contains the encryption keys used for authentication.
AUTHOR
ntpq was developed by Dennis Ferguson at the University of Toronto.
SEE ALSO
ntpdate(1M), xntpd(1M), xntpdc(1M).
DARPA Internet Request For Comments RFC1035 Assigned Numbers.

84 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

nwmgr(1M) nwmgr(1M)

NAME
nwmgr - network interface management command for LAN and RDMA interfaces

SYNOPSIS
/usr/sbin/nwmgr [-h|--help |-?] [operation] [target] [operation-qualifiers]
[target-qualifiers]

DESCRIPTION
The nwmgr program is the unified command to administer all HP-UX LAN and RDMA interfaces.
This manpage describes command features that can be supported by nwmgr . However, each network
interface driver (commonly referred to as a subsystem) might support a subset of these features. You can
obtain information about features supported by a specific subsytem from the subsystem’s individual man-
page, named nwmgr_<subsystem>(1M).
To see the list of subsystems supported by nwmgr on the system, enter:
nwmgr -h -S all
You can use the nwmgr command on LAN or RDMA interfaces to:
• Display information of an interface
• Modify settings of an interface
• Reset the interface or its statistics
• Diagnose link connectivity
• Create and set configuration information for a component simultaneously
• Delete or erase components
All the operations other than display require the hpux.network.config authorization. For more
information about authorizations and Role-Based Access Control, see rbac(5).
The nwmgr output for every operation is either in human-readable form (the default output form) or in a
script-friendly parsable form (with the --sc or --script option). The format for human-readable and
script-friendly output is described in the USAGE section below. Any change in the scriptable output across n
releases will contain only additions, never modifications or deletions, to ensure backward compatibility.
The human-readable format can change across releases, including modifications and deletions.
The command usage is explained in greater detail below. The output format that is described is the
human-readable one; references to the scriptable output are made as necessary.

Obsolescence Warning
The lanadmin , lanscan , and linkloop commands are deprecated. These commands will be removed
in a future HP-UX release. HP recommends the use of replacement command nwmgr(1M) to perform all
network interface-related tasks.

Structure of nwmgr Command Line

A nwmgr command line may contain the following options:
• operation
• target
• target qualifier
• operation qualifier
It is possible to specify multiple targets, target-qualifiers and operation-qualifiers in the same command
line. In addition, you can also specify multiple arguments for these command options (when applicable) on
a single command line. The target, target-qualifier, and operation-qualifier can appear in any order, but
must follow the operation.

Operation
An operation is a key part of the command line. An operation is a way to specify how a subsystem has to be
managed. The operation, if specified, must always be the first argument in the command line. The --get
operation (to get/display interface information) is the default, when no operation option is specified.
The following operations are available:

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 85

 nwmgr(1M) nwmgr(1M)

--add | -a Creates and sets configuration information for a component simultaneously.

The add operation is subsystem specific. Any change done using the add
operation can be runtime only, persistent or both.
--cra Performs critical resource analysis (CRA) of network interfaces. The CRA
operation displays the users of the component or subsystem that will be
impacted if a destructive operation is performed. HP recommends per-
forming CRA operation prior to any destructive operation.
--delete | --del | -d Deletes or erases components, or modifies the attributes of a component.
The delete operation can be subsystem specific. The changes made using
the delete operation can be runtime only, persistent, or both.
--diagnose | --diag Performs a diagnostic operation. Diagnostic operations are subsystem
specific. An example of diagnostic operation is link connectivity check.
--disable | --dis Suspends (or stops) a physical and virtual component.
--download | --do Downloads firmware onto the physical device.
--dump | --du Dumps or reads registers, memory, and debug information of controllers
and devices
--enable | --en Resumes a suspended (or starts or restarts) a physical device or a virtual
component.
--get | -g Displays system configuration information, component attribute informa-
tion, and subsystem specific information (for example, statistics). You can
also use this operation to view the current (runtime), saved (across
reboots), and default configuration. This is the default operation if no
operation is specified.
--help | -h | -? Displays usage information and context dependent help for a command or a
subsystem.
--reset | --re | -r Performs hard and soft reset of physical and virtual components.
n --set | -s Sets configuration information of the components and the subsystems. Use
this opperation to change the current (runtime), saved (across reboots), and
default configuration.

Target
The target is the object on which an operation is performed. You must specify a target for all operations
except for --get and --help operations. The choice to support multiple targets in a command is subsys-
tem specific.
The following target options are supported:
{--class | -C} class1,...,classN
Limits the scope of the operation to the classes provided.
{--class_instance | -c } cinst1,...,cinstN
Limits the scope of the operation to the class instances provided.
{--instance | -I} inst1,...,instN
Limits the operation to the instances of the class/subsystem specified.
{--name | -N} name1,...,nameN
Limits the scope of the operation to the names provided.
{--subsystem | -S} subsys1,...,subsysN
Limits the scope of the operation to the subsystems provided.

Operation Qualifier
Operation qualifier is used to specify additional information to complete the requested operation.
The following operational qualifier options are supported:
--force | -f Forces the operation even if errors are encountered during the operation.
{--from | --fr } arg Specifies the configuration parameter values to be used for the operation.
The from operation takes any one of current , saved , or default as

86 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

nwmgr(1M) nwmgr(1M)

argument.
{--interval | --int } value
Specifies the time interval (in seconds) between consecutive operations. If
you do not specify a value, the default interval is 1 second.
{--iterations | --it } value
Specifies the number of iterations a specific operation needs to be per-
formed. If you specify a value of 0, infinite iterations are performed. If you
do not specify a value, the default is 1 iteration.
--lock | --lo Performs a locked operation, where future accesses to the device is blocked.
--preview | --pr Verifies if the operation can be performed without actually executing the
operation.
--script | --sc Displays the output in scriptable format.
{--time | --ti } value Specifies the time or duration (in seconds) for which a specific operation
needs to be performed. If you do not specify a value, the default time or
duration is 1 second.
--unlock | --un Unlocks the device that was previously locked.
--verbose | -v Displays the output in verbose format.
--wrap | --wr Displays output beyond the 80 column default.

Target Qualifiers
The target qualifier provides additional information on the object(s) the operation will act on.
The following target qualifier options are supported:
{--attribute | --att | -A} name1,...,nameN
Specifies the parameter/attribute associated with a target whose value can
be retrieved or set.
Valid attributes for each interface is described in the Attribute section of the
subsystem manpage, such as nwmgr_vlan(1M). n
--current | --cu Specifies that the operation applies to configuration parameter current
values in system memory. If none of --current , --saved or
--default is specified the command defaults to --current implicitly.
--default | --de Specifies that the operation applies to configuration parameter default
values.
--saved | --sa Specifies that the operation applies to configuration parameter values saved
in a persistent store.
--stats | --st Specifies that the operation applies to the statistics of the target.
{--subsystem_qualifier | -q } qualifier
Specifies a generic target qualifier used to specify a subsystem specific tar-
get qualifier. Refer to the subsystem manpage for valid qualifiers for that
particular subsystem, such as nwmgr_btlan(1M).

USAGE
The nwmgr command without any arguments displays all the network interfaces in the system, including
physical LAN interfaces (NICs), virtual LAN interfaces (VLANs and APA aggregates and failover groups),
and RDMA interfaces.
nwmgr
Use one of the following to view basic properties of one or more interfaces:
nwmgr -g --sc
nwmgr --get --script
The human-readable form displays a table, with one row for each interface. If an interface is specified as a
target with the -c option, only that interface is displayed. If the -S option is specified, all interfaces for
the subsystem are displayed.

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 87

 nwmgr(1M) nwmgr(1M)

For example:
# nwmgr --get

Name/ Interface Station Sub- Interface Related

ClassInstance State Address system Type Interface
============== ========= ============== ======== ============== =========
lan0 UP 0x00306EF4E07C igelan 1000Base-T
lan1 UP 0x000F202B92D4 igelan 1000Base-T
lan2 UP 0x0010837BDE00 btlan 100Base-TX
The parsable (script-friendly) output contains the same data as the readable output for each subsystem.
The format consists of four columns delimited with a number sign (#).
For example:
# nwmgr --get --script
lan0#subsystem#current#igelan
lan0#if_type#current#1000Base-T
lan1#if_state#current#UP
lan1#mac#current#0x000F202B92D4
lan1#subsystem#current#igelan
lan1#if_type#current#1000Base-T
lan2#if_state#current#UP
lan2#mac#current#0x0010837BDE00
lan2#subsystem#current#btlan
lan2#if_type#current#100Base-TX
lan3#if_state#current#DOWN
Interface listing displays the following information about the LAN or RDMA device that has software sup-
port on the system:
• Interface Name
• Interface State
n • Interface Address. Indicates the primary unicast MAC address for LAN interfaces and the GID for
RDMA interfaces
• Subsystem
• Interface Type
• Association. Lists another interface that is associated with the interface
Note that the --get operation is the default; you do not need to specify the -g option.
Use one of the following commands to view help for nwmgr or subsystem specific usage.
nwmgr -h [ -S all | subsystem ]
nwmgr --help [ -S all | subsystem ]
When used with -S all , it displays the list of subsystems supported by nwmgr .
All other features are subsystem specific. You can obtain information about features supported by a specific
subsytem from the subsystem specific manpages, using the nwmgr_<subsystem>(1M) name format.

RETURN VALUE
On success, nwmgr returns 0.
On failure, it returns one of the values described in the ERRORS section.

ERRORS
If nwmgr fails, it returns one of the following errors. The values of the error codes are described in
<sys/errno.h>.
[EACCES] Unable to access the interface.
[EINVAL] One or more of the attributes or options is invalid for the operation.
[EIO] I/O to the target interface failed.

88 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

nwmgr(1M) nwmgr(1M)

[ENOMEM] Memory allocation failed. This could be a transient condition.

[ENOTSUP] Operation or feature is not supported.
[ENXIO] The target interface does not exist.
[EPERM] The user lacks the hpux.network.config authorization required for this operation.

EXAMPLES
List all LAN and RDMA interfaces in the system:
nwmgr --get
or
nwmgr
Display usage information for nwmgr command:
nwmgr --help
Display the list of subsystems:
nwmgr --help -S all
Display subsystem specific usage:
nwmgr --help -S subsystem
AUTHOR
nwmgr was developed by HP.
SEE ALSO
nwmgr_btlan(1M), nwmgr_intl100(1M), nwmgr_vlan(1M), rbac(5).
Other subsystem manpages are available if the driver is installed on your system. See
nwmgr_<subsystem>(1M).
Nwmgr Manual.
n

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 89

 nwmgr_btlan(1M) nwmgr_btlan(1M)

NAME
nwmgr_btlan: nwmgr - network interface management command for btlan driver

SYNOPSIS

nwmgr
nwmgr [-g] [-v] [-c lan_instance | -S btlan ]
nwmgr [-g] --st [all | extmib | mib ] -c lan_instance
nwmgr [-g] -A {all | attr1, attr2, ...} -c lan_instance
nwmgr [-g] -q info -c lan_instance
nwmgr -s -A attr1 =value1 , attr2 =value2 ,... -c lan_instance
nwmgr -s -A all --sa --fr cu[rrent ] -c lan_instance
nwmgr -s -A {all | attr1 , attr2 ,...} [--cu ] --fr de[fault ] -c lan_instance
nwmgr -r -c lan_instance
nwmgr -r --st -c lan_instance
nwmgr --diag -A dest= mac_addr [--it number] [-A pktsize= bytes]
[-A timeout= seconds] -c lan_instance
nwmgr -h [-g | -s | -r | --diag ] [-c lan_instance | -S btlan ]
Remarks
The lanadmin , lanscan , and linkloop commands are deprecated. These commands will be removed
in a future HP-UX release. HP recommends the use of the replacement command nwmgr(1M) to perform
all network interface-related tasks.

DESCRIPTION
The nwmgr program is a unified command to administer all Local Area Network (LAN) and RDMA inter-
n faces of HP-UX. See nwmgr(1M) for general information about the command. This manpage describes
nwmgr when working with the btlan driver.
The btlan driver is one of the HP-UX drivers that manages the 100BT Ethernet interfaces, both copper
(100Base-T) and fiber (100Base-FX). Each interface has several attributes. Some attributes (for example,
MTU) are configurable while others are read-only. In general, each attribute can have certain value during
run time (which is its current value), another value in the configuration file that stores data across boots
(its saved value), and an HP-supplied value that is applied by the driver after boot (its default value) but
before the saved value is applied. See the Attributes section for a list of attributes.
For btlan interfaces, use the nwmgr command to display information (with the -g option, which is the
default), to modify the settings (the -s option), to reset the interface or its statistics (the -r option), and to
diagnose link connectivity (the --diag option).
Operations other than get , require the hpux.network.config authorization. For more information
about authorizations and Role-Based Access Control, see rbac(5).
The output in each case can be obtained in either human-readable form (the default form) or in a script-
friendly parseable form (with the --sc or --script option). The format for script-friendly output is
described in the nwmgr(1M) manpage.
It is guaranteed that any change in the scriptable output across releases will contain only additions, but not
modifications or deletions. The human-readable form can change across releases, including modifications
and deletions, though the changes can be expected to be incremental.
The usage is explained in greater detail in the following section. The output format that is described is the
human-readable one; references to the scriptable output are made as necessary.

Operations
The nwmgr command provides the following operations for the btlan interface.
--cra Operation to perform Critical Resource Analysis on the interface.
--diag | --diagnose Operation to diagnose/test link connectivity.

90 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

nwmgr_btlan(1M) nwmgr_btlan(1M)

-g | --get Operation to get/display interface settings.

-h | --help Operation to display help information.
-r | --reset Operation to reset interface or statistics. -s | --set Operation to set
the attributes of the interface.

Options
The nwmgr command provides the following options for the btlan interface.
For more information about these options, refer to nwmgr(1M).
-A | --attribute Operation to assign attributes for the operation.
Attributes that can be used for btlan interfaces are described in the Attributes
section below.
-C | --class Limits the scope of the operation to the classes provided.
-c | --class_instance
Specifies the target interface on which the operation is to be performed.
--fr | --from Specifies the configuration from which the operation will copy data. The from
option takes current or saved as argument.
-it | --iteration Specifies how many test frame to send during a diagnose operation. The
default is 1.
-q | --subsystem_qualifier
Specifies a keyword or special identifier used by a subsystem to add additional
context for the operation being performed.
The argument supported for btlan is info , which provides more information
on the instance of the btlan subsystem; such as, the hardware path, feature
capabilities, current feature settings, the assigned NMID, speed, and MTU of the
card.
-S | --subsystem Specifies the target subsystem for the operation. For btlan subsystem, the
option argument will always be btlan. n
--sa | --saved Specifies that the operation has to be performed on the saved configuration (per-
sistent store).
-sc | --script Display the output in script parseable format.
--st | --stats Specifies that the operation applies to the statistics of the target.
-v | --verbose Option to display more details in the output.

Attributes
The valid attributes for the btlan interface are:.
dest= mac_addr Ethernet MAC address of the remote interface. Used with the --diagnose
operation.
mac Ethernet MAC Address. The default value is the factory MAC address.
mtu Displays the maximum Ethernet payload size (MTU), in bytes. MTU above 1500
is not allowed.
Minimum value: 257.
Maximum value: 1500.
Default value: 1500.
pktsize= bytes Specifies the package size of each test frame (for the diagnose operation).
The default is 100 bytes.
speed The actual values of Speed, Duplex and Autonegotiation of the Ethernet link if
the link is up; otherwise, the configured values. Note that, for 100Base-FX, the
speed is always fixed at 100 Mbps and the duplex can be set to either Half or
Full Duplex.
The valid values allowed for speed in the command line for 100Base-FX are:
100FD and 100HD (case insensitive).
HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 91
 nwmgr_btlan(1M) nwmgr_btlan(1M)

For 100Base-T, it is essential that the link partner has the same speed, duplex
and auto-negotiation settings as the NIC being configured. The speed can be
forced to 10 or 100 Mbps, with Full or Half Duplex, with auto-negotiation off.
This is done by setting speed to one of 10HD , 10FD , 100HD , or 100FD (case
insensitive). The valid values allowed for speed in the command line for
100Base-T are: 10HD , 10FD , 100HD , 100FD , and auto_on .
The valid values to set for speed for the 100Base-FX are 100FD and 100HD .
Note that 10 Mbps and auto-negotiation are not supported speed configurations
for the PCI 100Base-FX card.
The output for the speed attribute can take one of the two formats. In the
human-readable format, it is of the form:
speed {Full | Half } Duplex (Autonegotiation : {On | Off })
Example:
100 Mbps Full Duplex (Autonegotiation : On) .
In the script-friendly output, the speed value is of the form:
speed {FD | HD } auto_ {on |of }
Examples:
100FD auto_on
100HD auto_off
Note that in both formats, the speed and duplex attributes are optional. They
may not be present in some situations.
In the configuration file, there is an additional twist because there are separate
variables for speed-duplex and auto-negotiation. For 100Base-T, the
HP_BTLAN_SPEED variable can contain one of the following values 10HD ,
10FD , 100HD , 100FD , and auto_on (same as the command line values). The
HP_BTLAN_AUTONEG variable is of no relevance when HP_BTLAN_SPEED is
set. For PCI 100Base-FX, the HP_BTLAN_AUTONEG variable is irrelevant.
n timeout= seconds Specifies how many seconds to wait for acknowledgement of each test frame (for
the diagnose operation). The default is 5 seconds.

USAGE
Display Network Interfaces
The most basic command to display network interface information.
nwmgr
The command without any argument displays all the network interfaces in the system, including phy-
sical LAN interfaces (NICs), virtual LAN interfaces (VLANs and APA aggregates and failover groups),
and RDMA interfaces.

View Basic Properties of Interfaces

The following command can be used to view the basic properties of one or more interfaces.
nwmgr [-g] [-v] [-c lan_instance | -S btlan ]
nwmgr [--get ] [--verbose ] [--class_instance lan_instance | --subsystem btlan ]
Note that the get operation is the default, so the -g option need not be specified explicitly.
If an interface is specified as a target with the -c option, only that interface gets displayed. If the -S
option is specified, all btlan interfaces are displayed. The properties displayed for each interface are
explained in nwmgr(1M).
The command without the verbose option displays a table, with one row for each interface that gets
listed.
The verbose option (--verbose ) changes the output to include more details about each interface
displayed, and also changes the format to be line-oriented, with each line describing one property.
The following attributes are displayed: mac , mtu , and speed .
More details on these attributes can be found in the Attributes section.

92 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

nwmgr_btlan(1M) nwmgr_btlan(1M)

View Interface Statistics

The following command can be used to display interface statistics.
nwmgr [-g] --st [all | extmib | mib ] -c lan_instance
nwmgr [--get ] --stats [all | extmib | mib ] --class_instance lan_instance
The arguments all , extmib , and mib are the only valid arguments for --stats for btlan
drivers. all is the default if no argument is provided with --stats . It displays the same informa-
tion as extmib which displays extended MIB statistics. mib displays a subset of MIB statistics of
the interface.

View Interface Attributes

The following command can be used to display the current value of either all the attributes of the btlan
interface (when the all keyword is specified), or the specified attributes (when they are listed by name,
separated by commas).
nwmgr [-g] -A {all | attr1 , attr2 , ...} -c lan_instance
nwmgr [--get ] --attribute {all | attr_list} --class_instance lan_instance
Each attribute is displayed on a separate line as a name-value pair.

View Interface Details

The following command can be used to display detail information of the interface.
nwmgr [-g] -q info -c lan_instance
nwmgr [--get ] --qualifier info --class_instance lan_instance
This form displays interface-specific properties that are informational, often not configurable and sub-
ject to variation across drivers. In the case of btlan , the output is same as what is shown by:
nwmgr -g -v -c lan_instance
Set Attribute Values
The following command can be used to set values to the specified attributes.
nwmgr -s -A attr1 =value1 , attr2 =value2 , ... -c lan_instance
nwmgr --set --attribute attr1 =value1 , attr2 =value2 ,...
--class_instance lan_instance
n
The attributes that can be set are: mtu , mac , and speed .

Save Current Attributes Values

The following command can be used to save the current value of each interface in the configuration file.
nwmgr -s -A all --sa --fr cu[rrent ] -c lan_instance
nwmgr --set --attribute all --saved --from cu[rrent ] --class_instance
lan_instance
This form ’freezes’ the current state of an interface; that is, it stores the current value of each attri-
bute of an interface in the configuration file (/etc/rc.config.d/hpbtlanconf), so that the
interface configuration is saved across boots. The user can also manually run the start-up script later
to apply the configuration file values to the currently running kernel, by executing:
/sbin/rc2.d/S333hpbtlan start .
This feature allows a user to experiment with the current values, and save the desired configuration.

Set Attribute Values from Default Values

The following command can be used to set default values to all attributes (if all is specified), or to selected
attributes (if the attribute names are listed).
nwmgr -s -A {all | attr1 , attr2 , ...} [--cu ] --fr de[fault ] -c lan_instance
nwmgr --set --attribute {all | attr1 , attr2 , ...} [--current ] --from de[fault ]
--class_instance lan_instance
This can be useful in rolling all the changes made to an interface since the time the system booted.

Reset an Interface
The following command can be used to reset an interface.

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 93

 nwmgr_btlan(1M) nwmgr_btlan(1M)

nwmgr -r -c lan_instance
nwmgr --reset --class_instance lan_instance
The interface is subjected to a PCI reset, which clears all previous state, including the interface statis-
tics. The interface is then re-programmed with the attribute values that were current before the
reset. Promiscuous mode and multicast addresses are preserved across the reset.
While the reset is in progress, the data traffic through the interface is interrupted. So, the command
automatically performs a Critical Resource Analysis to see if the interface is data-critical; that is, any
other resource depends for its functionality on the availability of the interface. If so, the reset is not
performed. The reset can be forced, even if the interface is data-critical, by using the --force
option.
It is possible for an interface to be system-critical; that is, the health of the system depends on the
availability of the interface. In that case, the reset will not be performed even if the --force option
is specified.

Reset Statistics of an Interface

The following command can be used to reset statistics of an interface.
nwmgr -r --st -c lan_instance
nwmgr --reset --stats --class_instance lan_instance
The data traffic statistics for an interface are cleared to zero. This includes the byte count and packet
count for inbound and outbound traffic. Other aspects of the interface are left unmodified.

Diagnose Link Connectivity

The following command can be used to diagnose link connectivity.
nwmgr --diag [link ] -A dest= mac_addr [--it number] [-A pktsize= bytes]
[-A timeout= seconds] -c lan_instance
nwmgr --diagnose [link ] --attribute dest= mac_addr [--iterations number]
[--attribute pktsize= bytes] [--attribute timeout= seconds]
--class_instance lan_instance
n Link connectivity at the data link layer is checked by sending IEEE XID test frames to the specified
destination MAC address and counting the replies.
The --iterations option specifies how many test frames to send. The default value is 1.
The pktsize attribute specifies the size of each test frame. The default value is 100 bytes.
The timeout attribute specifies how many seconds to wait for the acknowledgement of each test
frame. The default value is 5 seconds.

RETURN VALUES
0 On success
<>0 On failure, the command returns values described in ERRORS below.

ERRORS
Below are the errors generated by nwmgr on failure.
[EACCES] Attempt to set a read-only attribute.
[EBUSY] The interface is currently inaccessible. This is usually because the interface is part of
an APA aggregate, which prevents setting attributes on the interface.
[EINVAL] One or more of the attributes or options is invalid for the operation.
[ENOMEM] Memory allocation failed. This could be a transient condition.
[ENOTSUP] Operation or feature is not supported.
[ENXIO] The target interface could not be accessed.
[EPERM] The user lacks the authorization hpux.network.config, which is required for
this operation.
[ERANGE] The specified values of one or more attributes is less than the minimum or more than
the maximum.

94 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

nwmgr_btlan(1M) nwmgr_btlan(1M)

EXAMPLES
List all LAN interfaces in the system.
nwmgr -C lan
Display the speed and MTU of the btlan interface lan1 .
nwmgr -A speed,mtu -c lan1
Display all attributes of the btlan interface lan1 .
nwmgr -A all -c lan1
Set MTU to 1400 and speed to auto-negotiation on lan1 .
nwmgr -s -A mtu=1400,speed=auto_on -c lan1
Restore MTU and the MAC address to their defaults on lan1 .
nwmgr --set -A mtu,mac --from de -c lan1

COMPARISON WITH LANADMIN COMMAND

Commands To Display Generic NIC Attributes
lanadmin nwmgr
lanadmin -m PPA nwmgr [-g] -A mtu -c lan PPA

lanadmin -a PPA nwmgr [-g] -A mac -c lan PPA

landamin -s PPA nwmgr [-g] -A speed -c lan PPA

lanadmin -m -a -s PPA nwmgr [-g] -A mtu,mac,speed -c lan PPA

nwmgr [-g] -A all -c lan PPA

Commands To Get NIC Statistics

lanadmin
lanadmin -g PPA
nwmgr
nwmgr -g --st mib -c lan PPA
n
lanadmin -x stats drv PPA nwmgr -g --st subsys -c lan PPA
nwmgr -g -st mib,subsys -c lan PPA

lanadmin -g mibstats_ext PPA nwmgr -g --st extmib -c lan PPA

Commands To Set Generic NIC Attributes

lanadmin nwmgr
lanadmin -M mtu_size PPA nwmgr -s -A mtu=mtu_size
-c lanPPA

lanadmin -A MAC_Add PPA nwmgr -s -A mac=MAC_Address

-c lan PPA

lanadmin -S speed PPA N/A. NOTE: Speed can be specified

as a combination of speed and
duplexity only. For example:
For example 1000FD, 100HD etc

landmin -X speed_value PPA nwmgr -s -A speed=speed_value

-c lan PPA

HP-UX 11i Version 3: February 2007 −6− Hewlett-Packard Company 95

 nwmgr_btlan(1M) nwmgr_btlan(1M)

Command To Reset Statistics of a NIC

lanadmin nwmgr
lanadmin -c PPA nwmgr -r -st -c lan PPA

Command To Reset MTU To the Default Value

lanadmin nwmgr
lanadmin -R PPA nwmgr -s -A mtu
-from default -c lan PPA

Command To Set To Default Configurations

lanadmin nwmgr
lanadmin -A DEFAULT PPA nwmgr -s -A mac
-from default -c lan PPA

NOTE: Similarly default configuration

can be set for the other attributes
like speed,mtu, mac etc.
Note: The nwmgr equivalent for displaying the usage information is not available.
Note: The lanadmin options that support apa and vlan are covered in the nwmgr_apa(1M) and
nwmgr_vlan(1M) manpages.

COMPARISON WITH LINKLOOP COMMAND

Command to Test the Link Level Connectivity
linkloop nwmgr
linkloop -i PPA nwmgr -diag -A dest=MAC_Address
MAC_Address -c lanPPA

linkloop -i PPA
n -n count -s size
nwmgr --diag -A dest=linkaddr,
pktsize=size, timeout=timeout
-t timeout MAC_Address --it count -c lanPPA

linkloop -r rif N/A

Note: nwmgr does not allow multiple station addresses to be specified in the same command line.

COMPARISON WITH LANSCAN COMMAND

Command To List Interfaces and Their Attributes
lanscan nwmgr
lanscan nwmgr -g -v -c lan PPA
nwmgr -C lan
nwmgr -S gelan

Command To Display Interface Names Only

lanscan nwmgr
lanscan -i nwmgr -g -v -c lan PPA
nwmgr -C lan -sc | awk -F# ’/if_state/ {print $1}’

96 Hewlett-Packard Company −7− HP-UX 11i Version 3: February 2007

nwmgr_btlan(1M) nwmgr_btlan(1M)

Command To Display MAC Types Only

lanscan nwmgr
lanscan -m nwmgr -g -v -c lan PPA

NOTE: nwmgr reports only on

Ethernet links

Command To Display NMIDs Only

lanscan nwmgr
lanscan -n nwmgr -g -v -c lan PPA

Command To Display the PPAs Only

lanscan nwmgr
lanscan -p nwmgr -g -v -c lan PPA
nwmgr -C lan --sc | awk
-F# ’/if_state/ {print substr($1,4)}’

Command To Display All Mac Addresses

lanscan nwmgr
lanscan -a nwmgr -g -v -c lan PPA
Note: nwmgr displays the NIC attributes such as interface name, MAC type, the NMID, the PPA and
the MAC address for only one NIC as only one instance of lan class instance can be specified for
the --class_instance (-c ) option.
Note: The lanscan options (-l and -q ) that support apa are covered in the nwmgr_apa(1M) man-
page.

AUTHOR
nwmgr was developed by HP. n
FILES
/etc/rc.config.d/hpbtlanconf Contains the saved (persistent) configuration for btlan
interfaces.
/sbin/rc2.d/S333hpbtlan Startup script for the btlan driver, which applies the
configured values to the kernel during run time. It is exe-
cuted automatically after each reboot, and the user can also
execute it by providing the argument start .

SEE ALSO
nwmgr(1M).

HP-UX 11i Version 3: February 2007 −8− Hewlett-Packard Company 97

 nwmgr_intl100(1M) nwmgr_intl100(1M)

NAME
nwmgr_intl100: nwmgr - network interface management command for intl100 driver

SYNOPSIS
nwmgr
nwmgr [-g] [-v] [-c lan_instance | -S intl100 ]
nwmgr [-g] --st [all | extmib | mib ] -c lan_instance
nwmgr [-g] -A {all | attr1, attr2, ...} -c lan_instance
nwmgr [-g] -q info -c lan_instance
nwmgr -s -A attr1 =value1 , attr2 =value2 ,... -c lan_instance
nwmgr -s -A all --sa --fr cu[rrent ] -c lan_instance
nwmgr -s -A {all | attr1 , attr2 ,...} [--cu ] --fr de[fault ] -c lan_instance
nwmgr -r -c lan_instance
nwmgr -r --st -c lan_instance
nwmgr --diag -A dest= mac_addr [--it number] [-A pktsize= bytes]
[-A timeout= seconds] -c lan_instance
nwmgr -h [-g | -s | -r | --diag ] [-c lan_instance | -S intl100 ]
Remarks
The lanadmin , lanscan , and linkloop commands are deprecated. These commands will be removed
in a future HP-UX release. HP recommends the use of the replacement command nwmgr(1M) to perform
all network interface-related tasks.

DESCRIPTION
The nwmgr program is a unified command to administer all HP-UX LAN and RDMA-based interfaces.
General information about the command as a whole can be found in the nwmgr(1M) manpage. The
n nwmgr_intl100(1M) manpage describes nwmgr as applied to the intl100 driver.
The intl100 driver is one of the HP-UX drivers that manages the 100BT Ethernet copper interfaces
(100Base-TX). Each interface has several attributes. Some attributes, such as MTU are configurable while
others are read-only. In general, each attribute can have a certain value during run time (which is its
current value), another value in the configuration file that stores data across boots (its saved value), and an
HP-supplied value that is applied by the driver after boot (its default value) before the saved value is
applied. The list of attributes is described in the Attributes section below.
The nwmgr command can be used on intl100 interfaces to display information (with the -g option,
which is the default), modify the settings (the -s option), reset the interface or its statistics (the -r
option), and to diagnose link connectivity (the --diag option).
Operations other than get , require the authorization hpux.network.config. For more information
about authorizations and Role-based Access Control, see rbac(5).
The output in each case can be obtained in either human-readable form (the default form) or in a script-
friendly parseable form (with the --sc or --script option). The format for script-friendly output is
described in the nwmgr(1M) manpage. It is guaranteed that any change in the scriptable output across
releases will contain only additions, but not modifications or deletions.
The human-readable format can change across releases, including modifications and deletions, though the
changes can be expected to be incremental. The usage is explained in greater detail below. The output for-
mat that is described is the human-readable one; references to the scriptable output are made as necessary.

Operations
The nwmgr command provides the following operations for the intl100 driver.
--cra Operation to perform Critical Resource Analysis on the interface.
--diag | --diagnose Operation to diagnose/test link connectivity.
-g | --get Get display interface settings.

98 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

nwmgr_intl100(1M) nwmgr_intl100(1M)

-h | --help Display help information.

-r | --reset Reset interface or statistics.
-s | --set Set configuration information of the components and the subsystems.

Options
The nwmgr command provides the following options for the intl100 driver. For more information about
these options, refere to nwmgr(1M).
-A | --attribute Specify the parameter associated with a target whose value can be retrieved
and/or set.
-c | --class Limit the scope of the operation to the LAN class.
--fr | --from Specifies the configuration parameter values to be used or the operation. The
from operation takes any one of current , saved , or default as argu-
ment.
-it | --iteration Specifies how many test frame to send during a diagnose operation. The
default is 1.
-q | --subsystem_qualifier
Specifies a keyword or special identifier used by a subsystem to add addi-
tional context for the operation being performed.
The argument supported for intl100 is info , which provides more infor-
mation on the instance of the intl100 subsystem; such as, the hardware
path, feature capabilities, current feature settings, the assigned NMID,
speed, and MTU of the card.
-S | --subsystem Limit the scope of the operation to the subsystem specified. Example of a
subsystem is: intl100
--sa | --saved Specifies that the operation applies to configuration parameter valuse saved
in a persistent store.
--sc | --script Display the output in script parseable format. n
--st | --stats Specifies that the operation applies to the statistics of the target.
-v | --verbose Specify verbose mode

Attributes
The valid attributes for the intl100 interface are:.
dest= mac_addr Ethernet MAC address of the remote interface. Used with the --
diagnose operation.
mac Ethernet MAC Address. The default value is the factory MAC address. This
is valid for get and set operations.
mtu Displays the maximum Ethernet payload size (MTU), in bytes. MTU above
1500 is not allowed.
pktsize= bytes Specifies the package size of each test frame (for the diagnose operation).
The default is 100 bytes.
speed The actual values of Speed, Duplex and Autonegotiation of the Ethernet link
if the link is up; otherwise, the configured values. Note that, for 100Base-FX,
the speed is always fixed at 100 Mbps and the duplex can be set to either
Half or Full Duplex. The valid values allowed for speed in the command
line for 100Base-FX are 100FD and 100HD (case insensitive).
For 100Base-T, it is essential that the link partner has the same speed,
duplex and auto-negotiation settings as the NIC being configured. The speed
can be forced to 10 or 100 Mbps, with Full or Half Duplex, with auto-
negotiation off. This is done by setting speed to one of 10HD , 10FD , 100HD ,
or 100FD (case insensitive). The valid values allowed for speed in the com-
mand line for 100Base-T are: 10HD , 10FD , 100HD , 100FD , and auto_on .

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 99

 nwmgr_intl100(1M) nwmgr_intl100(1M)

The valid values to set for speed for the 100Base-FX are 100FD and 100HD .
Note that 10 Mbps and auto-negotiation are not supported speed
configurations for the PCI 100Base-FX card.
The output for the speed attribute can take one of the two formats. In the
human-readable format, it is of the form:
speed {Full | Half } Duplex (Autonegotiation : {On | Off })
Example:
100 Mbps Full Duplex (Autonegotiation : On) .
In the script-friendly output, the speed value is of the form:
speed {FD | HD } auto_ {on |of }
Examples:
100FD auto_on
100HD auto_off
Note that in both formats, the speed and duplex attributes are optional. They
may not be present in some situations.
In the configuration file, there is an additional twist because there are
separate variables for speed-duplex and auto-negotiation. For 100Base-T, the
HP_BTLAN_SPEED variable can contain one of the following values 10HD ,
10FD , 100HD , 100FD , and auto_on (same as the command line values).
The HP_BTLAN_AUTONEG variable is of no relevance when
HP_BTLAN_SPEED is set. For PCI 100Base-FX, the
HP_BTLAN_AUTONEG variable is irrelevant.
timeout= seconds Specifies how many seconds to wait for acknowledgement of each test frame
(for the diagnose operation). The default is 5 seconds.

USAGE
The common usage of nwmgr for intl100 interfaces are described in this section.
n Display Network Interfaces
The most basic command to display network interface information.
nwmgr
The nwmgr command without any arguments displays all the network interfaces in the system,
including physical LAN interfaces (NICs), virtual LAN interfaces (VLANs and APA aggregates), and
RDMA-based interfaces.

View Basic Properties of Interfaces

The following command can be used to view the basic properties of one or more interfaces.
nwmgr [-g] [-v] [-c lan_instance | -S intl100 ]
nwmgr [--get ] [--verbose ] [--class_instance lan_instance | --subsystem intl100 ]
Note that the get operation is the default, so the -g option need not be specified explicitly.
If an interface is specified as a target with the -c option, only that interface is displayed. If the -S
option is specified, all intl100 interfaces are displayed.
The command without the verbose option displays a table, with one row for each interface that is
listed.
The verbose option changes the output to include more details about each interface that is
displayed, and also changes the format to be line-oriented, with each line describing one attribute.
The following attributes are displayed: mac , mtu , and speed .
More details on these attributes can be found in the Attributes section.

View Interface Statistics

The following command can be used to display interface statistics.
nwmgr [-g] --st [all | extmib | mib ] -c lan_instance

100 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

nwmgr_intl100(1M) nwmgr_intl100(1M)

nwmgr [--get ] --stats [all | extmib | mib ] --class_instance lan_instance

The arguments all , extmib , and mib are the only valid arguments for --stats for intl100
drivers. all is the default if no argument is provided with --stats . It displays the same informa-
tion as extmib which displays extended MIB statistics. mib displays a subset of MIB statistics of
the interface.

View Interface Attributes

The following command can be used to display the current value of either all the attributes of the interface
(when the all keyword is specified) or the specified attributes (when they are listed by name).
nwmgr [-g] -A {all | attr1 , attr2 , ...} -c lan_instance
nwmgr [--get ] --attribute {all | attr1 , attr2 , ...} --class_instance lan_instance
Each attribute is listed on a separate line as a name-value pair.

View Interface Details

The following command can be used to get detail information about the interface.
nwmgr [-g] -q info -c lan_instance
nwmgr [--get ] --qualifier info --class_instance lan_instance
This form displays interface-specific properties that are informational, often not configurable and sub-
ject to variation across drivers. In the case of intl100 , the output is same as what is shown by:
nwmgr -g -v -c lan_instance
The -q option provides more information about the subsystem.

Set Attribute Values

The following command can be used to set values to the specified attributes.
nwmgr -s -A attr1= value1 , attr2= value2 , ... -c lan_instance
nwmgr --set --attribute attr1= value1 , attr2= value2 ,...
--class_instance lan_instance
The attributes that can be set are: mac , mtu , and speed .
n
Save Current Attribute Values
The following command can be used to save the current attribute values in the configuration file.
nwmgr -s -A all --sa --fr cu[rrent ] -c lan_instance
nwmgr --set --attribute all --saved --from cu[rrent ] --class_instance
lan_instance
This form ’freezes’ the current state of an interface; that is, it stores the current value of each attri-
bute of an interface in the configuration file (/etc/rc.config.d/hpintl100conf) so that the
interface configuration is saved across boots. The user can also run the start-up script later manually
to apply the configuration file values to the running kernel, by typing:
/sbin/rc2.d/S326hpintl100 start . This feature allows a user to experiment with the
current values, and save the desired configuration.

Set Attribute Values from Default Values

The following command can be used to set default values to all attributes (if all is specified), or to selected
attributes (if the attribute names are listed).
nwmgr -s -A {all | attr1 , attr2 , ...} [--cu ] --fr de[fault ] -c lan_instance
nwmgr --set --attribute {all | attr1 , attr2 , ...} [--current ] --from de[fault ]
--class_instance lan_instance
This can be useful in rolling all the changes made to an interface since the time the system booted.

Reset an Interface
The following command can be used to reset an interface.
nwmgr -r -c lan_instance
nwmgr --reset --class_instance lan_instance
The interface is subjected to a PCI reset, which clears all previous state, including the interface statis-
tics. The interface is then re-programmed with the attribute values that were current before the

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 101

 nwmgr_intl100(1M) nwmgr_intl100(1M)

reset. Promiscuous mode and multicast addresses are preserved across the reset.
While the reset is in progress, the data traffic through the interface is interrupted. So, the command
automatically performs a Critical Resource Analysis to see if the interface is data-critical; that is, any
other resource depends for its functionality on the availability of the interface. If so, the reset is not
performed.
The reset can be forced, even if the interface is data-critical, by using the --force option. It is pos-
sible for an interface to be system-critical; that is, the health of the system depends on the availability
of the interface. In that case, the reset is not be performed even if the --force option is specified.

Reset Statistics of an Interface

The following command can be used to reset statistics for an interface.
nwmgr -r --st -c lan_instance
nwmgr --reset --stats --class_instance lan_instance
The data traffic statistics for an interface are cleared to zero. This includes the byte count and packet
count for inbound and outbound traffic. Other aspects of the interface are left unmodified.

Diagnose Link Connectivity

The following command can be used to diagnose link connectivity.
nwmgr --diag [link ] -A dest= mac_addr [--it number] [-A pktsize= bytes]
[-A timeout= seconds] -c lan_instance
nwmgr --diagnose [link ] --attribute dest= mac_addr [--iterations number]
[--attribute pktsize= bytes] [--attribute timeout= seconds]
--class_instance lan_instance
Link connectivity at the data link layer is checked by sending IEEE XID test frames to the specified
destination MAC address and counting the replies.
The --iterations option specifies how many test frames to send. The default value is 1.
The pktsize attribute specifies the size of each test frame. The default value is 100 bytes.
n The timeout attribute specifies how many seconds to wait for the acknowledgement of each test
frame. The default value is 5 seconds.

RETURN VALUES
0 On success.
<>0 On failure, the command returns values in as shown in ERRORS below.

ERRORS
Below are the errors generated by nwmgr on failure.
[EACCES] Attempt to set a read-only attribute.
[EBUSY] The interface is currently inaccessible.
[EINVAL] One or more of the attributes or options is invalid for the operation.
[ENOMEM] Memory allocation failed. This could be a transient condition.
[ENOTSUP] Operation or feature is not supported.
[ENXIO] The target interface could not be accessed.
[EPERM] The user lacks the authorization "hpux.network.config", which is required for this
operation.
[ERANGE] The specified values of one or more attributes was less than the minimum or more
than the maximum.

EXAMPLES
List all LAN interfaces in the system.
nwmgr -C lan
Display the speed and MTU of the intl100 interface lan1 .

102 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

nwmgr_intl100(1M) nwmgr_intl100(1M)

nwmgr -A speed,mtu -c lan1

Display all attributes of the intl100 interface lan1 .
nwmgr -A all -c lan1
Set MTU to 1400 and speed to auto-negotiation on lan1 .
nwmgr -s -A mtu=1400,speed=auto_on -c lan1
Restore MTU and the MAC address to their defaults on lan1 .
nwmgr --set -A mtu,mac --from de -c lan1

COMPARISON WITH LANADMIN

Commands To Display Generic NIC Attributes
lanadmin nwmgr
lanadmin -m PPA nwmgr [-g] -A mtu -c lanPPA

lanadmin -a PPA nwmgr [-g] -A mac -c lanPPA

landamin -s PPA nwmgr [-g] -A speed -c lanPPA

lanadmin -m -a -s PPA nwmgr [-g] -A mtu,mac,speed -c lanPPA

nwmgr [-g] -A all -c lanPPA

Commands To Get NIC Statistics

lanadmin nwmgr
lanadmin -g PPA nwmgr -g --st mib -c lanPPA

lanadmin -x stats drv PPA nwmgr -g --st subsys -c lanPPA

nwmgr -g -st mib,subsys -c lanPPA
n
lanadmin -g mibstats_ext PPA nwmgr -g --st extmib -c lanPPA

Commands To Set Generic NIC Attributes

lanadmin nwmgr
lanadmin -M mtu_size PPA nwmgr -s -A mtu=mtu_size
-c lanPPA

lanadmin -A MAC_Add PPA nwmgr -s -A mac=MAC_Address

-c lanPPA

lanadmin -S speed PPA N/A. NOTE: Speed can be specified

as a combination of speed and
duplixity only. For example:
000FD, 100HD etc.

landmin -X speed_value PPA nwmgr -s -A speed=speed_value

-c lanPPA

Command To Reset Statistics of a NIC

lanadmin nwmgr
lanadmin -c PPA nwmgr -r -st -c lanPPA

HP-UX 11i Version 3: February 2007 −6− Hewlett-Packard Company 103

 nwmgr_intl100(1M) nwmgr_intl100(1M)

Command To Reset MTU To the Default Value

lanadmin nwmgr
lanadmin -R PPA nwmgr -s -A mtu
-from default -c lanPPA

Command To Set To Default Configurations

lanadmin nwmgr
lanadmin -A DEFAULT PPA nwmgr -s -A mac
-from default -c lanPPA

NOTE: Similarly default configuration

can be set for the other attributes
like speed,mtu, mac etc.
Note: The nwmgr equivalent for displaying the usage information is not available.
Note: The lanadmin options that support apa and vlan are covered in the nwmgr_apa(1M) and
nwmgr_vlan(1M) manpages.

COMPARISON WITH LINKLOOP COMMAND

Command to Test the Link Level Connectivity
linkloop nwmgr
linkloop -i PPA nwmgr -diag -A dest=MAC_Address
MAC_Address -c lanPPA

linkloop -i PPA nwmgr --diag -A dest=linkaddr,

-n count -s size pktsize=size, timeout=timeout
-t timeout Mac_Address --it count -c lanPPA

linkloop -r rif N/A

n Note: nwmgr does not allow multiple station addresses to be specified in the same command line.

COMPARISON WITH LANSCAN COMMAND

Command To List Interfaces and Their Attributes
lanscan nwmgr
lanscan nwmgr -g -v -c lanPPA
nwmgr -C lan
nwmgr -S gelan

Command To Display Interface Names Only

lanscan nwmgr
lanscan -i nwmgr -g -v -c lanPPA
nwmgr -C lan -sc | awk -F# ’/if_state/ {print $1}’

Command To Display MAC Types Only

lanscan nwmgr
lanscan -m nwmgr -g -v -c lanPPA

NOTE: nwmgr reports only on

Ethernet links

104 Hewlett-Packard Company −7− HP-UX 11i Version 3: February 2007

nwmgr_intl100(1M) nwmgr_intl100(1M)

Command To Display NMIDs Only

lanscan nwmgr
lanscan -n nwmgr -g -v -c lanPPA

Command To Display the PPAs Only

lanscan nwmgr
lanscan -p nwmgr -g -v -c lanPPA
nwmgr -C lan --sc | awk
-F# ’/if_state/ {print substr($1,4)}’

Command To Display All MAC Addresses

lanscan nwmgr
lanscan -a nwmgr -g -v -c lanPPA
Note: nwmgr displays the NIC attributes such as interface name, MAC type, the NMID, the PPA and
the MAC address for only one NIC since only one instance of "lan" class instance can be specified
for the --class_instance (-c ) option.
Note: The lanscan options (-l and -q ) that support "apa" are covered in the nwmgr_apa(1M) man-
page.

AUTHOR
nwmgr was developed by HP.
FILES
/etc/rc.config.d/hpintl100conf Contains the saved (persistent) configuration values for
intl100 interfaces.
/sbin/rc2.d/S326hpintl100 Startup script for the intl100 driver, which applies the
configuration file to the running system. It is executed
automatically after each reboot, and the user can execute it
by providing the argument start . n
SEE ALSO
nwmgr(1M).

HP-UX 11i Version 3: February 2007 −8− Hewlett-Packard Company 105

 nwmgr_vlan(1M) nwmgr_vlan(1M)

NAME
nwmgr_vlan: nwmgr - network interface management command for VLAN interface

SYNOPSIS
nwmgr -a -S vlan [-c lan VPPA] -A vlanid= vlanid , ppa= PPA [,attr=value]...
[--sc ]
nwmgr -d -c lan VPPA [--sc ]
nwmgr -d -S vlan -c lan VPPA --sa [--sc ]
nwmgr -d -S vlan --sa [--sc ]
nwmgr -s -c lan VPPA -A attr1=value1... [--sc ]
nwmgr -s -c lan VPPA -A all --sa --fr cu [--sc ]
nwmgr -s -S vlan -A all --sa --fr cu [--sc ]
nwmgr [-g] { -c lan VPPA | -S vlan } [-v] [--sc ]
nwmgr [-g] -A { all | attr1 , attr2 ,...} -c lan VPPA [-v] [--sc ]
nwmgr [-g] --st -c lan VPPA [--sc ]
nwmgr -r -c lan VPPA [--sc ]
nwmgr -r --st -c lan VPPA [--sc ]
nwmgr --cra -c lan VPPA [--sc ]
nwmgr --diag [link ] -A dest =mac_addr [--it number] [-A pktsize=bytes]
[-A timeout=seconds] -c lan VPPA [--sc ]
nwmgr -h -S vlan [-v]
nwmgr -h [ -a | -g | -s | -d | -r | --diag ] { -c lan VPPA | -S vlan } [-v]
Remark
n The lanadmin , lanscan , and linkloop commands are deprecated and will be removed in a
future HP-UX release. HP recommends the use of replacement command nwmgr to perform all
network interface-related tasks.

DESCRIPTION
The nwmgr program is the unified command to administer all LAN and RDMA-based interfaces of HP-UX.
General information about the command as a whole can be found in the nwmgr(1M) manpage.
This nwmgr_vlan(1M) manpage describes nwmgr as applied to the VLAN subsystem.
VLANs are logical or "virtual" network segments that can span multiple physical network segments. A pri-
mary benefit of VLANs is that they can isolate broadcast and multicast traffic by determining which desti-
nations should receive that traffic, thereby making better use of switch and end-station resources.
The commands described here are for interactive administration of HP-UX Virtual LAN (VLAN) interfaces.
The nwmgr command can be used on VLAN interfaces to display information (with the -g option, which is
the default), add VLAN interfaces (with the -a option), delete VLAN interfaces (with the -d option),
modify settings (with the -s option), reset the interface or its statistics (with the -r option), obtain the
usage information (with the --cra option) and to diagnose link connectivity (with the --diag option).
Operations other than get require hpux.network.config authorization. For more information about
authorizations and Role-based Access Control, see rbac(5).
The settings of the VLAN interface on the system can be saved to the configuration file
/etc/rc.config.d/vlanconf, so that these settings will take effect across reboots.
The output in each case can be obtained in either human-readable format (which is the default) or in a
script-friendly parseable format (with the --sc or --script option).
The format for script-friendly output is described in the nwmgr(1M) manpage. HP guarantees that any
change in the scriptable output across releases will contain only additions. The existing content will not be
modified or deleted. The content of human-readable format can change across releases though the changes
can be expected to be incremental.

106 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

nwmgr_vlan(1M) nwmgr_vlan(1M)

Operations
The nwmgr command provides the following operations for the VLAN interface.
-a | --add Add/create VLAN interface.
--cra Perform Critical Resource Analysis on the VLAN interface.
-d | --delete Delete the VLAN interface.
--diag | --diagnose Diagnose/test link connectivity.
-g | --get Get/display VLAN interface settings. This is the default operation when
none is specified.
-h | --help Display help information.
-r | --reset Reset VLAN interface or the statistics on the VLAN interface.
-s | --set Set the attributes of the VLAN interface.
Options
Beside operations, these options are valid for the VLAN interface:
-A | --attribute Specifies attributes for an operation. For VLAN, this can be used with the
add , set , get , and diagnose operations.
See Attributes section below for valid attributes of VLAN interfaces.
-c | --class_instance Specifies the target interface on which the operation is to be performed.
For VLAN, the target interface is of the form: lan VPPA
where VPPA is the VLAN physical point of attachment.
-S | --subsystem Specifies the target subsystem for the operation. For the VLAN subsystem,
the option argument is always vlan .
--fr | --from Specifies the configuration from which the operation will save data. For the
VLAN subsystem, current is the only allowed argument for this option.
--it | --iteration Specifies the number of frames to be sent for diagnostics, used with the
diagnose operation.
n
--sa | --saved Specifies that the operation must be performed on the saved configuration
(persistent store).
--sc | --script Displays the output in script parseable format.
--st | --stats Specifies that the operation applies to the statistics of the target.
-v | --verbose Specifies verbose output to display more detail.

Attributes
The following attributes can be used with the -A (--attribute ) option for VLAN interfaces. Refer to
the USAGE section below to see which attributes are valid for specific operations.
dest= mac_addr Ethernet MAC address of the remote interface. Used with the diagnose
operation.
mac Ethernet MAC Address. Only valid for the get operation.
mtu Displays the maximum Ethernet payload size (MTU), in bytes. Only valid for
the get operation.
name= name An optional name for the interface. The default value of name is the null string
(""). However, nwmgr displays this as UNNAMED.
pktsize= bytes Specifies the package size in bytes of each test frame. The default is 100. Only
valid for the diagnose operation.
ppa= PPA Specifies the physical point of attachment (PPA) of the interface where the
VLAN interface will be added. Only valid for the add operation.
pri= priority Specifies the 802.1p priority in the VLAN tag of the frame header. Switches use
the 802.1p priority.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 107

 nwmgr_vlan(1M) nwmgr_vlan(1M)

The valid range is 0-7.

The default is 0.
pri_override=level Priority override provides a mechanism to convert IP level precedence (IPV4 ToS
octet) to link level 802.1p user priority.
Priority override applies to outbound frames only. Priority override level strings
are:
CONF_PRI Your specified priority value will be used. This is the default
value.
IP_HEADER IP header ToS will be converted to 802.1p priority.
CONF_TOS Your specified ToS value will be converted to 802.1 priority.
speed Speed and duplex of the related interface. For 10 Mbps, 100 Mbps, and multiple
of 10 and 100 Mbps, the speed is displayed in Mbps. For 1 Gbps and above, the
speed is displayed in Gbps. The duplexity can be either "half" or "full".
Only valid for the get operation.
timeout= seconds Specifies how many seconds to wait for acknowledgement of each test frame for
the diagnose operation.
The default is 5 seconds.
tos= ToS_value Specifies the IP precedence in the IP header. Switches ignore ToS. Routers may
use it.
The valid range is 0-255.
The default is 0.
tos_override=level ToS override provides a mechanism to override the IP level precedence in the
header of an inbound IP packet. ToS override level strings are:
IP_HEADER ToS value in the IP header will be used. This is the default
value.
n ETHER_HEADER Ether header 802.1p priority will be converted to a ToS value.
CONF_TOS Your specified ToS value will be used.
CONF_PRI Your specified 802.1 priority value will be converted to a ToS
value.
vlanid= vlanid Uniquely identifies the VLAN to which a frame belongs.

USAGE
The common usages of nwmgr for VLAN interfaces are described in this section.

Add a VLAN Interface

nwmgr -a -S vlan [-c lan VPPA] -A vlanid= vlanid , ppa= PPA [,attr=value...] [--sc ]
nwmgr --add --subsystem vlan [--class_instance lan VPPA]
-A vlanid= vlanid , ppa= PPA [,attr=value...] [--sc ]
This command adds a VLAN interface over a VLAN capable interface. If a VPPA (virtual PPA) is
specified as a target with the -c option, the VLAN interface added will be allocated that VPPA. If the
-c option is not specified, the VPPA is allocated by the system.
The valid attributes (specified with the -A option) for the add operation are:
ppa= PPA
vlanid= vlanid
pri= priority
tos= ToS_value
name= name
tos_override= level
pri_override= level

108 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

nwmgr_vlan(1M) nwmgr_vlan(1M)

Delete a VLAN Interface

nwmgr -d -c lan VPPA [--sc ]
nwmgr --delete --class_instance lan VPPA [--script ]
This command deletes the VLAN interface if it is not in use.
Caution: HP strongly advises you first run the Critical Resource Analysis (with the --cra option)
to check usage information before deleting a VLAN interface.

Delete a VLAN Interface from the Configuration File

nwmgr -d -S vlan -c lan VPPA --sa [--sc ]
nwmgr --delete --subsystem vlan --class_instance lan VPPA
--saved [--script ]
This command deletes the entries for the specified VLAN interface from the configuration file
/etc/rc.config.d/vlanconf, so that the VLAN interface will not be created during reboot.
Delete All the VLAN Interfaces from the Configuration File
nwmgr -d -S vlan --sa [--sc ]
nwmgr --delete --subsystem vlan --saved [--script ]
This command deletes the entries of all VLAN interfaces from the configuration file
/etc/rc.config.d/vlanconf, so that no VLAN interfaces will be created during reboot.
Set the Attributes of the VLAN Interface on the System
nwmgr -s -c lan VPPA -A attr1=value1... [--sc ]
nwmgr --set --class_instance lan VPPA -attribute attr1=value1... [--script ]
Attributes that can be set are:
vlanid= vlanid
pri= priority
tos= ToS_value
name= name
tos_override= level
pri_override= level n
Save VLAN Interface Attributes to the Configuration File
nwmgr -s -c lan VPPA -A all --sa --fr cu [--sc ]
nwmgr --set --class_instance lan VPPA --attribute all --saved --from
current [--script ]
This command saves the current attribute values of the specified VLAN interface to the configuration
file, /etc/rc.config.d/vlanconf, so that the interface configuration is preserved across
boots.
You cannot save individual attributes to the configuration file. All attributes must be saved together.
New entries will be created if they do not already exist in the configuration file for the specified inter-
face. If there are entries with the same VLAN ID or VLAN name for the related interface, the exist-
ing entries will be deleted and a new entry will be created. If there are entries with the same VPPA,
the existing entries will be deleted and a new entry will be created.

Save the Attributes of all VLAN interfaces to the Configuration File

nwmgr -s -S vlan -A all --sa --fr cu [--sc ]
nwmgr --set --subsystem vlan --attribute all --saved --from current
[--script ]
This command saves the attribute values of all the VLAN interfaces on the system to the
configuration file, /etc/rc.config.d/vlanconf, so that the interface configuration is
preserved across boots.
You cannot save individual attributes to the configuration file. All attributes must be saved together.
All the existing entries in the configuration file will be deleted and new entries will be added for the
VLAN interfaces on the system.

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 109

 nwmgr_vlan(1M) nwmgr_vlan(1M)

View All Attributes of VLAN Interfaces

nwmgr [-g] { -c lan VPPA | -S vlan } [-v] [--sc ]
nwmgr [--get ] {--class_instance lan VPPA | --subsystem vlan }
[--verbose ] [--script ]
This command gets the attributes of one or all VLAN interfaces on the system. When the target is a
VLAN interface, the attributes of the specified VLAN interface are displayed. When the target is the
VLAN subsystem, attributes of all the VLAN interfaces on the system are displayed.
When the verbose option is not provided, the following attributes are displayed in a tabular format:
lan_instance , ppa , pri , pri_override , tos , tos_override , vlanid .
When the verbose option is provided, more details about the interface are displayed in a line-
oriented format. The following additional attributes are displayed with the verbose option:
state : Interface State
Operational status of the interface. The valid values are UP and DOWN.
link_cause : Probable Cause for State
The cause for the link to be in UP or DOWN state.
mac : MAC Address
Ethernet MAC Address. The default value is the factory assigned MAC address.
subsystem : Subsystem
The name of the subsystem. For VLAN, it is displayed as vlan .
related_interface : Related Interface
The interface on which the VLAN interface is added.
hw_path : Hardware Path
The hardware path of the VLAN interface.
nmid : NMID
The network management ID of the VLAN interface.
feature_cap : Feature Capabilities
n The features supported by the VLAN interface.
The possible outputs are:
• IPV4 Recv CKO - Driver supports inbound IPv4 CKO (Checksum offload).
• IPV4 Send CKO - Driver supports outbound IPv4 CKO.
• IPV4 Recv CKO - Driver supports inbound IPv6 CKO.
• IPV4 Send CKO - Driver supports outbound IPv6 CKO.
• VLAN Tag Offload - Underlying hardware capable of VLAN tagging.
• 64Bit MIB Support - 64 MIB statistics supported by driver.
• IPV4 TCP Segmentation Offload - IPV4 TCP Segmentation supported by driver.
• IPV4 TCP Segmentation Offload - IPV6 TCP Segmentation supported by driver.
• UDP Multifrag CKO - CKO for UDP multifragmented packets supported by driver.
feature_set : Feature Settings
The features set on the VLAN interface.
mtu : MTU
Maximum Ethernet payload size, in bytes. MTU above 1500 is allowed only when the speed is 1
Gbps or above.
The valid range is 1024-9000.
The default is 1500.
speed : Speed-Duplex
Speed and duplex of the related interface. For 10 Mbps, 100 Mbps, and multiple of 10 and 100
Mbps, the speed is displayed in Mbps. For 1 Gbps and above, the speed is displayed in Gbps.

110 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

nwmgr_vlan(1M) nwmgr_vlan(1M)

View All or Selected Attributes of a VLAN Interface

nwmgr [-g] -A { all | attr1 , attr2 ,...} -c lan VPPA [--sc ]
nwmgr [--get ] --attribute { all | attr1 , attr2 ,...} --class_instance lan VPPA
[--script ]
This command gets the value of individual attributes. When all is provided as the argument to the
-A (--attribute ) option, more details about the interface are displayed in addition to the VLAN
attributes. The additional attributes displayed are discussed under the section, View All Attributes of
VLAN Interfaces.
The following attributes are valid for this command: mac , mtu , name , ppa , pri , pri_override ,
speed , tos , tos_override , vlanid .
View VLAN Interface Statistics
nwmgr [-g] --st -c lan VPPA [--sc ]
nwmgr [--get ] --stats --class_instance lan VPPA [--script ]
This command displays the MIB statistics of the interface. For the VLAN subsystem, 64 bit mib
statistics are always displayed regardless of the related interface.

Reset a VLAN Interface

nwmgr -r -c lan VPPA [--sc ]
nwmgr --reset --class_instance lan VPPA [--script ]
This command clears all previous state, including the interface statistics. Promiscuous mode and mul-
ticast addresses are preserved across the reset. While the reset is in progress, data traffic through the
interface is interrupted.

Reset Statistics on a VLAN Interface

nwmgr -r --st -c lan VPPA [--sc ]
nwmgr --reset --stats --class_instance lan VPPA [--script ]
This command resets the statistics for an VLAN interface. With this command, the data traffic statis-
tics for an interface are cleared to zero. This includes the byte count and packet count for inbound
and outbound traffic. Other aspects of the interface are left unchanged. n
Perform Critical Resource Analysis on the VLAN Interface
nwmgr --cra -c lan VPPA [--sc ]
nwmgr --cra --class_instance lan VPPA [--script ]
This command performs Critical Resource Analysis (CRA) on the VLAN interface and displays the
impact of performing a destructive action on the target. HP recommends performing CRA to check
usage before performing destructive actions such as deleting a VLAN interface.

Diagnose Link Connectivity

nwmgr --diag [link ] -A dest= mac [--it number] [-A pktsize= bytes]
[-A timeout= seconds] -c lan VPPA [--sc ]
nwmgr --diagnose [link ] --attribute dest= mac [--iteration number]
[--attribute pktsize= bytes] [--attribute timeout= seconds]
--class_instance lan VPPA [--script ]
This command diagnoses link connectivity at the data link layer by sending IEEE XID test frames to
the specified destination MAC address and counting the replies.
The --iteration option specifies the number of test frames to be sent; the default is 1.
The pktsize attribute specifies the size in bytes of each test frame; the default is 100.
The timeout attribute specifies how many seconds to wait for the acknowledgement of each test
frame; the default is 5 seconds.

RETURN VALUES
0 Success.
<>0 Failure. The command returns values described in ERRORS below.

HP-UX 11i Version 3: February 2007 −6− Hewlett-Packard Company 111

 nwmgr_vlan(1M) nwmgr_vlan(1M)

ERRORS
[EACCES] Attempt to set a read-only attribute.
[EBUSY] Interface is presently inaccessible.
[EINVAL] One or more of the attributes or options is invalid for the task.
[EIO] IO error.
[ENOENT] File does not exist.
[ENOMEM] Memory allocation failed. This could be a transient condition.
[ENOTSUP] Operation or feature is not supported.
[ENXIO] Interface could not be accessed.
[EPERM] User lacks the hpux.network.config authorization required for this operation.
[ERANGE] Specified values of one or more attributes were lower than the minimum or greater
than the maximum allowed.
[ENODEV] Device or interface not found.
[EEXIST] Device or interface already exists.

EXAMPLES
Help for all VLAN operations in terse mode:
nwmgr -h -S vlan
Help for all VLAN operations in verbose mode:
nwmgr -h -S vlan -v
Help for the get operation:
nwmgr -g -S vlan -h
Add vlan with vlanid 10 to ppa 1:
nwmgr -a -S vlan -A vlanid=10,ppa=1
n View attributes of all VLAN interfaces in tabular format:
nwmgr -g -S vlan
View attributes of all VLAN interfaces in name= value format:
nwmgr -g -S vlan -v
View attributes of all VLAN interfaces in scriptable format:
nwmgr -g -S vlan -v --sc
View attributes of lan5000 in tabular format:
nwmgr -g -c lan5000
View attributes of lan5000 in name= value format:
nwmgr -g -c lan5000 -v
View attributes of lan5000 in scriptable format:
nwmgr -g -c lan5000 -v --sc
View vlanid of lan5000 in scriptable format:
nwmgr -g -c lan5000 -A vlanid --sc
View statistics of lan5000 in scriptable format:
nwmgr -g -c lan5000 --st --sc
Set vlanid to 20 in lan5000:
nwmgr -s -c lan5000 -A vlanid=20
Set vlanid to 25 in lan5000 with output in scriptable format:
nwmgr -s -c lan5000 -A vlanid=25 --sc
Save all the attributes of lan5000 to configuration file:
nwmgr -s -c lan5000 -A all --sa --fr cu
Save all the attributes of all VLAN interfaces on the system to configuration file:
nwmgr -s -S vlan -A all --sa --fr cu

112 Hewlett-Packard Company −7− HP-UX 11i Version 3: February 2007

nwmgr_vlan(1M) nwmgr_vlan(1M)

Delete lan5000 :
nwmgr -d -c lan5000
Delete lan5000 from persistent store:
nwmgr -d -S vlan -c lan5000 --sa
Delete all VLAN interfaces from the persistent store:
nwmgr -d -S vlan --sa
Delete lan5000 with output in scriptable format:
nwmgr -d -c lan5000 --sc
Reset lan5000 :
nwmgr -r -c lan5000
Reset lan5000 with output in scriptable format:
nwmgr -r -c lan5000 --sc
Reset/Clear statistics of lan5000 :
nwmgr -r -c lan5000 --st
Reset/Clear statistics of lan5000 with output in scriptable format:
nwmgr -r -c lan5000 --st --sc
Perform Critical Resource Analysis (CRA) of lan5000 :
nwmgr --cra -c lan5000
Perform Critical Resource Analysis (CRA) of lan5000 with output in scriptable format:
nwmgr --cra -c lan5000 --sc
Check connectivity between lan5000 and MAC address 0xaabbccddeeff:
nwmgr --diag -c lan5000 -A dest=0xaabbccddeeff

COMPARISON WITH LANADMIN/LINKLOOP

The following table lists nwmgr commands and their equivalent lanadmin /linkloop commands.
nwmgr equivalent lanadadmin/linkloop n
nwmgr -S vlan lanadmin -V scan
nwmgr -c lan5000 lanadmin -V info 5000
nwmgr -a -S vlan -A vlanid=10,ppa=1 lanadmin -V create vlanid 10 1
nwmgr -d -c lan5000 lanadmin -V delete 5000
nwmgr -s -c lan5000 -A vlanid=20 lanadmin -V modify vlanid 20 5000
nwmgr --cra -c lan5000 lanadmin -p 5000
nwmgr --diag -c lan5000 linkloop -i 5000 0xaabbccddeeff
-A dest=0xaabbccddeeff

AUTHOR
nwmgr was developed by HP.
FILES
/etc/rc.config.d/vlanconf
Contains the saved (persistent) configuration for vlan interfaces.
/sbin/rc2.d/S337vlan
Startup script for the vlan driver, which applies the configuration file to the running system. It is exe-
cuted automatically after each reboot, and can also be executed by the user by providing the argument
start .
SEE ALSO
nwmgr(1M), dlpi(7), vlan(7).
HP-UX VLAN Administrator’s Guide

HP-UX 11i Version 3: February 2007 −8− Hewlett-Packard Company 113

 ocd(1M) ocd(1M)

NAME
ocd - outbound connection daemon used by DDFA software

SYNOPSIS
ocd -fpseudonym -nnode_name [-bboard_no] [-cconfig_file] [-llog_level ] [-pport_no]
DESCRIPTION
The Outbound Connection Daemon (ocd ) is part of the Data Communications and Terminal Controller
(DTC) Device File Access (DDFA) software. It manages the connection and data transfer to the remote ter-
minal server port. It can be spawned from the Dedicated Port Parser (dpp ) or run directly from the shell.
For performance reasons, ocd does not have a debug mode. However, a version called ocdebug with
debug facilities is available.
See ddfa(7) for more information on how to configure the DDFA software and for an explanation of how it
works.
ocd logs important messages and error conditions to /var/adm/syslog.
Options
ocd recognizes the following options:
-bboard_no The board number of a DTC. If it is omitted, the port number option must contain
the full TCP service port address. The -b and -p options must not be used if the
IP address given in the -n option is the IP address of a port.
If the -n option explicitly names a terminal server port, the -b option is not
needed.
-cconfig_file Specify the name (including the absolute path) of the configuration file used to
profile the terminal server port. If this option is omitted, the default values
specified in the default pcf file (/usr/examples/ddfa/pcf) are used. If the
file specified does not exist, an error message is logged and the following values are
used (note that the values for open_tries and open_timer are different from
the default values):
telnet_mode: enable
o timing_mark:
telnet_timer:
enable
120
binary_mode: disable
open_tries: 0
open_timer: 0
close_timer: 0
status_request: disable
status_timer: 30
eight_bit: disable
tcp_nodelay: enable
-fpseudonym The absolute or relative path to the device file that is linked by the software to the
reserved pty . Applications use pseudonym and not the dynamically allocated pty
slave.
-llog_level Specify the logging level. It determines the severity of messages sent to
/var/adm/syslog. The logging levels (and how they relate to system logging
levels) are as follows:
0 Log only LOG_CRIT messages.
1 Log only LOG_CRIT and LOG_ERR messages.
2 Log only LOG_CRIT, LOG_ERR, and LOG_WARNING messages.
3 Log all messages.
If this option is omitted, the logging level is set to 1.
-nnode_name The IP address of the terminal server or the port.
-pport_no A DTC port number or, if the -b option is omitted, the TCP port service address
that will be used by the software to access the port. If the value is omitted, the
value 23 (Telnet) is used by default.

114 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

ocd(1M) ocd(1M)

In order to shutdown every ocd running without restarting them, the following command can be exe-
cuted:
kill -15 ‘ps -e | grep ocd | awk ’{print $1}’‘
WARNINGS
In order to ensure that commands (such as ps ) display the correct device file name (that is, the pseu-
donym), all pseudonyms should be placed into the directory /dev/telnet . If pseudonyms are not
specified for placement in this directory, the correct display of device file names with many commands is
not guaranteed.
In addition, in order to ensure that commands (such as w, passwd , finger , and wall ) work correctly,
each pseudonym must be unique in its first 17 characters (including the directory prefix /dev/telnet/ ).
If pseudonyms are not unique in their first 17 characters, the correct functioning of many commands is not
guaranteed.
Also, in order to reliably handle timing mark negotiations (and ensure that files printing on a printer
attached to a terminal server have been completely flushed to that printer), the following line must be
added near the end of each printer interface script for printers attached to a terminal server:
stty exta <&1 2>/dev/null
The printer interface scripts reside in the directory /etc/lp/interface. The line must be added just
prior to the final exit command in each printer interface script.
If this line is not added as specified, the printing reliability of printers attached to a terminal server is not
guaranteed.

FILES
/usr/examples/ddfa/dp
/usr/examples/ddfa/pcf
/usr/sbin/dpp
/usr/sbin/ocd
/usr/sbin/ocdebug
/var/adm/dpp_login.bin
/var/adm/utmp.dfa
SEE ALSO o
dpp(1M), ocdebug(1M), syslog(3C), dp(4), pcf(4), ddfa(7).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 115

 ocdebug(1M) ocdebug(1M)

NAME
ocdebug - outbound connection daemon debug utility used by DDFA software

SYNOPSIS
ocdebug -fpseudonym -nnode_name [-bboard_no ] [-cconfig_file ] [-ddebug_level ] [-llog_level ]
[-pport_no ]

DESCRIPTION
The ocdebug daemon is the debugging version of the Outbound Connection Daemon (ocd ). ocd is part
of the Data Communications and Terminal Controller (DTC) Device File Access (DDFA) software. It
manages the connection and data transfer to the remote terminal server port.
See ddfa(7) for more information on how to configure the DDFA software and for an explanation of how it
works.
Debugging may be toggled interactively by sending the SIGUSR1 signal to the process using:
kill -16 pid.
ocdebug logs important messages and error conditions to /var/adm/syslog. Debug messages are
logged to the file /var/adm/ocd pid and the file name is displayed at the start of debugging.

Options
ocdebug recognizes the following options. Apart from the -d option they are the same as the ocd
options.
-bboard_no Specify the board number of a DTC. If it is omitted, the port number option must
contain the full TCP service port address. The -b and -p options must not be used if
the IP address given in the -n option is the IP address of a port.
If the -n option explicitly names a terminal server port, the -b option is not needed.
-cconfig_file Specify the name (including the absolute path) of the configuration file used to profile
the terminal server port. If this value is omitted, the values specified in the default
pcf file (/usr/examples/ddfa/pcf) are used. If the file specified does not
exist, an error message is logged and the following values are used (note that the
values for open_tries and open_timer are different from the default values):
o telnet_mode: enable
timing_mark: enable
telnet_timer: 120
binary_mode: disable
open_tries: 0
open_timer: 0
close_timer: 0
status_request: disable
status_timer: 30
eight_bit: disable
tcp_nodelay: enable
-ddebug_level Specify the level of debugging. Levels can be added together to accumulate debugging
functions. For example, -d7 enables all levels and -d3 enables only the first two lev-
els. The levels are:
0 No debug messages.
1 Trace procedure entry/exit logged.
2 Additional tracking messages logged.
4 Data structures dumped.
-fpseudonym Specify the absolute or relative path to the device file, which is linked by the software
to the reserved pty . Applications use the pseudonym and not the dynamically allo-
cated pty slave.
-llog_level Specify the logging level. It determines the severity of messages sent to
/var/adm/syslog. The logging levels (and how they relate to system logging lev-
els) are as follows:
0 Log only LOG_CRIT messages.

116 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

ocdebug(1M) ocdebug(1M)

1 Log only LOG_CRIT and LOG_ERR messages.

2 Log only LOG_CRIT, LOG_ERR, and LOG_WARNING messages.
3 Log all messages.
If it is omitted, the logging level is set to 1.
-nnode_name Specify the IP address of the terminal server or the port.
-pport_no Specify a DTC port number or, if the -b option is omitted, the TCP port service
address that will be used by the software to access the port. If the value is omitted,
the value 23 (Telnet) is used by default.
In order to shutdown every ocd running without restarting them, the following command can be exe-
cuted:
kill -15 ‘ps -e | grep ocd | awk ’{print $1}’‘
WARNINGS
In order to ensure that commands (such as ps) display the correct device file name (that is, the pseu-
donym), all pseudonyms should be placed into the directory /dev/telnet . If pseudonyms are not
specified for placement in this directory, the correct display of device file names with many commands is
not guaranteed.
In addition, in order to ensure that commands (such as w, passwd , finger , and wall ) work correctly,
each pseudonym must be unique in its first 17 characters (including the directory prefix /dev/telnet/ ).
If pseudonyms are not unique in their first 17 characters, the correct functioning of many commands is not
guaranteed.
Also, in order to reliably handle timing mark negotiations (and ensure that files printing on a printer
attached to a terminal server have been completely flushed to that printer), the following line must be
added near the end of each printer interface script for printers attached to a terminal server:
stty exta <&1 2>/dev/null
The printer interface scripts reside in the directory /etc/lp/interface. The line must be added just
prior to the final ’exit’ command in each printer interface script.
If this line is not added as specified, the printing reliability of printers attached to a terminal server is not
guaranteed.
o
FILES
/usr/examples/ddfa/dp
/usr/examples/ddfa/pcf
/usr/sbin/dpp
/usr/sbin/ocd
/usr/sbin/ocdebug
/var/adm/dpp_login.bin
/var/adm/ocd pid
/var/adm/syslog
/var/adm/utmp.dfa
SEE ALSO
dpp(1M), ocd(1M), syslog(3C), dp(4), pcf(4), ddfa(7).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 117

 olrad(1M) olrad(1M)

NAME
olrad - command for Online Addition/Replacement/Deletion of PCI I/O cards and Online Addition of I/O
chassis

SYNOPSIS
Adding Card Commands
/usr/bin/olrad [-f] -a slot_id
/usr/bin/olrad -A slot_id
Replacing Card Commands
/usr/bin/olrad [-f] -r slot_id
/usr/bin/olrad -R slot_id
Deleting Card Commands
/usr/bin/olrad [-f] -d slot_id
/usr/bin/olrad -D slot_id
I/O Chassis Add Command
/usr/bin/olrad -A -s cell_hw_path
Other Commands
/usr/bin/olrad -n |-q
/usr/bin/olrad [-F] -q
/usr/bin/olrad [-F] -h|-c slot_id
/usr/bin/olrad [-F] -v interface_hw_path
/usr/bin/olrad -g device_hw_path|slot_hw_path
/usr/bin/olrad -I |-P flag slot_id
/usr/bin/olrad -d -u driver_name
/usr/bin/olrad -d -t driver_name
/usr/bin/olrad -C |-e slot_id
DESCRIPTION
The olrad command provides the ability to perform On-Line Addition, Replacement and Deletion of I/O
cards.
o olrad performs Critical Resource Analysis (CRA) of the system before performing any OLA/R/D opera-
tion. This is to ensure that the system is not left in an inconsistent state after a PCI card is
added/replaced/deleted.
The olrad command also provides the ability to perform On-Line Addition of an I/O chassis.
Only users with root privileges may use this command.
On systems with the capability to handle certain PCI hardware errors during the operation of PCI I/O
cards, the olrad command provides the option to attempt recovery from such errors. The availability of
this feature is dependent on the platform and operating system environment.
Arguments
The following arguments are used in the olrad command.
slot_id Slot ID of an OLA/R/D capable slot. A slot ID is a list of one or more numbers separated
by dashes. Each number represents a component of the physical location of the slot.
The user can use the slot ID to locate the slot. The sequence of numbers in the slot ID
is platform dependent. On certain platforms, the slot ID contains only the slot number.
On certain other platforms, including Superdome, the format of the slot ID is:
Cabinet#-Bay#-Chassis#-Slot#
slot_hw_path Hardware path of an OLA/R/D capable slot.
interface_hw_path Hardware path of an interface under an OLA/R/D capable slot.
device_hw_path Any hardware path under an OLA/R/D capable slot.
cell_hw_path Hardware path of a Cell in the system.

118 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

olrad(1M) olrad(1M)

Options
The following options are supported.
-A slot_id Post add phase. The slot power is turned ON, the drivers associated with all affected
slots are resumed. ioscan is run and if the card is claimed, the driver scripts,
post_add for the current slot and post_replace for affected slots (if any), are run
and the attention LED at the corresponding slot is turned OFF.
-A -s cell_hw_path
Configures the I/O components associated with the specified Cell. This operation is
required, because when a Cell is added to the system, the attached I/O components are
not configured in by default, so they have to be explicitly configured using this option.
-a slot_id Prepare to add a card to the system at the specified slot. Critical Resource Analysis
(CRA) is run to ensure that the current card addition onto the system will not cause
disruption to the overall system operation. The driver scripts (pref_replace and
prep_replace ) for affected slots (if any) are run and the drivers associated with the
affected slots are suspended. The slot power is turned OFF, and the attention LED at
the corresponding slot is set to BLINK mode.
If the -f option is specified, it overrides critical analysis (CRA) results. See the descrip-
tion for the -f option.
-C slot_id Runs Critical Resource Analysis (CRA) routine only on the specified slot_id and displays
the results. It checks for critical resources on all affected hardware paths associated
with the specified slot. It analyzes file systems, volumes, processes, networking, swap,
dump and generates a report of affected resources. It lists the severity levels and the
meanings for each.
CRA_SUCCESS no affected resources in use.
CRA_WARNINGS resources in use on affected device(s) but none are deemed
critical.
CRA_DATA_CRITICAL probable data loss, only proceed with the user’s permission.
CRA_SYS_CRITICAL likely to bring down the user’s system.
CRA_FAILURE some internal CRA error encountered.
Users are advised to use this option first to check out whether the intended OL* opera-
tion is safe and would not cause disruption in the functioning of the system. o
-c slot_id Displays the device information (such as Device_ID, Vendor_ID, and Revision_ID) of all
the interface devices at the indicated slot.
-D slot_id This performs the post delete operation. This should always be performed after an
olrad -d slot_id operation to complete the delete operation of a card at the slot.
-d slot_id Delete a card on the system at the specified slot. Critical Resource Analysis is run to
ensure that the current card removal on the system will not cause disruption to the sys-
tem operation. The driver script (prep_delete ) associated with the current slot is
run prior to the deletion. The target slot is powered off and the driver instances and
associated data structures are removed. The attention LED is set to BLINK at the
corresponding slot when the operation is in progress. When it completes, the
post_delete driver scripts are run.
If the -f option is specified, it overrides critical analysis (CRA) results. See the descrip-
tion for the -f option.
-d -t driver_name
This option is reserved for future use.
-d -u driver_name
This option is reserved for future use.
-e slot_id Lists the affected slot IDs for the specified slot.
-F Displays the output in machine readable format. It can be used with the following
options: -q, -c, -h , and -v .
-f The -f option, if specified, overrides the "data critical" errors returned by CRA. It is
important to note that olrad will not allow "system critical" errors to be overridden
and that olrad automatically overrides "warnings".

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 119

 olrad(1M) olrad(1M)

Irrespective of whether -f is specified or not, Critical Resource Analysis (CRA) routines

are run before an OLA/R/D operation, to ensure that the current OLA/R/D operation
does not interrupt the normal operation of the system; in other words, to identify "criti-
cal" errors.
The "data critical" errors are typically not critical to the system, but they may be critical
to the user. Hence, the user needs to decide whether or not to use the -f option for
overriding these types of errors.
-g hw_path Displays the slot ID for the specified device or interface hardware path.
-h slot_id Displays the hardware paths of the interface node(s) for the specified slot.
-I flag slot_id Controls the state of the Attention LED for the given slot. The valid values for this flag
option are: ATTN (LED blinking) and OFF . Based on the flag value, the slot Attention
LED is set to the appropriate state. The flags are not case-sensitive.
-n Display the number of OLA/R/D capable slots in the system.
-P flag slot_id Controls the state of the power indicator. Currently, the only valid value for this flag
option is: RAIL . The -P option can be used with RAIL to set the power indicator to
follow the specified slot’s power state; in other words, the power indicator is turned solid
ON if the slot power is ON, or the power indicator is turned OFF, if the slot power is
OFF. The flag is not case sensitive.
-q Displays the status of all OLA/R/D capable slots in the system. In the output, slots with
the same bus number are treated as shared slots. Output fields are detailed below;
some descriptions are platform dependent.
Slot displays the slot_id.
Path displays the slot_hw_path.
Bus Number identifies the I/O Bus corresponding to the slot.
Max Spd displays the maximum operating speed of the PCI Bus attached to the slot.
Spd displays the current operating speed of the PCI Bus attached to the slot. The card
inserted into the slot determines the current operating speed, together with the capabil-
ity of the slot’s PCI Bus.
o Pwr displays the slot power status.
Occu displays whether the slot is occupied or not.
Susp displays if the card in the slot is suspended or not.
Driver(s) Capable displays the OL* capability of the interface driver/s that
claimed the PCI device/s present in the slot. OLAR field displays whether the interface
driver/s are capable of OnLine Add/Replace operations. OLD field displays whether the
interface driver/s are capable of OnLine Deletion operation.
Max mode displays the maximum operating mode of the PCI Bus attached to the slot.
Mode displays the current operating mode of the PCI Bus attached to the slot. The
card inserted into the slot determines the current operating mode, together with the
capability of the slot’s PCI Bus. PCI and PCI-X are examples of different operating
modes.
-R slot_id Post Replace phase. The target slot power is turned ON. The suspended drivers are
resumed and the driver scripts (post_replace ) for the current slot and the affected
slots (if any) are run. The attention LED at the corresponding slot is set to OFF.
On systems with the capability to handle certain PCI hardware errors during the opera-
tion of PCI I/O cards, the post replace phase can be used to attempt recovery of the PCI
card and corresponding I/O slot from such errors.
-r slot_id Prepare to replace a card on the system at the specified slot. Critical Resource Analysis
(CRA) is run to ensure that the current card replacement on the system will not cause
disruption in the functioning of the system. The driver scripts (pref_replace and
prep_replace ) for the affected slots (if any) and the current slot are run. The
drivers associated with the current slot and affected slots are suspended. The target
slot is powered off and the attention LED is set to BLINK at the corresponding slot.

120 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

olrad(1M) olrad(1M)

If the -f option is specified, it overrides critical analysis (CRA) results. See the descrip-
tion for the -f option.
-v hw_path Displays driver information, such as current state, time-out, and so on. Output fields
are detailed below.
Name displays the interface driver name.
State displays the interface driver state. State will be RUNNING if the driver is
active. State will be SUSPENDED if the driver is suspended. When the driver is in a
transition state (say from RUNNING state to SUSPENDED state), this field will indi-
cate a state change in progress. For the rare occurrence of any internal errors during a
driver state transition, this field will indicate an operation timed out status.
Suspend time displays the approximate time required to suspend the interface
driver. The value displayed accounts for worst case scenarios, and the time taken would
normally be less than this.
Resume time displays the approximate time required to resume the interface driver.
The value displayed accounts for worst case scenarios, and the time taken would nor-
mally be less than this.
Remove time displays the approximate time required to delete the driver instance.
The value displayed accounts for worst case scenarios, and the time taken would nor-
mally be less than this. This field will be valid only if the target operating environment
supports OnLine Deletion.
Error time field is for future enhancements.
During the On-Line Replace operation of a card at a slot, olrad runs pref_replace and
prep_replace driver scripts during the pre-replace of the card (olrad -r slot_id) and
post_replace driver script in the post-OLR phase (olrad -R slot_id).
During the On-Line Addition operation of a card at the slot, olrad runs the post_add driver script in
the post add phase. Note that there are no preface and prepare driver scripts for OLA (olrad -A
slot_id).
During the On-Line Delete operation of a card at the slot, olrad runs prep_delete and the
post_delete driver scripts associated with the card at the slot.
For a given OL* operation on a slot, pref_replace driver scripts will always be run for all the affected
o
slots (meaning, slots sharing the same power domain)
An audit trail is logged onto NetTL log file whenever an OLA/OLR/OLD operation is initiated (see
nettl(1M)). This information is also written to standard output.

PCI Error Handling

Some systems have the capability to handle certain PCI hardware errors during the operation of PCI I/O
cards. When such errors occur, the operating system will automatically try and recover from the error.
However, on certain occasions the system cannot recover from the error automatically. In this scenario, the
software states of the components in error will be marked ERROR in ioscan output. If this occurs, the
following sequence can be tried from the olrad command to attempt a manual recovery at the slot:
1. If the slot is not already suspended, suspend it using:
olrad -r slot_id
2. Try a post replace operation at the slot using:
olrad -R slot_id
If the card/slot is recovered from the error and the post replace operation succeeds, software states of
the components recovered from the error will be restored to CLAIMED in ioscan output. If the post
replace operation fails and the error persists, one of the reasons could be that the card has gone bad.
The card in error can be replaced with another card of the same type, and a post replace operation can
be tried with the replaced card.
A complete description on PCI Error Handling is not covered here. For more details refer to documents on
PCI Error Handling available under the High Availability section at the http://docs.hp.com web-
site. Note that the sequence mentioned here for PCI Error Handling is generic. This is subject to changes
depending on different platforms and operating system releases.

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 121

 olrad(1M) olrad(1M)

Logging
olrad uses the NetTL subsystem to log errors and audit trail for all OLA/R/D operations performed on
slots. See nettl(1M).
olrad makes use of the sysadmin subsystem formatter to format the log messages.
The following details are not logged:
• CRA report when performing OLA/R/D,
• CRA report when using the -C option,
• Output of view information options such as -v , -c , -g , -h , -q , and -n .

EXAMPLES
Adding a New Card
1. Get the information about all the OLA/R/D capable slots. Make note of the slot_id field:
/usr/bin/olrad -q
2. Prepare to add:
/usr/bin/olrad -a slot_ID
3. Physically insert the card into the slot.
4. Post add:
/usr/bin/olrad -A slot_ID
Replacing a Card
1. Get information about all the OLA/R/D capable slots. Make note of the slot_id field:
/usr/bin/olrad -q
2. Prepare to replace:
/usr/bin/olrad -r slot_ID
3. Replace the faulty card in the slot with a working card. The new card must be identical as the card
being replaced.
4. Post Replace:
o /usr/bin/olrad -R slot_ID
Deleting a Card
1. Get information about all the OLA/R/D capable slots. Make note of the slot_id field:
/usr/bin/olrad -q
2. Delete the card:
/usr/bin/olrad -d slot_ID
3. Post Delete:
/usr/bin/olrad -D slot_ID
RETURN VALUE
olrad returns the cra-return values when invoked with -C (cra-only) option. The valid values are as fol-
lows:
0 CRA_SUCCESS
1 CRA_WARNING
2 CRA_DATA_CRITICAL
3 CRA_SYS_CRITICAL
4 CRA_FAILURE
For all other options olrad returns the following:
0 Successful completion.
-1 On failure. olrad also logs a message on the NetTL log file and to standard error.

122 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

olrad(1M) olrad(1M)

FILES
NetTL log file containing olrad audit trail and errors.

SEE ALSO
ioscan(1M), nettl(1M), netfmt(1M).
PCI Error Handling available under the High Availability section at http://docs.hp.com.

HP-UX 11i Version 3: February 2007 −6− Hewlett-Packard Company 123

 opx25(1M) opx25(1M)
(TO BE OBSOLETED)

NAME
opx25 - execute HALGOL programs

SYNOPSIS
/usr/lbin/uucp/X25/opx25 [-f scriptname ] [-c char ] [-ofile-descriptor ] [-ifile-descriptor ]
[-nstring ] [-d ] [-v ]

DESCRIPTION
The uucp commands, including opx25 , are targeted for removal from HP-UX; see the WARNINGS
below.
HALGOL is a simple language for communicating with devices such as modems and X.25 PADs. It has
simple statements similar to send xxx and expect yyy that are described below.

Options
opx25 recognizes the following options:
-f script Causes opx25 to read script as the input program. If -f is not specified, opx25
reads the standard input as a script.
-c char Causes opx25 to use char as the first character in the input stream instead of actu-
ally reading it from the input descriptor. This is useful sometimes when the program
that calls opx25 is forced to read a character but then cannot ‘‘unread’’ it.
-o number Causes opx25 to use number for the output file descriptor (i.e., the device to use for
send ). The default is 1.
-i number Causes opx25 to use ’number’ for the input file descriptor (ie, the device to use for
’expect’). The default is 0.
-n string Causes opx25 to save this string for use when \# is encountered in a send com-
mand.
-d Causes opx25 to turn on debugging mode.
-v Causes opx25 to turn on verbose mode.
An opx25 script file contains lines of the following types:
o (empty) Empty lines are ignored.
/ Lines beginning with a slash (/) are ignored (comments)
ID ID denotes a label, and is limited to alphanumerics or _.
send string string must be surrounded by double quotes. The text is sent to the device specified
by the -o option. Non-printable characters are represented as in C; i.e., as \DDD,
where DDD is the octal ascii character code. \# in a send string is the string that fol-
lowed the -n option.
break Send a break "character" to the device.
expect number string
Here number is how many seconds to wait before giving up. 0 means wait forever, but
this is not advised. Whenever string appears in the input within the time allotted, the
command succeeds. Thus, it is not necessary to specify the entire string. For exam-
ple, if you know that the PAD will send several lines followed by an @ prompt, you
could just use @ as the string.
run program args
The program (sleep , date , etc.) is run with the args specified. Do not use quotes
here. Also, the program is invoked directly (using execp ), so wild cards, redirection,
etc. are not possible.
error ID If the most recent expect or run encountered an error, go to the label ID.
exec program args
Similar to run , but does not fork.
echo string Similar to send , but goes to standard error instead of to the device.

124 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

opx25(1M) opx25(1M)
(TO BE OBSOLETED)

set debug Sets the program in debug mode. It echoes each line to /tmp/opx25.log, as well
as giving the result of each expect and run. This can be useful for writing new scripts.
The command set nodebug disables this feature.
set log Sends subsequent incoming characters to /var/uucp/.Log/LOGX25. This can be
used in the *.in file as a security measure, because part of the incoming data stream
contains the number of the caller. There is a similar feature in getx25 ; it writes the
time and the login name into the same logfile. The command set nolog disables
this feature.
set numlog Similar to set log , but better in some cases because it sends only digits to the log
file, and not other characters. The command set nonumlog disables this feature.
timeout number
Sets a global timeout value. Each expect uses time in the timeout reservoir; when
this time is gone, the program gives up (exit 1). If this command is not used, there is
no global timeout. Also, the global timeout can be reset any time, and a value of 0
turns it off.
exit number Exits with this value. 0 is success; anything else is failure.
To perform a rudimentary test of configuration files, run opx25 by hand, using the -f option followed by
the name of the script file. opx25 then sends to standard output and expects from standard input; thus
you can type the input, observe the output, and use the echo command to see messages. See the file
/usr/lbin/uucp/X25/ventel.out for a good example of HALGOL programming.
WARNINGS
Use of uucp commands, including opx25 , is discouraged because they are targeted for removal from
HP-UX. Use ftp(1) or rcp(1) instead.

AUTHOR
opx25 was developed by HP.
SEE ALSO
getx25(1), uucp(1).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 125

 ospf_monitor(1M) ospf_monitor(1M)

NAME
ospf_monitor - monitor OSPF (Open Shortest Path First protocol) gateways

SYNOPSIS
ospf_monitor mon_db_file
DESCRIPTION
Use the ospf_monitor command to query OSPF routers. The ospf_monitor command operates in
interactive mode. It allows the user to query the various OSPF routers to provide detailed information on
IO statistics, error logs, link-state data bases, AS external data bases, the OSPF routing table, configured
OSPF interfaces, and OSPF neighbors.
mon_db_file is the complete pathname of a database composed of records configuring destinations for
ospf_monitor remote commands. Each destination record is a single-line entry which lists the destina-
tion IP address, the destination hostname, and an OSPF authentication key (if authentication is activated
by the destination). Since authentication keys may be present in the destination records, it is recom-
mended that general access to this database be restricted.
Refer to RFC-1583 (OSPF Specification, version 2) for details about OSPF database and packet formats.

COMMANDS
Upon entering interactive mode, ospf_monitor presents this prompt:
[ # ] dest command params >
From this prompt, you can enter any of the ospf_monitor interactive commands. Interactive com-
mands can be interrupted at any time via a keyboard interrupt. Note that the command line length must
be less than 200 characters.

Local Commands
? Display all local commands and their functions.
?R Display all remote commands and their functions.
d Display all configured destinations. This command displays dest_index, the IP address, and the
hostname of all potential ospf_monitor command destinations configured in mon_db_file.
o h Display the command history buffer showing the last 30 interactive commands.
x Exit the ospf_monitor program.
@ remote_command Send remote_command to the same (previous) destination.
@dest_index remote_command Send remote_command to configured destination dest_index.
F filename Send all ospf_monitor output to filename.
S Send all ospf_monitor output to stdout.
Remote Commands
a area_id type ls_id adv_rtr
Display link state advertisement. area_id is the OSPF area for which the query is directed.
adv_rtr is the router-id of the router which originated this link state advertisement. type
specifies the type of advertisement to request and should be specified as follows:
1 Request the router links advertisements. They describe the collected states of the router’s
interfaces. For this type of request, the ls_id field should be set to the originating router’s
Router ID.
2 Request the network links advertisements. They describe the set of routers attached to the
network. For this type of request, the ls_id field should be set to the IP interface address of
the network’s Designated Router.
3 Request the summary link advertisements describing routes to networks. They describe
inter-area routes, and enable the condensing of routing information at area borders. For
this type of request, the ls_id field should be set to the destination network’s IP address.
4 Request the summary link advertisements describing routes to AS boundary routers. They
describe inter-area routes, and enable the condensing of routing information at area bord-
ers. For this type of request, the ls_id field should be set to the Router ID of the described
AS boundary router.

126 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

ospf_monitor(1M) ospf_monitor(1M)

5 Request the AS external link advertisements. They describe routes to destinations external
to the Autonomous System. For this type of request, the ls_id field should be set to the des-
tination network’s IP address.
c Display cumulative log. This log includes input/output statistics for monitor request, hello, data
base description, link-state request, link-state update, and link-state ack packets. Area statistics
are provided which describe the total number of routing neighbors and number of active OSPF
interfaces. Routing table statistics are summarized and reported as the number of intra-area
routes, inter-area routes, and AS external data base entries.
e Display cumulative errors. This log reports the various error conditions which can occur between
OSPF routing neighbors and shows the number of occurrences for each.
h Display the next hop list. This list of valid next hops is mostly derived from the SPF calculation.
l [retrans]
Display the link-state database (except for ASE’s). This table describes the routers and networks
making up the AS. If retrans is non-zero, the retransmit list of neighbors held by this lsdb struc-
ture will be printed.
A [retrans]
Display the AS external data base entries. This table reports the advertising router, forwarding
address, age, length, sequence number, type, and metric for each AS external route. If retrans is
non-zero, the retransmit list of neighbors held by this lsdb structure will be printed.
o [which]
Display the OSPF routing table. This table reports the AS border routes, area border routes,
summary AS border routes, networks, summary networks, and AS external networks currently
managed via OSPF. If which is omitted, all of the above will be listed. If specified, the value of
which (between 1 and 63) specifies that only certain tables should be displayed. The appropriate
value is determined by adding up the values for the desired tables from the following list:
1 Routes to AS border routers in this area.
2 Routes to area border routers for this area.
4 Summary routes to AS border routers in other areas.
8 Routes to networks in this area.
16 Summary routes to networks in other areas.
o
32 AS routes to non-OSPF networks.
I Display all interfaces. This report shows all interfaces configured for OSPF. Information reported
includes the area, interface IP address, interface type, interface state, cost, priority, and the IP
address of the DR and BDR for the network.
N Display all OSPF routing neighbors. Information reported includes the area, local interface
address, router ID, neighbor IP address, state, and mode.
V Display Gated version information.

AUTHOR
Rob Coltun of University of Maryland
Jeffrey C. Honig of Cornell University

SEE ALSO
gated(1M), gdc(1M), ripquery(1M), gated.conf(4).
GateD Documentation
GateD Configuration Guide

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 127

 owners(1M) owners(1M)

NAME
owners - list owners of outgoing network connections

SYNOPSIS
/usr/sbin/owners
DESCRIPTION
owners displays a list of established network connections which originate on this system, and indicates
the owners of each connection using the identd running on this system.

SEE ALSO
sendmail(1M).

128 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

parcreate(1M) parcreate(1M)

NAME
parcreate - create a new partition

SYNOPSIS
parcreate
-c cell :[celltype]:[use_on_next_boot]:[failure_usage][:clm_value]
[ -c cell :[celltype]:[use_on_next_boot]:[failure_usage] [:clm_value] ]...
[-b path] [-t path] [-s path] [-r cell] [-r cell]... [-T flag]
[-k s_lock] [-B] [-I IPaddress] [-L clm_value] [-P PartitionName]
[ [ -u username [:] -h IPaddress|hostname ]
| [ -g -h IPaddress|hostname ] ]

DESCRIPTION
The parcreate command creates a new partition. By default the new partition is created on the local
complex. Either the -u or the -g option can be specified to create a partition on the specified target (local
or remote) complex. The command takes the specified cells (and any attached I/O chassis) and assigns
them to the new partition. At least one of the cells specified must be attached to an I/O chassis that con-
tains core I/O. The command finds an available partition ID and assigns it to the new partition. It displays
the partition ID of the newly created partition on stdout.
By the nature of its operation, this command modifies the configuration of its target complex. Operation
can be affected by the state of the target complex’s nPartition Configuration Privilege. If the nPartition
Configuration Privilege is unrestricted (the default), or the complex is accessed using the -g option, crea-
tion of new partitions is allowed. Otherwise the command fails. The -g option is unaffected by the state of
the nPartition Configuration Privilege. Note: The state of the nPartition Configuration Privilege can only
be changed at the service processor’s Command menu.
Superuser permission is required to run this command on the local partition. If the -u or -g option is
used to access a remote partition or complex, superuser permission is not required on the local system, and
the local system need not exist on an nPartition. If the -u option is specified, username on the remote host
must have superuser permission or the command will fail.
Please refer to the nPartition Administrator’s Guide for a description of the partition management terms
used in this man page.

Options and Arguments

parcreate recognizes the following command line options and arguments:
-B Specifies that the new partition be booted. The default is not to boot. Note: On p
Itanium-based platforms this option has no effect, because boot paths cannot be set on
the new partition. Therefore, the partition cannot boot automatically. You must
manually boot up the partition from the SP console interface.
-b path Specifies the primary boot path. path specifies a physical hardware path. Note: On
Itanium-based platforms, boot paths cannot be set or modified on a non-local partition.
You must use the SP console interface to set any boot path of the newly created parti-
tion.
-c cell:[celltype]:[use_on_next_boot]:[failure_usage][:clm_value]
Identifies a cell to be assigned to the partition. To assign multiple cells to the parti-
tion, multiple -c options should be used.
cell specifies the cell ID. It can be specified either in the local (cabinet#/slot#) or glo-
bal (cell#) format. For example, the cell located in cabinet 0, slot 1 is identified in the
local format as 0/1 or in the global format as 1.
celltype specifies the type of the cell. The valid celltype values for a cell are:
base This is the default if celltype is not specified. A base cell in a partition
participates in interleaved memory.
use_on_next_boot specifies whether the cell will participate in a reboot. The valid
values for use_on_next_boot are:
y participate in reboot. This is the default. However if the slot is missing or the
cell does not exist or the cell is powered off then it defaults to n.
n do not participate in reboot.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 129

 parcreate(1M) parcreate(1M)

At least one of the cells specified using the -c option must contain core I/O with the
use_on_next_boot flag set to y.
failure_usage field is used by system firmware when a partition is booted. If a CPU
selftest failure or a DIMM deallocation occurs during the power-on self-test process,
then this flag is used by the system firmware to determine whether or not and how
the cell should be integrated into the partition at boot time. The valid failure_usage
values for a cell are:
ri reactivate with memory interleave. Specifies to integrate the cell as it
would normally be integrated. This is the default for base cells.
clm_value specifies the amount of the memory that will be configured as local (non-
interleaved) memory for the cell. The clm_value specified using the -c option takes
precedence over the clm_value specified using the -L option. The command will issue
a warning if the specified clm_value exceeds the total memory of the cell.
Note: On PA platforms, the amount of memory allocated for CLM may not match the
amount of CLM requested due to some memory being reserved exclusively by the
operating system.
If no clm_value is specified, maximum interleaved memory (no CLM) is assumed for
cells. The command will issue a warning if 100% CLM is specified for all the cells in
the partition. The clm_value can be expressed in two forms:
• As a percentage (ratio). The percent number can be any number in the range 0 -
100 with a suffix of "%". This number will be rounded up to 12.5%, 25%, 37.5%,
50%, 62.5%, 75%, 87% or 100%. If the cell contains less than 4 GB memory, then
the percentage will be rounded to 25%, 50%, 75% or 100%. The specified percen-
tage is applied each time the partition boots, thus resulting in a different value if
the working memory in the cell is different. For example, a cell in a partition has 8
GB memory and the user specifies 50% CLM. When the partition boots, 4 GB of
that cell’s memory will be used as CLM. Later the user shuts down the partition,
adds another 8 GB memory to that cell. When the partition is booted again, the
cell now has 16 GB of memory, so 8 GB (50%) is allocated as CLM.
• As an absolute number (default). This can also be optionally suffixed by "GB". The
clm_value is interpreted as an absolute number of gigabytes of memory. Numbers
other than integers and halves are rounded up to the nearest 0.5 GB. For exam-
ple, 2.5 GB will not be rounded up. However 2.3 GB will be rounded up to 2.5 GB.
p For example, a cell in a partition has 8 GB memory and the user specifies 4 GB
CLM. When the partition boots 4 GB of that cell’s memory will be used as CLM.
Later the user shuts down the partition, adds another 8 GB memory to that cell.
When the partition is booted again, the cell now has 16 GB of memory, but the
CLM is still 4 GB.
-g Allows access to the complex specified by the -h option. The accessed complex is then
considered the target complex. Access is through the service processor’s LAN port.
The -h option is required if this option is used.
If this option is specified, the command prompts for the password.
If an error is reported when you attempt to connect using this option, check to see
that IPMI LAN access has not been disabled on the remote service processor. Access
to the complex through IPMI over LAN can be enabled or disabled by logging on to
the service processor and using the SA command from the Command Menu.
The -u and -g options are mutually exclusive.
-h IPaddress|hostname
This option should only be used in combination with either the -u or -g option.
IPaddress|hostname specifies the IP address or hostname of the target partition (-u)
or complex (-g).
-I IPaddress Specifies the IP address that should be used by management tools such as parmgr to
address this partition. This value must be consistent with the IP address that is
assigned to the partition once HP-UX is installed and networking is configured.

130 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

parcreate(1M) parcreate(1M)

-k s_lock Specifies a lock key for the Stable Complex Configuration Data provided by parmgr .
Note: The -k option is intended for use by system management tools which invoke
the parcreate command programmatically. Command line users should avoid this
option.
-L clm_value Specifies the amount of the memory that will be used as local (non-interleave)
memory per cell. The clm_value specified using the -c option takes precedence over
the clm_value specified using the -L option. Please refer to the explanation of the -c
option for details of the clm_value formats.
-P PartitionName Specifies the name of the new partition. The characters which can appear in a valid
partition name are a-z, A-Z, 0-9, - (dash), _ (underscore), " " (space) and . (period).
If the partition name includes space then the name should be enclosed within double
quotes. The partition name can have a maximum of 64 characters. The partition
name should not start with a dash (-).
-r cell Specifies the core cell choices. A core cell choice is a configured cell which has
attached core IO. If the core cell of a partition is deleted then the firmware will select
the first core cell choice as the next core cell. One to four core cell choices can be
specified. The first cell specified is the first core cell choice, the second cell specified is
the second core cell choice, the third cell specified is the third core cell choice and the
fourth cell specified is the fourth core cell choice.
A cell can be specified either in the local (cabinet#/slot#) or global (cell#) format. For
example, the cell located in cabinet 0, slot 1 is identified in the local format as 0/1 or in
the global format as 1.
-s path Specifies the secondary boot path. path specifies a physical hardware path. Note: On
Itanium-based platforms, boot paths cannot be set or modified on a non-local partition.
You must use the SP console interface to set any boot path of the newly created parti-
tion.
-T flag Specifies whether Hyper-Threading should be enabled or not (only if cell support this
feature). By default Hyper-Threading is disabled. The valid values for flag are:
y enables Hyper-Threading, which allows multiple threads to run concurrently on
each CPU.
n disables Hyper-Threading, this is the default value.
-t path Specifies the alternate boot path. path specifies a physical hardware path. Note: On
Itanium-based platforms, boot paths cannot be set or modified on a non-local partition.
You must use the SP console interface to set any boot path of the newly created parti-
p
tion.
-u username[:] Specifies the required authorization to access a partition other than the local system
(but can also be used as a loopback access to the local partition).
The -h option is required if this option is used.
If this option is specified, the command prompts for the password.
username specifies a configured user name on the target partition.
Note: This command is a Web-Based Enterprise Management (WBEM) Client Appli-
cation. The -u option accesses the target partition using a Secure Sockets Layer
(SSL) connection. If errors are reported, check that the conditions described in the
DEPENDENCIES section are satisfied.

Mapping of Global Cell Numbers to Local Cell Numbers

The cabinets in a complex are numbered starting from 0. The cell slots in each cabinet are also numbered
starting from 0. Each cabinet can have a maximum of 8 cells. For example, the cells located in cabinet 0
will have the following cell numbers in global format: 0, 1, 2, 3, 4, 5, 6, 7. The cell numbers in correspond-
ing local format will be 0/0, 0/1, 0/2, 0/3, 0/4, 0/5, 0/6, 0/7.
Similarly the cells located in cabinet 1 will have the following cell numbers in global format: 8, 9, 10, 11, 12,
13, 14, 15. The cell numbers in corresponding local format will be 1/0, 1/1, 1/2, 1/3, 1/4, 1/5, 1/6, 1/7.
From the above convention the cell located in cabinet 1, slot 0 is identified in the local format as 1/0 or in
the global format as 8. The parstatus command displays the above cell as "cab1,cell0". The cell located
in cabinet 1, slot 4 is identified in the local format as 1/4 or in the global format as 12. The parstatus

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 131

 parcreate(1M) parcreate(1M)

command displays the above cell as "cab1,cell4". See parstatus(1).

RETURN VALUE
The parcreate command exits with one of the following values:
0 Successful completion.
1 Error condition occurred.

EXAMPLES
Create a new partition myPartition with two cells. One of the cells is located in cabinet 0, slot 4. The
celltype for the cell is base . The failure_usage policy for this cell is ri . The CLM value for this cell is 1
GB.
The other cell is located in cabinet 0, slot 6. The celltype and failure_usage are not specified for this cell.
The use_on_next_boot for both cells is y.
parcreate -P myPartition -c 0/4:base:y:ri:1GB
-c 6::y: -b 0/0/1/2.6 -t 0/0/1/3.6
-s 0/0/1/4.6 -r 0/4
Create a new partition nextPartition with two cells. The cells are located in cabinet 0, slot 0 and slot
1. This example uses the default values for the cells. The default celltype will be base .
The default failure_usage policy will be ri . The default use_on_next_boot will be y. By default there will
be no CLM for the cells.
parcreate -P nextPartition -c 0::: -c 0/1:::
WARNINGS
Activation of Instant Capacity (iCAP) components (cells and CPUs) is possible with the parcreate com-
mand. This may result in the requirement to purchase such components to stay in compliance with a
customer’s iCAP contract.

DEPENDENCIES
This command uses the Web-Based Enterprise Management (WBEM) product and some of its configuration
settings. If you encounter connection errors when using the -u option, check that the following two condi-
tions are satisfied:
• Use the cimconfig command (see cimconfig(1M) in the WBEM product documentation) to verify (and
correct if necessary) the setting of the following two variables:
p • enableRemotePrivilegedUserAccess=true
• enableHttpsConnection=true
• The target partition’s digital certificate has been appended to the local partition’s Shared Authentication
Store. For the nPartition commands, the Shared Authentication Store is stored in the file:
/etc/opt/hp/sslshare/known_hosts.pem. This file is used by all the clients, which use SSL
based certificates. If these clients trust a target partition, then the nPartition commands will also trust
the target partition.
Refer to the WBEM documents specified in the SEE ALSO section below for further information.

AUTHOR
parcreate was developed by the Hewlett-Packard Company.
SEE ALSO
fruled(1), parstatus(1), cplxmodify(1M), frupower(1M), parmgr(1M), parmodify(1M), parremove(1M),
parunlock(1M), partition(5).
nPartition Administrator’s Guide on http://docs.hp.com,
HP WBEM Services for HP-UX System Administrator’s Guide on http://docs.hp.com,
HP WBEM Services for HP-UX 11i v2.0 on Integrity Servers Version A.01.05 Release Notes on
http://docs.hp.com.

132 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

parmodify(1M) parmodify(1M)

NAME
parmodify - modify an existing partition

SYNOPSIS
parmodify -p PartitionNumber
{-a cell :[celltype]:[use_on_next_boot]:[failure_usage][:clm_value]
[-a cell :[celltype]:[use_on_next_boot]:[failure_usage] [:clm_value]]...
|-m cell :[celltype]:[use_on_next_boot]:[failure_usage][:clm_value]
[-m cell :[celltype]:[use_on_next_boot]:[failure_usage] [:clm_value]]...
|-d cell [-d cell]...
|-B
|-r cell [-r cell]...
|-T flag]
|-u username [:] -h IPaddress|hostname
|-g -h IPaddress|hostname
|-I IPaddress |-b path |-t path |-s path
|-P PartitionName |-k s_lock:p_lock }
DESCRIPTION
The parmodify command is used to modify the attributes of an existing partition. By default the target
partition is the local partition. Either the -u or the -g option can be specified to allow this command to
modify any other partition in the (local or remote) complex. This command can modify the following attri-
butes:
Partition name
Cell assignment:
Add cells to the partition
Delete cells from the partition
Attributes of existing cells:
celltype
use_on_next_boot
failure_usage
clm_value (cell local memory)
Core cell choices
Primary boot path
HA Alternate boot path
Secondary boot path
Partition’s IP address p
By the nature of its operation, this command can modify the configuration of its target complex. Operation
can be affected by the state of the target complex’s nPartition Configuration Privilege. If the nPartition
Configuration Privilege is unrestricted (the default), or the complex is accessed using the -g option, all
operations are allowed. Otherwise any of the operations below causes the command to fail:
• add cells to any partition in the complex
• delete cells from any partition in the complex
• modify the CLM parameters of any cell in the complex
The -g option is unaffected by the state of the nPartition Configuration Privilege. Note: The state of the
nPartition Configuration Privilege can only be changed at the service processor’s Command menu.
Superuser permission is required to run this command on the local partition. If the -u or -g option is
used to access a remote partition or complex, superuser permission is not required on the local system, and
the local system need not exist on an nPartition. If the -u option is specified, username on the remote host
must have superuser permission or the command will fail.
Refer to the nPartition Administrator’s Guide for a description of the partition management terms used in
this man page.

Options and Arguments

parmodify recognizes the following command line options and arguments:
-p PartitionNumber
Specifies the partition to be modified. PartitionNumber specifies the unique number
(integer) assigned to the partition when it was created. Note: The partition which is
specified to be modified is called the target partition. The partition in which the

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 133

 parmodify(1M) parmodify(1M)

command is executing is called the local partition.

One or more of the following options must be specified with the -p option:
-a cell:[celltype]:[use_on_next_boot]:[failure_usage][:clm_value]
Assigns the specified cell to the target partition. To assign multiple cells to the parti-
tion, multiple -a options should be used.
cell specifies the cell id. It can be specified either in the local (cabinet#/slot#) or global
(cell#) format. For example, the cell located in cabinet 0, slot 1 is identified in the
local format as 0/1 or in the global format as 1.
celltype specifies the type of the cell. The valid celltype values for a cell are:
base This is the default if celltype is not specified.
use_on_next_boot specifies whether the cell will participate in a reboot. The valid
values for use_on_next_boot are:
y participate in reboot. This is the default. However if the slot is missing, or the
cell does not exist, or the cell is powered off, then it defaults to n.
n do not participate in reboot.
failure_usage field is used by system firmware when a partition is booted. If a CPU
selftest failure or a DIMM de-allocation occurs during the power-on self-test process
then this flag is used by the system firmware to determine whether or not and how
the cell should be integrated into the partition at boot time. The valid failure_usage
value for cells is:
ri reactivate with memory interleave. Specifies to integrate the cell as it
would normally be integrated. This is the default for base cells.
clm_value specifies the amount of the memory that will be configured as local (non-
interleaved) memory for the cell. The command issues a warning if the specified
clm_value exceeds the total memory of the cell.
Note: On PA platforms, the amount of memory allocated for CLM may not match the
amount of CLM requested due to some memory being reserved exclusively by the
operating system.
If no clm_value is specified, maximum interleaved memory (no clm) is assumed for
cells. The command will issue a warning if 100% CLM is specified for all the cells in
the partition. The clm_value can be expressed in two forms:
p • As a percentage (ratio). The percent number can be any number in the range 0 -
100 with a suffix of "%". This number will be rounded up to 12.5%, 25%, 37.5%,
50%, 62.5%, 75%, 87% or 100%. If the cell contains less than 4 GB memory, then
the percentage will be rounded to 25%, 50%, 75% or 100%. The specified percen-
tage is applied each time the partition boots, thus resulting in a different value if
the working memory in the cell is different. For example, a cell in a partition has 8
GB memory and the user specifies 4 GB CLM. When the partition boots 4 GB of
that cell’s memory will be used as CLM. Later the user shuts down the partition,
adds another 8 GB memory to that cell. When the partition is booted again, the
cell now has 16 GB of memory, so 8 GB (50%) is allocated as CLM.
• As an absolute number (default). This can also be optionally suffixed by "GB". The
clm_value is interpreted as an absolute number of gigabytes of memory. Numbers
other than integers and halves are rounded up to the nearest 0.5 GB. For exam-
ple: 2.5 GB will not be rounded up. However 2.3 GB will be rounded up to 2.5 GB.
For example, a cell in a partition has 8 GB memory and the user specifies 50%
CLM. When the partition boots 4 GB of that cell’s memory will be used as CLM.
Later the user shuts down the partition, adds another 8 GB memory to that cell.
When the partition is booted again, the cell now has 16 GB of memory, but the
CLM is still 4 GB.
-B Specifies to reboot the partition now. The default is not to boot. If this option is
specified and the partition to be modified is not the local partition, then the command
proceeds only if the specified partition is not active. Also this option is useful only if
the -a option or the -d option or a clm_value has been specified.
-b path Specifies the primary boot path. path specifies a physical hardware path. Note: On
Itanium-based platforms, only boot paths of the local partition can be modified.

134 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

parmodify(1M) parmodify(1M)

-d cell Delete the specified cell(s) from the partition. If the cell which is being deleted is an
active cell then after the execution of the parmodify command the user must shut-
down the partition using the shutdown -R command for the configuration change
to take effect. If the -B option is also specified then the partition will boot up to the
command prompt. If the -B option is not specified then the partition will have to be
booted manually from the service processor. Deletion of inactive cells does not require
a shutdown of the partition.
A cell can be specified either in the local (cabinet#/slot#) or global (cell#) format. For
example, the cell located in cabinet 0, slot 1 is identified in the local format as 0/1 or in
the global format as 1.
-g Allows access to the complex specified by the -h option. The accessed complex is then
considered the target complex. Access is through the service processor’s LAN port.
The -h option is required if this option is used.
If this option is specified, the command prompts for the password.
If an error is reported when you attempt to connect using this option, check to see
that IPMI LAN access has not been disabled on the remote service processor. Access
to the complex through IPMI over LAN can be enabled or disabled by logging on to
the service processor and using the SA command from the Command Menu.
The -u and -g options are mutually exclusive.
-h IPaddress|hostname
This option should only be used in combination with either the -u or -g option.
IPaddress|hostname specifies the IP address or hostname of the target partition (-u)
or complex (-g).
-I IPaddress Specifies the IP address that should be used by management tools such as parmgr to
address the target partition. This value must be consistent with the IP address that is
assigned to the partition once HP-UX is installed and networking is configured.
-k s_lock :p_lock Specifies the lock keys provided by parmgr for the Stable Complex Configuration
Data and Partition Configuration Data. The lock keys should always be specified in
pairs. If either lock key is not available -1 should be specified as a placeholder. For
example: if the s_lock is available but the p_lock is not available, then it should be
specified as -k s_lock:-1.
Note: The -k option is intended for use by system management tools which invoke the p
parmodify command programmatically. Command line users should avoid this
option.
-m cell:[celltype]:[use_on_next_boot]:[failure_usage][:clm_value]
Modify attributes of cell(s) already assigned to the target partition. Please refer to the
explanation of the -a option for details of the different fields in this option argument.
Note:
• The use_on_next_boot field of the last cell containing core I/O cannot be modified to
n.
• If modifying the CLM value of a cell in any partition other than the local partition,
it is preferable to use the -u option.
-P Partition Name Specifies the name of the partition. The characters which can appear in a valid parti-
tion name are a-z, A-Z, 0-9, - (dash), _ (underscore), " " (space) and . (period). If
the partition name includes a space then the name should be enclosed in double
quotes. The partition name can have a maximum of 64 characters; it should not start
with a dash (-).
-r cell Specifies the core cell choices. A core cell choice is a configured cell which has
attached core I/O. If the core cell of a partition is deleted then the firmware will
select the first core cell choice as the next core cell. One to four core cell choices can
be specified. The first cell specified is the first core cell choice, the second cell
specified is the second core cell choice, the third cell specified is the third core cell
choice and the fourth cell specified is the fourth core cell choice. Use of this option
will override previous core cell choices. So, if the order of a given cell is changing, all
of the core cell choices should be specified in the new order.

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 135

 parmodify(1M) parmodify(1M)

A cell can be specified either in the local (cabinet#/slot#) or global (cell#) format. For
example, the cell located in cabinet 0, slot 1 is identified in the local format as 0/1 or in
the global format as 1.
-s path Specifies the secondary boot path. path specifies a physical hardware path. Note: On
Itanium-based platforms, only boot paths of the local partition can be modified.
-T flag Specifies that whether Hyper-Threading should be enabled or not (only if cell support
this feature). If this option is not specified, Hyper-Threading property will not be
changed. The valid values for flag are:
y enables Hyper-Threading, which allows multiple threads to run concurrently on
each CPU.
n disables Hyper-Threading.
-t path Specifies the alternate boot path. path specifies a physical hardware path. Note: On
Itanium-based platforms, only boot paths of the local partition can be modified.
-u username[:] Specifies the required authorization to access a partition other than the local system
(but can also be used as a loopback access to the local partition).
The -h option is required if this option is used.
If this option is specified, the command prompts for the password.
username specifies a configured user name on the target partition.
Note: This command is a Web-Based Enterprise Management (WBEM) Client Appli-
cation. The -u option accesses the target partition using a Secure Sockets Layer
(SSL) connection. If errors are reported, check that the conditions described in the
DEPENDENCIES section are satisfied.

Mapping of Global Cell Numbers to Local Cell Numbers

The cabinets in a complex are numbered starting from 0. The cell slots in each cabinet are also numbered
starting from 0. Each cabinet can have a maximum of 8 cells. For example, the cells located in cabinet 0
will have the following cell numbers in global format: 0, 1, 2, 3, 4, 5, 6, 7. The cell numbers in correspond-
ing local format will be 0/0, 0/1, 0/2, 0/3, 0/4, 0/5, 0/6, 0/7.
Similarly the cells located in cabinet 1 will have the following cell numbers in global format: 8, 9, 10, 11, 12,
13, 14, 15. The cell numbers in corresponding local format will be 1/0, 1/1, 1/2, 1/3, 1/4, 1/5, 1/6, 1/7.
From the above convention the cell located in cabinet 1, slot 0 is identified in the local format as 1/0 or in
p the global format as 8. The parstatus(1) command will display the above cell as "cab1,cell0". The cell
located in cabinet 1, slot 4 is identified in the local format as 1/4 or in the global format as 12. The par-
status(1) command will display the above cell as "cab1,cell4".

RETURN VALUE
The parmodify command exits with one of the following values:
0 Successful completion.
1 Error condition occurred.

EXAMPLES
Add a new cell in cabinet 0 slot 5 to the existing Partition 2.
parmodify -p 2 -a 0/5:base:y:ri:50% -B
Delete a cell in cabinet 0 slot 5 from the existing Partition 2.
parmodify -p 2 -d 5
WARNINGS
On a partition whose hardware resources are managed under an Instant Capacity (iCAP) license, the par-
modify command fails if a configuration change would take the partition out of compliance.
Examples of such actions include:
• Assigning an iCAP cell to a partition, specifying "y" for the cell’s use_on_next_boot field.
• Changing an iCAP cell’s use_on_next_boot field to "y" after assigning it to a partition.
• Assigning a cell containing iCAP-licensed CPUs to a partition that is not running, or that does not have
the iCAP software installed.

136 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

parmodify(1M) parmodify(1M)

For more information about actions that are restricted on iCAP partitions, refer to the HP Instant Capacity
User’s Guide located at http://docs.hp.com.

DEPENDENCIES
This command uses the Web-Based Enterprise Management (WBEM) product and some of its configuration
settings. If you encounter connection errors when using the -u option, check that the following two condi-
tions are satisfied:
• Use the cimconfig command (see cimconfig(1M) in the WBEM product documentation) to verify (and
correct if necessary) the setting of the following two variables:
• enableRemotePrivilegedUserAccess=true
• enableHttpsConnection=true
• The target partition’s digital certificate has been appended to the local partition’s Shared Authentication
Store. For the nPartition commands, the Shared Authentication Store is stored in the file:
/etc/opt/hp/sslshare/known_hosts.pem. This file is used by all the clients, which use SSL
based certificates. If these clients trust a target partition, then the nPartition commands will also trust
the target partition.
Refer to the WBEM documents specified in the SEE ALSO section below for further information.

AUTHOR
parmodify was developed by the Hewlett-Packard Company.
SEE ALSO
fruled(1), parstatus(1), cplxmodify(1M), frupower(1M), parcreate(1M), parmgr(1M), parremove(1M),
parunlock(1M), partition(5).
nPartition Administrator’s Guide on http://docs.hp.com,
HP WBEM Services for HP-UX System Administrator’s Guide on http://docs.hp.com,
HP WBEM Services for HP-UX 11i v2.0 on Integrity Servers Version A.01.05 Release Notes on
http://docs.hp.com.

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 137

 parolrad(1M) parolrad(1M)

NAME
parolrad - online activation of a cell from nPartition; cancel online cell operation; monitor online cell opera-
tion; reset hung cell during cell activation

SYNOPSIS
parolrad
{-a cell
|-c sequence#
|-r cell
|-m
|-x
|-f
|-u username [:] -h IPaddress|hostname }
DESCRIPTION
The parolrad command performs several cell online functions such as cell online activation
canceling online activations or monitoring an online cell operation, and resetting a cell that is hung during
cell online activations. The target partition is the local partition by default. When an online operation is
initiated, a sequence number is returned and displayed on standard output.
The online operation can be affected by the state of the target complex’s nPartition Configuration Privilege.
A complex can be configured at the service processor’s Command menu. If the nPartition Configuration
Privilege is unrestricted (the default), all operations are allowed. If it is not unrestricted and this command
is invoked to reset a cell that is hung in a non-local partition, the command will fail.
Refer to the HP System Partitions Guide for a description of the partition management terms used in this
man page.

Options and Arguments

parolrad recognizes the following command line options and arguments.
-a cell Online activation of a cell in the target partition. The specified target cell should be
assigned to the target partition. The use_on_next_boot flag of the cell should be set to
y. The system firmware on the target cell needs to support online cell operations. The
underlying operating system in the target nPartition also needs to support online cell
operations. The cell must be in the Boot Is Blocked (BIB) state and no other online cell
operations may be in progress. The active cell’s system firmware needs to support
online cell operations.
p cell specifies the cell id. It can be specified either in the local (cabinet#/slot#) or global
(cell#) format. For example, the cell located in cabinet 0, slot 1 is identified in the local
format as 0/1 or in the global format as 1.
-c sequence# Cancel an online cell operation.
sequence# specifies the sequence number for canceling the online cell operation. This
sequence number is returned back to the user when an online cell operation is initiated.
The sequence number can also be determined by using the parstatus command.
-f Initiate the online cell operation without prompting for confirmation. By default online
cell operations prompt for confirmation whether to continue with the operation or not.
-h IPaddress|hostname
This option should only be used in with the -u option. IPaddress|hostname specifies
the IP address or hostname of the target partition (-u).
-m Monitor a currently executing online cell operation.
The information displayed includes: status of the online cell operation, type of online cell
operation in progress, result of online cell operation upon completion, and so on.
-r cell Reset an in-flight cell which failed during an online cell operation.
cell specifies cell id. It can be specified either in the local (cabinet#/slot#) or global
(cell#) format. For example, the cell located in cabinet 0, slot 1 is identified in the local
format as 0/1 or in the global format as 1.
-x Turn off monitoring. By default, the parolrad command monitors the status of
online cell operations.

138 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

parolrad(1M) parolrad(1M)

-u username[:] Specify the username for accessing a partition other than the local system. This option
can also be used for loopback access to the local partition.
The colon (:) is optional and is present for Linux compatibility reasons.
The -h option is required if this option is used.
If this option is specified, the command prompts for the password.
username specifies a configured user name on the target partition.
Note: This command is a Web-based Enterprise Management (WBEM) Client Applica-
tion. The -u option accesses the target partition using a Secure Sockets Layer (SSL)
connection. If errors are reported, check that the conditions described in the DEPEN-
DENCIES section are satisfied.

Mapping of Global Cell Numbers to Local Cell Numbers

The cabinets in a complex are numbered starting from 0. The cell slots in each cabinet are also numbered
starting from 0. Each cabinet can have a maximum of eight cells. For example, the cells located in cabinet
0 will have the following cell numbers in global format: 0, 1, 2, 3, 4, 5, 6, 7. The corresponding local format
cell numbers are: 0/0, 0/1, 0/2, 0/3, 0/4, 0/5, 0/6, 0/7.
Similarly the cells located in cabinet 1 will have the following cell numbers in global format: 8, 9, 10, 11, 12,
13, 14, 15. The corresponding local format cell numbers are: 1/0, 1/1, 1/2, 1/3, 1/4, 1/5, 1/6, 1/7.
For example, the cell located in cabinet 1, slot 0 is identified in local format as 1/0 and in global format as 8.
The parstatus command will display this cell as "cab1,cell0". For another example, the cell located in
cabinet 1, slot 4 is identified in local format as 1/4 and in global format as 12. The parstatus command
will display this cell as "cab1,cell4".

RETURN VALUES
The parolrad command exits with one of the following values:
0 Successful completion
1 Error condition occurred.

EXAMPLES
Add a new cell in cabinet 0 slot 2 to the local partition 0.
parmodify -p 0 -a 0/2:base:y:ri:50%
Activate the added cell online. p
parolrad -a 0/2
Monitor an online cell operation currently in progress.
parolrad -m
DEPENDENCIES
This command uses the Web-Based Enterprise Management (WBEM) product and some of its configuration
settings. If you encounter connection errors when using the -u option, check that the following two condi-
tions are satisfied:
• Use the cimconfig command (see cimconfig(1M) in the WBEM product documentation) to verify (and
correct if necessary) the setting of the following two variables:
• enableRemotePrivilegedUserAccess=true
• enableHttpsConnection=true
• The target partition’s digital certificate has been appended to the local partition’s Shared Authentication
Store. For the nPartition commands, the Shared Authentication Store is stored in the file:
/etc/opt/hp/sslshare/known_hosts.pem. This file is used by all the clients, which use SSL
based certificates. If these clients trust a target partition, then the nPartition commands will also trust
the target partition.
Refer to the WBEM documents specified in the SEE ALSO section below for further information.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 139

 parolrad(1M) parolrad(1M)

AUTHOR
parolrad was developed by HP.
SEE ALSO
fruled(1), parstatus(1), cplxmodify(1M), frupower(1M), parcreate(1M), parmgr(1M), parmodify(1M),
parremove(1M), parunlock(1M), partition(5).
HP System Partitions Guide on http://docs.hp.com,
HP WBEM Services for HP-UX System Administrator’s Guide on http://docs.hp.com,
HP WBEM Services for HP-UX 11i v2.0 on Integrity Servers Version A.01.05 Release Notes on
http://docs.hp.com.

140 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

parremove(1M) parremove(1M)

NAME
parremove - remove an existing partition

SYNOPSIS
parremove -p PartitionNumber [-F] [-k s_lock :p_lock]
[ [ -u username [:] -h IPaddress|hostname
| [-g -h IPaddress|hostname ] ]

DESCRIPTION
The parremove command removes an existing partition. This will unassign all cells from the partition
and destroy the partition definition. PartitionNumber, the target partition, must be inactive except when
the -F option is used. Even then, one of the following additional conditions must be satisfied:
• The target partition must be the local partition, the partition executing the parremove com-
mand. If the -u and -h options are specified, the partition they access is considered to be the
local partition.
• The -g option must be used to access the complex in which the target partition is configured.
By default, the target partition is assumed to be configured in the same complex as the local partition. The
-u and -g options allow the parremove command to remove a partition on the specified target (local or
remote) complex.
Superuser permission is required to run this command on the local partition. If the -u or -g option is
used to access a remote partition or complex, superuser permission is not required on the local system, and
the local system need not exist on an nPartition. If the -u option is specified, username on the remote host
must have superuser permission or the command will fail.
By the nature of its operation, the parremove command modifies the configuration of its target complex.
Operation is affected by the state of the target complex’s nPartition Configuration Privilege. If the nParti-
tion Configuration Privilege is unrestricted (the default), or the complex is accessed using the -g option, all
operations are allowed. Otherwise the command fails. The -g option is unaffected by the state of the
nPartition Configuration Privilege. Note: The state of the nPartition Configuration Privilege can only be
changed at the service processor’s Command menu. This should be kept in mind when reading the Options
and Arguments section.
Refer to the nPartition Administrator’s Guide for a description of the partition management terms used in
this man page.

Options and Arguments p

parremove recognizes the following command line options and arguments:
-p PartitionNumber
Specifies the partition to be removed. PartitionNumber specifies the unique partition
number (integer) assigned to the partition when it was created. If neither the -u nor
-g option is specified, the target partition is in the local complex. Otherwise it is in
the complex determined by either of those options.
In either case, the target partition must be inactive unless the -F option has been
specified and one of the following conditions is also satisfied:
• The target partition must be the local partition, the partition executing the par-
remove command. If the -u and -h options are specified, the partition they
access is considered to be the local partition.
• The -g option must be used to access the complex in which the target partition is
configured.
-F Forcibly remove the partition. This option is required if you are removing your own
local partition, which is active by definition, or if you are using the -g option to
remove an active partition in the target complex. It is ignored otherwise.
If you are removing an active partition, the partition is marked for removal. This
action is irreversible. However, the partition is not actually removed until it is shut-
down using the -R[-H] option of the shutdown command (see shutdown(1M)).
-g Allows access to the complex specified by the -h option. The accessed complex is then
considered the target complex. Access is through the service processor’s LAN port.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 141

 parremove(1M) parremove(1M)

The -h option is required if this option is used.

If this option is specified, the command prompts for the password.
If an error is reported when you attempt to connect using this option, check to see
that IPMI LAN access has not been disabled on the remote service processor. Access
to the complex through IPMI over LAN can be enabled or disabled by logging on to
the service processor and using the SA command from the Command Menu.
The -u and -g options are mutually exclusive.
-h IPaddress|hostname
This option should only be used in combination with either the -u or -g option.
IPaddress|hostname specifies the IP address or hostname of the target partition (-u)
or complex (-g).
-k s_lock :p_lock Note: The -k option is intended for use by system management tools which invoke
the parremove command programmatically. Command line users should avoid this
option.
The -k option specifies the lock keys provided by Partition Manager ( parmgr )for
Complex Configuration Data and Partition Configuration Data.
Lock keys should always be specified in pairs. If either lock key is not available, enter
-1 as a placeholder. For example, if the s_lock key is available but the p_lock key is
not, then the option should be specified as -k s_lock:-1.
-u username[:] Specifies the required authorization to access a partition other than the local system
(but can also be used as a loopback access to the local partition). The complex to be
modified is the one in which this target partition resides.
The -h option is required if this option is used.
If this option is specified, the command prompts for the password.
username specifies a configured user name on the target partition.
Note: This command is a Web-Based Enterprise Management (WBEM) Client Appli-
cation. The -u option accesses the target partition using a Secure Sockets Layer
(SSL) connection. If errors are reported, check that the conditions described in the
DEPENDENCIES section are satisfied.
p RETURN VALUE
The parremove command exits with one of the following values:
0 Successful completion.
1 Error condition occurred.

EXAMPLES
Remove the inactive partition whose PartitionNumber is 2:
parremove -p 2
Remove an inactive partition in the same complex as the remote host Penzance:
parremove -p 0 -u RemoteAdmin: -h Penzance
RemoteAdmin must have superuser permissions on Penzance. The command prompts for the password.

DEPENDENCIES
This command uses the Web-Based Enterprise Management (WBEM) product and some of its configuration
settings. If you encounter connection errors when using the -u option, check that the following two condi-
tions are satisfied:
• Use the cimconfig command (see cimconfig(1M) in the WBEM product documentation) to verify (and
correct if necessary) the setting of the following two variables:
• enableRemotePrivilegedUserAccess=true
• enableHttpsConnection=true
• The target partition’s digital certificate has been appended to the local partition’s Shared Authentication
Store. For the nPartition commands, the Shared Authentication Store is stored in the file:

142 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

parremove(1M) parremove(1M)

/etc/opt/hp/sslshare/known_hosts.pem. This file is used by all the clients, which use SSL
based certificates. If these clients trust a target partition, then the nPartition commands will also trust
the target partition.
Refer to the WBEM documents specified in the SEE ALSO section below for further information.

AUTHOR
parremove was developed by the Hewlett-Packard Company.
SEE ALSO
fruled(1), parstatus(1), cplxmodify(1M), frupower(1M), parcreate(1M), parmgr(1M), parmodify(1M),
parunlock(1M), partition(5).
nPartition Administrator’s Guide on http://docs.hp.com,
HP WBEM Services for HP-UX System Administrator’s Guide on http://docs.hp.com,
HP WBEM Services for HP-UX 11i v2.0 on Integrity Servers Version A.01.05 Release Notes on
http://docs.hp.com.

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 143

 parunlock(1M) parunlock(1M)

NAME
parunlock - unlock stable complex profile or cancel pending changes to complex or partition configuration
data

SYNOPSIS
parunlock -p PartitionNumber [-s] [-d] [-P] [-c cell]
[ [ -u username [:] -h IPaddress|hostname ]
| [ -g -h IPaddress|hostname ] ]
parunlock -s [-d] [-P] [-c cell] [-p PartitionNumber]
[ [ -u username [:] -h IPaddress|hostname ]
| [ -g -h IPaddress|hostname ] ]
parunlock -d [-s] [-P] [-c cell] [-p PartitionNumber]
[ [ -u username [:] -h IPaddress|hostname ]
| [ -g -h IPaddress|hostname ] ]
parunlock -c cell [-d] [-s] [-P] [-p PartitionNumber]
[ [ -u username [:] -h IPaddress|hostname ]
| [ -g -h IPaddress|hostname ] ]
parunlock -P [-A] [-s] [-d] [-c cell] [-p PartitionNumber]
[ [ -u username [:] -h IPaddress|hostname ]
| [ -g -h IPaddress|hostname ] ]
parunlock -A [-P]
[ [ -u username [:] -h IPaddress|hostname ]
| [ -g -h IPaddress|hostname ] ]

DESCRIPTION
The parunlock command unlocks the specified Partition Configuration Data, the Dynamic Complex
Configuration Data, the Stable Complex Configuration Data, or the cell data; or cancels pending changes to
the Stable Complex Configuration Data; or any combination of these.
This command should be used with caution. It should be used only when the system resources are locked
due to the abnormal termination of any partition command or other similar applications.
Superuser permission is required to run this command on the local partition. If the -u or -g option is
used to access a remote partition or complex, superuser permission is not required on the local system, and
p the local system need not exist on an nPartition. If the -u option is specified, username on the remote host
must have superuser permission or the command will fail.
Refer to the nPartition Administrator’s Guide for a description of the partition management terms used in
this man page.

Options and Arguments

parunlock recognizes the following command line options and arguments:
-p PartitionNumber Unlocks the Partition Configuration Data of the specified target partition on the tar-
get complex. PartitionNumber specifies the unique number (integer) assigned to the
partition when it was created.
-A Unlocks the Stable Complex Configuration Data, the Dynamic Complex
Configuration Data, the Partition Configuration Data of all the partitions on the tar-
get complex and the cell data of all the cells in the target complex.
-c cell Unlocks the cell data of the specified cell. A cell can be specified either in the local
(cabinet#/slot#) or global (cell#) format. For example, the cell located in cabinet 0,
slot 1 is identified in the local format as 0/1 or in the global format as 1.
-d Unlocks the Dynamic Complex Configuration Data of the target complex.
-g Allows access to the complex specified by the -h option. The accessed complex is
then considered the target complex. Access is through the service processor’s LAN
port.
The -h option is required if this option is used.
If this option is specified, the command prompts for the password.

144 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

parunlock(1M) parunlock(1M)

If an error is reported when you attempt to connect using this option, check to see
that IPMI LAN access has not been disabled on the remote service processor.
Access to the complex through IPMI over LAN can be enabled or disabled by logging
on to the service processor and using the SA command from the Command Menu.
The -u and -g options are mutually exclusive.
-h IPaddress|hostname
This option should only be used in combination with either the -u or -g option.
IPaddress|hostname specifies the IP address or hostname of the target partition
(-u) or complex (-g).
-P Cancels any pending changes to the Stable Complex Configuration Data of the tar-
get complex.
-s Unlocks the Stable Complex Configuration Data of the target complex.
-u username[:] Specifies the required authorization to access a partition other than the local parti-
tion (but can also be used as a loopback access to the local partition). The complex
to be modified is the one in which this target partition resides.
The -h option is required if this option is used.
If this option is specified, the command prompts for the password.
username specifies a configured user name on the target partition.
Note: This command is a Web-Based Enterprise Management (WBEM) Client
Application. The -u option accesses the target partition using a Secure Sockets
Layer (SSL) connection. If errors are reported, check that the conditions described
in the DEPENDENCIES section are satisfied.

Mapping of Global Cell Numbers to Local Cell Numbers

The cabinets in a complex are numbered starting from 0. The cell slots in each cabinet are also numbered
starting from 0. Each cabinet can have a maximum of 8 cells. For example, the cells located in cabinet 0
will have the following cell numbers in global format: 0, 1, 2, 3, 4, 5, 6, 7. The cell numbers in correspond-
ing local format will be 0/0, 0/1, 0/2, 0/3, 0/4, 0/5, 0/6, 0/7.
Similarly the cells located in cabinet 1 will have the following cell numbers in global format: 8, 9, 10, 11, 12,
13, 14, 15. The cell numbers in corresponding local format will be 1/0, 1/1, 1/2, 1/3, 1/4, 1/5, 1/6, 1/7.
From the above convention the cell located in cabinet 1, slot 0 is identified in the local format as 1/0 or in
the global format as 8. The parstatus command will display the above cell as "cab1,cell0". The cell
p
located in cabinet 1, slot 4 is identified in the local format as 1/4 or in the global format as 12. The par-
status command will display the above cell as "cab1,cell4". See parstatus(1).
RETURN VALUE
The parunlock command exits with one of the following values:
0 Successful completion.
1 Error condition occurred.

EXAMPLES
Unlock the Partition Configuration Data of the partition whose partition number is 2.
parunlock -p 2
Unlock the cell data of the cell 2.
parunlock -c 2
Unlock the Stable Complex Configuration Data on the local complex.
parunlock -s
Unlock the Dynamic Complex Configuration Data on the local complex.
parunlock -d
Unlock the Stable Complex Configuration Data, the Dynamic Complex Configuration Data, the Partition
Configuration Data of all the partitions on the local complex and the cell data of all the cells in the local
complex.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 145

 parunlock(1M) parunlock(1M)

parunlock -A
DEPENDENCIES
This command uses the Web-Based Enterprise Management (WBEM) product and some of its configuration
settings. If you encounter connection errors when using the -u option, check that the following two condi-
tions are satisfied:
• Use the cimconfig command (see cimconfig(1M) in the WBEM product documentation) to verify (and
correct if necessary) the setting of the following two variables:
• enableRemotePrivilegedUserAccess=true
• enableHttpsConnection=true
• The target partition’s digital certificate has been appended to the local partition’s Shared Authentication
Store. For the nPartition commands, the Shared Authentication Store is stored in the file:
/etc/opt/hp/sslshare/known_hosts.pem. This file is used by all the clients, which use SSL
based certificates. If these clients trust a target partition, then the nPartition commands will also trust
the target partition.
Refer to the WBEM documents specified in the SEE ALSO section below for further information.

AUTHOR
parunlock was developed by the Hewlett-Packard Company.
SEE ALSO
fruled(1), parstatus(1), cplxmodify(1M), frupower(1M), parcreate(1M), parmgr(1M), parmodify(1M),
parremove(1M), partition(5).
nPartition Administrator’s Guide on http://docs.hp.com,
HP WBEM Services for HP-UX System Administrator’s Guide on http://docs.hp.com,
HP WBEM Services for HP-UX 11i v2.0 on Integrity Servers Version A.01.05 Release Notes on
http://docs.hp.com.

146 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

pcnfsd(1M) pcnfsd(1M)

NAME
pcnfsd: rpc.pcnfsd - PC-NFS authentication and print request server

SYNOPSIS
/usr/sbin/rpc.pcnfsd
DESCRIPTION
pcnfsd is an RPC server that supports ONC clients on PC (DOS, OS/2, Macintosh, and other) systems.
This describes version two of the pcnfsd server.
pcnfsd can be started from the /sbin/init.d/nfs.server startup script by setting the
PCNFS_SERVER variable to 1 in /etc/rc.config.d/nfsconf, or from the inetd daemon (see
inetd(1M)). It reads the configuration file /etc/pcnfsd.conf, if present, and services RPC requests
directed to program number 150001. The pcnfsd daemon supports version 1 and version 2 of the
PCNFSD protocol.
The requests serviced by pcnfsd fall into three categories: authentication, printing, and other. Only the
authentication and printing categories have administrative significance.

Authentication
When pcnfsd receives a PCNFSD_AUTH or PCNFSD2_AUTH request, it will "log in" the user by validat-
ing the user name and password, returning the corresponding user ID, group IDs, home directory, and
umask. The PCNFSD protocol supports user names up to 32 characters for authentication requests.
pcnfsd will also append a record to the wtmps data base (see wtmps(4)). If you do not want PC "logins"
recorded in this way, add a line to the /etc/pcnfsd.conf file in the form:
wtmp off
By default, pcnfsd will only allow authentication or print requests for users with user IDs in the range
101 to MAXUID . To override this, add a line to the /etc/pcnfsd.conf file in the form:
uidrange range [, range ]...
where each range is a user ID number in the form
uid
or an inclusive range of user ID numbers in the form
uid -uid
NOTE: pcnfsd will deny authentication if the /etc/shells file is incorrectly setup.
p
Printing
pcnfsd supports a printing model that uses NFS to transfer print data from the client to the server. The
client system issues a PCNFSD_PR_INIT or PCNFSD2_PR_INIT request, and the server returns the
path to a spool directory that is exported by NFS for use by the client. pcnfsd creates a subdirectory for
each client. By default, the parent directory is /var/spool/pcnfs, and the name of each subdirectory
is the same as its client’s host name. The PCNFSD protocol limits the length of the absolute path of the
client’s spool directory to 64 characters. To use a different parent directory, add a line to the
/etc/pcnfsd.conf file in the form:
spooldir path
Once a client has mounted the spool directory using NFS, and transferred print data to a file in that direc-
tory, it will issue a PCNFSD_PR_START or PCNFSD2_PR_START request. pcnfsd handles most
print-related requests by constructing a command based on the printing services of the server’s operating
system, and executing that command using the identity of the PC user. Because this involves set-user-ID
privileges, pcnfsd must be run as root . The PCNFSD protocol supports user names up to 64 characters
for print requests.
Every print request from a client includes the name of the printer to be used. This name corresponds to a
printer that has been configured into the line printer spooling system using the lpadmin command. The
PCNFSD protocol only supports printer names up to 64 characters. Any printer configured using the
lpadmin command with a name greater than 64 characters will be ignored by pcnfsd .
To process print data in a special way (for example, to print it in landscape mode, or to print it in duplex
mode), define a new printer and arrange for the client to print to that printer. There are two ways to
define the new printer:

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 147

 pcnfsd(1M) pcnfsd(1M)

• You can add a new printer to the line printer spooling system that uses a different printer model script,
and arrange for the client to use the new printer. Do this using the lpadmin command (see
lpadmin(1M)).
• pcnfsd includes a mechanism to define virtual printers known only to pcnfsd clients. Each of these
printers is defined by an entry in the file /etc/pcnfsd.conf using the following format:
printer name alias-for command
with the following values:
name The name of the printer, as it will be referred to in print requests from clients.
alias-for The corresponding name for the printer, as it is defined in the line printer spooling system.
For example, a request to display the queue for name will be translated into the
corresponding request for the printer alias-for. If you have defined a printer within
pcnfsd that has no corresponding printer defined in the line printer spooling system, use
a single hyphen (-) for this field. For an example, see the definition of the printer test in
the EXAMPLES section below.
command A command that will be executed whenever a file is printed on name. This command is
executed by the POSIX shell, /usr/bin/sh using the -c option. For complex opera-
tions, construct an executable shell program and execute that in command.
Within command the following tokens will be replaced:
Token Substitution
$FILE Replaced by the full path name of the print data file. When the command has
been executed, the file will be unlinked.
$USER Replaced by the user name of the user logged in to the client system.
$HOST Replaced by the host name of the client system.

Reconfiguration
By checking the modification time (and contents) of the file /var/spool/lp/pstatus, pcnfsd will
detect when printers have been added or deleted, and will rebuild its list of valid printers. However,
pcnfsd does not monitor the file /etc/pcnfsd.conf for updates; if you change this file, you must kill
and restart pcnfsd for the changes to take effect.

p EXAMPLES
Given the following entries for the file /etc/pcnfsd.conf:
printer abc lj lp -dlj -oraw
printer test - /usr/bin/cp $FILE /usr/tmp/$HOST-$USER
If a user on a client system prints a job on printer abc , the request will be sent to destination lj in raw
mode.
If the client requests a list of the print queue for printer abc , the pcnfsd daemon will translate this into
a request for a listing for printer lj .
Printer test is used only for testing. Any file sent to this printer will be copied into the directory
/usr/tmp . Any request to list the queue, check the status, and so on, of printer test will be rejected
because alias-for has been specified as a hyphen (-).

FILES
/etc/pcnfsd.conf
/etc/rc.config.d/nfsconf
/var/spool/lp/pstatus
/var/spool/pcnfs
/etc/shells
SEE ALSO
lp(1), lpstat(1), inetd(1M), lpadmin(1M), wtmps(4).

148 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

pcserver(1M) pcserver(1M)

NAME
pcserver - Basic Serial and HP AdvanceLink server

SYNOPSIS
pcserver [-n] [-l [ log_file ] ] [-v]
DESCRIPTION
pcserver is the hostside server program for Basic Serial and AdvanceLink, and is started and ter-
minated by an application program running on a PC.
pcserver supports both the Basic Serial and the AdvanceLink protocols.
Basic Serial offers a library of routines that support a variety of services between a PC and a serially con-
nected host computer, including file transfers and remote interprocess communications.
AdvanceLink is a terminal emulation program that also supports file transfers between a PC and host sys-
tem over various physical connections.

Options
The following options are recognized by pcserver :
-l [logfile] This option is now obsolete, but is retained for compatibility with earlier versions of
software. Logging is now controlled by the presence or absence of the server.pro file as
described in NOTES, below. Enables packet logging and records pcserver messages
to a specified log file (for debugging). If logfile is not specified, the file s-log is used in
the default logging directory, as defined in the server.pro file. pcserver looks for
a local version of server.pro in the user’s home directory. If none is found, it will look for
a system-wide version as /var/adm/server.pro or /usr/adm/server.pro. If
the logfile exists, logging is appended to it. If the file does not exist, logging is dis-
abled.
-n Informs pcserver that a "netmode" for data encryption should be used during special
operations (for example, a netmode is needed to mask device control characters when a
PAD is being used). The details of the netmode are then negotiated between the
pcserver and the PC application. For a more comprehensive discussion on netmode,
see Using Basic Serial Connection Files.
-v Causes pcserver to print its version number to standard output and quit.
pcserver is designed to be invoked by a PC application program rather than from the command line. In
order for the connection to be correctly established, the PC and host port must be properly configured.
p
If you are using pcserver to manage a session between a PC and a hostside application (via Basic
Serial), you may need to use a Basic Serial connection file to actually log in to your account. Establishing
connections using Basic Serial connection files is a sensitive operation. Before attempting to use them, you
should read the manual Using Basic Serial Connection Files.
If you are using pcserver to transfer files between a PC and a host machine via Advancelink, use the
following AdvanceLink commands:
&HOSTCOPY "pcserver"
&TERMINATOR "$"
If your prompt does not end with $, replace the $ in the terminator command with the last character in
your normal prompt.
To permanently configure AdvanceLink for the HP-UX version of pcserver , refer to the Using AdvanceL-
ink manual for more information.

NOTES
Packet logging is controlled by the presence or absence of the file server.pro
pcserver looks for a local version of server.pro in the user’s home directory. If none is found, it will
look for a system-wide version as /var/adm/server.pro or /usr/adm/server.pro.
If no logging file is found in these directories, logging is not performed. A commented example of a
server.pro may be found in /usr/newconfig/var/adm/server.pro.ex or
/usr/adm/server.pro.ex. To make use of this file, copy it to the active file name, server.pro ,
in one of the previously mentioned directory locations.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 149

 pcserver(1M) pcserver(1M)

If your screen displays a Command not found message when you choose START TRANSFER from
AdvLink, either pcserver has not yet been installed on your HP-UX system, or it has been installed in a
directory that is not part of your current path.
HP-UX treats files containing binary or ASCII data identically. Therefore it is up to the user to specify the
desired file type when using pcserver to transfer files with Advancelink. The difference between the
two is that during ASCII transfers, pcserver maps HP-UX line-feed characters to the MS-DOS
carriage-return/line-feed pair. This produces incorrect results when transferring a binary file as an ASCII
file.
Also, older versions of AdvanceLink show totally inaccurate estimates for file transfer times. This does not
interfere with the actual transfer.
If the PC is reset while a transfer is taking place, it may temporarily appear to be a "dead" terminal port.
This is no cause for alarm; left to its own devices, pcserver will restore the port in a short time. In the
worst case, it could take six timeout periods (6 × 20 = 120 seconds). For faster response, press the Break
key a few times to terminate pcserver immediately.

FILES
/usr/bin/pcserver the executable program
/var/adm/server.pro system-wide logging profile
/usr/adm/server.pro system-wide logging profile
$HOME/server.pro local logging profile
/usr/newconfig/var/adm/server.pro.ex commented inactive example of server.pro
/usr/adm/server.pro.ex commented inactive example of server.pro

SEE ALSO
Using AdvanceLink Describes protocol and how to use AdvanceLink.
Using Basic Serial Connection Files Describes Basic Serial and how connection files should be used.

150 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

pdc(1M) pdc(1M)
(PA-RISC Systems Only)

NAME
pdc - processor-dependent code (firmware)

DESCRIPTION
pdc is the firmware that implements all processor-dependent functionality, including initialization and
self-test of the processor. Upon completion, it loads and transfers control to the initial system loader
(isl(1M)). Firmware behavior varies somewhat, depending on the hardware as described below.
To load isl from an external medium, pdc must know the particular device on which isl resides. Typi-
cally the device is identified by the Primary Boot Path that is maintained by pdc in Stable Storage. A path
specification is an I/O subsystem mnemonic that varies according to hardware model.
When the processor is reset after initialization and self-test complete, pdc reads the Console Path from
Stable Storage, and attempts to initialize the console device. If the initialization fails, pdc attempts to find
and initialize a console device. Algorithms used to find a console device are model-dependent. pdc then
announces the Primary Boot, Alternate Boot, and Console Paths.
If autoboot (see isl(1M)) is enabled, pdc provides a 10-second delay, during which time the operator can
override the autoboot sequence by typing any character on the console. If the operator does not inter-
rupt this process, pdc initializes and reads isl from the Primary Boot Path. On models that support
autosearch, if this path is not valid and autosearch (see isl(1M)) is enabled, pdc then searches to find a
bootable medium.
If allowed to complete, a list of potentially bootable devices is displayed, labeled with abbreviated path
identifiers (P0, P1, etc). A simple menu is then displayed where the user can:
• Boot a specific device, using the abbreviated path identifier, or the full mnemonic.
• Start a device search where the contents are searched for IPL images (note the first search only
identified devices and did not check the contents).
• Enter the boot administration level.
• Exit the menu and return to autobooting
• Get help on choices
If the autoboot sequence is unsuccessful, overridden by the operator, or not enabled in the first place,
pdc interactively prompts the operator for the Boot Path to use. Any required path components that are
not supplied default to zero.
The Primary Boot, Alternate Boot, and Console Paths as well as autoboot and autosearch enable can
be modified via isl .
p
SEE ALSO
boot(1M), isl(1M).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 151

 pdweb(1M) pdweb(1M)

NAME
pdweb - start the HP-UX Peripheral Device tool, part of the System Management Homepage Web interface

SYNOPSIS
/usr/sbin/pdweb -t
/usr/sbin/pdweb -F
DESCRIPTION
The HP-UX Peripheral Device tool (pdweb ) can be used to easily and quickly view I/O devices and OLRAD
cards. It helps manage hot pluggable PCI slots on systems that support adding and replacing cards without
rebooting. On all HP-UX systems, pdweb will display the I/O devices and can be used to (re)create device
files for a selected device.
The pdweb command starts SMH and goes directly to the Peripheral Device page. Once started, the
online help facility of pdweb is available and can be used to learn more about pdweb .
The HP-UX Peripheral Device tool user interface uses a Web browser. Executing the pdweb command
without any options performs the following tasks:
• Start the System Management Homepage Web server and,
• Start a Web client (browser).
An attempt will be made to connect to the browser specified with the BROWSER environment variable, or
Mozilla, or Netscape. The Web browser will be displayed on the X server defined by the DISPLAY environ-
ment variable. If a running browser is found, it will be used, otherwise a new session will be initiated.
This will only happen if the browser process is running on the same system used to execute the pdweb
command (defined by the DISPLAY variable), unless the -F option is used.

Options
The pdweb recognizes the following options:
-t Opens the terminal interface for Cards and Devices regardless of the current setting of the
DISPLAY environment variable.
-F Forces a client browser to be used in less secure ways. Two security features are overridden
by the -F option.
The -F option forces the client browser to be used or started, even if the X-traffic between the
p X-server and the Mozilla browser is not secure.
When pdweb is invoked by SAM , the -F option is used.
Only a privileged user (root) can execute pdweb When used with the -F option, a temporary
login bypass key will be generated. The bypass key allows the user to access the Web inter-
face without having to provide login information again.
Only use this option if you are sure the network traffic is secure between the host where
Mozilla is running, and the host in the DISPLAY variable.
The browser uses URL, https:// hostname :2381/ , and you may paste this into any
browser if a browser does open with the pdweb command.

Online Help
Once the HP-UX Peripheral Device tool is started, the online help provides details on how to use the tool.

RETURN VALUES
Upon completion, pdweb returns one of the following values:
0 Successful.
1 An error occurred.

AUTHORS
pdweb was developed by Hewlett-Packard
SEE ALSO
hpsmh(1M), insf(1M) ioscan(1M), olrad(1M), smhstartconfig(1M).

152 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

ping(1M) ping(1M)

NAME
ping - send ICMP Echo Request packets to network host

SYNOPSIS
ping [-oprv ] [-f address-family] [-i address] [-I interval] [-t ttl] host
[-n count [-m timeout]]
ping [-oprv ] [-f address-family] [-i address] [-I interval] [-t ttl] host packet-size
[ [-n ] count [-m timeout]]

DESCRIPTION
The ping command sends ICMP Echo Request (ECHO_REQUEST) packets to the host once per second.
Each packet that is echoed back via an ICMP Echo Response packet is written to the standard output,
including round-trip time.
ICMP Echo Request datagrams ("pings") have an IP and ICMP header, followed by a struct timeval
(see gettimeofday (2)) and an arbitrary number of "pad" bytes used to fill out the packet. The default
datagram length is 64 bytes, but this can be changed by using the packet-size option.

Options
The following options and parameters are recognized by ping :
-i address If host is a multicast address, send multicast datagrams from the interface with the local
IP address specified by address in ‘‘dot’’ notation (see inet(3N)). If the -i option is not
specified, multicast datagrams are sent from the default interface, which is determined
by the route configuration.
-o Insert an IP Record Route option in outgoing packets, summarizing routes taken when
the command terminates.
It may not be possible to get the round-trip path if some hosts on the route taken do not
implement the IP Record Route option. A maximum of 9 Internet addresses can be
recorded due to the maximum length of the IP option area.
-p The new Path MTU information is displayed when a ICMP Datagram Too Big mes-
sage is received from a gateway. The -p option must be used in conjunction with a large
packetsize and with the -v option.
-r Bypass the normal routing tables and send directly to a host on an attached network. If
the host is not on a directly-connected network, an error is returned. This option can be
used to ping the local system through an interface that has no route through it, such as,
p
after the interface was dropped by gated (see gated(1M)).
-t ttl If host is a multicast address, set the time-to-live field in the multicast datagram to ttl.
This controls the scope of the multicast datagrams by specifying the maximum number of
external systems through which the datagram can be forwarded.
If ttl is zero, the datagram is restricted to the local system. If ttl is one, the datagram is
restricted to systems that have an interface on the network directly connected to the
interface specified by the -i option. If ttl is two, the datagram can be forwarded
through one multicast router at the most; and so forth. Range: zero to 255. The default
value is 1.
-I interval This option specifies the interval in seconds, between each packet to be transmitted. The
default interval is 1 second.
-v Verbose output. Show ICMP packets other than Echo Responses that are received.
-f address-family
The address-family determines whether the host is an IPv4 or IPv6 host. The address
families currently supported are inet for IPv4 addresses and inet6 for IPv6
addresses.
host Destination to which the ICMP Echo Requests are sent. host can be a hostname or an
IPv4 or IPv6 Internet address. All symbolic names specified for host are looked up by
using gethostbyname() (see gethostent(3N)) for IPv4, and getaddrinfo() (see
getaddrinfo(3N)) for IPv6. If host is an Internet address, it must be in "dot" notation (see
inet(3N)) for IPv4, and in "colon" notation (see inet6(3N)) for IPv6.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 153

 ping(1M) ping(1M)

If the address-family is specified, and host is an Internet address, the address family of
the Internet address must be the same as that specified in the address-family option. If
the address-family is not specified, and host is a symbolic name, an attempt will be made
to resolve host into an IPv4 address first. If that fails, a second attempt will be made to
resolve host into an IPv6 address.
The ping command does not accept IPv4-mapped IPv6 addresses. To ping an IPv4 node,
an IPv4 address should be used. IPv4-mapped IPv6 addresses are used to address IPv4-
only nodes from an IPv6 node in a socket program only. IPv4-mapped IPv6 addresses are
always converted to an IPv4 address before they are used in packets sent over the net-
work.
If a system does not respond as expected, the route might be configured incorrectly on
the local or remote system or on an intermediate gateway, or there might be some other
network failure. Normally, host is the address assigned to a local or remote network
interface.
(inet only) If host is a broadcast address, all systems that receive the broadcast should
respond. Normally, these are only systems that have a network interface on the same
network as the local interface sending the ICMP Echo Request.
If host is a multicast address, only systems that have joined the multicast group should
respond. These may be distant systems if the -t option is specified, and there is a mul-
ticast router on the network directly connected to the interface specified by the -i
option.
packet-size The size of the transmitted packet, in bytes. By default (when packet-size is not
specified), the size of transmitted packets is 64 bytes. The minimum value allowed for
packet-size is 8 bytes, and the maximum value is 65500 bytes. If packet-size is smaller
than 16 bytes, there is not enough room for timing information. In that case, the round-
trip times are not displayed.
-n count The number of packets ping will transmit before terminating. The -n is not needed if
also specifying packet-size. Range: zero to 2147483647. The default is zero, in which
case ping sends packets until interrupted.
-m timeout Override the default timeout value (10 seconds) which ping uses to timeout (in seconds)
when a host or network is unreachable. This option is valid only with the -n option or
when count is specified. The -m option should not be used with count equal to 0.
p The -m option is not effective for reachable hosts or networks.

Using ping for Fault Isolation

When using ping for fault isolation, first specify a local address for host to verify that the local network
interface is working correctly. Then specify host and gateway addresses further and further away to deter-
mine the point of failure. ping sends one datagram per second, and it normally writes one line of output
for every ICMP Echo Response that is received. No output is produced if there are no responses. If an
optional count is given, only the specified number of requests is sent. Round-trip times and packet loss
statistics are computed. When all responses have been received or the command times out (if the count
option is specified), or if the command is terminated with a SIGINT , a brief summary is displayed.
This command is intended for use in testing, managing and measuring network performance. It should be
used primarily to isolate network failures. Because of the load it could impose on the network, it is con-
sidered discourteous to use ping unnecessarily during normal operations or from automated scripts.

RETURN VALUE
ping exits with one of the following values:
0 On success.
1 On failure such as unknown host, illegal packet size, etc.
2 On a unreachable host or network.

AUTHOR
ping was developed in the Public Domain.

154 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

ping(1M) ping(1M)

FILES
/etc/hosts
SEE ALSO
getaddrinfo(3N), gethostent(3N), inet(3N), inet6(3N).

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 155

 power_onoff(1M) power_onoff(1M)

NAME
power_onoff - timed, automatic system power on, and power off

SYNOPSIS
/usr/sbin/power_onoff -n
/usr/sbin/power_onoff time [ date ] [ [ next  +increment] time_designation]

DESCRIPTION
power_onoff instructs the UPS monitor (ups_mond ) to shut down the system, and optionally informs
the monitor when to power on the system again. The UPS monitor in turn instructs the uninterruptible
power source (UPS) when to turn the power off and on. The UPS monitor then proceeds to shut down the
system. The time to restart the system (power on) is specified with power_onoff command-line argu-
ments.
Some UPS units limit the time that can elapse between the time the power is turned off and the time it is
turned back on. Please see your UPS documentation for information about limitations.
power_onoff requires a UPS that is supported by the UPS monitor (see ups_mond(1M)).
Command Line Arguments
The power_onoff command has two forms, and recognizes the following arguments:
-n No power on. Causes the system to be shutdown and not be powered back on.
time Can be specified as one, two, or four digits. One- and two-digit numbers represent hours; four
digits represent hours and minutes. time can also be specified as two numbers separated by a
colon ( : ), single quote ( ’ ), the letter "h" ( h ), a period ( . ), or comma ( , ). A suffix am or
pm can be appended. Otherwise a 24-hour clock time is understood. For example, 0815 ,
8:15 , 8’15 , 8h15 , 8.15 , and 8,15 are read as 15 minutes after 8 in the morning. The
suffixes zulu and utc can be used to indicate Coordinated Universal Time. The special
names noon , midnight , now , and next are also recognized.
date Can be specified as either a day of the week (fully spelled out or abbreviated) or a date consist-
ing of a day, a month, and optionally a year. The day and year fields must be numeric, and the
month can be fully spelled out, abbreviated, or numeric. These three fields can be in any
order, and be separated by punctuation marks such as slash ( / ), hyphen ( - ), period ( . ), or
comma ( , ). The years 00-68 would be interpreted as 2000-2068 and 69-99 would be 1969-
1999. Two special ‘‘days’’, today and tomorrow , are also recognized. If no date is given,
p today is assumed if the given time is greater than the current time; tomorrow is assumed
if it is less. If the given month is less than the current month (and no year is given), next year
is assumed.
next If followed by a time_designation of minutes , hours , days , weeks , months , or years ,
or lets the user startup the system when the specified time_designation has elapsed. A numerical
+increment operator, +increment, enables the user to schedule the startup several hours, days, weeks,
months, or years in advance (see EXAMPLES). Using the argument next is equivalent to
using an increment of +1. Both plural and singular forms of time_designation are accepted.

EXTERNAL INFLUENCES
International Code Set Support
Single- and multi-byte character code sets are supported.

RETURN VALUE
Exit code 0 is returned upon successful completion, otherwise non 0 is returned.

DIAGNOSTICS
power_onoff issues diagnostic messages when it encounters syntax errors and out-of-range times.
EXAMPLES
To startup the system at 5:00 am next Tuesday, use
power_onoff 5am Tuesday next week
To startup the system at 5:30 am tomorrow, use

156 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

power_onoff(1M) power_onoff(1M)

power_onoff 5:30 tomorrow

To make your system startup each weekday at 7:30 am and shutdown at 5:30 pm each week day, use
crontab to execute the first entry on Monday through Thursday and the second entry on Friday (see
crontab(1)).
power_onoff 7:30 tomorrow
power_onoff 7:30 Monday
To startup the system at 8:15 on January 24, use
power_onoff 0815 Jan 24
To startup the system at 5:15 on January 24, use
power_onoff 5:15 Jan 24
To startup the system at 9:30 tomorrow, use
power_onoff 9:30am tomorrow
To startup the system 24 hours from now, use
power_onoff now + 1 day
To shutdown the system and not start it up, use
power_onoff -n
WARNINGS
Jobs can be submitted up to 2037. If jobs were submitted any later than 2037, an error message will display
"BAD DATE".
Some UPS units limit the time that can elapse between the time the power is turned off and the time it is
turned back on. Please see your UPS documentation for information about limitations.
If the date argument begins with a number and the time argument is also numeric (and without suffix), the
time argument should be a four-digit number that can be correctly interpreted as hours and minutes.
Do not use both next and + increment within a single power_onoff command; only the first operator
is accepted and the trailing operator is ignored. No warning or error is produced.
The power cord must be disconnected before servicing the unit.

AUTHOR
p
power_onoff was developed by HP.
FILES
/var/tmp/timed_off fifo for communicating with ups_mond.

SEE ALSO
at(1), cron(1M), crontab(1), queuedefs(4), proto(4), kill(1), sam(1M), ups_mond(1M).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 157

 pppoerd(1M) pppoerd(1M)

NAME
pppoerd - PPPoE (Point to Point Protocol over Ethernet) relay

SYNOPSIS
pppoerd [-c config-file] [-d debug-level] [-l log-file]
DESCRIPTION
You need the pppoerd daemon if the PPPoE client and the server are not on the same link.

Options
pppoerd supports the following options:
-c config-file Specify the configuration file with absolute path to be used by pppoerd . The
default configuration file is /etc/ppp/pppoerd.conf.
-d debug-level Specify the debug level at which logging has to be enabled. The three debug levels
are:
LOG_ERROR Logs all error messages. To log these messages, type -d 0 on the
command line.
LOG_WARN Logs all warning messages. To log these messages, type -d 1 on
the command line.
LOG_DEBUG Logs function level debug messages. To log these messages, type
-d 2 on the command line.
-l log-file Specify the log file with absolute path, to which pppoerd must log all messages.
The default log file is /var/adm/pppoerd.log.

EXAMPLES
An example usage of pppoerd is as follows:
/usr/sbin/pppoerd -c tmp/pppoerd.conf -d 0
WARNINGS
Note that, you cannot run the relay without /etc/ppp/pppoerd.conf file. See pppoerd.conf(4) for
more information.

p AUTHOR
pppoerd was developed by Hewlett-Packard.
FILES
pppoesd PPPoE server daemon
pppoec PPPoE client
pppoerd.conf PPPoE relay configuration file
pppd PPP daemon

SEE ALSO
pppd(1), pppoec(1), pppoerd(1M), pppoerd.conf(4).

158 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

pppoesd(1M) pppoesd(1M)

NAME
pppoesd - PPPoE (Point-to-Point Protocol over Ethernet) server daemon

SYNOPSIS
pppoesd [-c config-file] [-d debug-level] [-l log-file]
DESCRIPTION
pppoesd performs the server side discovery phase functionalities of PPPoE as mentioned in RFC 2516.
The pppoesd daemon responds to PADI and PADR packets from clients if it can offer services desired by
the client. pppoesd generates a unique session-id for every client that it services. It then forks a pppd
daemon which performs the session phase functionalities of PPPoE as mentioned in RFC 2516.

Options
pppoesd supports the following command-line options:
-c config-file Specifies the configuration file with absolute path to be used by pppoesd . The
default configuration file is /etc/ppp/pppoesd.conf.
-d debug-level Specifies the debug level at which logging has to be enabled. The three debug lev-
els are:
LOG_ERROR Logs all error messages. To log these messages, type -d 0 on the
command line.
LOG_WARN Logs all warning messages. To log these messages, type -d 1 on
the command line.
LOG_DEBUG Logs function level debug messages. To log these messages, type
-d 2 on the command line.
-l log-file Specifies the log-file with absolute path to which pppoesd logs messages. The
default log file is /var/adm/pppoesd.log.

EXAMPLES
An example usage of pppoesd is as follows:
/usr/sbin/pppoesd -d 1 -l /tmp/pppoesd.log
WARNINGS
Note that, you cannot run pppoesd without the pppoesd.conf file. See pppoesd.conf(4) for more
information.
p
AUTHOR
pppoesd was developed by Hewlett-Packard.
FILES
pppoec PPPoE client
pppoerd PPPoE relay
pppoesd.conf PPPoE server configuration file
pppd PPP daemon

SEE ALSO
pppd(1), pppoec(1), pppoerd(1M), pppoesd.conf(4).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 159

 privedit(1M) privedit(1M)

NAME
privedit - let authorized users edit files that are under access control

SYNOPSIS
privedit [-htxv ] [-a authorization] file
DESCRIPTION
privedit allows authorized users to edit files that are otherwise restricted by permissions or access con-
trol lists. Identify which file to edit by specifying the file name as an argument to the privedit com-
mand. After you invoke the command, privedit checks the /etc/rbac/cmd_priv database to
determine the authorization required to edit the file. If you have the necessary authorization, privedit
invokes the specified editor to edit the file.
You can specify which editor privedit uses to edit the file by setting the EDITOR environment variable.
If you do not set the EDITOR variable, privedit uses the default editor, vi . You cannot pass argu-
ments to the editor via the privedit command line. However, the editor recognizes and supports
editor-specific environment variables if you set them before invoking privedit .
You can use a fully qualified file name as a privedit argument to identify which file to edit. If you do
not use a fully qualified file name, privedit adds the current working directory to the beginning of the
file name you specify. Regardless of how you specify the file to edit, all file names are fully qualified after
invoking privedit . The privedit command also recognizes and supports files that are symbolic links.
privedit can edit only one file at a time. If you specify multiple file names as privedit arguments,
privedit edits the first file specified and ignores the subsequent file names.
The HP-UX RBAC feature also provides the ability to customize how privedit and privrun check user
authorizations. (See privrun(1M).) The Access Control Policy Switch (ACPS) module of HP-UX RBAC pro-
vides responses to applications that must make authorization decisions. The ACPS configuration file,
acps.conf , controls which modules are consulted for making access decisions, the sequence in which the
modules are consulted, and the rules for combining module responses to return results to applications. See
acps.conf(4), acps(3) and rbac(5) for more information.

Options
privedit recognizes the following options:
-a authorization Match only those entries requiring the specified authorization. The specified authori-
zation must exactly match the authorization present in the cmd_priv database (that
p is, no wildcards allowed).
-h Print privedit usage or help.
-t Check to see if the user has the authorization to edit the file and inform the user of
the results.
-x If the authorization check fails, edit the file with the caller’s original privileges.
-v Invoke privedit in verbose mode.

Operands
privedit recognizes the following operands:
file File to edit.

The cmd_priv Database

As described in privrun(1M), the /etc/rbac/cmd_priv file contains information indicating which
authorizations are required to execute commands or edit files. You can also specify a PAM service name in
/etc/rbac/cmd_priv to indicate how privedit should identify itself to PAM if a user must be reau-
thenticated.
The file contains any number of entries, where each entry is specified on a single line in the following for-
mat:
{command|file} : arguments : (operation ,object ) : ruid /euid /rgid/egid : compartment : privs :
pam-service : flags
These fields are defined as follows:

160 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

privedit(1M) privedit(1M)

Field Description
command | file For privedit , the fully qualified path of a file to edit. This field may contain wild-
cards as defined in fnmatch(3C).
For privrun , the fully qualified path of the command that is being wrapped to pro-
vide additional privilege.
arguments Ignored. (Used only by privrun .)
(operation ,object ) The operation the user is required to have on the object specified. Together, the
(operation ,object ) forms the authorization. operation must be fully qualified and
cannot contain a wild card (*).
all in object requires that the user has the specified operation on all objects. (Note:
this is satisfied by a specification of (operation ,*) in the /etc/rbac/role_auth
database if RBAC is in use.)
This field may contain the keyword dflt instead of (operation ,object ), which indi-
cates that no access check is required and the file can be edited with privilege by any
user.
ruid /euid /rgid /egid
Ignored. (Used only by privrun .)
compartment Ignored. (Used only by privrun .)
privs Ignored. (Used only by privrun for privileges .)
pam-service Reauthentication service. If specified, the user is required to reauthenticate. The
privedit command identifies itself to PAM as the service indicated in this field.
This allows the security officer to require an additional set of authentication/account
management restrictions for particular files for editing. See pam.conf(4) for a list of
PAM services.
The keyword dflt must be used to indicate that no reauthorization is required.
flags Flag values can be specified to indicate whether or not privedit can edit a file.
Additional flag values can be specified to indicate whether privrun can execute a
command. The specific values allowed are as follows:
flag=empty or any other token
The file is a command that can be executed only. It cannot be edited. p
flag=edit The file can be both edited and executed. This is mainly intended for
scripts.
flag=noexec
The file cannot be executed. It can only be edited with privedit .
The Authorization field can contain the keyword dflt instead of (operation ,object ), which indicates that
no access check is required and the command is invoked with privilege for any user. The UID and GID
entry in field 4 is ignored by privedit , but the slash character (/) separating the IDs must remain. The
pam service name in field 7 may also be dflt , which indicates reauthentication is not required.
White space between each field (immediately surrounding the field separator :) in this database is optional
and ignored by privedit.
There may be multiple entries with the same file line (but different authorization required). privedit
evaluates each entry in the order specified in the file, continuing on to the next only if the user does not
have the required authorization. The privedit -a command option described above allows users to
identify a specific authorization to match or find when multiple entries for the same file exist in the
cmd_priv database.
EXTERNAL INFLUENCES
Environment Variables
EDITOR specifies the default editor.
LC_MESSAGES determines the language in which messages are displayed.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 161

 privedit(1M) privedit(1M)

International Code Set Support

Single-byte character code set is supported.
RETURN VALUE
Success If privedit permitted the user to edit the file, then the return value from privedit is the
return value of the editor used to edit the file.
Failure privedit returns a value of 1 and an appropiate error message is printed to standard error.
EXAMPLES
Example 1
In the following example, the caller invokes privedit to edit /etc/fstab .
# privedit /etc/fstab
The /etc/rbac/cmd_priv database is examined for an entry corresponding to the file /etc/fstab .
If this entry is found, then the necessary authorization is retrieved from that entry. privedit then
determines whether the user has the necessary authorization and whether the file is allowed to be edited as
determined by the value in the flag field. privedit then invokes the editor to edit a copy of
/etc/fstab ; as the original file is never edited directly.
The EDITOR environment variable determines which editor privedit invokes. If a user does not set the
EDITOR environment variable, privedit uses the default editor, vi. After the user exits the editor, the
edited file replaces the original file. The editor is always invoked as the regular user so that there are no
additional privileges given to the user while the file is being edited.

Example 2
In the next example, the caller wants to edit the file /etc/default/security with a specific authori-
zation of (hpux.sec.edit,secfile).
# privedit -a "(hpux.sec.edit,secfile)" /etc/default/security
If a /etc/rbac/cmd_priv entry exists for the file /etc/default/security with the associated
authorization (hpux.sec.edit,secfile) and editing is allowed per the flag field, then the usual
authorization/edit process takes place. If this entry does not exist, (even if an entry for
/etc/default/security appears with different associated authorization (operation ,object )), then
privedit fails and prints an error message.
FILES
p /etc/rbac/roles
Database containing valid definitions of all roles.
/etc/rbac/auths
Database containing definitions of all valid authorizations.
/etc/rbac/user_role
Database specifying the roles for each specified user.
/etc/rbac/role_auth
Database defining the authorizations for each role.
/etc/rbac/cmd_priv
Database that contains the authorization to execute or edit specified commands or
files, and the privileges to alter UID and GID for command execution.

SEE ALSO
privrun(1M), rbacdbchk(1M), acps(3), acps.conf(4), rbac(5).

162 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

privrun(1M) privrun(1M)

NAME
privrun - invoke another application with privileges after performing appropriate authorization checks and
optionally reauthenticating the user

SYNOPSIS
privrun [-htx ] [-a authorization] [-c compartment ] [-g [gid|groupname] ] [-G [gid|groupname] ]
[-p privileges] [-u [uid|username] ] [-U [uid|username] ] [-v [-v] ] command [args]

DESCRIPTION
privrun allows a user to run legacy applications with elevated privileges according to the authorizations
associated with that user. The user invokes privrun , specifying the legacy application as command line
arguments. privrun consults the /etc/rbac/cmd_priv database to determine which authorization
is required to run the command with additional privileges. (The authorization is specified as an operation
and a target object.) If the user has the necessary authorization, privrun invokes the specified command
after changing its UID and/or GID as specified in the cmd_priv database. privrun also allows a com-
mand to be run with a specified set of fine-grained privileges, and/or in a specified compartment.
The method to determine whether the user has the necessary authorization is configurable by the system
administrator. A module is provided to associate a fixed set of authorizations with the user based on the
user’s role. See rbac(5) for more information.

Options
privrun recognizes the following options:
-a authorization
Match only those entries requiring the specified authorization. authorization is defined as
(operation ,object ) pairs in the cmd_priv database. The specified authorization must exactly
match the authorization present in the cmd_priv file (that is, wildcarding not supported.)
-c compartment
Matches the specified compartment in the cmd_priv database. The specified compartment must
exactly match the compartment present in the cmd_priv file.
-g [gid|groupname]
Match only those entries containing the effective group ID (EGID) corresponding to the specified
EGID or the EGID associated with the group name.
-G [gid|groupname]
Match only those entries containing the real group ID (RGID) corresponding to the specified RGID or
the RGID associated with the group name
p
-h Prints privrun usage or help.
-p privileges
Matches the specified privileges to the privileges in the cmd_priv database. When specifying multi-
ple privileges, separate each privilege with a comma. Any privileges specified with -p option, must
have a match in the cmd_priv database.
-t Check to see if the user has the authorization to execute the command and inform the user of the
results. The command will not be invoked.
-u [uid|username]
Match only those entries containing the effective user ID (EUID) corresponding to the specified EUID
or the EUID associated with the user name.
-U [uid|username]
Match only those entries containing the real user ID (RUID) corresponding to the specified RUID or
the RUID associated with the user name.
-v [-v]
Invoke privrun in verbose mode. The verbose level will be increased if two -v options are
specified. An increased verbose level will print more information.
-x If the authorization check fails, the program will still be executed with original caller’s privileges only.
Operands
privrun recognizes the following operands:

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 163

 privrun(1M) privrun(1M)

command [args] The HP-UX command to run. command must be fully qualified. If it is not, then
privrun will use the current working directory and the PATH environment variable
to determine the desired command. args specifies any argument that the command
recognizes.

The cmd_priv Database

The /etc/rbac/cmd_priv file contains information on which authorizations are required to execute
each command binary, or edit each file. It also has the resulting privileges (real, effective UID and GID,
fine-grained privileges, compartment) associated with the binary. If the user is required to reauthenticate
prior to successful authorization, a PAM service name is specified in this file and indicates how privrun
should identify itself to PAM. See pam.conf(4) for more detailed information.
The file contains any number of entries, where each entry is specified on a single line in the following for-
mat:
{command|file} : arguments : (operation ,object ) : ruid /euid /rgid/egid : compartment : privs :
pam-service : flags
These fields are defined as follows:
Field Description
command|file For privrun , the fully qualified path of the command being wrapped to provide
additional privileges.
For privedit , the fully qualified path of a file to edit.
This field may contain wildcards as defined in fnmatch(3C).
arguments The exact set of arguments (matched as a string) the user must invoke. If this field
is empty, the command may not be invoked with any arguments. If this field con-
tains the keyword DFLT , the specified command may be invoked with any argu-
ments. This field is only used by privrun and ignored by privedit .
(operation ,object ) The operation the user is required to have on the object specified. Together, the
(operation ,object ) forms the authorization. operation must be fully qualified and
cannot contain a wild card (*).
An entry of all in object requires that the user has the specified operation on all
objects. (Note: This is satisfied by a specification of (operation ,*) in the
/etc/rbac/role_auth database if RBAC is in use.)
p This field may contain the keyword (DFLT , DFLT ) instead of (operation ,object ),
which indicates that no access check is required and the command is invoked with
privilege for any user.
ruid /euid /rgid /egid Real/Effective UID/GID. Part of the privileges granted to the wrapped command
(process) if the user has the specified authorization. If any of these fields are
specified, privrun calls setresuid or setresgid before invoking the com-
mand. These fields can also be specified by name, in which case a conversion will be
performed at invocation time. This field is only used by privrun and ignored by
privedit .
The UID and GID specifications in this field are optional. No ID present indicates
the field is to remain unchanged; however, the slash (/) characters separating the
IDs must remain.
compartment Compartment to invoke application in. A compartment is an attribute associated
with a process to compartmentalize different OS processes. If compartments are
not enabled on the system, this field should be set to DFLT . An error may occur if
this field is left empty. Refer to compartments (5) for more information on compart-
ments. This field is only used by privrun and ignored by privedit .
privs Fine-grained privileges to be associated with command at invocation. These
privileges may be used in lieu of UID=0 to perform specific kernel operations. If
the field is set to DFLT , basic privileges will be granted to the process. Refer to
privileges(5) for more detailed information. This field is only used by privrun and
ignored by privedit .

164 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

privrun(1M) privrun(1M)

pam-service Reauthentication service. If specified, the user will be reauthenticated. The

privrun command will identify itself to PAM as the service indicated in this field.
This allows the security officer to require an additional set of restrictions for partic-
ular commands. See pam.conf(4) for a list of PAM services.
The keyword DFLT must be used to indicate that no reauthorization is required.
flags This field is used by both privrun and privedit . In privrun , there is only
one defined flag. If the flag is set to KEEPENV , then none of the environment vari-
ables will be scrubbed. For the flag usage in privedit , please see privedit(1M)
for more details. DFLT is expected to appear in this field for the privrun com-
mand.
White space between each field and immediately surrounding the colon field separator (:) is optional and
ignored by the privrun command.
There can be multiple entries in /etc/rbac/cmd_priv with the same command line, but requiring
different authorizations required and resulting in different privileges. privrun evaluates each entry in
the order specified in the file, continuing on to the next only if the user does not have the required authori-
zation. If you want to match a particular entry in /etc/rbac/cmd_priv, use privrun command
options to specify the set of privileges for the desired entry.
EXTERNAL INFLUENCES
Environment Variables
LC_MESSAGES determines the language in which messages are displayed.
International Code Set Support
Single-byte character code set is supported.
RETURN VALUE
Success If privrun permitted the user to execute the program, then the return value from privrun
will be the return value of the program executed.
Failure privrun returns a value of 1 and an appropriate error message will be printed to stderr.
EXAMPLES
Example 1
In the following example, the caller invokes privrun to execute the /usr/sbin/useradd command,
with userfoo as the argument to the useradd command.
# privrun /usr/sbin/useradd userfoo p
privrun examines the /etc/rbac/cmd_priv database for an entry corresponding to the command
/usr/sbin/useradd. If this entry is found, then the necessary authorization is retrieved from that
entry. privrun invokes the command if the user has the necessary authorization.
In the following example, the caller wants to change the UID of the calling process to 28 (-u 28 ), change
the GID of the calling process to other (-g other ), and execute the command /sbin/bar .
# privrun -u 28 -g other /sbin/bar
If an /etc/rbac/cmd_priv entry exists for the command /sbin/bar with the associated EUID set
to 28, and the EGID set to the EGID corresponding to the group name other , the usual authorization and
invocation process occurs. If this entry does not exist, (even if an entry for /sbin/bar appears with
different associated privileges (EUID/EGID)), the privrun command fails and prints an error message.

Example 2
In the following example, the caller wants to execute the command /sbin/bar within compartment
testcomp (-c testcomp );
# privrun -c testcomp /sbin/bar
If an /etc/rbac/cmd_priv entry exists for the command /sbin/bar with the compartment
specified as testcomp , then the command /sbin/bar will be executed in the testcomp compart-
ment. If this entry does not exist, (even if an entry for /sbin/bar appears with different compartment
specification), the privrun command fails and prints an error message.

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 165

 privrun(1M) privrun(1M)

FILES
/etc/rbac/roles Database containing valid definitions of all roles.
/etc/rbac/auths Database containing definitions of all valid authorizations.
/etc/rbac/user_role Database specifying the roles for each specified user.
/etc/rbac/role_auth Database defining the authorizations for each role.
/etc/rbac/cmd_priv Database defining the authorization information needed to execute com-
mands and and edit files under access control.

SEE ALSO
authadm(1M), cmdprivadm(1M), cmpt_tune(1M), rbacdbchk(1M), roleadm(1M), compartments(5),
privileges(5), rbac(5).

166 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

psfontpf(1M) psfontpf(1M)

NAME
psfontpf - internationalized PostScript print filter

SYNOPSIS
/usr/lbin/psfontpf [-c] [-C config-file] [-D keyword=option] [-I keyword=option]
[-K keyword=aliases] [-l logfile] [-L locale=aliases] [-n number] [-N keyword]
[-o option-lists] [-O [keyword:]option=aliases] [-p ] [-P ppd-file] [-q interface-script]
[-S macro[/desc]=option-lists] [-t title] [-T tray=paper] [-u user] [-v ]

Remarks
The psfontpf command should only be called from the PS.font printer model script or its derivatives.
Only the -n, -o , and -t options are user-accessible through the corresponding options in the lp com-
mand. Only the sub-options available under the user-accessible -o option are explained in more detail.
See the User Specified -o Option Lists section in this manpage. The other options are not directly user-
accessible and are only briefly described. See psmsgen(1M) on how to create a customized version of the
PS.font printer model script by adjusting the various options supported by the psfontpf print filter.
DESCRIPTION
The psfontpf filter is a generic text-to-PostScript converter that converts the various single byte and
multibyte characters used in an international environment to printable PostScript file. The filter embeds
all required PostScript font data within the PostScript program, if necessary. Therefore, print jobs that
include local language characters can be printed on printers where local language fonts are not present.
There are two ways to notify psfontpf on what character set encoding (codeset) is used in the input file:
by specifying the locale or the codeset name. For codesets that are supported by locales, the specification of
locale names are preferred over the direct specification of codeset names because the locale names are also
associated with fonts and proper character display width information. Because psfontpf converts all
characters internally to Unicode, codesets or locales whose codesets cannot be converted to Unicode directly
are not supported.
To use the psfontpf filter with a printer, the printer has to support PostScript Level 2 or higher. Some
features are supported only on printers that support PostScript Level 3.
The psfontpf filter also supports embedding font data to PostScript files generated by the Mozilla web
browser. For example, by making the Mozilla web browser print to an LP destination that uses the
psfontpf print filter, web pages containing non-Latin 1 characters can be printed correctly on a
PostScript printer.
The psfontpf filter supports the parsing of Adobe PostScript printer description file (PPD) to retrieve p
information on using diverse features of various PostScript printers. Without specifying a PPD file, many
of the advanced printing features, like duplex printing, will not be available for use.

Options
The psfontpf filter recognizes the following options:
-c Print control characters and suppress page break.
-C config-file Specify additional configuration file to override entries from the default
configuration files.
-D keyword =option Set the specified option key as the default value for the given PPD main
keyword.
-i req-id Specify the request id to be printed on the banner page.
-I keyword =option Set the specified option key as the value of the given PPD installable option
keyword.
-K keyword =aliases Specify a set of comma-separated aliases for the given PPD main keyword.
-l logfile Specify a log file to log error and informational message. By default, the
log file is /var/adm/lp/psfontpf.log.
-L locale =aliases Specify a set of comma-separated aliases for the given locale name, such as,
japanese for ja_JP.eucJP.
-n number Print the specified number of copies.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 167

 psfontpf(1M) psfontpf(1M)

-N keyword Disable the given non-PPD keyword from the configuration file.
-o option-lists Specify options related to page orientation, formatting and other PPD file
enabled device control operations. The option-lists value can include one
option or multiple options separated by spaces. See the User Specified -o
Option Lists section in this manpage.
-O [keyword:]option=aliases
Specify a set of comma-separated aliases for the given PPD option key of
the given keyword, if specified. If a keyword is not specified, the aliases
will apply to all available options of that name.
-p Make PPD processing and keyword matching case sensitive. By default,
PPD processing and keyword matching is case insensitive.
-P ppd-file Specify the PostScript printer description (PPD) file to be used. By default,
psfontpf looks for the PPD file in the
/usr/lib/lp/psfontpf/ppd directory unless a full path is specified.
-q interface-script Specify the name of the current interface script to be printed in the banner
page.
-S macro [/desc]=option-lists
Define the macro name macro as shorthand for specifying the set of
comma-separated list of options in option-lists. The macro name can be of
the form name # where the character # indicates an arbitrary string that
can be used at the right side of the = in the option-lists. The option desc
description string provides an informational message of what the macro
name does. White spaces in the description string should be replaced by _
or \x20 to avoid problem with command line parsing.
-t title Print the specified title in the banner page.
-T tray =paper Specify the paper size used in each input tray. This mapping enables the
print filter to select a tray with the proper paper size automatically when
only the paper size is specified. The print filter will also know the paper
size to use if only an input tray is specified. This default mapping can be
overridden by specifying both the paper size and input tray.
-u user Print the specified user name in the banner page.
p -v Enable the printing of warning and information messages to the log file in
additional to error messages. By default, only error messages will be
printed to the log file. One -v option enables warning messages to be
printed to the log file. Two -v options enable both warning messages and
informational messages to be printed to the log file.

User Specified -o Option Lists

An end user can pass options to the psfontpf filter via the -o option of the lp command. For passing
more than one option, enclose those user options within quotation marks. Some of the supported options
are for text file printing only (mostly formatting options) and such options do not have effect on PostScript
file printing. Other options apply to both text and PostScript file printing.
The list of supported options are:
banner |yb Enable the printing of the banner page.
bidi=on |off |rtol Specify that Unicode bidirectional algorithm should be explicitly turned on
or off irrespective of the current setting (text printing only). Another pos-
sible value is rtol , which forces right-to-left rendering of all input lines
even if they do not contain any right-to-left character.
bm= bottom-margin Specify the bottom margin of the page for text printing. The unit can be
in for inch (default), pt for point, cm or mm.
btray= input-tray Select the input paper tray to be used for printing the banner page. The
input-tray name is dependent on what is specified in the PPD file. By
default, the banner tray is the same as the input tray for printing the con-
tent of the file.

168 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

psfontpf(1M) psfontpf(1M)

cpi= char-per-inch Specify the number of characters per inch in width for text printing.
even Print only the even pages (text printing only) and override a previous odd
option.
font= fontname Specify that the font or fonts associated with the given fontname name
should be selected for printing, if available. The fontname can be an actual
printer font name, an XLFD name for bitmap font, path to an external
TrueType or PCF bitmap font, or a predefined typeface name specified in
the configuration files.
format= input-format Specify the data format of the input file. Valid values are text or ascii
(for a text file) or post or ps (for a PostScript file). By default, the print
filter will detect automatically the input file format if this option is not
specified.
hmi= hmotion-index Specify the horizontal motion index of a character for text printing. The
unit of the index is 1/120 inch. The value can be wider or narrower than the
value indicated by the cpi parameter. In that case, the character will be
printed further apart or closer together than the default case. Its default
value is the same as the cpi value in 1/120 inch unit.
indent= indent Specify the amount of indentation in columns for text printing. The default
value is 0 (no indentation).
italic Print underlined characters with italic fonts, if available (for text printing).
If no italic font is available, the characters will remained underlined.
itray= input-tray Select the input tray that supplies paper for the print job.
jcl Specify that the printer requires the use of HP’s Job Control Language.
This option is ony needed when using the generic model script with no PPD
file specified.
land |landscape Print in landscape mode.
level= ps-level Current PostScript level to be used (default is the PostScript level specified
in the PPD file).
lines |length= lines Specify the number of lines per page (text printing only).
lm= left-margin specify the left margin of the page for text printing.
locale= locale-name Specify the locale for processing input file.
p
lpi= lines-per-inch Specify the number of lines per inch for text printing.
nform= NF Specify the Unicode normalization form to be used for processing Unicode
input text file. The valid values are NFC (default), NFD , NFKC , NFKD , or
None .
nobanner |nb Do not print a banner page. The printing of banner page is on by default
unless a null "banner utility" entry is specified in a configuration file.
nofixwh |nf Specify that width-to-height aspect ratio of the printed characters is
allowed to change according to the specified cpi |lpi and related options.
By default, the aspect ration will be kept the same and extra padding
spaces will be added between characters or lines, if necessary.
nojcl Specify that escape sequences associated with HP’s Job Control Language
should not be sent out even if they are defined in the PPD file.
nopfont |np Specify that non Latin-1 printer resident fonts should not be used for print-
ing. This option may be useful if the printer resident fonts cover less char-
acters than that are supported by the operating system fonts and there is a
need to print those extra characters with consistent fonts.
nowc Specify that padding spaces should be added around narrow TrueType
glyph that should be displayed as a wide character (default).
obin= output-bin Select the output bin where the printed pages will be deposited. The
output-bin name is printer dependent on what is specified in the PPD file, if
supplied.

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 169

 psfontpf(1M) psfontpf(1M)

odd Print only the odd pages (for text printing only).
opt= keyword :option Select the given PPD option key as the value of the PPD main keyword.
pages= m -n Specify the range of pages to be printed, starting with page number m and
ending with page number n inclusively (text printing only).
paper= paper-size Specify the paper size. Valid values are: Letter (the default if no PPD
file is specified), Executive , Legal , Tabloid , A0 , A1 , A2 , A3 , A4 ,
A5, A6, B0, B1, B2, B3, B4, B5, and B6. Not all paper sizes are sup-
ported by a printer. The printer can also support paper sizes not listed
above. Invalid paper size setting may cause the output to be truncated. If
a PPD file is specified, invalid values will be ignored.
pm= page-margin Specify the page margin of the page for text printing; in other words, tm ,
bm, lm and rm will be set to the same given value.
pn Print page number in the lower left corner of the page (text printing only).
port |portrait Print in portrait mode.
prtctrl Print control characters and suppress page break. This is the same as the
-c option.
remap Specify that non-BMP characters in Mozilla PostScript file will be mapped
to private use characters in the BMP so that the characters can be print-
able. This option may interfere with fonts that have characters in the
private use character range of BMP. Also, if the PostScript file has a lot of
non-BMP characters, the BMP private use area may not be large enough to
print them all. This feature is off by default.
roman Cause the use of local Roman character set (JIS Roman for Japanese and
ISO646-KR for Korean) when printing ASCII characters in a Japanese or
Korean locale except the UTF-8 ones (text printing only).
rm= right-margin Specify the right margin of the page for text printing.
setup= macro Specify the use of option lists associated with the given macro name. The
setup= prefix is not really needed.
side= sides Print the job in a way specified by the sides variable. You can specify sides
as follows:
p 1|one_sided |one_sided_simplex
Print only on one side of the sheet (default).
2|two_sided |two_sided_duplex
Print on both sides of the sheet; the second side is reached by flipping
the sheet about its left edge, as in the binding of a book.
tumble |two_sided_tumble
Print on both sides of the sheet, but print the opposite way up on each
side, so that the second side can be read by flipping the sheet along its
top axis.
This option is supported only if duplexing support is available in the PPD
file.
tm= top-margin Specify the top margin of the page for text printing.
udc= udc-file Specify the user-defined character raster font as specified in the udc(4)
manpage should be used. The print filter will look for UDC file in the
/usr/lib/asx/UDC directory if an absolute path is not specified.
umap= UDC-mapfile Specify the UDC mapping file to be used for mapping user defined charac-
ters to code points in TrueType fonts.
uwidth2= Unicode-range
Specify the list of Unicode ranges (separated by commas without space)
that should be regarded as full width character (width 2) irrespective of the
value returned by the wcwidth() function when printing Unicode charac-
ters.

170 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

psfontpf(1M) psfontpf(1M)

vmi= vmotion-index Specify the vertical motion index value which determines the height of a
row. The unit of the index is 1/48 inch. This is equivalent to 48/line-per-
inch.
vprint Specify vertical printing mode for Chinese, Japanese, and Korean multibyte
characters. When this option is included, multibyte characters are printed
vertically in a rotated orientation; however, any single byte characters in
the text are still printed horizontally (text printing only). If the TrueType
fonts used support vertical variants of some of full width characters, those
characters will be used in vertical printing mode.
widenchar |wc Specify that narrow TrueType glyphs should be widened (doubled in width)
when they are displayed as a wide character (opposite of nowc ).
width= width Specify the width of page in columns for text printing.
[no]wrap Wrap or do not wrap long lines when printing a text file (default is
nowrap ).
keyword =option If the given keyword does not match any of the predefined keyword-option
pairs above, it is treated as the selection of the given PPD option key as the
value of the PPD main keyword (equivalent to opt= keyword :option).
option If the option name does not match any of the predefined option names
above, it is treated as follows (in descending order):
1. A setup macro name
2. A locale name or locale alias
3. A page size name, for example A4 .
4. An input tray name
5. A codeset or Unicode transformation format name
6. A font or typeface name
If it matches none of the above, the option will be ignored.
Additional PPD dependent keyword/option pairs and predefined setup macros and aliases may be available
for use. Please run the configured model script directly without any option to see what additional options
are available.

Options Interdependency
Many of the supported -o options are inter-dependent. In other words, specifying one option will affect the
setting of the others. For example, the following option values are inter-related by the formulas:
p
lines-per-inch = lines/(page-height - top-margin - bottom-margin)
char-per-inch = width/(page-width - left-margin - right-margin)
A latter option may invalidate a former related option. For example, a letter size page (11in x 8.5in) with a
page margin of 0.5in and a lines-per-inch of 6 will print 60 lines per page. Specifying 66 as the number of
lines per page (lines) will then force the lines-per-inch to 6.6.
The following three groups of character spacing options are inter-related in descending priority order:
1. hmi , vmi
2. cpi , lpi
3. width , lines
When conflicting hmi and cpi options are specified, there are two possibilities:
1. If the hmi option specifies character spacing wider than the cpi option, extra space is padded
between characters to satisfy both options.
2. If the hmi option specifies character spacing narrower than the cpi option, the print filter will try
to accommodate or adjust if the difference is only minor. In this situation, the individual charac-
ters will be printed closer together (more packed) than their natural character-to-character separa-
tion. Otherwise, the hmi option overrides the cpi option and the character width will be reduced
accordingly.
Similar results occur for conflicting vmi and lpi options.

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 171

 psfontpf(1M) psfontpf(1M)

Configuration Files
The psfontpf configuration file is mainly used to specify the name and the locations of the fonts to be
used as well as other miscellaneous configuration parameters. This configuration file is a plain text file
with a number of key-option-value triplets of the form:
key : opt =value
The opt = part is optional.
The # character indicates that the rest of the line is a comment. The \ character at the end of a line
acts as a line continuation character.
The print filter reads in configuration files from the /usr/lib/lp/psfontpf/pscf directory. The
following configuration files will be read in the order specified:
1. common.pscf
2. A user configuration file specified in the command line, if specified. The configuration will be
assumed to be relative to the /usr/lib/lp/psfontpf/pscf directory unless a full path is
given.
3. locale .pscf , if available, where locale is the locale the print filter is running in. Assuming a
locale name of the form language_territory .codeset, the print filter will look for the first matching
pscf file of the following names:
a. language_territory .codeset .pscf
b. language_territory .pscf
c. language .pscf
An entry in the user configuration file will override the same entry in the system common configuration
file. Even though the locale specific system configuration file is read last, the entries in the user
configuration file have a higher priority and so will not be overridden by the same entry in the locale
specific file. Only font specific entries are valid in the locale specific configuration file, the other entries will
be ignored.
The supported key-option-value triplets are as follows:
banner utility: utility-path
Specify the location of a utility command to generate the banner page instead of the default
one created by psfontpf . The same -i, -t, -q, and -u banner related options will be
passed to the banner utility. If no utility is specified or the specified utility is not accessible,
p banner page printing will be disabled by default unless explicitly enabled in the command
line.
bidi: {rtol |on|off|auto}
Specify the state of the Unicode bidirectional algorithm for text printing. The only valid
values are rtol , on, off , or auto (default). In auto mode, bidirectional algorithm will be
turned on only for Unicode text. In rtol mode, right-to-left rendering will be enforced even
for input lines that do not contain any right-to-left character.
codeset alias: codeset =aliases
Specify a list of comma-separated alias names for the given codeset. The codeset
alias: configuration entry is mainly used to map Mozilla codeset names to native HP-UX
codeset names.
galley char: codeset =galley-char
Specify the galley character used in the Unicode to codeset iconv converter.
include: config-path
Include another configuration file specified by the pathname config-path. The pathname will
be relative to /usr/lib/lp/psfontpf/pscf unless an absolute path is specified. Only
a single level of file inclusion is supported.
lang alias: lang =aliases
Specify a list of comma-separated language names (example, fr_FR ) which can be handle in
the same way as the primary language name (lang) from a font selection perspective.
lang codeset mapping: lang =codesets
Specify a list of comma-separated codeset names that should be associated with the given
language name from a font selection perspective.

172 Hewlett-Packard Company −6− HP-UX 11i Version 3: February 2007

psfontpf(1M) psfontpf(1M)

latin1 font type: {1|12}

Specify whether the default Latin 1 printer font should be used (font type = 1), or the combi-
nation font with both Latin 1 and double width characters (font type = 12) should be used for
printing those Latin 1 characters.
locale alias: locale =aliases
Specify a list of comma-separated alias names for the given locale.
path: var =path
Assign the pathname path to the variable var. This variable can only be used in the *font *
entries. At most one variable can be used in each font path name. The definition is local to
each configuration file and cannot be reused in a different one.
ppd keyword alias: keyword =aliases
Specify a list of comma-separated aliases for the given PPD keyword. This ppd keyword
alias: configuration entry is only valid if the current PPD file has a keyword of that name.
ppd option alias: [keyword/]option=aliases
Specify a list of comma-separated aliases for the given PPD option of the specified keyword, if
specified. If a keyword is not specified, all the available options of the given name will take
the aliases. This ppd option alias: configuration entry is valid only if the current
PPD file has an option of that name.
ps keyword: keyword =desc
Specify a description string desc about the keyword to be defined.
ps option: keyword/option[/desc]=ps-invocation
Specify the PostScript code to be sent to the printer if the specified option is selected for the
given keyword. Like the PPD file, the ps-invocation code has to be doubled-quoted. New
lines are specified by the \n escape sequence and \ by \\ . An optional description string
desc about the specified option can be added to describe what this option is doing.
resident font: lang ftype width=resident-font-names[attributes...]
Specify the printer internal fonts to be used for the given language lang (example, ja_JP)
and display width. Additional attributes can also be associated with each specified font.
resident typeface: typeface-name[/desc]=resident-font-names
Associate the given typeface name to the list of printer internal fonts specified after :. An
optional description string can be specified which will show up in the help message.
rgb color: color-name =rgb-values
Associate a color name with the corresponding RGB (red-green-blue) values in the PostScript
p
RGB color space, such as, "1 0 0" for red color.
setup: setup-macro[/desc]=option-list
Specify the given setup name as a macro for the corresponding option list. The optional desc
description string provides an informational message of what the setup macro does.
truetype font: lang ftype width=tt-font-paths[attributes...]
Specify the names of the TrueType fonts for the given language lang and display width. Addi-
tional attributes can be associated with each specified font.
truetype typeface: typeface-name[/desc]=tt-font-paths
Associate the given typeface name to the list of TrueType fonts specified after :.
xlfd font: lang ftype width=xlfd-names[attributes...]
Specify the names of the XLFD bitmap fonts for the given language lang and display width.
Additional attributes can be associated with each specified font.
xlfd typeface: typeface-name[/desc]=xlfd-names
Associate the given typeface name to the list of XLFD bitmap fonts specified after :.
xlfd font path: mode=font-paths
Specify the comma-separated font paths for searching the XLFD bitmap fonts. The allowable
modes are:
fp Set font path to the given list, overwriting previous list.
fp+ Add the new font paths at the end of the current list.

HP-UX 11i Version 3: February 2007 −7− Hewlett-Packard Company 173

 psfontpf(1M) psfontpf(1M)

+fp Add the new font paths to the beginning of the current list.
unicode conv: codeset=[codepoint=>unicode]+
Specify custom Unicode conversion mappings from the given codeset to Unicode. These map-
pings will override those from the iconv conversion tables.
unicode map seq: unicode-mapping-sequence
Specify the list of languages, which are associated with different fonts, which should be
mapped when printing Unicode characters.
unicode width: width =unicode-ranges
Specify the display width of the Unicode characters specified in the given Unicode ranges.
Model Script
The psfontpf print filter is supported by the /usr/lib/lp/model/PS.font model script. This
model script is a PostScript only model script and will not support other printing languages like PCL5.
Unlike other HP-UX model scripts, this model script can be configured to support any PostScript printer as
long as a PPD file for that printer is available. See psmsgen(1M) for information on how to use the
psmsgen configuration tool to configure the model script, and on how to configure the LP spooling system
to use the psfontpf print filter.

EXTERNAL INFLUENCES
Environment Variables
LANG determines the locale to use when neither LC_ALL or the other category variables specify a locale.
LC_ALL determines locale to be used. It overrides any values specified by LANG or any other LC_* vari-
ables.
AUTHOR
The psfontpf print filter was developed by HP.

FILES
/usr/lib/lp/model/PS.font Model script that uses the psfontpf print filter.
/usr/lib/lp/psfontpf/ppd Directory for holding Adobe PPD files.
/usr/lib/lp/psfontpf/pscf Directory for holding various configuration files.

SEE ALSO
lp(1), psmsgen(1M).
p

174 Hewlett-Packard Company −8− HP-UX 11i Version 3: February 2007

psmsgen(1M) psmsgen(1M)

NAME
psmsgen - model script configuration utility for psfontpf

SYNOPSIS
/usr/sbin/psmsgen [-o model-script-name] [ppd-file]
/usr/sbin/psmsgen [-p printer-model] -m model-or-interface-script
DESCRIPTION
The psmsgen command is a terminal-based interactive model script configuration tool for configuring the
PS.font model script that uses the psfontpf internationalized PostScript print filter.
This command can only be run by a user with superuser privilege.
The prerequisite for configuring a certain PostScript printer is the availability of an Adobe PostScript
printer description file (PPD) for that printer. That PPD file can be searched and copied from a Microsoft
Windows system with the corresponding PostScript print driver installed. The generic PS.font model
script can still be used directly without any configuration, but many of the device specific capabilities of the
PostScript printer will not be available for use.
The psmsgen command is used to either create a new model script or modify an existing model script.
However, the psmsgen command cannot be used to modify the generic PS.font model script.
The psmsgen command also embeds a usage message into the created or modified model scripts. This
usage message explains what command line options are available. This usage message will be displayed
when the model script is run without any argument.

Options
The psmsgen command recognizes the following options:
-o model-script-name
Specify the name of the output model script to be created. By default, the output model
script name is PS. ppd-name where ppd-name is the name of the PPD file without the .ppd
extension.
-m model-or-interface-script
Specify the model or interface script to be modified. With no path prefix, the model or inter-
face script will be searched from the following directories:
1) /usr/lib/lp/model
2) /etc/lp/interface/netlp.asx p
3) /etc/lp/interface/model.orig
4) /etc/lp/interface
-p printer-model
Specify the model name of the printer being configured. If the model name matches that of
one of the existing PPD files, that PPD file will be selected automatically.
If no PPD file, ppd-file, is specified in the command line, or the interface script to be modified has no PPD
file specified, or the printer model name does not match any of the existing PPD files, the command will
display a list of PPD files for the user to choose from the /usr/lib/lp/psfontpf/ppd directory.
The command display is a two-level selection menu and the user has to choose the printer manufacturer
and color or black and white printer first, and then the list of PostScript printers in that category.
If a PPD file is specified without a full pathname, the PPD file is assumed to be from the
/usr/lib/lp/psfontpf/ppd directory also. Even though the command allows the use of PPD file in
other non-system directories, HP recommends that the new PPD files should be copied to the default
/usr/lib/lp/psfontpf/ppd directory for easier maintenance and better availability as the
configured model script may not work correctly if the PPD file that it uses is missing. The psmsgen com-
mand provides an PPD import option to do just that.
There are two ways to configure a model script. One way is to configure the interface script with the -m
option after the LP spooling system for a printer is set up. The other way is to create a new configured
model script for a particular type of printer in the /usr/lib/lp/model directory. The former way is
preferred for configuring a single PostScript printer or several different PostScript printers. The latter way
is more appropriate for configuring a group of similar printers at the same time.
After the psmsgen command is entered, the user is allowed to configure any of the following settings (see
the EXAMPLES section):

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 175

 psmsgen(1M) psmsgen(1M)

• set default locale

• set user configuration file
• set output model script file name
• set printer installable options
• set default value for PPD features
• set default user options
• add or remove alias for PPD main keywords
• add or remove alias for PPD option keywords
• add or remove locale name aliases
• add or remove setup macros
The "set output model script file name" setting is not available if the -m option is used to modify an existing
script. For the first two or three configuration settings with non-numeric values within the square bracket,
those values represent the currently selected values for those settings. For the remaining configuration
settings with numeric values within the square bracket, those values can be one of the following:
1. The number of defined entries for that configuration setting.
2. The number of PPD main keywords that have assigned an option keyword value that differs from
the PPD default.
If the -m option is used to modify an existing model or interface file, the third item for setting output model
script name will not display. Only the first two settings will have their values shown directly in the square
bracket.
There are also three more options that the user can choose. They are:
• show all current settings
• quit
• save changes and exit
Each selectable option shown by this command is prefixed by a number. You enter the number to select the
corresponding option.
The following paragraphs describe each of the configuration settings in more details:
• Set default locale
The configured model script can have a default locale defined so that text or PostScript input data are
processed under that locale if no explicit locale is defined on the command line.
p By default, the current locale will be used unless the selected PPD file is a localized version. In that case,
the corresponding local language locale will be used for those that are recognized by the psmsgen com-
mand.
The locale is important for selecting the right fonts and parsing input text file correctly.
• Set user configuration file
The user configuration file is useful for specifying custom font information to the psfontpf print filter.
By default, the system-provided configuration files in the /usr/lib/lp/psfontpf/pscf directory
will be listed if this option is chosen. However, the user is also provided the option to enter a user
configuration file at any location.
• Set output model script file name
This setting is only shown when creating a new model script. This setting allows the user to choose a
name other than the default used by psmsgen .
• Set printer installable options
This is perhaps the first and the most frequently used setting in this command. Most of the PostScript
printers have additional installable options like additional input trays or a duplexer that users can choose
to purchase. These installable options affect what capabilities a printer has.
For instance, if the printer has a duplexer installed but the duplexer installable option is not set in
psmsgen , the psfontpf print filter will not be able to print in duplex mode even if the appropriate
option is turned on at the command line. Make sure all the installed options are properly selected in this
configuration setting to fully unleash the capability of the printer. These installable options should also
be defined first before other PPD related parameters are modified.

176 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

psmsgen(1M) psmsgen(1M)

• Set default value for PPD features

If no default value is set, the default values specified in the PPD file will be used. However, those default
values may not be optimal. This option allows the user to select default values for all the supported PPD
features. For example, you can turn on duplexing by default or select paper from the large capability
tray.
• Set default user options
This option is used to set the default values for non-PPD related features. For example, the btray
option can be used here to specify that the banner page always comes from a specific input tray.
• Add or remove alias for PPD main keywords
A PPD main keyword is the keyword part of the keyword =option command line option that you supply to
the psfontpf print filter. Typical PPD main keyword names are very verbose. This option is helpful
to define alias names that will be easier to type or easier to remember for those PPD main keywords.
• Add or remove alias for PPD option keywords
A PPD option keyword is the option part of the keyword =option command line option you supply to the
psfontpf print filter. Typical PPD option keyword names are very verbose. This option is helpful to
define alias names that will be easier to type or easier to remember for those PPD option keywords.
• Add or remove locale name aliases
This option is helpful to define easier to remember alias name for HP-UX system locales. For example,
the alias name sjis can be defined for the ja_JP.SJIS locale.
• Add or remove setup macros
The setup macro enables a user to use a easily remembered macro names to represent any combinations
of psfontpf options.
• Show all current settings
This option displays all the configured settings.
• Quit
This option causes the psmsgen command to quit without making any change.
• Save changes and exit
This option prompts the user about saving changes to the specified model or interface script. p
Configuring Network Printers
The smh system management homepage can be used for configuring local printers. For configuring net-
work printers, you can use either the setnetlp configuration command or use the hppi command in the
optional HP JetDirect Printer Installer for Unix software.
The network printer setup capability of the smh command depends on the presence of the above HP Jet-
Direct software. The setnetlp command is recommended because it comes with the HP-UX operating
system, and it integrates well with the psmsgen command. This command sets up a network printer
using the LPD or JetDirect printing protocol. The LPD print queue name is usually "AUTO" for HP
printers.
For other printers, you may need to consult the documentation or the configuration web page to find out
what print queue name should be used. See the setnetlp(1M) manpage for details on how to use this com-
mand.

EXTERNAL INFLUENCES
Environment Variables
LANG determines the locale to use when neither LC_ALL or the other category variables specify a locale.
LC_ALL determines locale to be used. It overrides any values specified by LANG or any other LC_* vari-
ables.

EXAMPLES
When the psmsgen command is invoked without any argument, the following printer selection menus
may be displayed depending on what PPD files are available in the /usr/lib/lp/psfontpf/ppd
directory:

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 177

 psmsgen(1M) psmsgen(1M)

*** PostScript Printer Configuration ***

Please select one of the following manufacturer and printer types

1) HP black & white printers
2) HP color printers

i) Import an external PPD file

Please select an item, or press <CR> to quit: 1

*** PostScript Printer Configuration ***

Please select one of the following PPD files

1) HP LaserJet 1300 PS (hpc1300s.ppd)
2) HP LaserJet 2200 Series (hpb22007.ppd)
3) HP LaserJet 2300 PS (hpc2325s.ppd)
4) HP LaserJet 2300L PS (hpc2320s.ppd)
5) HP LaserJet 2410 PS (hpc2410s.ppd)
6) HP LaserJet 2420 PS (hpc2420s.ppd)
7) HP LaserJet 2430 PS (hpc2430s.ppd)
8) HP LaserJet 3015 PS (hpc3015s.ppd)
9) HP LaserJet 3020 PS (hpc3020s.ppd)
10) HP LaserJet 3030 PS (hpc3030s.ppd)
11) hp LaserJet 3050 PS (hpc3050s.ppd)
12) HP LaserJet 3380 PS (hpc3380s.ppd)
13) hp LaserJet 3390 PS (hpc3390s.ppd)
14) HP LaserJet 4100 PS (hpb41007.ppd)
15) HP LaserJet 4200 PS (hpc4200s.ppd)
16) HP LaserJet 4200L PS (hpc420xs.ppd)
17) HP LaserJet 4240 PS (hpc4240s.ppd)
18) HP LaserJet 4250 PS (hpc4250s.ppd)
19) HP LaserJet 4300 PS (hpc4300s.ppd)
20) HP LaserJet 4345 mfp PS (hpc4345s.ppd)
21) HP LaserJet 4350 PS (hpc4350s.ppd)
22) HP LaserJet 5000 Series (hp5000_7.ppd)
p 23) HP LaserJet 5100 (hp5100_7.ppd)
24) HP LaserJet 8150 PS (hpb81507.ppd)
25) HP LaserJet 9000 PS (hpb90007.ppd)
26) HP LaserJet 9040 mfp PS (hpc904ms.ppd)
27) HP LaserJet 9050 mfp PS (hpc905ms.ppd)
28) HP LaserJet 9050 PS (hpc9050s.ppd)
29) HP LaserJet 9055 MFP PS (hpc9055s.ppd)
30) HP LaserJet 9065 MFP PS (hpc9065s.ppd)

Please select an item, or press <CR> to quit:

After selecting the HP LaserJet 9000 printer (25), the following menu may be displayed:
*** PostScript Printer Configuration ***

Current printer model = HP LaserJet 9000 PS

Please select one of the following actions
1) Set default locale [C]
2) Set user configuration file [None]
3) Set output model script file name [PS.hpb90007]
4) Set printer installable options [0]
5) Set default values for PPD features [0]
6) Set default user options [0]
7) Set paper size to input tray mapping [0]
8) Add/Remove alias for PPD main keywords [0]
9) Add/Remove alias for PPD option keywords [0]
10) Add/Remove locale name aliases [0]
11) Add/Remove setup macros [0]

178 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

psmsgen(1M) psmsgen(1M)

s) Show all current settings

q) Quit
x) Save changes and exit

Please select an item:

AUTHOR
The psmsgen command was developed by HP.

FILES
/usr/lib/lp/model/PS.font Model script that uses the psfontpf print filter.
/usr/lib/lp/psfontpf/ppd Directory for holding Adobe PPD files.
/usr/lib/lp/psfontpf/pscf Directory for holding various configuration files.

SEE ALSO
lp(1), psfontpf(1M), setnetlp(1M).

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 179

 psrset(1M) psrset(1M)

NAME
psrset - create and manage processor sets

SYNOPSIS
psrset [-f ] -a pset_id processor_list
psrset [-f ] -b pset_id pid_list
psrset [-f ] -c [processor_list]
psrset [-f ] -d pset_list
psrset [-f ] -d all
psrset [-f ] -e pset_id command [argument_list]
psrset [-f ] -g pset_id pgid
psrset [-i ] [pset_list]
psrset [-f ] -n pset_id
psrset -p [processor_list]
psrset -q [pid_list]
psrset [-f ] -r processor_list
psrset [-f ] -t pset_id attribute_name =attribute_value
psrset [-f ] -u pid_list
psrset [-f ] -F pset_id
psrset [-f ] -U pset_id uid

Real Time Extensions Commands

psrset [-f] -l
psrset [-f] -m pset_id
psrset [-f] -s pset_id
psrset [-f] -R [processor_list]
p DESCRIPTION
The psrset utility controls the management of processor sets. Processor sets allow a subset of processors
in the system to be isolated for exclusive use by specified threads and processes. Processes may now be
bound to groups of processors rather than just one. Each processor set represents a separate scheduling
allocation domain. Schedulers in each processor set work independently; there is no load balancing per-
formed across processor set boundary by the system.
The default processor set (0) always exists and may not be destroyed. All processes and processors at sys-
tem init time start out in the system default processor set. For this reason processor 0 may never be
removed from the default group. (Hence this feature is of no value on a single processor system.)
A processor belongs to exactly one processor set at a time, and it can be reassigned from one processor set
to another processor set dynamically with appropriate privileges. There can exist processor sets with no
processors. This may be temporary due to resource needs elsewhere in the system. (See pset_assign(2) for
details).
A process or a thread is bound to exactly one processor at a time, and their binding can be changed from
one processor set to another with appropriate privileges. All threads of a process need not belong to the
same processor set. (See pset_bind(2) for details).
A processor set has access permissions, and only the users with appropriate permissions may perform
operations on processor sets. A superuser or a PRIV_PSET privilege user may perform any operation on
processor sets. (See pset_create (2) and pset_setattr (2) for details).

Options
If no options are specified for the psrset command, then the -i option is assumed (see below).
The following options are supported:

180 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

psrset(1M) psrset(1M)

-a pset_id processor_list
Assigns processor_list to pset_id. processor_list is the list of processors, and pset_id is the
processor set identification number. The processors are taken out of their current proces-
sor set and are reassigned to the specified processor set. Processor 0 may not be reas-
signed.
If the processor being reassigned is the last processor in its current processor set, the
behavior is defined by the LASTSPU attribute. See the -t option to define LASTSPU .
The possible attribute values for LASTSPU are as follows:
DFLTPSET Default behavior. Reassign the processor to the specified processor set, and
return the active processes/threads in the processor set to the default set.
FAIL Fail the request.
-b pset_id pid_list
Binds pid_list to pset_id. pid_list is the specified list of processes (including all their
threads), and pset_id is the specified processor set. Bindings are inherited, so newly
created threads and processes will inherit their processor set binding from their parents.
If the target processor (pset_id) has no processors assigned, the behavior is defined by the
EMPTY attribute. See the -t option to define EMPTY . The possible attribute values for
EMPTY are as follows:
FAIL Default behavior. Fail the request.
-c [processor_list]
Creates a new processor set and displays the processor set identification number (pset_id)
for the new processor set. If a list of processors (processor_list) are specified on the com-
mand line, they are assigned to the newly created processor set.
-d pset_list
-d all Destroys the specified list of processor sets (pset_list). When the all option is specified,
all the processor sets in the system are destroyed. When the processor set has processors
assigned, or there are active processes/threads bound to the processor set, the behavior is
defined by the value of the NONEMPTY attribute. See the -t option to define
NONEMPTY . The possible attribute values for NONEMPTY are as follows:
DFLTPSET Default behavior. Return all processors and threads/processes in the proces-
sor set to the default set.
FAIL Fail the request if processor set has any processor assigned, or has active p
processes or threads.
FAILBUSY Fail the request if there are active processes or threads bound to the proces-
sor set.
-e pset_id command [ argument_list ]
Executes the specified command in the specified processor set (pset_id). The effect is the
same as binding your shell to the target processor set, executing the command, and chang-
ing back to your original processor set. The command may have arguments listed in
argument_list.
-f Forces the operation if the HP Process Resource Manager (HP PRM) is installed and
configured. The processor sets can also be configured by PRM. HP Process Resource
Manager is documented in the HP Process Resource Manager User’s Guide.
This option is applicable to all the configuration options to override the PRM. If the force
flag is not used with configuration options in the presence of PRM, then psrset exits with
an error message.
IMPORTANT: If used, the -f option must be specified before any other arguments are
specified to the psrset command.
-g pset_id pgid
Binds all the processes (including all their threads) belonging to the process group (pgid) to
the specified processor set (pset_id). This option is like explicitly listing all these processes
with the -b option.
-i [pset_list ]
Displays the processor assignments and attribute values for all processor sets specified in

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 181

 psrset(1M) psrset(1M)

the list (pset_list) or for all sets by default. It will also list the Locality Domains that belong
to the processor sets. If pset_list is not specified, then information for all processor sets are
displayed. If no options are specified for the psrset command, then the -i option is
assumed.
-n pset_id Enables external I/O interrupts for all processors assigned to the specified processor set
(pset_id).
-p [processor_list]
Displays the processor set assignment for all processors specified in the list (processor_list)
or for all processors by default.
-q [pid_list ] Displays the processor set binding for all processes specified in the list (pid_list) or for all
processes by default.
-r processor_list
Removes the specified list of processors (processor_list) from their current processor set,
and reassigns them back to the default set. This option is identical to -a 0
processor_list.
-t pset_id attribute_name =attribute_value
Changes the attribute value of the specified attribute on the specified processor set
(pset_id). Some values may not be be supported. The following attributes are supported:
OWNID Change owner of the specified processor set.
GRPID Change group id of the specified processor set.
PERM Change access permissions of the specified processor set.
NONEMPTY Define behavior on processor destroy request. See the -d option.
EMPTY Define behavior on request to bind a process or thread to an empty processor
set. See the -b option.
LASTSPU Define behavior on request to remove the last processor from a processor set.
See -a option.
LCPU Define the logical processor (LCPU) attribute in the target processor set. On
a multi-threaded processor core, each hardware thread is represented as an
LCPU. If LCPU is disabled, the processor cores in the target processor set
behave as a single threaded core. However, when LCPU is enabled, the pro-
p cessor cores in the target pset have hardware multi-threading enabled.
-u pid_list Unbinds pid_list, the specified list of processes (including all their threads), from their
current processor set returning them to the default set. The -u option is identical to -b 0
pid_list .
-F pset_id Disables external I/O interrupts for all processors assigned to the specified processor set
(pset_id).
-U pset_id uid
Binds all the processes (including all their threads) owned by the user id (uid) to the
specified processor set (pset_id). This option is like explicitly listing all these processes with
-b option.
Real Time Extensions Options
The following options are related to Real Time Extensions (RTE) for processor sets:
-l Lists all the processor sets that are configured as RTE processor set.
-m pset_id Marks a processor set with the identification number, pset_id, as an RTE processor set.
The processors that are part of the pset_id processor set become RTSPU ’s. The default pro-
cessor set which contains processor 0 may not be configured as an RTE processor set. The
processor set may or may not have processors assigned at this point. If pset has proces-
sors assigned to it at time of request, these processors are made unavailable to the kernel
daemons. External I/O interrupts and pending callouts on processors in pset are reas-
signed to processors in non-RTE processor sets in the system. The processor set attribute
values are changed to default values for an RTE processor set.

182 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

psrset(1M) psrset(1M)

The various failure conditions could be:

• The configuring application does not have root privileges.
• RTE is not enabled.
• The pset_id is invalid.
-s pset_id Un-marks the processor set with the identification number, pset_id, as an RTE processor
set. The processor set is not destroyed.
-R [processor_list]
Creates a new RTE processor set and displays the processor set identification number
(pset_id) for the new processor set. If a list of processors (processor_list) are specified on
the command line, they are assigned to the newly created processor set.

EXTERNAL INFLUENCES
Environment Variables
LANG provides a default value for the internationalization variables that are unset or null. If LANG is
unset or null, the default value of C is used (see lang(5)). If any of the internationalization variables con-
tains an invalid setting, psrset will behave as if all internationalization variables are set to C. See
environ(5).
LC_ALL determines the locale that overrides any values for locale categories specified by the settings of
LANG or any environment variables beginning with LC_ .
LC_MESSAGES determines the locale that affects the format and contents of diagnostic messages written
to standard error and the informative messages written to standard output.

International Code Set Support

Single-byte and multi-byte character code sets are supported.

EXAMPLES
psrset Example
Read and display the system processor set configurations for all processor sets. If no options are specified
for the psrset command, then the -i option is assumed.
psrset
psrset -i
psrset -a Example p
Reassign processors 4 and 1 from their current processor sets to processor set 5:
psrset -a 5 4 1
psrset -b Example
Change the binding of a running process (pid=1000) to processor set 6:
psrset -b 6 1000
psrset -c Example
Create a new processor set and assign processors 1, 2 and 4 to the new set:
psrset -c 1 2 4
psrset -e Example
Execute the command cat foo in processor set 4:
psrset -e 4 cat foo
psrset -t Examples
Change behavior for processor set destroy operation to fail the request if there are active processes bound
to the processor set:
psrset -t NONEMPTY=FAILBUSY
Change the ownership of processor set 3 to user id 100:
psrset -t 3 OWNID=100
For processor set 2, change access permissions to 666:

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 183

 psrset(1M) psrset(1M)

psrset -f -t 2 PERM=666
RETURN VALUE
psrset returns zero on successful completion. Otherwise, a non-zero value is returned and the message
is displayed to indicate the error.

AUTHOR
psrset was developed by HP.
SEE ALSO
pset_assign(2), pset_bind(2), pset_create(2), pset_ctl(2), pset_destroy(2), pset_getattr(2), pset_setattr(2).
HP Process Resource Manager is documented in the HP Process Resource Manager User’s Guide.

184 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

pvchange(1M) pvchange(1M)

NAME
pvchange - change characteristics and access path of physical volume in LVM volume group

SYNOPSIS
/usr/sbin/pvchange [-A autobackup] -a availability pv_path
/usr/sbin/pvchange [-A autobackup] -s pv_path
/usr/sbin/pvchange [-A autobackup] -S autoswitch pv_path
/usr/sbin/pvchange [-A autobackup] -x extensibility pv_path
/usr/sbin/pvchange [-A autobackup] -t IO_timeout pv_path
/usr/sbin/pvchange [-A autobackup] -z sparepv pv_path

Remarks
Only pvchange -a can be performed if the volume group is activated in shared mode. All other options
are not allowed for physical volumes in shared volume groups.

DESCRIPTION
The pvchange command changes the characteristics and access path of a physical volume (pv_path) in a
volume group.
For multiported devices accessed via multiple paths, pvchange may be used to customize the cir-
cumstances that may cause LVM to automatically switch from one path to another, or when LVM will
switch back to a prior path which failed when it is available again (generally described as the physical
volume’s autoswitch behavior). pvchange also permits you to switch manually to a specific path to the
physical volume (see WARNINGS section).
pvchange sets the allocation permission to add physical extents to the physical volume.
If you have installed the optional HP MirrorDisk/UX software, you can use the -z option to designate a
spare physical volume to be used to replace an existing physical volume within a volume group when mir-
roring is in effect, in the event the existing physical volume fails.
pvchange can also be used to attach or detach specific paths or physical volumes (see WARNINGS sec-
tion).

Options and Arguments

pvchange recognizes the following options and arguments. p
pv_path The block device path name of a physical volume.
-A autobackup Set automatic backup for this invocation of this command. autobackup can have
one of the following values:
y Automatically back up configuration changes made to the logical volume.
This is the default.
After this command executes, the vgcfgbackup command (see
vgcfgbackup(1M)) is executed for the volume group to which the logical
volume belongs.
n Do not back up configuration changes this time.
-a availability Attach or detach the physical volume pv_path. availability can have the follow-
ing values:
y Attach the indicated path to the physical volume. An attached path or dev-
ice is available for LVM to use. Attaching a path makes that path available
to the volume group, if possible. LVM may begin using the path if neces-
sary to access the disk. If formerly all the paths were unavailable to a
given physical volume, making any path available will make the physical
volume available again.
n (See WARNINGS section). Detach only the indicated path to the physical
volume. A detached path is not available for LVM to use. Detaching a sin-
gle path causes LVM to close the device for that one path and to stop using
it. If the path is the primary path to the device, LVM will begin using the
best alternate path to the device that is available.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 185

 pvchange(1M) pvchange(1M)

When the only path to a device is detached, the associated physical volume
will be unavailable to the volume group. The path remains part of the
volume group but no I/O is queued to it and the path will remain unused by
LVM until it is reattached. LVM will only stop using the physical volume
when all the paths to the physical volume are detached.
Individually detaching all the paths to a physical volume has the same
consequences as detaching the physical volume entirely using the -a N
option. The system administrator may safely diagnose or replace hardware
along the path detached, but care should be taken to avoid accessing the
physical volume if it is still being accessed by LVM via other active paths to
it.
N Detach the given path and all other paths to the physical volume. The sys-
tem administrator should always presume that all the disks that belong to
an active volume group are attached and may be used by LVM at any time,
unless LVM has been specifically notified to detach them. Prior to replacing
or repairing any disk belonging to an active volume group, the administra-
tor must first detach the physical volume using this command.
When a physical volume is detached, LVM closes all the paths to the physi-
cal volume and no longer directs any I/O operations to it. If a suitable
spare physical volume is available in the volume group, LVM will use it to
reconstruct the detached disk. The given path must be an attached path to
the physical volume; otherwise, the command will fail and display an error
message indicating the problem.
If for any reason the use of the -a N option fails, the physical volume can
still be detached from the volume group by individually detaching each of
the paths to the physical volume using the -a n option instead.
-s (See WARNINGS section). Immediately begin accessing the associated physical
volume named by pv_path.
-S autoswitch (See WARNINGS section). This option specifies the autoswitch behavior for mul-
tiported physical volumes accessed via multiple paths. It has no effect for physi-
cal volumes without alternate paths. autoswitch option may be set to one of the
following values:
p y LVM is directed to automatically switch from the path it is using whenever
a better path to the physical volume is available. LVM will switch paths
when a better path recovers (after it had failed earlier), or if the current
path fails and another path is available. This is the default.
n LVM is directed to automatically switch to using the best available path
only when the path currently in use is unavailable. LVM will continue
using a specific path for the physical volume as long as it works, regardless
of whether another better path recovers from a failure.
-x extensibility Set the allocation permission to add physical extents to the physical volume
pv_path. extensibility can have the following values:
y Allow allocation of additional physical extents on the physical volume. This
is the default.
n Prohibit allocation of additional physical extents on the physical volume.
However, logical volumes residing on the physical volume are accessible.
-t IO_timeout Set the I/O timeout value for the physical volume, to the number of seconds indi-
cated. An I/O timeout value of zero (0) causes the system to use the default
value supplied by the device driver associated with the physical device. I/O
timeout value is used by the device driver to determine how long to wait for disk
transactions to complete before concluding that an I/O request can not be com-
pleted (and the device is offline or unavailable).
-z sparepv This option requires the installation of the optional HP MirrorDisk/UX software.
It allows you to change the physical volume specified by pv_path into a spare
physical volume for its volume group, or change the specified spare physical
volume back into a regular physical volume for this volume group. No physical

186 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

pvchange(1M) pvchange(1M)

extents from a spare physical volume will be available as part of the "free" pool of
extents in the volume group. A spare physical volume will only be used in the
event that another physical volume within this volume group becomes unavail-
able (fails). sparepv can have one of the following values:
y Change the specified physical volume to be a "stand-by" spare for its volume
group. The specified physical volume must not have extents allocated on it
(i.e., no logical volumes residing on it) at the time this command is issued.
A stand-by spare physical volume will only be used in the event of a failure
of another physical volume -- prior to such a failure, no logical volume is
allowed to reside on it.
n Change the specified spare physical volume back into a regular physical
volume. If the physical volume was a stand-by spare, then all of the disk
space associated with it will be immediately available for use by logical
volumes. If the physical volume is an "active" spare, that is, it was previ-
ously a stand-by spare but then took over for a failed physical volume, it
will simply mark the physical volume as a regular member of its volume
group and the logical volumes residing on it will remain unchanged.

Attaching and Detaching Physical Volumes

Detaching a physical volume makes the data on that disk unavailable. LVM will not write or read any user
data or LVM metadata to the disk while it is detached. Consequently, it is important for the administrator
to ensure that the data on the disk is sufficiently mirrored to satisfy availability requirements prior to mak-
ing the device unavailable by detaching it.
Although detaching a path or physical volume ensures it is unavailable to LVM, attaching a path or physi-
cal volume will not necessarily make the path or physical volume available again. Attaching a path or phy-
sical volume only makes it available for LVM to use once the disk is working. For instance, if a disk is spin-
ning up, LVM will successfully attach the disk, but the disk will not be available until it is ready.
Detaching a physical volume or path only temporarily changes the status of the indicated path or physical
volume. However, it does not change the volume group configuration. When a physical volume is detached,
it will automatically be attached again the next time the volume group is activated using the vgchange
command (see vgchange(1M)). If the objective is to permanently add or remove a path or physical volume
from the volume group, the vgextend or vgreduce commands (see vgextend(1M), and vgreduce(1M))
should instead be used.
Warning: Detaching any physical volume or path using the -a N or -a n options also disables automati-
cally attaching any paths to any of the physical volumes in the volume group. LVM will no longer attempt
p
to automatically recover any unattached physical volumes in the volume group, not just the ones explicitly
detached. To cause LVM to once again automatically attach devices in the volume group use the -a y
options of vgchange command.
Attaching or Detaching Physical Volumes in Shared Volume Groups
The scope of the pvchange command is limited to the specific node on which it runs. Systems that are
part of a Serviceguard cluster operate independently. To replace disks that are part of a volume group
shared by a Serviceguard cluster, the physical volume must be detached and attached independently on
each of the systems in the cluster.

Alternate Links (PVLINKS)

In this release of HP-UX, LVM continues to support Alternate Links to a device to allow continued access to
the device, if the primary link fails. This multiple link or multipath solution increases data availability, but
does not allow the multiple paths to be used simultaneously.
There is a new feature introduced in the Mass Storage Subsystem on this version of HP-UX that also sup-
ports multiple paths to a device and allows access to the multiple paths simultaneously. The Mass Storage
Subsystem will balance the I/O load across the valid paths. This new multi-path behavior is enabled and
disabled through the use of the scsimgr command. See scsimgr(1M) for details.
It is no longer required or recommended to configure LVM with alternate links. However, it is possible to
maintain the traditional LVM behavior. To do so, both of the following criteria must be met:
• Only the legacy device special file naming convention is used in the volume group configuration.
• The scsimgr command is used to disable the Mass Storage Subsystem multipath behavior.

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 187

 pvchange(1M) pvchange(1M)

EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to C (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
C (see environ(5)).
EXAMPLES
Prohibit the allocation of additional physical extents to a physical volume:
pvchange -x n /dev/dsk/c0t0d0
Allow the allocation of additional physical extents to a physical volume:
pvchange -x y /dev/dsk/c0t0d0
Only switch paths when the current path is unavailable. Do not switch back to a prior path which had
failed and has recovered, when the current path works:
pvchange -S n /dev/dsk/c0t0d0
Switch paths whenever a better path becomes available again after a failure, even if the current path is
fine:
pvchange -S y /dev/dsk/c0t0d0
Manually switch a physical volume to use another controller path:
pvchange -s /dev/dsk/c2t0d2
Set the IO_timeout value for a physical volume to 60 seconds:
pvchange -t 60 /dev/dsk/c2t0d2
Set the IO_timeout value for a physical volume to zero (0) to use the driver default:
pvchange -t 0 /dev/dsk/c2t0d2
Change the (empty) physical volume to become a stand-by spare for the volume group:
pvchange -z y /dev/dsk/c2t0d2
Change the (active or stand-by) spare physical volume to become a regular member of the volume group:
p pvchange -z n /dev/dsk/c2t0d2
Detach a path to a physical volume
pvchange -a n /dev/dsk/c2t0d2
Detach all the paths to a physical volume
pvchange -a N /dev/dsk/c2t0d2
Attach a path to a physical volume
pvchange -a y /dev/dsk/c2t0d2
The vgchange command may be used to attach all the physical volumes in a volume group and resume
automatically attaching the failed physical volumes.
vgchange -a y /dev/vg_work
WARNINGS
If the Mass Storage Subsystem multipath solution is enabled, the pvchange command options that are
link specific may not stop I/Os or switch links, as they did in earlier releases. This means that pvchange
-a n, pvchange -s, and pvchange -S may not stop all I/Os on a given path. The scsimgr com-
mand should be used to disable the links.

SEE ALSO
pvdisplay(1M), scsimgr(1M), vgcfgbackup(1M), vgchange(1M). vgextend(1M), vgreduce(1M), environ(5),
lang(5), intro(7), lvm(7).

188 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

pvck(1M) pvck(1M)

NAME
pvck - check or repair a physical volume in LVM volume group

SYNOPSIS
/usr/sbin/pvck -y pv_path
/usr/sbin/pvck -n pv_path
DESCRIPTION
Note: Currently pvck is only capable of detecting bad checksums caused by a forward system migration
after a backward system migration. It should not be used in other situations.
The pvck command examines and repairs LVM data structures on a raw disk (pv_path) in a volume group.
Options and Arguments
pvck recognizes the following options and arguments.
-y Repair problems found.
-n Report, but do not repair problems.
pv_path The raw device path name of a physical volume.

RETURN VALUE
pvck returns the following values
0 Either no problems were found or all problems were corrected.
1 Unable to repair.

EXAMPLES
Examine LVM checksums on /dev/rdsk/c0t6d0 without modifying anything:
pvck -n /dev/rdsk/c0t6d0
Repair LVM checksums on /dev/rdsk/c0t6d0 if necessary:
pvck -y /dev/rdsk/c0t6d0
WARNINGS
pvck should only be run on a device whose volume group has not been activated.
pvck is designed to repair the root device or devices while the system is booted in maintenance mode
("hpux -lm ", see hpux(1M) on PA-RISC systems).
p
AUTHOR
pvck was developed by HP.
SEE ALSO
intro(7), lvm(7).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 189

 pvcreate(1M) pvcreate(1M)

NAME
pvcreate - create physical volume for use in LVM volume group

SYNOPSIS
/usr/sbin/pvcreate [-b] [-B] [-d soft_defects ] [-s disk_size] [-f] [-t disk_type] pv_path
DESCRIPTION
The pvcreate command initializes a direct access storage device (a raw disk device) for use as a physical
volume in a volume group.
If pv_path contains a file system and the -f option is not specified, pvcreate asks for confirmation. The
request for confirmation avoids accidentally deleting a file system.
Furthermore, when the -f option is not specified, the operation is denied if pv_path already belongs to
another LVM volume group, or the pv_path refers to a disk device under the control of the VERITAS or
Oracle ASM Volume Manager.
After using pvcreate to create a physical volume, use vgcreate to add it to a new volume group or
vgextend to add it to an existing volume group (see vgcreate (1M) and vgextend(1M)).
Disks cannot be added to a volume group until they are properly initialized by pvcreate .
pv_path can be made into a bootable disk by specifying the -B option, which reserves space on the physical
volume for boot-related data. This is a prerequisite for creating root volumes on logical volumes. Refer to
mkboot(1M) and lif(4) for more information.

Options and Arguments

pvcreate recognizes the following options and arguments:
pv_path The character (raw) device path name of a physical volume.
-b Read from standard input the numbers that correspond to the indexes of all
known bad blocks on the physical volume, pv_path, that is being created.
Specify the indexes using decimal, octal, or hexadecimal numbers in standard C-
language notation, with numbers separated by newline, tab, or formfeed charac-
ters. If this option is not used, pvcreate assumes that the physical volume
contains no bad blocks.
This option is being retained solely for backward compatibility reasons and is
currently ignored. It will be obsoleted in the next HP-UX release.
p -B Make a bootable physical volume (that is, a system disk). On PA-RISC systems,
pv_path should be the path name for the whole disk. On Itanium(R)-based sys-
tems, pv_path should be the path name for the disk section containing the
HP-UX partition (see model(1), getconf(1)).
-d soft_defects Specify the minimum number of bad blocks that LVM should reserve in order to
perform software bad block relocation. This number can be no larger than 7039.
If not specified, one block is reserved for each 8K of data blocks.
This option is being retained solely for backward compatibility reasons and is
currently ignored. It will be obsoleted in the next HP-UX release.
-s disk_size Effective size of the physical volume to be created, specified in kilobytes (KB).
-f Force the creation of a physical volume (thus deleting any file system or volume
manager information present) without first requesting confirmation.
Warning: The -f option should only be used as a last resort to over write file
system or volume manager information that cannot properly be removed using
the commands designed for that purpose. When invoked with -f , the command
does minimal verification, so care should be taken to assure that the disk is not
already in use prior to invoking the command.
-t disk_type Retrieve configuration information about the physical volume from the file
/etc/disktab . disk_type specifies the device (for example, hp7959S).
The disk_type only needs to be specified when pvcreate fails to get the size
from the underlying disk driver. If the driver successfully returns the size of the
device, disk_type is ignored.

190 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

pvcreate(1M) pvcreate(1M)

Note
The user data size of the same physical volume may differ, when initialized by pvcreate command under
different releases of HP-UX.

EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

EXAMPLES
Create a physical volume on raw device /dev/rdsk/c1t0d0, and force the creation without
confirmation:
pvcreate -f /dev/rdsk/c1t0d0
Create a bootable physical volume for an Itanium-based system on raw device /dev/rdsk/c1t0d0s2,
and force the creation without confirmation:
pvcreate -fB /dev/rdsk/c1t0d0s2
WARNINGS
If you are using pvcreate command on an Itanium-based system boot disk, ensure that the specified dev-
ice special file correspond to the HP-UX partition. For example,
pvcreate /dev/rdsk/c1t1d0s2
pvcreate initializes only the first 2,147,483,647 Kilobytes (2TB - 1KB) of disk space when the disk size
exceeds this value. Disk space beyond this point will not be used by LVM.
FILES
/etc/disktab Disk geometry and disk partition characteristics for all disk devices on the system

SEE ALSO
getconf(1), model(1), idisk(1M), mkboot(1M), vgcreate(1M), vgextend(1M), lif(4), intro(7), lvm(7).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 191

 pvdisplay(1M) pvdisplay(1M)

NAME
pvdisplay - display information about physical volumes in LVM volume group

SYNOPSIS
/usr/sbin/pvdisplay [-v] [-d] [-b BlockList] pv_path ...
/usr/sbin/pvdisplay -l pv_path ...
/usr/sbin/pvdisplay -F [-d] [-v] pv_path ...
DESCRIPTION
The pvdisplay command displays information about each physical volume specified by a pv_path param-
eter.

Options
pvdisplay recognizes the following options:
pv_path The block device path name of a physical volume.
-b BlockList For each block in BlockList, display information about the block. BlockList is a
comma separated list of blocks in DEV_BSIZE units.
-d For each physical volume, display the offset to the start of the user data in 1024 byte
blocks from the beginning of the PV, specify if pv_path is a bootable physical volume,
and display the number of bad blocks that were relocated. These details are displayed
in addition to other information.
-F Produce a compact listing of fields described in Compact Listing (-F Option). The out-
put is a list of colon separated fields formatted as key =value[,value...].
-l Check whether pv_path refers to a disk device under HP Logical Volume Manager
(LVM) control.
-v For each physical volume, display the logical volumes that have extents allocated on
the physical volume and the usage of all the physical extents.

Display Without -v Option

If you omit the -v option, pvdisplay displays the characteristics of each physical volume specified by
pv_path:

p --- Physical volumes ---

PV Name The block device path name of the physical volume
VG Name The path name of the volume group
PV Status State of the physical volume (NOTE: spare physical volumes are only
relevant if you have installed HP MirrorDisk/UX software):
available
The physical volume is available and is not a spare physical volume.
available/data spared
The physical volume is available. However, its data still resides on an
active spare.
available/active spare
The physical volume is available and is an active spare physical
volume. (An active spare is a spare that has taken over for a failed
physical volume.)
available/standby spare
The physical volume is a spare, "standing by" in case of a failure on
any other physical volume in this volume group. It can only be used to
capture data from a failed physical volume.
unavailable
The physical volume is unavailable and is not a spare physical volume.
unavailable/data spared
The physical volume is unavailable. However, its data now resides on

192 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

pvdisplay(1M) pvdisplay(1M)

an active spare, and its data is available if the active spare is avail-
able.
unavailable/active spare
The physical volume is unavailable and it’s an active spare. Thus, the
data on this physical volume in unavailable.
unavailable/standby spare
The physical volume is a spare, "standing by" that is not currently
available to capture data from a failed physical volume.
Allocatable Allocation permission for the physical volume
VGDA Number of volume group descriptors on the physical volume
Cur LV Number of logical volumes using the physical volume
PE Size (Mbytes) Size of physical extents on the volume, in megabytes (MB)
Total PE Total number of physical extents on the physical volume
Free PE Number of free physical extents on the physical volume
Allocated PE Number of physical extents on the physical volume that are allocated to
logical volumes
Stale PE Number of physical extents on the physical volume that are not current
IO Timeout The I/O timeout used by the disk driver when accessing the physical
volume. A value of default , indicates that the driver default I/O timeout
is being used.
Spared from PV If the physical volume represents an active spare, this field will show the
name of the failed physical volume whose data now resides on this spare.
This information can be used to manually move the data back to the origi-
nal physical volume, once it has been repaired. (See pvmove (1M)). If it
cannot be determined which physical volume that the data came from, this
field will instead display Missing PV . A missing physical volume would
indicate that when the volume group was last activated or reactivated (see
vgchange(1M)), the "failed" physical volume was not able to attach to the
volume group.
Spared to PV If the physical volume represents a failed physical volume, this field will
show the name of the active spare physical volume that now contains the
p
data that originally resided on this volume. This information can be used to
manually move the data back to the original physical volume (see
pvmove (1M)) once it has been repaired.

Display With -v Option

If -v is specified, pvdisplay lists additional information for each logical volume and for each physical
extent on the physical volume:
--- Distribution of physical volume ---
The logical volumes that have extents allocated on pv_path, displayed in column format:
LV Name The block device path name of the logical volume which has extents allo-
cated on pv_path.
LE of LV Number of logical extents within the logical volume that are contained on
this physical volume
PE for LV Number of physical extents within the logical volume that are contained on
this physical volume
--- Physical extents ---
The following information for each physical extent, displayed in column format:
PE Physical extent number
Status Current state of the physical extent: free , current , or stale

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 193

 pvdisplay(1M) pvdisplay(1M)

LV The block device path name of the logical volume to which the extent is
allocated
LE Index of the logical extent to which the physical extent is allocated

Display With -d Option

If -d is specified, pvdisplay displays the following additional details for each physical volume:
Data Start
Starting block number (KB) of the user data. Displays unavailable if the PV is unavailable.
Boot Disk
Specify if the pv_path is a bootable physical volume.
yes PV was setup as a bootable physical volume using pvcreate.
no Physical volume is not a bootable physical volume.
unavailable
Physical volume is unavailable.
Relocated Blocks
Display the number of bad blocks that were relocated. Displays unavailable if the PV is unavail-
able.

Compact Listing (-F Option)

The -F option generates a compact and parsable listing of the command output in colon separated fields
formatted as key =value[,value...]. The -F option is designed to be used by scripts. The resulting com-
mand output may be split across multiple lines. The output may include new keys and/or values in the
future. If a key is deprecated, its associated value is set to NAM (key =NAM ). For the current version of the
pvdisplay command, the lines format is:
LINE 1
The format of Line 1 is as follows:
pv_name=value[,value ...]:vg_name=value:pv_status=value:
allocatable=value:vgda=value:cur_lv=value:pe_size=value:
total_pe=value:io_timeout=value:spared_from=value: spared_to=value:autoswitch=value
LINE 2
The format of Line 2 is as follows:
p lv_name=value:le_of_lv=value:pe_for_lv=value
... The above line may be repeated with different values.
LINE n
The format of Line n is as follows:
pe=value:pe_status=value:lv=value:le=value
... The above line may be repeated with different values.
Display With -b Option
If -b is specified, pvdisplay lists additional information for each block specified in BlockList.
--- Block Mapping ---
The use of blocks on pv_path, displayed in column format:
Block The block number relative to the physical volume.
Status The current status of the block: free , used , structure , spared , or
unknown
Offset The offset of the block relative to the logical volume.
LV Name The block device path name of the logical volume to which the block is allo-
cated.

Display With -l Option

If -l is specified, pvdisplay displays "LVM_Disk=yes" if the physical volume specified by pv_path is
under LVM control. If the physical volume is not under LVM control, it displays "LVM_Disk=no" instead.

194 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

pvdisplay(1M) pvdisplay(1M)

The pvdisplay command returns 1 if any of the physical volumes specified are under LVM control; oth-
erwise it returns 0.

EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

EXAMPLES
Display the status and characteristics of a physical volume:
pvdisplay /dev/dsk/c1t0d0
Display the status, characteristics, and allocation map of a physical volume:
pvdisplay -v /dev/dsk/c2t0d0
Check whether the physical volume belongs to LVM:
pvdisplay -l /dev/dsk/c2t0d0
Check if the physical volume has relocated blocks:
pvdisplay -d /dev/dsk/c2t0d0
SEE ALSO
lvdisplay(1M), pvchange(1M), pvcreate(1M), vgdisplay(1M), intro(7), lvm(7).

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 195

 pvmove(1M) pvmove(1M)

NAME
pvmove - move allocated physical extents from one LVM physical volume to other physical volumes

SYNOPSIS
/usr/sbin/pvmove [-A autobackup] [-n lv_path] source_pv_path
[dest_pv_path ...  dest_pvg_name ...]
/usr/sbin/pvmove [-A autobackup] source_pv_path[:0]
[dest_pv_path ...  dest_pvg_name ...]

Remarks
pvmove cannot be performed if the volume group is activated in shared mode.
pvmove cannot move extents of a striped logical volume.
DESCRIPTION
The pvmove command moves allocated physical extents and the data they contain from a source physical
volume, source_pv_path, to one or more other physical volumes in the same volume group.
The first extent of the physical volume can be moved to create more space for LVM’s metadata. The
vgmodify command can use this extra space to expand the metadata. To relocate the first extent, specify
0 after source_pv_path, delimited by a colon (:).
If a destination physical volume or physical volume group is not specified, all physical volumes in the
volume group are available as destination volumes for the transfer. pvmove selects the proper physical
volumes to be used in order to preserve the allocation policies of the logical volume involved.
To limit the transfer to specific physical volumes, specify the name of each physical volume directly with a
dest_pv_path argument. Optionally, if physical volume groups are defined for the volume group, specify
the physical volumes indirectly with one or more dest_pvg_name arguments.
source_pv_path must not appear as a dest_pv_path.
If source_pv_path is a member of a dest_pvg_name, it is automatically excluded from being a destination
physical volume.
While moving the first extent, src_pv_path can be part of dest_pv_path and src_pv_path is not excluded if it
is member of dest_pvg_name.
pvmove succeeds only if there is enough space on the destination physical volumes to hold all the allocated
p extents of the source physical volume.
If you have installed HP MirrorDisk/UX on your system and source_pv_path is an "active spare" physical
volume within a mirrored logical volume, once all of the data has been moved to dest_pv_path, the
source_pv_path physical volume will be returned to a "stand-by" spare physical volume. This is how to
"unspare" data once the original failed physical volume has been repaired and is available to receive data.

Options
pvmove recognizes the following options:
dest_pv_path The block device path name of a physical volume. It cannot be the source physi-
cal volume. It must be in the same volume group as source_pv_path.
dest_pvg_name The name of a physical volume group. It must be in the same volume group as
source_pv_path.
source_pv_path The block device path name of a physical volume.
-A autobackup Set automatic backup for this invocation of this command. autobackup can have
one of the following values:
y Automatically back up configuration changes made to the physical volume.
This is the default.
After this command executes, the vgcfgbackup command (see
vgcfgbackup(1M)) is executed for the volume group to which the physical
volume belongs.
n Do not back up configuration changes this time.

196 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

pvmove(1M) pvmove(1M)

-n lv_path Move only the physical extents allocated to the logical volume specified by
lv_path that are located on the source physical volume specified by
source_pv_path.

EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

EXAMPLES
Move physical extents from /dev/dsk/c1t0d0 to /dev/dsk/c2t0d0 and /dev/dsk/c3t0d0:
pvmove /dev/dsk/c1t0d0 /dev/dsk/c2t0d0 /dev/dsk/c3t0d0
If physical volumes /dev/dsk/c2t0d0 and /dev/dsk/c3t0d0 are the only ones that belong to phy-
sical volume group PVG0 , the same result can be achieved with the following command:
pvmove /dev/dsk/c1t0d0 PVG0
Move only the physical extents for logical volume /dev/vg01/lvol2 that are currently on
/dev/dsk/c1t0d0 to /dev/dsk/c2t0d0:
pvmove -n /dev/vg01/lvol2 /dev/dsk/c1t0d0 /dev/dsk/c2t0d0
Relocate PE number 0 to any free extent with in the same physical volume.
pvmove /dev/dsk/c1t0d0:0 /dev/dsk/c1t0d0
Relocate PE number 0 from /dev/dsk/c1t0d0 to any free extent in the volume group.
pvmove /dev/dsk/c1t0d0:0
SEE ALSO
pvdisplay(1M), vgcfgbackup(1M), intro(7), lvm(7).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 197

 pvremove(1M) pvremove(1M)

NAME
pvremove - remove LVM data structure from a physical volume

SYNOPSIS
/sbin/pvremove pv_path
DESCRIPTION
The pvremove command clears the LVM data structure on a disk, so that it is no longer an LVM physical
volume. The device may then be used by the file system or by other Volume Manager.
The operation is denied if pv_path is assigned to a volume group. The pvremove command only clears
the LVM data structure on a disk if the disk does not belong to a volume group. This avoids accidentally
removing a valid physical volume under a volume group. If the physical volume to be removed belongs to a
volume group, use the vgremove command to first remove the volume group associated with the physical
volume.

Arguments
pvremove recognizes the following arguments:
pv_path The character (raw) device path name of a physical volume.

EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).
EXAMPLES
Remove LVM data structure on the physical volume /dev/rdsk/c1t0d0:
pvremove /dev/rdsk/c1t0d0
SEE ALSO
lvremove(1M), vgremove(1M), intro(7), lvm(7).

198 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

pwck(1M) pwck(1M)

NAME
pwck, grpck - password/group file checkers

SYNOPSIS
/usr/sbin/pwck [-l] [password [shadow]]
/usr/sbin/pwck [-s] [-l] [password]
/usr/sbin/grpck [ file ]
DESCRIPTION
pwck scans fields in the password and shadow files and reports any inconsistencies to standard error. The
checks include validation of the number of fields, login name, user ID, group ID, and whether the login
directory and optional program exist. In addition, if the root entry shows a program, it can only be one of:
/sbin/sh , /usr/bin/csh , /usr/bin/ksh , or /usr/bin/sh . The default password file is
/etc/passwd . The default shadow file is /etc/shadow . For additional verification, use pwconv , to
check consistency between entries in the password and shadow files.
grpck verifies all entries in the group file and reports any inconsistencies to standard error. This
verification includes a check of the number of fields, group name, group ID, and whether all login names
appear in the password file. The default group file is /etc/group .

Options
pwck recognizes the following options:
-s Check inconsistencies with the Protected Password database. It calls authck -p.
-l Check encrypted password lengths that are greater than 8 characters.

DIAGNOSTICS
Group entries in /etc/group with no login names are flagged.

WARNINGS
Successful password file validation is not sufficient for proper system operation. To help maintain con-
sistency with other system databases, editing of the password file with vipw is discouraged. HP recom-
mends that you use sam , useradd , usermod , userdel , chfn , chsh or passwd to edit
/etc/passwd .
HP-UX 11i Version 3 is the last release to support trusted systems functionality.
p
DEPENDENCIES
NFS
pwck and grpck check only the local password, shadow and group files. The Network Information Ser-
vice database is not checked.

AUTHOR
pwck was developed by AT&T and HP.
FILES
/etc/group
/etc/passwd
/etc/shadow
SEE ALSO
authck(1M), pwconv(1M), vipw(1M), group(4), passwd(4), shadow(4).

STANDARDS CONFORMANCE
pwck : SVID2, SVID3
grpck : SVID2, SVID3

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 199

 pwconv(1M) pwconv(1M)

NAME
pwconv - install, update or check the /etc/shadow file

SYNOPSIS
/usr/sbin/pwconv [-t] [-v]
DESCRIPTION
The pwconv command installs or appends /etc/shadow with information from /etc/passwd , or
checks for any discrepancies between the contents of the two files.
The pwconv command without options does the following:
1. Creates the file /etc/shadow if it does not exist; otherwise, it removes all entries for user-
names which are not present in /etc/passwd .
2. For each entry in /etc/passwd , move the encrypted password and aging information to
/etc/shadow . Entries in /etc/passwd which have no encrypted password or aging infor-
mation will not overwrite information in /etc/shadow .
3. Writes an "x" in each password field of the /etc/passwd file, to indicate that the password and
aging information reside in the /etc/shadow file.
The pwconv command relies on a special value of "x" in the password field of /etc/passwd . A value
different from "x" will prompt pwconv to move the password and aging information into the corresponding
fields of /etc/shadow , and then replace the password field in /etc/passwd with an "x".
If no aging information exists in /etc/passwd for a user, none will be added to /etc/shadow . How-
ever, the last change field, which indicates when the password was last modified, will always be updated
(default is current date). See shadow(4).

Options
The following options are recognized:
-v Verbose output.
-t Test mode. pwconv prints error information but does not modify /etc/passwd nor
/etc/shadow .
Notes
The pwconv command can only be used by the superuser.
p HP recommends running pwck before pwconv . See pwck(1M).
A system which has been converted to a trusted system has no /etc/shadow file. In this case, pwconv
can be used with no options to update the secure password facility to reflect any changes made in the
/etc/passwd file.
RETURN VALUE
pwconv exits with one of the following values:
0 Successful completion.
1 Conversion error occurred.

WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems functionality.

FILES
/etc/passwd system password file
/etc/shadow shadow password file
/tcb/files/auth/*/* secure password facility

SEE ALSO
pwck(1M), pwunconv(1M), passwd(4), shadow(4).

200 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

pwgr_stat(1M) pwgr_stat(1M)

NAME
pwgr_stat - password and group hashing and caching statistics

SYNOPSIS
/usr/sbin/pwgr_stat
DESCRIPTION
pwgr_stat displays the current status of the pwgrd daemon process running on the system. It
includes whether or not the daemon is running, how much activity is occurring, as well as statistics for each
kind of request serviced by pwgrd . Request specific statistics include the number of request and the per-
cent of requests handled by the cache and the hashtables used to service that request. A request may not
have both a cache and a hashtable. Such requests will have a - for the corresponding hit rate. Requests
where no answer was found are not counted in the hit rate.
The display is updated every 2 seconds. Use the q key to exit pwgr_stat . pwgr_stat verifies that
pwgrd is accessible by issuing a NULL request to pwgrd , therefore the NULL request count will be
increased as long as pwgr_stat is running.

FILES
/var/spool/pwgr/daemon Daemon Unix domain socket.
/var/spool/pwgr/status Daemon process status file.

AUTHOR
pwgr_stat was developed by the Hewlett-Packard Company.
SEE ALSO
pwgrd(1M).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 201

 pwgrd(1M) pwgrd(1M)

NAME
pwgrd - password and group hashing and caching daemon

SYNOPSIS
/usr/sbin/pwgrd [-d] [-l logfile]
DESCRIPTION
pwgrd provides accelerated lookup of password and group information for libc routines like getpwuid
and getgrname . pwgrd implements per request type caches and hashtables as appropriate. When the
corresponding routine in libc is called, a request is issued to pwgrd via a Unix domain socket connection.
pwgrd determines whether it can satisfy the request, returning the appropriate results to the requesting
process.

Options
pwgrd recognizes the following options and command-line arguments:
-d Debug mode. Do not become a daemon. Issue additional diagnostic messages. Instead of log-
ging message via syslog , issue messages to stderr.
-l logfile Logfile. In addition to logging via syslog , pwgrd will write log messages to logfile.
pwgrd modifies its behavior depending on whether or not the local machine is using some form of NIS for
password or group information. When NIS is being used, the hashtables corresponding to that service are
not generated or consulted. Therefore only caching is provided for those requests.

AUTHOR
pwgrd was developed by the Hewlett-Packard Company.
FILES
/etc/rc.config.d/pwgr Start up configuration variable. Set PWGR to 1 if you want pwgrd
to start on reboot.
/var/spool/pwgr/* Hash files, status file and daemon Unix domain socket.
/var/spool/sockets/pwgr/* Client Unix domain sockets.
SEE ALSO
pwgr_stat(1M).
p

202 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

pwunconv(1M) pwunconv(1M)

NAME
pwunconv - convert passwords from shadow to nonshadow

SYNOPSIS
/usr/sbin/pwunconv
DESCRIPTION
The pwunconv command transfers the password and aging information for all users from /etc/shadow
to /etc/passwd . The /etc/shadow file is removed.
Some of the aging information may be lost during the conversion; the warn and expire fields are dis-
carded, while min , max , and lstchg are rounded from days to weeks.

Notes
HP recommends that you run pwck before running pwunconv . See pwck(1M).

FILES
/etc/passwd system password file.
/etc/shadow shadow password file.

SEE ALSO
pwck(1M), pwconv(1M).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 203

 quot(1M) quot(1M)

NAME
quot - summarize file system ownership

SYNOPSIS
/usr/sbin/quot [-F FStype] [-V] [-cfhnv ] [-o FSspecific-options] filesystem ...
/usr/sbin/quot [-F FStype] [-V] [-cfhnv ] -a
DESCRIPTION
The quot command displays the number of 1024-byte blocks in the named filesystem that are currently
owned by each user. filesystem is either the name of the directory on which the file system is mounted or
the name of the device containing the file system.

Options
quot recognizes the following options:
-F FStype Specify the file system type on which to operate (see fstyp(1M) and fs_wrapper(5)). If
this option is not included on the command line, the file system type is determined
from the file /etc/fstab by matching filesystem with an entry in that file. If there
is no entry in /etc/fstab , then the file system type is determined from the file
/etc/default/fs.
-V Echo the completed command line, but perform no other action. The command line is
generated by incorporating the user-specified options and other information derived
from /etc/fstab . This option allows the user to verify the command line.
-o FSspecific-options
Specify any options specific to the file system.
-a Generate a report for all mounted file systems.
-c Report size rather than user statistics. Generates histogram statistics in 3-column
format:
Column 1: File size in blocks. Sizes are listed in ascending order up to 499 blocks
per file. Files occupying 499 or more blocks are counted together on a
single line as 499-block files (but column 3 is based on actual number of
blocks occupied).
Column 2: Number of files of size indicated in column 1.
Column 3: Cumulative total blocks occupied by files counted in current plus all
q preceding lines.
Use of this option overrides the -f and -v options.
-f Display number of files and space occupied by each user.
-h Calculate the number of blocks in the file based on file size rather than actual blocks
allocated. This option does not account for sparse files (files with holes in them).
-n Accept data from the ncheck command (see ncheck(1M)) as input. Run the pipeline:
ncheck device | sort +0n | quot -n filesystem
to produce a list of all files and their owners.
-v Display three columns containing the number of blocks not accessed in the last 30, 60,
and 90 days.

AUTHOR
quot was developed by the University of California, Berkeley, Sun Microsystems, Inc., and HP.
FILES
/etc/default/fs Specifies the default file system type
/etc/fstab Static information about the file systems
/etc/mnttab Mounted file system table
/etc/passwd Password file (contains user names)

204 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

quot(1M) quot(1M)

SEE ALSO
quot_hfs(1M), quot_vxfs(1M), du(1), find(1), ls(1), fstyp(1M), mount(1M), ncheck(1M), repquota(1M),
fs_wrapper(5), quota(5).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 205

 quot_hfs(1M) quot_hfs(1M)

NAME
quot_hfs: quot - summarize ownership on an HFS file system

SYNOPSIS
/usr/sbin/quot [-F hfs ] [-V] [-cfhnuv ] filesystem ...
/usr/sbin/quot [-F hfs ] [-V] [-cfhnuv ] -a
DESCRIPTION
The quot command displays the number of 1024-byte blocks in the named HFS filesystem that are
currently owned by each user. filesystem is either the name of the directory on which the file system is
mounted or the name of the device containing the file system.

Options
quot recognizes the following options:
-a Generate a report for all mounted HFS file systems.
-c Report size rather than user statistics. Generates histogram statistics in 3-column format:
Column 1: File size in blocks. Sizes are listed in ascending order up to 499 blocks
per file. Files occupying 499 or more blocks are counted together on a
single line as 499-block files (but column 3 is based on actual number of
blocks occupied).
Column 2: Number of files of size indicated in column 1.
Column 3: Cumulative total blocks occupied by files counted in current plus all
preceding lines.
Use of this option overrides the -f and -v options.
-f Display number of files and space occupied by each user.
-F hfs Specify the file system type hfs .
-h Calculate the number of blocks in the file based on file size rather than actual blocks allo-
cated. This option does not account for sparse files (files with holes in them).
-n Accept data from the ncheck command (see ncheck(1M)) as input. Run the pipeline:
ncheck device | sort +0n | quot -n filesystem
to produce a list of all files and their owners.
q -u Report on users. This is the default action.
-v Display three columns containing the number of blocks not accessed in the last 30, 60, and
90 days.
-V Echo the completed command line, but perform no other action. The command line is gen-
erated by incorporating the user-specified options and other information derived from
/etc/fstab . This option allows the user to verify the command line. If the options
specified are valid, the completed command line is echoed. If the options specified are not
valid, an error message is printed.

AUTHOR
quot , a disk quota command, was developed by the University of California, Berkeley, Sun Microsystems,
Inc., and HP.

FILES
/etc/fstab Static information about the file systems
/etc/mnttab Mounted file system table
/etc/passwd Password file (contains user names)

SEE ALSO
du(1), find(1), ls(1), fstyp(1M), mount(1M), ncheck(1M), quot(1M), repquota(1M), quota(5).

206 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

quotacheck(1M) quotacheck(1M)

NAME
quotacheck - file system quota consistency checker

SYNOPSIS
/usr/sbin/quotacheck [-F FStype] [-V] [-o specific-options] filesystem ...
/usr/sbin/quotacheck [-F FStype] [-V] [-o specific-options] -a
DESCRIPTION
The quotacheck command examines each file system, builds a table of current disk usage, and compares
this table against that stored in the disk quota file for the file system. If any inconsistencies are detected,
both the quota file and the current system copy of the incorrect quotas are updated.
quotacheck expects each file system to be checked to have a file named quotas in the root directory.
If none is present, quotacheck reports an error and ignores the file system. quotacheck is normally
run at mount time from start-up scripts.
filesystem represents a mount point or block special device such as /dev/dsk/c1t0d2.

Options
quotacheck recognizes the following options:
-F Fstype Specify the file system type on which to operate (see fstyp(1M) and fs_wrapper(5)). If
this option is not included on the command line, then the file system type is deter-
mined from the file /etc/fstab by matching filesystem with an entry in that file.
If there is no entry in /etc/fstab , then the file system type is determined from
the file /etc/default/fs.
-V Echo the completed command line, but perform no other action. The command line is
generated by incorporating the user-specified options and other information derived
from /etc/fstab . This option allows the user to verify the command line.
-o specific-options
Specify options specific to each file system type. specific-options is a list of suboptions
and/or keyword/attribute pairs intended for a FStype-specific module of the command.
See the file system specific man pages for a description of the specific-options sup-
ported, if any.
-a Obtain list of file systems to check from /etc/fstab . Only mounted rw (or
default ) type file systems with the quota option are checked.
EXTERNAL INFLUENCES
Environment Variables
q
LC_MESSAGES determines the language in which messages are displayed.
If LC_MESSAGES is not specified in the environment or is set to the empty string, the value of LANG is
used as a default for each unspecified or empty variable. If LANG is not specified or is set to the empty
string, a default of "C" (see lang(5)) is used instead of LANG .
If any internationalization variable contains an invalid setting, quotacheck behaves as if all internation-
alization variables are set to "C". See environ(5).

International Code Set Support

Single- and multi-byte character code sets are supported.

AUTHOR
quotacheck was developed by HP and the University of California, Berkeley.
FILES
/etc/default/fs Specifies the default file system type
/etc/fstab Default list of file systems to check
/etc/mnttab Mounted file system table
directory /quotas Quota statistics static storage for file system where directory is the file system
root as specified to the mount command (see mount(1M)).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 207

 quotacheck(1M) quotacheck(1M)

SEE ALSO
fs_wrapper(5), mount(1M), quota(5), quotacheck_hfs(1M), quotacheck_vxfs(1M).

208 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

quotacheck_hfs(1M) quotacheck_hfs(1M)

NAME
quotacheck_hfs: quotacheck - quota consistency checker for HFS file systems

SYNOPSIS
/usr/sbin/quotacheck [-F hfs ] [-V] [-pPuv ] filesystem ...
/usr/sbin/quotacheck [-F hfs ] [-V] [-pPuv ] -a
DESCRIPTION
The quotacheck command examines each HFS file system, builds a table of current disk usage, and
compares this table against that stored in the disk quota file for the file system. If any inconsistencies are
detected, both the quota file and the current system copy of the incorrect quotas are updated.
quotacheck expects each file system to be checked to have a file named quotas in the root directory.
If none is present, quotacheck reports an error and ignores the file system. quotacheck is normally
run at mount time from start up scripts.
filesystem represents a mount point or block special device (for example, /dev/dsk/c1t0d2).

Options
quotacheck recognizes the following options:
-a Obtain list of file systems to check from /etc/fstab . Only mounted file systems of
type hfs and rw (or default ) with the quota option are checked.
-F hfs Specify the file system type hfs .
-p Check file systems in parallel as allowed by equal values in the pass number field in
/etc/fstab .
-P Preen file systems, checking only those with invalid quota statistics (quotaoff and
edquota commands can invalidate quota statistics as discussed in quota(5) — see
quotaoff(1M) and edquota(1M)). Also checks in parallel as in -p above.
-u Check user quotas. This is the default action.
-V Echo the completed command line, but perform no other action. The command line is
generated by incorporating the user-specified options and other information derived
from /etc/fstab . This option allows the user to verify the command line.
-v Indicate the calculated disk quotas for each user on a particular file system. quota-
check normally reports only those quotas that are modified.
AUTHOR q
quotacheck was developed by HP and the University of California, Berkeley.
FILES
/etc/fstab Static information about the file systems
/etc/mnttab Mounted file system table
directory /quotas Quota statistics static storage for filesystem where directory is the file system root as
specified to the mount command (see mount(1M)).

SEE ALSO
mount(1M), quotacheck(1M), quotaoff(1M), quotaon(1M), quota(5).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 209

 quotaon(1M) quotaon(1M)

NAME
quotaon, quotaoff - turn HFS file system quotas on and off

SYNOPSIS
/usr/sbin/quotaon [-guv ] filesystem ...
/usr/sbin/quotaon [-guv ] -a
/usr/sbin/quotaoff [-guv ] filesystem ...
/usr/sbin/quotaoff [-guv ] -a
Remarks
These commands are provided for compatibility only. Their use is neither required nor recommended
because mount and umount enable and disable quotas cleanly (see mount(1M)). See WARNINGS below
for more information.

DESCRIPTION
The quotaon command enables quotas on one or more file systems. Group quotas cannot be enabled on
HFS file systems.
The quotaoff command disables quotas on one or more HFS file systems.
filesystem is either the name of the mount point of the file system, or the name of the block device contain-
ing the file system. The file systems specified must be currently mounted in order to turn quotas on or off.
Also, the file system quota files, quotas (for user quotas) and quota.group (for group quotas) must be
present in the root directory of each specified file system.
These commands will update the appropriate entries in /etc/mnttab to indicate that quotas are on or
off for each file system.
When enabling quotas interactively after boot time, the quotacheck command should be run immedi-
ately afterward (see WARNINGS below).
Use mount (see mount(1M)) to determine whether quotas are enabled on mounted file systems.

Options
The following options affect the behavior described above.
-a Obtain the filesystem list from /etc/fstab , using entries of type hfs and rw (or default )
with the quota option, for user quotas and grpquota option, for group quotas (see fstab(4)).
-g Turn on or off group quotas only.
q -u Turn on or off user quotas (the default) only.
-v Generate a message for each file system affected.
EXTERNAL INFLUENCES
Environment Variables
LC_MESSAGES determines the language in which messages are displayed.
If LC_MESSAGES is not specified in the environment or is set to the empty string, the value of LANG is
used as a default for each unspecified or empty variable. If LANG is not specified or is set to the empty
string, a default of "C" (see lang(5)) is used instead of LANG .
If any internationalization variable contains an invalid setting, quotaon behaves as if all internationali-
zation variables are set to "C". See environ(5).

International Code Set Support

Single and multi-byte character code sets are supported.

WARNINGS
Using quotaoff to disable quotas on a file system causes the system to discontinue tracking quotas for
that file system, and marks the quota clean flag in the superblock NOT_OK (see fsclean(1M)). This in
turn, forces a quotacheck the next time the system is booted. Since quotas are enabled and disabled
cleanly by mount and umount anyway, the use of quotaon and quotaoff is generally discouraged.

210 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

quotaon(1M) quotaon(1M)

AUTHOR
Disk quotas were developed by the University of California, Berkeley, Sun Microsystems, Inc., and HP.

FILES
/etc/fstab Static information about the file systems

/etc/mnttab Mount file system table

directory /quota.group
directory /quotas Group and user quota statistics static storage for a file system respectively,
where directory is the root of the file system as specified to the mount command
(see mount(1M)).

SEE ALSO
fsclean(1M), mount(1M), quotacheck(1M), quotacheck_hfs(1M), quotacheck_vxfs(1M), quota(5).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 211

 rad(1M) rad(1M)

NAME
rad - rad features have been moved to olrad

DESCRIPTION
rad has been replaced with a new olrad command which provides enhanced features for performing on-
line addition and replacement of I/O cards. Please see the olrad(1M) manual page.

RETURN VALUE
rad exits with the value 255.
SEE ALSO
olrad(1M), ioscan(1M), pdweb(1M).

212 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

ram_monitor(1M) ram_monitor(1M)

NAME
ram_monitor - the Route Administration Manager (RAM) monitor

SYNOPSIS
/usr/bin/ram_monitor (ripng | bgp | isis ) [IP_address] CLI_Port_Number
DESCRIPTION
ram_monitor is an interactive command line utility used to query routing protocol daemons ripngd(1M),
bgpd(1M), and isisd(1M). ram_monitor can be used to view detailed information on the IO statistics,
the error logs, the routing table, the configured protocol interfaces, and the configured filter policies.
ram_monitor establishes a TCP connection to the routing daemon through the IP address specified at
startup. If an IP address is not specified, ram_monitor connects to the routing protocol daemon running
on the local machine.

Commands
In the interactive mode, ram_monitor displays one of the following prompt:
daemon> When connected to the local machine.
daemon# When connected to the IP address specified. The daemon can be ripng , bgp , or isis .
Any of the ram_monitor interactive commands can be run at this prompt. The interactive
commands can be interrupted at any time via a keyboard interrupt.

General Commands
? Displays all local commands and their functions.
help [command] Displays the list of commands available in the current mode, if command is not
specified. If the command name is specified, the help topic corresponding to the
specified command is displayed.
history Displays the history of commands executed in the interactive session.
!! Executes the previous command.
! command_num Executes the command specified by command number, command_num, in the his-
tory of commands.
redirect filename Redirects the command output to the specified file.
exit Exits ram_monitor .

RIPng-Specific Commands
The following are valid RIPng-specific command:
show filter [gw|route ]
r
Displays the filters configured for RIPng.
gw All the gateway filters are displayed.
route All the route filters are displayed.
By default, both gateway and route filters are displayed.
show route Displays the RIPng routing table.
query destination [-t secs ]
Requests the routing table of the gateway using RIPng’s protocol request.
destination specifies the gateway address to which the request has to be sent.
The -t option specifies the wait time in seconds for the responses. The default
value is 5 seconds if -t is not specified.
trace (on|off ) Toggles the tracing of the protocol daemon.
show log Displays the RIPng protocol statistics.
show error Displays the RIPng Error counters.
show interface Displays the RIPng interface configuration.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 213

 ram_monitor(1M) ram_monitor(1M)

show profile Displays configured profiles of RIPng.

BGP-Specific Commands
The following are valid BGP-specific commands:
show filter Displays the list of BGP route filters.
show route Displays the BGP routing table.
trace (on|off ) Toggles the tracing of the protocol daemon.
show log Displays the BGP protocol statistics.
show error Displays the list of notification sent to peers.
show peers Displays the list of BGP peers.
show eventlog Displays the list of BGP FSM transition events for all peers.

IS-IS-Specific Commands
The following are IS-IS-specific commands:
show adj Displays the isisd adjacency information.
show interface Displays the information on isisd interfaces.
show lsp Displays the LSP database for L1, L2, and L1/L2.
show log Displays isisd statistics.
show eventlog Displays the list of isisd cumulative event log.
show error Displays the list of cumulative errors.
show nexthop Displays the next hop list derived from the SPF calculation.
trace (on|off ) Toggles the trace.
show filter Displays the list of isisd configured summary filters.

EXAMPLES
RIPng Examples
To invoke ram_monitor and connect to ripngd , type the following at the HP-UX command prompt:
/usr/bin/ram_monitor ripng 15000
Following is sample output of the ram_monitor commands:
ripng> show interface
r If : lan0
Status : UP, ENABLED
Profile : 0
Cost : 1
Mtu : 1500
Primary Address : fe80::230:6eff:fe2c:b619
Site Local Access : allow
Route Filter Access : deny

ripng> show route

5511::230:6eff:fe2c:b619/64 5511::230:6eff:fe2c:b619 1 local lan0

5555::230:6eff:fe2c:b619/64 5555::230:6eff:fe2c:b619 1 local lan0
6666::230:6eff:fe2c:b619/64 6666::230:6eff:fe2c:b619 1 local lan0

ripng> show profile

Profile id - 0
Horizon (2 - split/ 3 - poison reverse) : 3
Route Age (in sec) : 180
Periodic Update Timer Interval (in sec) : 30
Triggered Update Timer Interval (in sec) : 5

214 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

ram_monitor(1M) ram_monitor(1M)

Garbage Collection Timer Interval (in sec) : 120

Profile id - 1
Horizon (2 - split/ 3 - poison reverse) : 3
Route Age (in sec) : 180
Periodic Update Timer Interval (in sec) : 50
Triggered Update Timer Interval (in sec) : 5
Garbage Collection Timer Interval (in sec) : 120

ripng> show log

If : lan0
In Messages : 2
Out Messages : 6
Discarded Messages : 2
RIPng In Requests : 0
RIPng In Responses : 2
RIPng Out Requests : 0
RIPng Out Responses : 6
Unknown Commands : 0
Invalid Version : 0
Total Trig Upd sent : 4

ripng> show error

If : lan0
Discarded Messages : 10
Unknown Commands : 0
Invalid Version : 0
Martian Discards : 0
Ripin Discards : 0
Ripout Discards : 0
Route Filter Discards : 0
Trusted Gateway Discards : 0
Import Discards : 0
BGP Examples
To invoke ram_monitor and connect to bgpd , type the following at the HP-UX command prompt:
/usr/bin/ram_monitor bgp 15000
Following is sample output of the ram_monitor commands: r
bgp> show

Command making ambiguity

Available commands :
[Syntax] : show peers
[Syntax] : show eventlog
[Syntax] : show filter
[Syntax] : show route
[Syntax] : show log
[Syntax] : show error
bgp> show peers

No.of peers configured:2

=====================================

BGP neighbor is 4222::1112, remote AS 700, internal link

BGP version 4, remote router ID 10.4.7.192
BGP state = Established, up for 51 seconds
Rcvd update before 51 secs, hold time is 120 secs,
keepalive interval is 40 secs

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 215

 ram_monitor(1M) ram_monitor(1M)

Received 19 messages, 14 Updates

Sent 13 messages, 8 Updates
Minimum time between advertisement runs is 15 seconds
Peer Preference: 0
Peer Related to NONE Group
Peer Capability type MP for IPV6
Peer Connection type: ACTIVE
Peer Authentication type: MD5
Local host: 4222::1111, Local port: 179
Foreign host: 4222::1112, Foreign port: 64180
No Peer Gateway
BGP neighbor is 6222::1111, remote AS 800, external link
BGP version 0, remote router ID 0.0.0.0
BGP state = Idle
Rcvd update before 0 secs, hold time is 180 secs,
keepalive interval is 60 secs
Received 0 messages, 0 Updates
Sent 0 messages, 0 Updates
Minimum time between advertisement runs is 15 seconds
Peer Preference: 0
Peer Related to NONE Group
Peer Capability type NONE for NONE
Peer Connection type: ACTIVE
Peer Authentication type: MD5
Local host: 6222::1112, Local port: 0
Foreign host: 6222::1111, Foreign port: 0
No Peer Gateway
bgp> show route

IPV6 BGP ROUTE TABLE

No.of Routes configured:25

ORIGIN: I-IGP, E-EGP, ?-INCOMPLETE

=====================================================================
Dest/PrefixLength Nexthop Metric Protocol LP Origin

=====================================================================
::/96 4222::1112 0 bgp 300 I

r 1666::/64 4222::1112 0 bgp 300 I

2111::/24 4222::1112 0 bgp 300 I

2222::/64 2222::2 0 local 300 I

3111::/24 4222::1112 0 bgp 300 I

4222::/64 4222::1111 0 local 300 I

4333::/64 4333::230:6eff:fe2c:b619 0 local 300 I

5511::/64 5511::1112 0 local 300 I

5555::/64 5555::230:6eff:fe2c:b619 0 local 300 I

5599::/64 5599::230:6eff:fe2c:b619 0 local 300 I

6666::/64 6666::230:6eff:fe2c:b619 0 local 300 I

bgp> show filter

BGP FILTER INFORMATION

216 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

ram_monitor(1M) ram_monitor(1M)

No.of Filters Configured:2

=================================================================
FilterName ASNO RP ASP DIR ACTION

=================================================================
filter1 100 3333::2222 12,3,4 OUT DENY

filter1 100 3333::2222 12,3,4 OUT DENY

bgp> show eventlog

BGP PEER EVENT LOG INFORMATION

BGP neighbor is 4222::1112, remote AS 700, internal link
BGP peer state = Established, up for 51 seconds
No.of FSM Transitions = 1
FSM Transition History = idle,connect,connect,opensent,active,
opensent,openconfirm,established

BGP PEER EVENT LOG INFORMATION

BGP neighbor is 6222::1111, remote AS 800, external link
BGP peer state = Idle
No.of FSM Transitions = 0
FSM Transition History =
bgp> show error

BGP PEER ERROR INFORMATION

BGP neighbor is 4222::1112, remote AS 700, internal link
Last Error Received NONE
Last Error Subcode Received NONE
Last Error Sent NONE
Last Error Subcode Sent NONE

BGP PEER ERROR INFORMATION

BGP neighbor is 6222::1111, remote AS 800, external link
Last Error Received NONE
Last Error Subcode Received NONE
Last Error Sent NONE
Last Error Subcode Sent NONE
bgp> show log

BGP PEER LOG INFORMATION

r
BGP neighbor is 4222::1112, remote AS 700, internal link
Received 20 messages, 14 Updates
Sent 14 messages, 8 Updates

BGP PEER LOG INFORMATION

BGP neighbor is 6222::1111, remote AS 800, external link
Received 0 messages, 0 Updates
Sent 0 messages, 0 Updates

IS-IS Example
To invoke ram_monitor and connect to isisd , type the following at the HP-UX command prompt:
/usr/bin/ram_monitor isis 15000
Following is sample output of the ram_monitor commands:
isis> show adj

IS-IS Adjacency Table:

Sysid Ckt Stte Nbr Usg Hold Pri SNPA IPAddr
00000000000101 2 UP l2 l2 12336 32 112233445566 ::

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 217

 ram_monitor(1M) ram_monitor(1M)

IS-IS Adjacency Count Table:

Ckt Ckt Idx Adj Count
lan1 2 1
isis> show eventlog

EVENTS LOGGED
----------------------------------------------------
ISIS_EVT_DIS_CHANGE : EventID:55;CktLvl:2;CktIdx:2;PrevDIS:
0a.0b.01.02.03.04.02;CurrDIS:00.00.00.00.00.01.01

ISIS_EVT_ADJ_CHANGE : EventID:52;Status:0;AdjType:2;AdjIdx:
1;AdjUsage:2;CktIdx:2;MetType:0;Met:10;AdjSysID:00.00.00.00.00.01

ISIS_EVT_IP_IF_ADDR_CHANGE : EventID:42;Status:0;IfIdx:2;
IPAddr31.11.00.00.00.00.00.00.00.00.00.00.00.00.11.11

ISIS_EVT_IP_IF_ADDR_CHANGE : EventID:42;Status:0;IfIdx:2;
IPAddrfe.c0.00.00.00.00.00.00.00.00.00.00.00.00.11.11

ISIS_EVT_IP_IF_ADDR_CHANGE : EventID:42;Status:0;IfIdx:2;
IPAddr21.11.00.00.00.00.00.00.00.00.00.00.00.00.11.11

ISIS_EVT_IP_IF_ADDR_CHANGE : EventID:42;Status:0;IfIdx:2;
IPAddrfe.80.00.00.00.00.00.00.02.30.6e.ff.fe.38.0d.b8

ISIS_EVT_CKT_CHANGE : EventID:51;Status:1;CktType:1;CktLvl:2;
MetType:0;Met:0;CktIdx:2

ISIS_EVT_IS_UP : EventID:35;SysID:0a.0b.01.02.03.04
isis> show error

SYSTEM Level Errors

No. of PDUs dropped : 0
No. of corrupted LSPs : 0
No. of times L1 LSPs database overloaded : 0
No. of times L2 LSPs database overloaded : 0
No. of times manual addr dropped from area : 0
No. of times IS has attempted to exceed MSN: 0
No. of times sequence no (SN) skip occurred: 0
r No. of times zero-aged copy of the systems
own LSP is received from other IS : 0
No. of Sys Id len mismatch : 0
No. of Max area addresses mismatched : 0
No. of times PDU authentication failed : 0
No. of partition changes occurred : 0
No. of Area mismatches : 0

Errors stats Ckt : lan1 [2]

No. of Init failures in this ckt : 0
No. of Times Adjacency rejected : 0
No. of ctrl PDUs Id len mismatch : 0
isis> show lsp 2

IS-IS Level 2 LSP Database:

LSPID SeqNo RLT PduLen ChkSum P/ATT/OL
~˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜
0a0b01020304.00-00 0x00000001 1200 0x0039 0xb410 0/0/0
origLSPBufferSize : 0X05D4
Protocol Supported : IPv6
Area Address : 49:00:01
Authentication Info: passwd=DomainPassword

218 Hewlett-Packard Company −6− HP-UX 11i Version 3: February 2007

ram_monitor(1M) ram_monitor(1M)

0a0b01020304.00-01 0x00000001 1200 0x0077 0x6f10 0/0/0

IS Adjacency : 0a:0b:01:02:03:04:02, Metrics: Def 10
IPv6 IF Address : 2111::1111
IPv6 IF Address : 3111::1111
IPv6 IF Address : fec0::1111
IPv6 Reachability : 7711::/24, metric 14, up
Authentication Info: passwd=DomainPassword
0a0b01020304.02-00 0x00000002 1200 0x002f 0x46b7 0/0/0
Protocol Supported : IPv6
Authentication Info: passwd=DomainPassword
0a0b01020304.02-01 0x00000002 1200 0x0045 0x1bb9 0/0/0
IS Adjacency : 0a:0b:01:02:03:04:00, Metrics: Def 0
IS Adjacency : 00:00:00:00:00:01:00, Metrics: Def 0
Authentication Info: passwd=DomainPassword
isis> show interface

ISIS Circuit Table:

Name IfId Lvl Address Type Flag Mtu SNPA
~˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜
lan1 2 1-2 fe80::230:6eff:fe2d:ec50 BC US 1500 00306e2dec50

ISIS Circuit Level Table:

Name Lvl PSNP CSNP ReTx HeInt DRHeI HeMul Met Pri DIS-ID
~˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜
lan1 1 2 10 30 3000 1 10 127 255 0a0b0102030402
lan1 2 2 10 30 3000 1 10 127 255 0a0b0102030402
isis> show route

IS-IS Level 1 Routing Table:

Dest GW Met Prf Flag IfId
~˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜
5555::1111/64 :: 8 0 D IS -1
7733::/64 fe80::fe13 16 0 D IS 2

Number of routes in Level1 : 2

IS-IS Summary Address Table:

SumAddr Metric Filter
~˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜
5555::1111/24 10 Deny r
isis> show log

Input/Output stats on Ckt :lan1 [2]

ISIS LEVEL-1 packets stats
Hello PDUs
Rx : 0 Tx : 0
Link State PDUs
Rx : 0 Tx : 0
CSN PDUs
Rx : 0 Tx : 0
PSN PDUs
Rx : 0 Tx : 0
ISIS LEVEL-2 packets stats
Hello PDUs
Rx : 1 Tx : 13
Link State PDUs
Rx : 0 Tx : 2
CSN PDUs
Rx : 0 Tx : 0
PSN PDUs
Rx : 0 Tx : 0

HP-UX 11i Version 3: February 2007 −7− Hewlett-Packard Company 219

 ram_monitor(1M) ram_monitor(1M)

Interface stats on Ckt : lan1 [2]

No. of adjacencies state changes : 1
No. of Init failures in this ckt : 0
No. of ISHs sent to peer nodes : 0
No. of ISHs recvd to peer nodes : 0
No. of Times Adjacency rejected : 0
No. of ISIS PDUs sent on this ckt : 2
No. of ISIS PDUs recvd on this ckt : 0
No. of ctrl PDUs Id len mismatch : 0

AUTHOR
ram_monitor was developed by Future Software Ltd.
SEE ALSO
bgpd(1M), isisd(1M), ramd(1M), ripngd(1M), rdc(1M), ramd.conf(4).

220 Hewlett-Packard Company −8− HP-UX 11i Version 3: February 2007

ramd(1M) ramd(1M)

NAME
ramd - Route Administration Manager Daemon (RAMD) for IPv6

SYNOPSIS
/usr/sbin/ramd [-C] [-N] [-c] [-f config_file] [-n] [-q] [-t trace_options] [trace_file]
DESCRIPTION
ramd is a routing daemon that manages routing for IPv6. ramd handles RIPng, BGP, and IS-IS routing
protocols. ripngd , bgpd , and isisd are referred to as routing daemons.
ramd can be configured using the configuration file /etc/ramd.conf. Upon startup, ramd reads the
configuration file and spawns the routing daemons, if it is configured. However, the command-line option
trace_file is applicable only to ramd .
ramd maintains a routing table in user space and synchronizes it with the HP-UX kernel routing table.
ramd periodically checks the kernel interface table and the route table for any updates or changes. It
notifies the corresponding daemons about the updates.

Options
ramd supports the following command-line options:
-C Parses the configuration file for syntax errors and terminates ramd . ramd exits with
a status 0 if the configuration file contains no errors. If the configuration file contains
errors, ramd exits with a non-zero value. ramd prints the configuration file errors, if
any, to the standard output.
-N Specifies that ramd runs as a normal process and not as a daemon process.
-c Parses the configuration file for syntax errors and terminates ramd . It leaves a dump
file, /var/tmp/ramd/ramd.dump, if the configuration file does not have any syn-
tax errors.
-f config_file Specifies an alternate configuration file to be used by ramd . By default, ramd uses
/etc/ramd.conf.
-n Specifies that ramd does not modify the kernel forwarding table.
-q Suppresses the stderr messages of ramd and routing daemons. Using this option,
ramd can suppress the informational messages that are normally printed to the stan-
dard output, and log error messages through syslogd(1M). By default, syslog
errors are logged in /var/adm/syslog/syslog.log.
-t trace_options Specifies a comma-separated list of trace options to be enabled during startup. A
space cannot be entered between this option and its arguments.
This option can be used to trace events that occur before the configuration file is r
parsed, such as determining the interface configuration and reading routes from the
kernel.
See the ramd.conf(4) manpage for information on tracing and valid trace options.
The trace options, no , cannot be specified with the -t command-line option.
trace_file Specifies the name of the file used by the daemon to log tracing information.

Signal Processing
The following signals are used to control ramd :
SIGHUP Specifies ramd to reread the configuration file. ramd reads the configuration file and
reconfigures its policies. ramd also checks if it must start and stop the protocol daemons.
SIGINT Specifies that the current state of ramd is written to /var/tmp/ramd/ramd.dump.
SIGTERM Graceful shutdown. On receipt of SIGTERM , ramd attempts a graceful shutdown.
ramd removes all protocol routes from the HP-UX 11i v1 kernel routing table on receiving
SIGTERM . Interface routes and static routes remain with the retain option. SIGKILL can
be used to terminate ramd with all the routes intact. It may be necessary to repeat the
SIGTERM once or twice if ramd delays its termination.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 221

 ramd(1M) ramd(1M)

SIGUSR1 Toggle tracing. If tracing is enabled, ramd suspends tracing and closes the trace file. If trac-
ing is disabled, ramd opens the trace file and initiates tracing. This is useful for moving
trace files.
SIGUSR1 signal cannot be used, if ramd does not enable tracing in the configuration file.
SIGUSR2 Checks for interface changes. On receipt of SIGUSR2 , ramd rescans the kernel interface
list for changes.

EXAMPLES
To use an alternate configuration file for ramd instead of the default /etc/ramd.conf configuration
file, invoke ramd as follows:
/usr/sbin/ramd -f /tmp/sample.conf
To log tracing related information to the trace options iflist and parse , invoke ramd as follows :
/usr/sbin/ramd -t parse,iflist /tmp/ramd_log
ramd logs the trace information that is related to the configuration file and the kernel interface table, in
the log file /tmp/ramd_log.

AUTHOR
ramd was developed by Future software Ltd.
SEE ALSO
netstat(1), ifconfig(1M), ram_monitor(1M), rdc(1M), fork(2), ramd.conf(4).

222 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

rarpc(1M) rarpc(1M)

NAME
rarpc - Reverse Address Resolution Protocol client

SYNOPSIS
rarpc [-d] [-e|-s] [-n count] interface_name
DESCRIPTION
rarpc , the Reverse Address Resolution Protocol client, implements the client portion of the Reverse
Address Resolution Protocol (see SEE ALSO). It sends RARP requests for the specified interface’s
hardware address and waits for the response from the RARP server. rarpc can be used during boot-
time initialization to find the IP address of an interface. To do so, set the IP_ADDRESS [i] variable of
interface i with IP_ADDRESS[ i ]=RARP in /etc/rc.config.d/netconf.
Options are:
-d Print debugging information.
-e Use ethernet encapsulation only.
-s Use SNAP encapsulation only.
-n count Transmits count requests and waits for each one to time out before giving up.
interface_name Identifies the interface to request information about.
If a response is received, it prints the IP address to its standard output. This information can be used to
configure the interface as seen in /sbin/init.d/net.
If a response is not received, the client will retransmit after 2 seconds, and then after 4 seconds. After
that, retransmissions occur every 8 seconds.

RETURN VALUE
Exit status is 1 if the command fails or no RARP response is received. Exit status is 0 and the IP address is
printed to standard output if a response is received.

LIMITATIONS
1. The rarpc client cannot be run at the same time a rarpd daemon is running on the same interface.
2. The rarpc client supports only ethernet, 100VG and FDDI network interfaces.

AUTHOR
rarpc was developed by HP.
SEE ALSO
rarpd(1M). r
R. Finlayson, T. Mann, J.C. Mogul, M. Theimer, "Reverse Address Resolution Protocol", RFC 903.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 223

 rarpd(1M) rarpd(1M)

NAME
rarpd - Reverse Address Resolution Protocol daemon

SYNOPSIS
rarpd [-d] [-f config_file] [interface_name]
DESCRIPTION
rarpd , the Reverse Address Resolution Protocol daemon, implements the server portion of the Reverse
Address Resolution Protocol [1]. It responds to RARP requests providing the requested client IP address.
Rarpd can be started during boot-time initialization. To do so, set the RARPD variable with RARPD=1 in
/etc/rc.config.d/netconf.
Options are:
-d Print debugging information.
-f config_file Use the specified config_file database instead of /etc/rarpd.conf.
interface_name Respond to requests over just this interface.
The configuration file database contains hardware address to IP address mappings. Other than comment
lines (which begin with a ’#’) and blank lines, all lines are considered client entries. A client entry is of the
form:
hardware_address WHITE_SPACE ip_address
where hardware_address consists of (:) colon-separated hexadecimal bytes, and ip_address consists of (.)
dot-seperated decimal bytes. For example:
#
# hardware addr IP addr
#
# ethernet clients
08:00:09:26:ec:19 15.13.136.68
08:00:09:17:0a:93 15.13.136.74
#
# 100VG clients
08:00:09:63:5d:f5 190.20.30.103
#
# FDDI clients
08:00:09:09:53:4c 192.20.30.98
There must be exactly 6 hardware address bytes. There must be exactly 4 protocol address bytes.
The following signals have the specified effect when sent to the rarpd process using the kill(1) command:
r SIGHUP Causes server to read the config file and reload database.
SIGINT Dumps current data base and cache to /var/tmp/rarpd.db.
RETURN VALUE
Exit status is 1 if the command fails, and error messages are written to stderr and/or syslog. Typically, the
daemon will continue answering requests until externally interrupted.

LIMITATIONS
1. The rarpd daemon supports only ethernet, 100VG and FDDI network interfaces.
2. The rarpd daemon supports only 4 byte Internet Protocol addresses.
3. The rarpd and rarpc programs cannot be run on the same interface at the same time.

AUTHOR
rarpd was developed by HP.
SEE ALSO
rarpc(1M).
[1] R. Finlayson, T. Mann, J.C. Mogul, M. Theimer, "Reverse Address Resolution Protocol", RFC 903.

224 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

rbacdbchk(1M) rbacdbchk(1M)

NAME
rbacdbchk - Verifies the syntax of the Role-Based Access Control (RBAC) database files

SYNOPSIS
rbacdbck [-r | -a | -u | -R | -c | -x]
DESCRIPTION
rbacdbck verifies that there are no conflicting or inconsistent entries in and amongst the RBAC database
files. rbacdbck also checks the syntax of the database files and prints messages indicating which lines
contain errors. rbacdbchk returns zero output if no errors are present in the database files.
All the RBAC database files (/etc/rbac/roles, /etc/rbac/auths, /etc/rbac/user_role,
/etc/rbac/role_auth, and /etc/rbac/cmd_priv) are verified. See rbac(5) for more informa-
tion on these RBAC database files.

Options
rbacdbchk supports the following options:
-r Checks the /etc/rbac/roles database.
-a Checks the /etc/rbac/auths database.
-u Checks the /etc/rbac/user_role database.
-R Checks the /etc/rback/role_auth database.
-c Checks the /etc/rbac/cmd_priv database.
-x Cross reference checks all databases.
EXTERNAL INFLUENCES
Environment Variables
LC_MESSAGES determines the language in which messages are displayed.
International Code Set Support
Single-byte character code set is supported.
RETURN VALUE
0. Success
1. Incorrect syntax

EXAMPLES
The following example finds an error that user John is an invalid user
# rbacdbchk
[/etc/rbac/user_role] John: Administrator r
invalid user
The value ’John’ for the Username field is bad.
The following example finds a syntax error, an extra colon (:), at the end of a line:
# rbacdbchk
[/etc/rbac/user_role] root: Administrator:
invalid name: Not alphanumeric
The value ’Administrator:’ for the Rolename field is bad.

[Role in role_auth DB with no assigned user in user_role DB]

Administrator:(hpux.*, *)
The following example finds a field missing:
# rbacdbchk
[/etc/rbac/roles] : my comment
invalid name: <empty>
The value ’’ for the Rolename field is bad.
The following example finds a bad role:
# rbacdbchk

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 225

 rbacdbchk(1M) rbacdbchk(1M)

[Role in role_auth DB with no assigned user in user_role DB]

blah:(hpux.*, *)

[Invalid Role in role_auth DB. Role ’blah’ does not exist in the roles DB]
blah:(hpux.*, *)
The following example finds a bad group name:
# rbacdbchk
[/etc/rbac/user_role] &blah: Administrator
invalid group
The value ’blah’ for the Group name field is bad.
FILES
/etc/rbac/roles Database containing valid definitions of all roles.
/etc/rbac/auths Database containing definitions of all valid authorizations.
/etc/rbac/user_role Database specifying the roles for each specified user.
/etc/rbac/role_auth Database that defines the authorizations for each role.
/etc/rbac/cmd_priv Database containing the authorization to execute specified commands, and
the privileges to alter uid and gid for command execution.
/etc/rbac/aud_filter Database that defines the role-to-authorization to audit
SEE ALSO
authadm(1M), cmdprivadm(1M), privrun(1M), rbac(5).

226 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

rc(1M) rc(1M)

NAME
rc - general purpose sequencer invoked upon entering new run level

SYNOPSIS
/sbin/rc
DESCRIPTION
The rc shell script is the general sequencer invoked upon entering a new run level via the init N com-
mand (where N equals 0-6). The script /sbin/rc is typically invoked by the corresponding entry in the
file /etc/inittab as follows:
sqnc:123456:wait:/sbin/rc </dev/console >/dev/console 2>&1
/sbin/rc is the startup and shutdown sequencer script. There is only one sequencer script and it han-
dles all of the sequencer directories. This script sequences the scripts in the appropriate sequencer direc-
tories in alphabetical order as defined by the shell and invokes them as either startup or kill scripts.
If a transition from a lower to a higher run level (i.e., init state) occurs, the start scripts for the new run
level and all intermediate levels between the old and new level are executed. If a transition from a higher
to a lower run level occurs, the kill scripts for the new run level and all intermediate levels between the old
and new level are executed.
If a start script link (e.g., /sbin/rc N .d/S123test ) in sequencer N has a stop action, the correspond-
ing kill script should be placed in sequencer N -1 (e.g., /sbin/rc N -1.d/K200test). Actions started
in level N should be stopped in level N -1. This way, a system shutdown (e.g., transition from level 3
directly to level 0) will result in all subsystems being stopped.

Start and Kill Scripts

In many cases, a startup script will have both a start and a kill action. For example, the inetd script starts
the Internet daemon in the start case, and kills that process in the stop case. Instead of two separate
scripts, only one exists, which accepts both the start and stop arguments and executes the correct code.
In some cases, only a start action will be applicable. If this is the case, and if the stop action is specified,
the script should produce a usage message and exit with an error. In general, scripts should look at their
arguments and produce error messages if bad arguments are present. When a script executes properly, it
must exit with a return value of zero. If an error condition exists, the return value must be nonzero.

Naming Conventions
The startup and shutdown scripts (referred to as startup scripts hereafter) exist in the /sbin/init.d
directory, named after the subsystem they control. For example, the /sbin/init.d/cron script con-
trols starting up the cron daemon. The contents of sequencer directories consist of symbolic links to
startup scripts in /sbin/init.d . These symbolic links must follow a strict naming convention, as noted
in the various fields of this example:
/sbin/rc2.d/S060cron
r
where the fields are defined as follows:
rc2.d The sequencer directory is numbered to reflect the run level for which its contents will
be executed. In this case, start scripts in this directory will be executed upon entering
run level 2 from run level 1, and kill scripts will be executed upon entering run level 2
from run level 3.
S The first character of a sequencer link name determines whether the script is exe-
cuted as a start script (if the character is S), or as a kill script (if the character is K).
060 A three digit number is used for sequencing scripts within the sequencer directory.
Scripts are executed by type (start or kill) in alphabetical order as defined by the shell.
Although it is not recommended, two scripts may share the same sequence number.
cron The name of the startup script follows the sequence number. The startup script name
must be the same name as the script to which this sequencer entry is linked. In this
example, the link points to /sbin/init.d/cron.
Note that short file name systems require file names of 14 or less characters. This
means that the fourth field is limited to 10 or fewer characters.
Scripts are executed in alphabetical order. The entire file name of the script is used
for alphabetical ordering purposes.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 227

 rc(1M) rc(1M)

When ordering start and kill script links, note that subsystems started in any given
order should be stopped in the reverse order to eliminate any dependencies between
subsystems. This means that kill scripts will generally not have the same numbers as
their start script counterparts. For example, if two subsystems must be started in a
given order due to dependencies (e.g., S111house followed by S222uses_house),
the kill counterparts to these scripts must be numbered so that the subsystems are
stopped in the opposite order in which they were started (e.g., K555uses_house
followed by K777house ).
Also keep in mind that kill scripts for a start script in directory /sbin/rc N .d will
reside in /sbin/rc( N -1).d. For example, /sbin/rc3.d/S123homer and
/sbin/rc2.d/K654homer might be start/kill counterparts.
Arguments
The startup/shutdown scripts should be able to recognize the following four arguments (where applicable):
start The start argument is passed to scripts whose names start with S. Upon receiving
the start argument, the script should perform its start actions.
stop The stop argument is passed to scripts whose names start with K. Upon receiving
the stop argument, the script should perform its stop actions.
start_msg The start_msg argument is passed to scripts whose names start with S so that the
script can report back a short message indicating what the start action will do. For
instance, when the lp spooler script is invoked with a start_msg argument, it
echoes
Starting the LP subsystem
This string is used by the startup routines. Scripts given just the start_msg argu-
ment will only print a message and not perform any actions.
stop_msg The stop_msg argument is passed to scripts whose names start with K so that the
script can report back a short message indicating what the stop action will do. For
instance, when the lp spooler script is invoked with a stop_msg argument, it
echoes
Stopping the LP subsystem
This string is used by the shutdown checklist. Scripts given just the stop_msg
argument will only print a message and not perform any actions.

Script Output
To ensure proper reporting of startup events, startup scripts are required to comply with the following
r guidelines for script output.
• Status messages, such as
starting house daemon
must be directed to stdout. All error messages must be directed to stderr.
• Script output, both stdout and stderr, is redirected to log file /etc/rc.log , unless the startup
checklist mode is set to the raw mode. In this case, all output goes to the console. All error mes-
sages should be echoed to stdout or stderr.
• Startup scripts are not allowed to send messages directly to the console, or to start any daemons
that immediately write to the console. This restriction exists because these scripts are now started
by the /sbin/rc checklist wrapper. All script output should go to either stdout or stderr, and
thus be captured in a log file. Any console output will be garbled.
• When a startup script returns an exit code of 3, /sbin/rc can display a specific message on the
console prior to rebooting the system. This is achieved by creating a text file named
/etc/rc.bootmsg containing the text to be displayed to the console. Note that /sbin/rc
deletes this file after displaying the message, so startup scripts need to write this file each time a
specific message is required to be displayed on console prior to reboot.

RETURN VALUE
The return values for startup scripts are as follows:

228 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

rc(1M) rc(1M)

0 Script exited without error.

1 Script encountered errors.
2 Script was skipped due to overriding control variables from /etc/rc.config.d files, or for
other reasons, and did not actually do anything.
3 Script will automatically reboot the system.
4 Script exited without error and started a process in background mode.
>4 For return values greater than 4 the action is same as return value 1, script encountered errors.

SEE ALSO
init(1M), shutdown(1M), inittab(4), rc.config(4).

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 229

 rcancel(1M) rcancel(1M)

NAME
rcancel - remove requests from a remote printer spooling queue

SYNOPSIS
/usr/sbin/rcancel [id ... ] [printer] [-a] [-e] [-u user]
DESCRIPTION
The rcancel command removes a request, or requests, from the spool queue of a remote printer. rcan-
cel is invoked by the cancel command (see lp(1)).
At least one id or the name of a printer must be specified.
This command is intended to be used only by the spool system in response to the cancel command (see
lp(1)), and should not be invoked directly.

Options
The rcancel command recognizes the following options:
id Specifying a request ID (as returned by lp (see lp(1))) cancels the associated request,
even if it is currently printing. The maximum number of ids that can be specified is 50.
printer Name of the printer (for a complete list, use lpstat (see lpstat(1))). Specifying a
printer cancels the request which is currently printing on that printer, if the request is
owned by the user. If the -a , -e , or the -u option is specified, this option only specifies
the printer on which to perform the corresponding cancel operation.
-a Remove all requests owned by the user on the specified printer (see printer). The owner
is determined by the user’s login name and host name on the machine where the lp com-
mand was invoked.
-e Empty the spool queue of all requests for the specified printer. This form of invoking
rcancel is useful only to users with appropriate privileges.
-u user Remove any requests queued belonging to that user (or users) for the specified printer.
You can repeat the -u option to specify more users. The maximum number of users that
can be specified is 50. This form of invoking rcancel is useful only to users with
appropriate privileges.

WARNINGS
A remote print request can be canceled only from the system on which the the original lp command was
issued, and if the restrict cancel feature (see lpadmin(1M)) is enabled for the specified printer, a request
belonging to this printer can be canceled only by the system administrator or the user who requested it.
This command is intended to be used only by the spool system in response to the cancel command (see
r lp(1)), and should not be invoked directly.

AUTHOR
rcancel was developed by the University of California, Berkeley, and HP.
FILES
/var/spool/lp/*
/var/adm/lp/*
/etc/lp/*
/usr/lib/lp/*
SEE ALSO
enable(1), lp(1), lpstat(1), accept(1M), lpadmin(1M), lpsched(1M), rlp(1M), rlpdaemon(1M), rlpstat(1M).

230 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

rdc(1M) rdc(1M)

NAME
rdc - user interface for Routing Administration Manager (RAMD)

SYNOPSIS
/usr/bin/rdc [-c coresize] [-f filesize] [-n] [-q] [-t seconds] {start }
/usr/bin/rdc ( stop | restart | running ) ( ram | ripng | bgp | isis | all )
/usr/bin/rdc ( dump | coredump ) ( ram | ripng | bgp | isis | all )
/usr/bin/rdc ( kill | term | reconfig | toggletrace )
( ram | ripng | bgp | isis | all )
/usr/bin/rdc ( checkconf | checknew | newconf | modeconf | createconf )
/usr/bin/rdc ( backout | BACKOUT )
/usr/bin/rdc interface { ram }
DESCRIPTION
rdc provides a user-oriented interface for working with the ramd and routing daemons. ripngd , bgpd
and isisd are referred to as routing daemons. rdc provides a command-line interface to start and stop
these daemons. In addition, it provides commands to check the configuration file for syntax errors, make
the daemon dump core, and dump the current state of the daemon.
rdc can reliably determine the running state of the routing protocols. This can be used in shell scripts to
manipulate ramd .

Options
rdc supports the following command-line options:
-n Specifies that rdc does not change the kernel forwarding table while running ramd
and routing daemons. This option is useful to test the daemons, when the daemons
should operate as a route server that does not forward.
-q Suppresses the stderr messages of ramd and routing daemons. This option can be used
to suppress informational messages that are normally printed to the standard output,
and the log error messages through syslogd(1M).
-t seconds Specifies the time in seconds for which rdc waits to start, stop, reconfigure and ter-
minate daemons. By default, this value is set to 10 seconds.
-c coresize Specifies the maximum size of a core dump produced by the routing daemons invoked
using rdc .
-f filesize Specifies the maximum size of a file produced or created by the routing daemons
invoked using rdc . r
Commands
The following commands are used to send HP-UX signals to ramd or routing daemons for various purposes:
coredump Sends an abort signal to the requested daemon and terminates the daemon with a core
dump. The core files are generated in the file /var/tmp/*/core, where * can be
ramd , ripngd , bgpd or isisd .
dump Sends a signal to the requested daemon to dump its current state into the
/var/tmp/*/*.dump, where * is one of the routing daemons.
kill Kills the daemon abruptly. This command is used when the daemon hangs.
reconfig Sends SIGHUP signal to the requested daemon to reread its configuration file and
reconfigure its current state.
term Sends SIGTERM signal to the requested daemon to terminate gracefully.
toggletrace Sends SIGUSR1 signal to the daemon to toggle the trace. If tracing is enabled, this
command causes tracing to be suspended and the trace file to be closed. If tracing is dis-
abled, the trace file is reopened and tracing initiated. This is useful to move the trace
files. If ramd or the routing daemon tracing is modified using this command and the
daemons are reconfigured with the trace options, the effect on tracing is with respect to
the configuration file.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 231

 rdc(1M) rdc(1M)

interface Sends SIGUSR2 signal to ramd to recheck the interface configuration. ramd periodi-
cally checks the kernel interface configuration for any changes. This command can be
used to force the daemon to check the interface status immediately. Currently, the only
valid argument for this command is ram , for checking on ramd .
By default, ramd obtains its configuration information from the /etc/ramd.conf file. rdc maintains
many versions of the configuration file. The versions of the configuration file maintained by rdc are as fol-
lows:
/etc/ramd.conf.new
createconf command of rdc is used to create this configuration file.
/etc/ramd.conf.prev
When rdc must install a new configuration file using the createconf command, the existing
/etc/ramd.conf file is renamed as /etc/ramd.conf.prev file.
/etc/ramd.conf.prev.old
When rdc creates a new configuration file, using the createconf command, the existing
/etc/ramd.conf, file is renamed as /etc/ramd.conf.prev and the existing
/etc/ramd.conf.prev is renamed as /etc/ramd.conf.prev.old file.
Configuration File Commands
The following commands perform operations related to configuration files:
checkconf Checks /etc/ramd.conf for syntax errors. This is done after changes are made to
the configuration file and before reconfiguring the routing daemons. The system
administrator use this command to ensure that there are no syntax errors in the
configuration file, which can otherwise terminate the daemons on reconfiguration.
checknew Checks the /etc/ramd.conf.new file for syntax errors.
newconf Renames the /etc/ramd.conf.new file to /etc/ramd.conf, retaining the
older versions of the configuration files. This operation fails if
/etc/ramd.conf.new does not exist.
backout Replaces the old configuration file /etc/ramd.conf.old to /etc/ramd.conf.
This command fails, if the /etc/ramd.conf.old file does not exist or if the file
/etc/ramd.conf.old is of zero length, or if the backout command deletes an exist-
ing, non-zero length /etc/ramd.conf.new file.
BACKOUT Performs a backout operation even if the /etc/ramd.conf.new file exists and is
of non-zero length.
modeconf Sets all configuration files to mode 664, owner root and group trusted non-root user.
This allows a trusted non-root user to modify the configuration files.
r createconf Creates a new configuration file, /etc/ramd.conf.new with zero length. The file
mode is set to 664, owner root and group trusted non-root user. This allows a trusted
non-root user to install a new configuration file.

Controlling Daemons
The following commands can be used to control the daemons:
start Starts ramd . The command returns an error if ramd is already running. It invokes
ramd and waits for the time period specified with -t option. A non-zero exit status is
returned, if an error is detected while executing the binary, or if a lock is not obtained
on the pid file within the specified wait time. Starting ramd invokes all the configured
protocols in the configuration file of ramd .
The following commands can be used to determine the current state of the daemon or to stop or restart
ramd and other IPv6 routing protocols.
running Determines if daemons are currently running. rdc exits with a zero status if the dae-
mon is running and with a non-zero value if the daemons are not running.
stop Stops the requested routing daemon gracefully. Stopping ramd stops all the daemons.
restart Restarts the requested daemon. rdc reports an error, if there is a failure.

232 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

rdc(1M) rdc(1M)

EXAMPLES
To start ramd , type the following at the HP-UX command prompt:
/usr/bin/rdc start
If successful, the pid of the ramd daemon is displayed.
To get the current state of the daemons, type the following at command prompt:
/usr/bin/rdc dump all
This will dump the current state of the ramd and routing daemons.
The dump files for the ramd and routing daemons are /var/tmp/ramd/ramd.dump and
/var/tmp/*/*.dump, respectively; where * is one of the routing daemons.
To reconfigure the routing daemons, change the configuration file /etc/ramd.conf and issue the follow-
ing command at the command prompt:
/usr/bin/rdc reconfig (ram|bgp|isis|ripng)
AUTHOR
rdc was developed by Future software Ltd.
FILES
/usr/sbin/ramd
/usr/sbin/ripngd
/usr/sbin/bgpd
/usr/sbin/isisd
/etc/ramd.conf.new
/etc/ramd.conf.old
/etc/ramd.conf.prev.old
/var/tmp/*/*.pid
/var/tmp/*/*.dump
/var/tmp/*/core
where, * can be ramd or the routing daemons.

SEE ALSO
kill(1), ram_monitor(1M), ramd(1M), syslogd(1M), signal(2), ramd.conf(4).

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 233

 rdpd(1M) rdpd(1M)

NAME
rdpd - router discovery protocol daemon (OBSOLETE)

SYNOPSIS
rdpd [ -r | -t | -v ]
DESCRIPTION
rdpd , the router discover protocol daemon, implements the host portion of the router discovery protocol
(see SEE ALSO). More specifically rdpd :
• solicits router advertisements when it is first started so as to populate the kernel table as soon as
possible.
• listens on all ethernet interfaces (that are up) for ICMP router advertisement datagrams.
• adds a default router to the kernel table based on whether the router is a neighbor and has the
highest preference among all advertisements received.
• ages the default router entry applied to the kernel table based on the lifetime value found in the
advertisement message.
rdpd can be started during boot-time initialization. To do so, see /etc/rc.config.d/netconf.
(But see WARNINGS below.)

Options
rdpd supports the following options:
-r Display the version of rdpd .
-t Enable tracing of the following events:
• setting of expiration timer for advertised entry.
• expiration of a router advertisement entry (only the active entry has a timer running).
• add/update of an advertised router to the kernel.
• removal from kernel table of an advertised router.
• reception of a router advertisement from the link.
• transmission of a router solicitation message.
• failure while attempting to transmit a solicitation.
-v Enable verbose tracing, which in addition to the above, traces:
• contents of the router advertisement message received.
• contents of rdpd internal statics which includes:
1. total number of icmp messages received,
2. total number advertisements received,
r 3. total number of advertisements with invalid number of addresses field,
4. total number of advertisements with invalid address size field,
5. total number of advertisements with invalid message lengths,
6. total number of advertisements with invalid lifetime fields,
7. total number of icmp messages with number of bytes received <> header
length field.

LIMITATIONS
1. The maximum number of default routes retained is 10. Only one of which is applied to the kernel rout-
ing tables (the one with the highest preference). In the event that the advertised router with the
highest preference expires the retained advertised router list will be searched for the highest preference,
still current entry and that entry will be applied to the kernel table. This allows for quick recovery from
aged advertisements.
2. rdpd only becomes aware of link state changes when either a new Router Advertisement message is
received or a timer pops to age a currently active default router added by rdpd . This may cause a
delay between an interface state change (e.g., ifconfig down) and any necessary change to the ker-
nel routing table.
3. The "all hosts on subnet" broadcast address is used for sending solicitations instead of either the all-
routers multicast or limited-broadcast IP addresses.
4. The limited-broadcast address for inbound Advertisements is assumed.

234 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

rdpd(1M) rdpd(1M)

5. Default routers added via the route command can be altered due to Router Advertisements for the
same router.
6. Adding default routes via the route command can cause unpredictable results and should be avoided.

OBSOLESCENCE
The functionality of rdpd has been subsumed in gated . See the routerdiscovery statements
described in gated.conf(4). rdpd has been obsoleted in HP-UX 11i Version 2.

WARNINGS
rdpd should not be used if routerdiscovery client is enabled when running gated .
AUTHOR
rdpd was developed by HP.
SEE ALSO
gated(1M), gated.conf(4).

[1] Deering, S., "ICMP Router Discovery Messages", RFC 1256

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 235

 reboot(1M) reboot(1M)

NAME
reboot - reboot the system

SYNOPSIS
/usr/sbin/reboot [-h-r] [-n-s] [-q] [-t time] [-m message]
/usr/sbin/reboot -R [-H] [-n-s] [-q] [-t time] [-m message]
DESCRIPTION
The reboot command terminates all currently executing processes except those essential to the system,
then reboots the system, or halts, or makes the partition ready for reconfiguration. When invoked without
arguments, reboot syncs all disks before rebooting the system.

Options
The reboot command recognizes the following options:
-h Shut down the system and halt.
-r Shut down the system and reboot automatically (default).
-R Shut down the system to a ready-to-reconfigure state and reboot if possible. If the
partition is unable to reboot, it will stop at a ready-to-reconfigure state. However, if
the -H option is also specified, the system will always stop at ready-to-reconfigure
state. This option is available only on systems that support hardware partitions.
-H Shut down the system to a ready-to-reconfigure state and do not reboot. This option
can be used only in combination with the -R option. This option is available only on
systems that support hardware partitions.
-n Do not sync the file systems before shutdown.
-s Sync the file systems before shutdown; for file systems that were cleanly mounted,
modify the fs_clean flag from FS_OK to FS_CLEAN (default).
-q Quick and quiet. Suppress broadcast of warning messages, terminate processes by
brute force (with SIGKILL ) and immediately call reboot with arguments as indi-
cated by the other options (see reboot(2)). No logging is performed. The -t and -m
options are ignored with this option.
-t time Specify what time reboot will bring the system down. time can be the word now
(indicating immediate shutdown) or a future time in one of two formats: +number
and hour :min. The first form brings the system down in number minutes; the second
brings the system down at the time of day indicated (based on a 24-hour clock).
-m message Display message at the terminals of all users on the system at decreasing intervals as
r reboot time approaches. The message must not contain any embedded double quotes.
At shutdown time a message is written in the file
/etc/shutdownlog
(if it exists), containing the time of shutdown, who ran reboot , and the reason.
Only users with appropriate privileges can execute the reboot command.

WARNINGS
reboot does not invoke the shutdown scripts associated with subsystems to bring them down in a cau-
tious manner. See shutdown(1M).
If the -R option is used in a virtual partition environment on a partitionable system, then the requested
reconfiguration will not take place until all the virtual partitions on that hard partition are shut down and
the virtual partition monitor is rebooted.

AUTHOR
reboot was developed by HP and the University of California, Berkeley.
FILES
/etc/shutdownlog Shutdown log

236 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

reboot(1M) reboot(1M)

SEE ALSO
vpartition(1), reboot(2), partition(5).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 237

 remshd(1M) remshd(1M)

NAME
remshd - remote shell server

SYNOPSIS
/usr/lbin/remshd [-lmns ]
In Kerberos V5 Network Authentication Environments
/usr/lbin/remshd [-clmnKkRr ]
DESCRIPTION
The remshd command is the server for the rcp , rdist and remsh commands, rcmd() and the
rcmd_af() function in case of IPv6 systems (see rcp(1), rdist(1), remsh(1), rcmd(3N), and rcmd_af(3N)).
remshd allows two kinds of authentication methods:
1. Authentication based on privileged port numbers where the client’s source port must be in the
range 512 through 1023. In this case remshd assumes it is operating in normal or non-secure
environment.
2. Authentication based on Kerberos V5. In this case remshd assumes that it is operating in a
Kerberos V5 Network Authentication, i.e., secure environment.
The inetd daemon invokes remshd if a service request is received at ports indicated by shell or
kshell services specified in /etc/services (see inetd(1M) and services (4)). Service requests arriv-
ing at the kshell port assume a secure environment and expect Kerberos authentication to take place.
To start remshd from the inetd daemon in a non-secure environment, the configuration file
/etc/inetd.conf must contain an entry as follows:
shell stream tcp nowait root /usr/lbin/remshd remshd
In a secure environment, /etc/inetd.conf must contain an entry:
kshell stream tcp nowait root /usr/lbin/remshd remshd -K
The configuration lines above will start remshd in IPv4 mode. To run remshd in IPv6 mode, the fol-
lowing line must be present in the /etc/inetd.conf file:
shell stream tcp6 nowait root /usr/lbin/remshd remshd
That is, for IPv6 applications, the protocol tcp has to be changed to tcp6 . See inetd.conf(4) for more
information.
To prevent non-secure access, the entry for shell should be commented out in /etc/inetd.conf.
Any non-Kerberos access will be denied since the entry for the port indicated by shell has now been
removed or commented out. In such a situation, a generic error message,

r rcmd: connect hostname : Connection refused

is displayed. See DIAGNOSTICS for more details.
Note that by commenting out the entry for the port, access by other clients such as rdist will also be
prevented.

Options
remshd recognizes the following options.
-l Forbid authentication based on the user’s .rhosts file unless the user is a superuser.
-n Disable transport-level keep-alive messages. Otherwise, the messages are enabled. The keep-
alive messages allow sessions to be timed out if the client crashes or becomes unreachable.
-m With this option enabled, remshd returns immediately after its child process gets killed; it does
not wait for all its sub child processes to die. This in turn makes remsh not wait even when the
sub child processes are running remotely. As a result, remsh will not appear hung. It is recom-
mended that users do not use the -m option if they want remshd to wait until the completion of
all the sub child processes. Otherwise, the user may get an unexpected result.
This option is applicable only to remsh with a secondary socket connection.
Note that even with the -m option enabled, remshd will exit if command standard error is
closed.

238 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

remshd(1M) remshd(1M)

-s This option is used in multi-homed NIS systems. It disables remshd from doing a reverse
lookup of the client’s IP address; see gethostbyname(3N). It can be used to circumvent an NIS
limitation with multi-homed hosts.
In a secure environment, remshd will recognize the following additional options:
-c Ignore checksum verification. This option is used to achieve interoperability between clients and
servers using different checksum calculation methods. For example, the checksum calculation in
an application developed with Kerberos V5 Beta 4 API is different from the calculation in a Ker-
beros V5-1.0 application.
-K Authorization based on Kerberos V5 must succeed or access will be rejected (see sis(5) for details
on authorization).
-R Authentication based on privileged port numbers and authorization of the remote user through
equivalent accounts must succeed. For more information on equivalent accounts, see
hosts.equiv(4).
-r Either one of the following must succeed. The order in which the authorization checks are done
is as specified below.
1. Authentication based on privileged port numbers and authorization of the remote user
through equivalent accounts (see hosts.equiv(4)).
2. Authorization based on Kerberos V5.
-k Either one of the following must succeed. The order in which the authorization checks are done
is as specified below.
1. Authorization based on Kerberos V5.
2. Authentication based on privileged port numbers and authorization of the remote user
through equivalent accounts.
Note: The -k option is ignored when used with -K , and the -r option is ignored when used
with -R. The default option is -K .

Operation
When remshd receives a service request, it responds with the following protocol:
1. The server checks the client’s source port. If the port is not a privileged port, that is, in the
range 512 through 1023, and remshd is operating in a non-secure environment, the connection
is terminated. In a secure environment, the action taken depends on the command line options:
-R The source port must be a privileged port otherwise the connection is terminated.
-r If the source port is not a privileged port then authorization based on Kerberos must
succeed or the connection is terminated. r
-k The source port must be a privileged port if Kerberos authorization fails.
-K No action is taken.
2. The server reads characters from the connection up to a null (\0 ) byte. It interprets the result-
ing string as an ASCII number, base 10.
3. If the number is non-zero, it is interpreted as the port number of a secondary stream to be used
for standard error. A second connection is then created to the specified port on the client’s host.
(The source port of this second connection will also be checked as specified in item 1.) If the first
character sent is a null (\0 ), no secondary connection is made, and the standard error from the
command is sent to the primary stream. If the secondary connection has been made, remshd
interprets bytes it receives on that socket as signal numbers and passes them to the command as
signals. See signal(2).
4. The server checks the client’s source address and requests the corresponding host name (see
named(1M), gethostbyaddr(3N), and hosts(4)). If it cannot determine the hostname, it uses the
dot-notation representation of the host address.
5. In a secure environment remshd performs authentication based on Kerberos V5. See sis(5) for
details.
6. The server reads the client’s host account name from the first connection. This is a null-
terminated sequence not exceeding 256 characters.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 239

 remshd(1M) remshd(1M)

7. The server reads the server’s host account name from the first connection. This is a null-
terminated sequence not exceeding 256 characters.
8. The server reads a command to be passed to the shell from the first connection. The command
length is limited by the maximum size of the system’s argument list.
9. remshd then validates the user as follows (all actions take place on the host remshd runs on):
a. It looks up the user account name (retrieved in step 6) in the password file. If it finds it, it
performs a chdir () to the user’s home directory, if there is one, or to "/."
b. If either the lookup or chdir () fails, the connection is terminated (see chdir(2)).
c. The connection is also terminated if
• the account accessed is administratively locked. The account can be locked by entering
a character in the password field that is not part of the set of digits (such as *). The
characters used to represent "digits" are ‘.’ for 0, / for 1, 0 through 9 for 2 through 11,
‘A through Z’ for 12 through 37, and ‘a through z’ for 38 through 63. (See also
passwd(4)).
• in a non-secure environment, the account accessed is protected by a password and,
either the password expired or the account on the client’s host is not equivalent to the
account accessed.
• in a secure environment, the command line options decide whether connection is to be
terminated.
-K if Kerberos authorization does not succeed the connection is terminated (see
sis(5) for details on authorization).
-R if the client’s host is not equivalent to the account accessed, the connection is ter-
minated.
-r if the account is not equivalent to the account accessed, then Kerberos authoriza-
tion has to succeed or the connection is terminated.
-k if Kerberos authorization fails, then the account has to be equivalent or the con-
nection is terminated. For more information on equivalent accounts, see
hosts.equiv(4).
10. A null byte is returned on the primary connection and the command line is passed to the normal
login shell of the user with that shell’s -c option. The shell inherits the network connections
established by remshd and assumes the normal user and group permissions of the user.
remshd uses the following path when executing the specified command:
r /usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/contrib/bin:/usr/local/bin
11. If a secondary socket has been set up, remshd normally exits when command standard error
and secondary socket standard error have both been closed. If no secondary socket was set up,
remshd has called an exec() function, launched the command process, and is no longer
present.

SECURITY FEATURES
For detailed information on all the configuration parameters that affect remshd , see security(4). remshd
supports the following configuration parameters in the /etc/default/security file:
• NOLOGIN
• UMASK
DIAGNOSTICS
All diagnostic messages are returned on the connection associated with standard error after which any net-
work connections are closed. An error is indicated by a leading byte with a value of 1 (0 is returned in step
9 above upon successful completion of all the steps before the command execution).
Malformed from address
The first socket connection does not use a reserved port or the client’s host address is not an Internet
address.

240 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

remshd(1M) remshd(1M)

Can’t get stderr port

Unable to complete the connection of the secondary socket used for error communication.
Second port not reserved
The secondary socket connection does not use a reserved port.
Locuser too long
The name of the user account on the client’s host is longer than 256 characters.
Remuser too long
The name of the user on the server’s host is longer than 256 characters.
Command too long
The command line passed exceeds the size of the argument list (as configured into the system).
Login incorrect
No password file entry existed for the user name on the server’s host, or the authentication procedure
described above in step 8 failed.
No remote directory
The chdir command to the home directory or "/" on the server’s host failed.
Can’t make pipe
The pipe needed for the standard error output wasn’t created.
No more processes
The server was unable to fork a process to handle the incoming connection.
Next step: Wait a period of time and try again. If this message persists, the server’s host may have
runaway processes that are using all the entries in the process table.
system call : message
Error in executing the named system call. The message specifies the cause of the failure.
shellname : ...
The user’s login shell could not be started. This message is returned on the connection associated with
the standard error and is not preceded by a leading byte with a value of 1. Other messages can be
returned by the remote command when it executes.
rcmd: connect : <hostname>: Connection refused.
This generic message could be due to a number of reasons. One of the reasons could be because the
entry for shell service is not present in /etc/inetd.conf. This entry may have been removed or
r
commented out to prevent non-secure access.
Kerberos specific errors are listed in sis(5).

WARNINGS
The integrity of each host and the connecting medium is assumed if the "privileged port" authentication
procedure is used in a non-secure environment or if the command line options -R or -r are used in a
secure environment. Although both these methods provide insecure access, they are useful in an "open"
environment.
Note that all the information, including any passwords, are passed unencrypted between the two hosts
when remshd is invoked in a non-secure environment.
remshd ignores SIGHUP , SIGINT , SIGQUIT , and SIGTERM , so these signal numbers can safely be sent
to remote commands via the secondary socket provided by remshd . Other signal numbers may cause
remshd to kill itself.
AUTHOR
remshd was developed by the University of California, Berkeley.

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 241

 remshd(1M) remshd(1M)

FILES
$HOME/.rhosts User’s private equivalence list
/etc/hosts.equiv List of equivalent hosts

SEE ALSO
rcp(1), rdist(1), remsh(1), inetd(1M), named(1M), chdir(2), signal(2), gethostbyaddr(3N),
gethostbyname(3N), rcmd(3N), rcmd_af(3N), hosts(4), hosts.equiv(4), inetd.conf(4), inetd.sec(4), passwd(4),
security(4), services(4), sis(5).

242 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

renice(1M) renice(1M)

NAME
renice - alter priority of running processes

SYNOPSIS
renice [-n newoffset] [-g-p-u] id ...
DESCRIPTION
The renice command alters the system nice value (used in the system scheduling priority) of one or more
running processes specified by id .... The new system nice value is set to 20 + newoffset, and is limited to
the range 0 to 39. However if the UNIX95 environment variable is set, the new system nice value is set to
current nice value + newoffset. Processes with lower system nice values run at higher system priorities
than processes with higher system nice values. The -l option of the ps command shows the current prior-
ity (PRI ) and nice value (NI) for processes. See also nice(1).
To reduce the system nice value of a process, or to set it to a value less than 20 (with a negative newoffset),
a user must have appropriate privileges. Otherwise, users cannot decrease the system nice value of a pro-
cess and can only increase it within the range 20 to 39, to prevent overriding any current administrative
restrictions.
To alter the system nice value of another user’s process, a user must have appropriate privileges. Other-
wise, users can only affect processes that they own.

Options
renice recognizes the following options. If no -g, -p, or -u option is specified, the default is -p.
-g id ... Interpret each id as a process group ID. All processes in each process group have their
system nice value altered. Only users with appropriate privileges can use this option.
-n newoffset Change the system nice value of each affected process to 20 + newoffset. If the
UNIX95 environment variable is set, the system nice value of each affected process is
changed to current nice value + newoffset.
If newoffset is negative, the system nice value is set to 20 minus the absolute value of
newoffset. If the UNIX95 environment variable is set and the newoffset is negative,
the system nice value is set to current nice value minus the absolute value of
newoffset. Only users with appropriate privileges can reduce the system nice value or
set it to less than 20. If this option is omitted, newoffset defaults to 10.
-p id ... Interpret each id as a process ID. This is the default.
Note: id is a process ID as reported by the ps command, not a job number (e.g., %1 ),
as used by some shells.
-u id ... Interpret each id as a user name or user ID number. All processes owned by each
specified user have their system nice values altered. Only users with appropriate r
privileges can use this option for user names and IDs other than their own.

RETURN VALUES
renice returns a 0 when successful, and a non-zero value when unsuccessful.
EXTERNAL INFLUENCES
Single-byte character code sets are supported.

DIAGNOSTICS
renice reports the old and new newoffset values (system nice value − 20) of the affected processes if the
operation requested completes successfully. Otherwise, an error message is displayed to indicate the rea-
son for failure.
However, if the UNIX95 environment variable is set, no reporting is done unless the command fails.

EXAMPLES
Use renice default values to decrease the priority of process 923 . The id type defaults to -p , and
newoffset defaults to 10, setting the process to a system nice value of 30.
renice 923
Change the system nice value for all processes owned by user john and user 123 to 33 (newoffset=13).
(Affecting other users processes requires appropriate privileges.)

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 243

 renice(1M) renice(1M)

renice -n 13 -u john 123

Change the system nice value of all processes in process group 20 to 10 . (Lowering the system nice value
of a process group requires appropriate privileges.)
renice -n -10 -g 20
WARNINGS
Users who do not have appropriate privileges cannot reduce the system nice values of their own processes,
even if they increased them in the first place.

FILES
/etc/passwd Maps user names to user ID’s

SEE ALSO
nice(1), ps(1), getpriority(2), nice(2).

STANDARDS CONFORMANCE
renice : XPG4

244 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

repquota(1M) repquota(1M)

NAME
repquota - summarize file system quotas

SYNOPSIS
/usr/sbin/repquota [-guv ] filesystem ...
/usr/sbin/repquota [-guv ] -a
DESCRIPTION
The repquota command prints a summary of disk usage and quotas for each specified filesystem .
filesystem is either the name of the directory on which the file system is mounted or the name of the device
containing the file system.
For each user and group, the current number of files and amount of space (in kilobytes) is printed, along
with any quotas created with edquota (see edquota(1M)).

Options
repquota recognizes the following options:
-a Report on all appropriate file systems in /etc/fstab .
-g Report quotas for groups only.
-u Report quotas for users only. This is the default.
-v Report all quotas, even if there is no usage.
EXTERNAL INFLUENCES
Environment Variables
LC_MESSAGES determines the language in which messages are displayed.
If LC_MESSAGES is not specified in the environment or is set to the empty string, the value of LANG is
used as a default for each unspecified or empty variable. If LANG is not specified or is set to the empty
string, a default of "C" (see lang(5)) is used instead of LANG .
If any internationalization variable contains an invalid setting, repquota behaves as if all internationali-
zation variables are set to "C". See environ(5).

International Code Set Support

Single and multi-byte character code sets are supported.

AUTHOR
Disk Quotas were developed by the University of California, Berkeley, Sun Microsystems, and HP.

FILES
r
/etc/fstab Static information about the file systems
/etc/mnttab Mounted file system table

directory /quota.group
directory /quotas Group and user quota statistics static storage for a file system respectively,
where directory is the root of the file system as specified to the mount command
(see mount(1M)).
SEE ALSO
edquota(1M), mount(1M), quota(5).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 245

 restore(1M) restore(1M)

NAME
restore, rrestore - restore file system incrementally, local or across network

SYNOPSIS
/usr/sbin/restore key [ name ... ]
/usr/sbin/rrestore key [ name ... ]
DESCRIPTION
The restore and rrestore commands read tapes previously dumped by the dump or rdump com-
mand (see dump(1M) and rdump(1M)).
Actions taken are controlled by the key argument where key is a string of characters containing not more
than one function letter and possibly one or more function modifiers. One or more name arguments, if
present, are file or directory names specifying the files that are to be restored. Unless the h modifier is
specified (see below), the appearance of a directory name refers to the files and (recursively) subdirectories
of that directory.

Function Portion of key

The function portion of the key is specified by one of the following letters:
r Read the tape and load into the current directory. r should be used only after careful con-
sideration, and only to restore a complete dump tape onto a clear file system, or to restore an
incremental dump tape after a full level zero restore. Thus,
/usr/sbin/newfs -F hfs /dev/rdisk/disk2
/usr/sbin/mount /dev/disk/disk2 /mnt
cd /mnt
restore r
is a typical sequence to restore a complete dump. Another restore or rrestore can then
be performed to restore an incremental dump on top of this. Note that restore and rre-
store leave a file restoresymtab in the root directory of the file system to pass informa-
tion between incremental restore passes. This file should be removed when the last incremen-
tal tape has been restored. A dump or rdump followed by a newfs and a restore or rre-
store is used to change the size of a file system (see newfs(1M)).
R restore and rrestore request a particular tape of a multivolume set on which to restart a
full restore (see r above). This provides a means for interrupting and restarting restore and
rrestore .
x Extract the named files from the tape. If the named file matches a directory whose contents
had been written onto the tape, and the h modifier is not specified, the directory is recursively
r extracted. The owner, modification time, and mode are restored (if possible). If no file argu-
ment is given, the root directory is extracted, which results in the entire contents of the tape
being extracted, unless h has been specified.
t Names of the specified files are listed if they occur on the tape. If no file argument is given, the
root directory is listed, which results in the entire content of the tape being listed, unless h has
been specified.
s The next argument to restore is used as the dump file number to recover. This is useful if
there is more than one dump file on a tape.
i This mode allows interactive restoration of files from a dump tape. After reading in the direc-
tory information from the tape, restore and rrestore provide a shell-like interface that
allows the user to move around the directory tree selecting files to be extracted. The available
commands are given below; for those commands that require an argument, the default is the
current directory.
add [arg] The current directory or specified argument is added to the list of files to be
extracted. If a directory is specified, it and all its descendents are added to the
extraction list (unless the h key is specified on the command line). File names
on the extraction list are displayed with a leading * when listed by ls .
cd [arg] Change the current working directory to the specified argument.
delete [arg] The current directory or specified argument is deleted from the list of files to be
extracted. If a directory is specified, it and all its descendents are deleted from

246 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

restore(1M) restore(1M)

the extraction list (unless h is specified on the command line). The most
expedient way to extract files from a directory is to add the directory to the
extraction list, then delete unnecessary files.
extract All files named on the extraction list are extracted from the dump tape.
restore and rrestore ask which volume the user wants to mount. The
fastest way to extract a few files is to start with the last volume, then work
toward the first volume.
help List a summary of the available commands.
ls [arg] List the current or specified directory. Entries that are directories are
displayed with a trailing /. Entries marked for extraction are displayed with a
leading *. If the verbose key is set, the inode number of each entry is also
listed.
pwd Print the full path name of the current working directory.
quit restore and rrestore immediately exit, even if the extraction list is not
empty.
set-modes Set the owner, modes, and times of all directories that are added to the extrac-
tion list. Nothing is extracted from the tape. This setting is useful for cleaning
up after a restore aborts prematurely.
verbose The sense of the v modifier is toggled. When set, the verbose key causes the
ls command to list the inode numbers of all entries. It also causes restore
and rrestore to print out information about each file as it is extracted.

Function Modifiers
The following function modifier characters can be used in addition to the letter that selects the function
desired:
b Specify the block size of the tape in kilobytes. If the -b option is not specified, restore and
rrestore try to determine the tape block size dynamically.
f Specify the name of the archive instead of /dev/rmt/0m . If the name of the file is -,
restore reads from standard input. Thus, dump and restore can be used in a pipeline to
dump and restore a file system with the command
dump 0f - /usr | (cd /mnt; restore xf -)
When using rrestore , this key should be specified, and the next argument supplied should
be of the form machine :device.
h Extract the actual directory, rather than the files to which it refers. This prevents hierarchical
restoration of complete subtrees from the tape, rather than the files to which it refers. r
m Extract by inode numbers rather than by file name. This is useful if only a few files are being
extracted and one wants to avoid regenerating the complete path name to the file.
v Type the name of each file restore and rrestore treat, preceded by its file type. Normally
restore and rrestore do their work silently; the v modifier specifies verbose output.
y Do not ask whether to abort the operation if restore and rrestore encounters a tape
error. restore and rrestore attempt to skip over the bad tape block(s) and continue.
rrestore creates a server, either /usr/sbin/rmt or /etc/rmt , on the remote machine to
access the tape device.

DIAGNOSTICS
restore and rrestore complain about bad key characters.
restore and rrestore complain if a read error is encountered. If the y modifier has been specified, or
the user responds y, restore and rrestore attempt to continue the restore.
If the dump extends over more than one tape, restore and rrestore ask the user to change tapes. If
the x or i function has been specified, restore and rrestore also ask which volume the user wants to
mount. The fastest way to extract a few files is to start with the last volume and work towards the first
volume.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 247

 restore(1M) restore(1M)

There are numerous consistency checks that can be listed by restore and rrestore . Most checks are
self-explanatory or can ‘‘never happen’’. Here are some common errors:
filename : not found on tape
The specified file name was listed in the tape directory but not found on the tape. This is caused
by tape read errors while looking for the file, and from using a dump tape created on an active
file system.
expected next file inumber , got inumber
A file not listed in the directory showed up. This can occur when using a dump tape created on
an active file system.
Incremental tape too low
When doing an incremental restore, a tape that was written before the previous incremental
tape, or that has too low an incremental level has been loaded.
Incremental tape too high
When doing an incremental restore, a tape that does not begin its coverage where the previous
incremental tape left off, or that has too high an incremental level has been loaded.
Tape read error while restoring filename
Tape read error while skipping over inode inumber
Tape read error while trying to resynchronize
A tape read error has occurred. If a file name is specified, the contents of the restored files are
probably partially wrong. If restore is skipping an inode or is trying to resynchronize the tape,
no extracted files are corrupted, although files may not be found on the tape.
Resync restore, skipped num blocks
After a tape read error, restore and rrestore may have to resynchronize themselves. This
message indicates the number of blocks skipped over.

WARNINGS
restore and rrestore can get confused when doing incremental restores from dump tapes that were
made on active file systems.
A level zero dump (see dump(1M)) must be done after a full restore. Since restore runs in user code, it has
no control over inode allocation; thus a full dump must be done to get a new set of directories reflecting the
new inode numbering, even though the contents of the files are unchanged.

AUTHOR
restore and rrestore were developed by the University of California, Berkeley.
FILES
r /dev/rmt/0m
/tmp/rstdr*
Default tape drive.
File containing directories on the tape.
/tmp/rstmd* Owner, mode, and time stamps for directories.
./restoresymtab Information passed between incremental restores.

SEE ALSO
dump(1M), mkfs(1M), mount(1M), newfs(1M), rmt(1M), mt(7).

248 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

rexd(1M) rexd(1M)

NAME
rexd - RPC-based remote execution server

SYNOPSIS
/usr/sbin/rpc.rexd [-l log_file] [-m mountdir] [-r]
DESCRIPTION
rexd is the RPC server for remote command execution. A rexd is started by inetd when a remote exe-
cution request is received (see inetd(1M)). rexd exits when command execution has completed.
If the user ID (uid) in the remote execution request is assigned to a user on the server, rexd executes the
command as that user. If no user on the server is assigned to the uid, rexd does not execute the com-
mand. The -r option and inetd.sec security file allow for better access control (see inetd.sec(4)).
For noninteractive commands, standard output and error file descriptors are connected to sockets. Interac-
tive commands use pseudo terminals for standard input, output, and error (see pty(7)).
If the file system specified in the remote execution request is not already mounted on the server, rexd
uses NFS to mount the file system for the duration of the command execution (see nfs(7)). rexd mounts
file systems with the nosuid and soft options. For more details on mount options see mount(1M). If
the server cannot mount the file system, an error message is returned to the client. By default, any mount
points required by rexd are created below /var/spool/rexd. To change the default location, use the
-m option.
Options
rexd recognizes the following options and command-line arguments:
-l log_file Log any diagnostic, warning, and error messages to log_file. If log_file exists, rexd
appends messages to the file. If log_file does not exist, rexd creates it. Messages
are not logged if the -l option is not specified.
Information logged to the file includes date and time of the error, host name, process
ID and name of the function generating the error, and the error message. Note that
different RPC services can share a single log file because enough information is
included to uniquely identify each error.
-m mountdir Create temporary mount points below directory mountdir. By default, rexd creates
temporary mount points below /var/spool/rexd. The directory mountdir
should have read and execute permission for all users (mode 555). Otherwise, rexd
denies execution for users that do not have read and execute permission.
-r Use increased security checking. When started with the -r option, rexd denies
execution access to a client unless one of the following conditions is met:
• The name of the client host is in /etc/hosts.equiv file on the server. r
• The user on the server that is associated with the uid sent by the client has an
entry in $HOME/.rhosts specifying the client name on a line or the client
name followed by at least one blank and the user’s name.
For example, assume a user whose login name is mjk is assigned to uid 7 on
NODE1 and executes the following on command:
on NODE2 pwd
User mjk on NODE2 must have one of the following entries in
$HOME/.rhosts :
NODE1
NODE1 mjk
DIAGNOSTICS
The following is a subset of the messages that could appear in the log file if the -l option is used. Some of
these messages are also returned to the client.
rexd: could not umount: dir
rexd was unable to umount() the user’s current working file system. See WARN-
INGS for more details.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 249

 rexd(1M) rexd(1M)

rexd: mountdir (mountdir ) is not a directory

The path name mountdir, under which temporary mount points are created, is not a
directory or does not exist.
rexd: command : Command not found
rexd could not find command.
rexd: command : Permission denied
rexd was denied permission to execute command.
rexd: command : Text file busy
The executable file is currently open for writing.
rexd: command : Can’t execute
rexd was unable to execute command.
rexd: root execution not allowed
rexd does not allow execution as user root .
rexd: User id uid not valid
The uid uid is not assigned to a user on the server.
rexd: User id uid denied access
rexd was started with the -r option and the remote execution request did not meet
either of the conditions required by the -r option.
rexd: host is not running a mount daemon
The host host on which the user’s current working directory is located is not running
mountd . Therefore, rexd is unable to mount the required file system (see
mountd(1M)).
rexd: not in export list for file_system
The host on which the client’s current working directory is located does not have the
server on the export list for file system file_system containing the client’s current working
directory. Therefore, rexd is unable to mount the required file system.

WARNINGS
The client’s environment is simulated by rexd , but not completely recreated. The simulation of the
client’s environment consists of mounting the file system containing the client’s current working directory
(if it is not already mounted) and setting the user’s environment variables on the server to be the same as
the user’s environment variables on the client. Therefore a command run by rexd does not always have
the same effect as a command run locally on the client.
The rex protocol only identifies the client user by sending the uid of the client process and the host name
of the client. Therefore, it is very difficult for rexd to perform user authentication. If a user on the server
r is assigned to the uid sent by the client, rexd executes the requested command as that user. If no user on
the client is assigned to the uid sent by the client, rexd returns an error.
The -r option has been added to provide increased user authentication. However, the authentication pro-
vided is not foolproof, and is limited by the information passed by the rex protocol.
In order to simulate the client’s environment, rexd mounts the file system containing the client’s current
working directory (if it is not already mounted). This mount is intended to be temporary for the duration of
the command.
If rexd mounts a file system, it attempts to umount() the file system after the command has completed
executing. However, if rexd receives a SIGKILL signal (see signal(2)), the file system is not unmounted.
The file system remains mounted until the superuser executes the appropriate umount command or the
server is rebooted.
rexd ’s attempt to umount the file system can also fail if the file system is busy. The file system is busy if
it contains an open file or a user’s current working directory. The file system remains mounted until the
superuser executes the appropriate umount command or the server is rebooted.
For more information on rexd security issues, see Using and Administering NFS Services . Security issues
and their consequences should be considered before configuring rexd to run on a system.

FILES
/dev/pty [pqr ]* master pseudo terminals

250 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

rexd(1M) rexd(1M)

/dev/tty [pqr ]* slave pseudo terminals

/dev/ptym/pty[pqr ]* master pseudo terminals
/dev/pty/tty [pqr ]* slave pseudo terminals
/etc/inetd.conf configuration file for inetd(1M)
/etc/hosts.equiv list of equivalent hosts
$HOME/.rhosts user’s private equivalence list
/var/spool/rexd/rexdxxxxx temporary mount points for remote file systems where xxxxx is a
string of alpha numeric characters.

AUTHOR
rexd was developed by Sun Microsystems, Inc.
SEE ALSO
on(1), inetd(1M), mount(1M), dfstab(4), inetd.conf(4), inetd.sec(4).
Using and Administering NFS Services

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 251

 rexecd(1M) rexecd(1M)

NAME
rexecd - remote execution server

SYNOPSIS
/usr/lbin/rexecd [ -n ] [ -m ] [ -s ] [ -S ]
DESCRIPTION
rexecd is the server for the rexec() routine, and the rexec_af() routine in case of IPv6 systems; it
expects to be started by the internet daemon (see inetd(1M)). rexecd provides remote execution facilities
with authentication based on user account names and unencrypted passwords.
inetd calls rexecd when a service request is received at the port indicated for the ‘‘exec’’ service
specification in /etc/services; see services (4). To run rexecd , the following line should be present in
/etc/inetd.conf:
exec stream tcp nowait root /usr/lbin/rexecd rexecd
The above configuration line will start rexecd in IPv4 mode. To run rexecd in IPv6 mode, the follow-
ing line must be present in the /etc/inetd.conf file:
exec stream tcp6 nowait root /usr/lbin/rexecd rexecd
That is, for IPv6 applications, the protocol tcp has to be changed to tcp6 . See inetd.conf(4) for more
information.

Options
rexecd recognizes the following options.
-m With this option enabled, rexecd returns immediately after its child process gets killed; it does
not wait for all its sub child processes to die. This in turn makes rexec not wait even when the
sub child processes are running remotely. As a result, rexec will not appear hung. It is recom-
mended that users do not use the -m option if they want rexecd to wait until the completion of
all the sub child processes. Otherwise, the user may get an unexpected result.
This option is applicable only to rexec with a secondary socket connection.
Note that even with the -m option enabled rexecd will exit if command standard error is
closed.
-n Disable transport-level keep-alive messages. By default, the messages are enabled. The keep-
alive messages allow sessions to time out if the client crashes or becomes unreachable.
-s This option is used in multi-homed NIS systems. It disables rexecd from doing a reverse
lookup of the client’s IP address; see gethostbyname(3N) for more information. It can be used to
circumvent an NIS limitation with multi-homed hosts.
r -S Disallow logging in as a superuser.
When a service request is received, the following protocol is initiated:
1. The server reads characters from the socket up to a null (\0 ) byte. The resultant string is inter-
preted as an ASCII number, base 10.
2. If the number received in step 1 is non-zero, it is interpreted as the port number of a secondary
stream to be used for the stderr . A second connection is then created to the specified port on
the client’s host. If the first character sent is a null (\0 ), no secondary connection is made and
the stderr of the command is sent to the primary stream. If the secondary connection has been
made, rexecd interprets bytes it receives on that socket as signal numbers and passes them to
the command as signals (see signal(2)).
3. A null-terminated user name of not more than 256 characters is retrieved on the initial socket.
4. A null-terminated, unencrypted password of not more than 16 characters is retrieved on the ini-
tial socket.
5. A null-terminated command to be passed to a shell is retrieved on the initial socket. The length
of the command is limited by the upper bound on the size of the system’s argument list.
6. rexecd then validates the user, as is done by login using PAM modules for authentication.
See login(1) for more information. If the authentication succeeds, rexecd changes to the user’s
home directory and establishes the user and group protections of the user. If any of these steps

252 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

rexecd(1M) rexecd(1M)

fail, rexecd returns a diagnostic message through the connection, then closes the connection.
NOTE: The use_psd option cannot be specified in the /etc/pam.conf file for rexecd .
7. A null byte is returned on the connection associated with stderr and the command line is
passed to the normal login shell of the user with that shell’s -c option. The shell inherits the net-
work connections established by rexecd .
rexecd uses the following path when executing the specified command:
/usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/contrib/bin:/usr/local/bin
Transport-level keepalive messages are enabled unless the -n option is present. The use of keepalive mes-
sages allows sessions to be timed out if the client crashes or becomes unreachable.

SECURITY FEATURES
For detailed information on all the configuration parameters that affect rexecd , see security(4). rexecd
supports the following configuration parameters in the /etc/default/security file:
• NOLOGIN
• UMASK
DIAGNOSTICS
All diagnostic messages are returned on the connection associated with the stderr , after which any net-
work connections are closed. An error is indicated by a leading byte with a value of 1 (0 is returned in step
7 above upon successful completion of all the steps prior to the command execution).
Username too long
The user name is longer than 256 characters.
Password too long
The password is longer than 16 characters.
Command too long
The command line passed exceeds the size of the argument list (as configured into the system).
Login incorrect
No password file entry for the user name existed or the wrong password was supplied.
No remote directory
The chdir command to the home directory failed.
No more processes
The server was unable to fork a process to handle the incoming connection.
Next step: Wait a period of time and try again. If the message persists, then the server’s host
may have a runaway process that is using all the entries in the process table. r
shellname : ...
The user’s login shell could not be started via exec() for the given reason.

WARNINGS
The password is sent unencrypted through the socket connection.

AUTHOR
rexecd was developed by the University of California, Berkeley.
SEE ALSO
login(1), remsh(1), inetd(1M), signal(2), gethostbyname(3N), rexec(3N), rexec_af(3N), inetd.conf(4),
inetd.sec(4), security(4), services(4).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 253

 ripngd(1M) ripngd(1M)

NAME
ripngd - RIPng routing daemon for IPv6

SYNOPSIS
/usr/sbin/ripngd [-C] [-c] [-f config_file] [-N] [-n] [-q] [-t trace_options] [trace_file]
DESCRIPTION
ripngd is a routing daemon that works with Route Administration Manager (RAMD) for IPv6. This rout-
ing daemon is an implementation of Routing Information Protocol for IPv6 defined in RFC 2080. ripngd
is invoked automatically if it is enabled in the /etc/ramd.conf configuration file.

Options
ripngd supports the following command-line options:
-C Parses the configuration file for syntax errors and terminates ripngd . ripngd exits
with status 0 if the configuration file contains no error. In case of any error, ripngd
exits with a non-zero value. ripngd prints the configuration file errors, if any, to the
standard output.
-c Parses the configuration file for syntax errors and terminates ripngd .
-f config_file Specifies an alternate configuration file to be used by ripngd . By default, ripngd
uses the /etc/ramd.conf configuration file.
-N Specifies that ripngd runs as a normal process and not as a daemon process.
-n Specifies that ripngd does not modify the kernel forwarding table. That is, ripngd
will not send route updates to ramd(1M).
-q Suppresses stderr messages of ripngd . This option suppresses informational mes-
sages which are normally printed to the standard output, and log error messages
through syslogd(1M). By default, syslog errors are logged in
/var/adm/syslog/syslog.log.
-t trace_options Specifies a comma-separated list of trace options that must be enabled when starting
ripngd . No space is allowed between this option and its arguments.
See ramd.conf(4) for information on valid trace options and tracing.
trace_file Name of the file used by ripngd to log tracing information. If trace options are
specified without specifying a trace file, ripngd uses the default trace file
/var/tmp/ripngd/ripngd.log.
Signal Processing
r The following HP-UX signals can be used to control ripngd :
SIGHUP Specifies ripngd to reread the configuration file. ripngd reads the configuration file and
reconfigures its policies.
SIGINT Specifies that the current state of ripngd be written to dump file
/var/tmp/ripngd/ripngd.dump.
SIGTERM Graceful shutdown. On receipt of SIGTERM , ripngd attempts a graceful shutdown.
ripngd removes all protocol route from the kernel routing table upon receiving SIGTERM .
SIGUSR1 Toggle tracing. If tracing is enabled, this signal suspends tracing and closes the trace file. If
tracing is disabled, ripngd opens the trace file and initiates tracing. This is useful for mov-
ing trace files.
SIGUSR1 cannot be used if ripngd does not enable tracing in the configuration file.
AUTHOR
ripngd was developed by Future Software Ltd.
SEE ALSO
netstat(1), ifconfig(1M), ram_monitor(1M), ramd(1M), rdc(1M), fork(2), ramd.conf(4).

254 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

ripquery(1M) ripquery(1M)

NAME
ripquery - query RIP gateways

SYNOPSIS
ripquery [-1] [-2] [-[a5] authkey] [-n] [-N dest[/mask] ] [-p] [-r] [-v] [-w time] gateway ...
DESCRIPTION
ripquery is used to request all routes known by a RIP gateway by sending a RIP request or POLL com-
mand. The routing information in any routing packets returned is displayed numerically and symbolically.
ripquery is intended to be used as a tool for debugging gateways, not for network management. SNMP
is the preferred protocol for network management.
ripquery by default uses the RIP POLL command, which is an undocumented extension to the RIP
specification supported by routed on SunOS 3.x and later and by gated 1.4 and later. The RIP POLL
command is preferred over the RIP REQUEST command because it is not subject to Split Horizon and/or
Poisoned Reverse. See the RIP RFC for more information.

Options
-1 Send the query as a version 1 packet.
-2 Send the query as a version 2 packet (default).
-[a5]authkey Specifies the authentication password to use for queries. If -a specified, an authentication
type of SIMPLE will be used, if -5 is specified, an authentication type of MD5 will be used;
otherwise the default is an authentication type of NONE. Authentication fields in incoming
packets will be displayed, but not validated.
-n Prevents the address of the responding host from being looked up to determine the sym-
bolic name.
-N dest [/mask]
Specifies that the query should be for the specified dest /mask instead of complete routing
table. The specification of the optional mask implies a version 2 query. Up to 23 requests
about specific destinations may be include in one packet.
-p Uses the RIP POLL command to request information from the routing table. This is the
default, but is an undocumented extension supported only by some versions of unOS 3.x
and later versions of gated . If there is no response to the RIP POLL command, the RIP
REQUEST command is tried. gated responds to a POLL command with all the routes
learned via RIP.
-r Used the RIP REQUEST command to request information from the gateway’s routing
table. Unlike the RIP POLL command, all gateways should support the RIP REQUEST. If
there is no response to the RIP REQUEST command, the RIP POLL command is tried.
gated responds to a REQUEST command with all the routes he announces out the
r
specified interface. Due to limitations in the UDP interface, on systems based on BSD 4.3
Reno or earlier, REQUESTs respond about the interface used to route packets back to the
sender. This can be avoided by running ripquery on the host being queried.
-v Version information about ripquery is displayed before querying the gateways.
-w time Specifies the time in seconds to wait for the initial response from a gateway. The default
value is 5 seconds.
AUTHORS
Jeffrey C Honig.

SEE ALSO
gated(1M), gdc(1M), ospf_monitor(1M), GateD Documentation, GateD Configuration Guide.

BUGS
Some versions of Unix do not allow looking up the symbolic name of a subnet.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 255

 rlogind(1M) rlogind(1M)

NAME
rlogind - remote login server

SYNOPSIS
/usr/lbin/rlogind [-lns ] [-B bannerfile ]
In Kerberos V5 Network Authentication Environments
/usr/lbin/rlogind [-clnKkRr ] [-B bannerfile ]
DESCRIPTION
rlogind is the server for the rlogin program. It provides a remote login facility with two kinds of
authentication methods:
1. Authentication based on privileged port numbers where the client’s source port must be in the
range 512 through 1023. In this case rlogind assumes it is operating in normal or non-secure
environment.
2. Authentication based on Kerberos V5. In this case rlogind assumes it is operating in a Ker-
beros V5 Network Authentication, that is, secure environment.
The inetd daemon invokes rlogind if a service request is received at ports indicated by the login or
klogin services specified in /etc/services (see inetd(1M) and services (4)). Service requests arriv-
ing at the klogin port assume a secure environment and expect Kerberos authentication to take place.
To start rlogind from the inetd daemon in a non-secure environment, the configuration file
/etc/inetd.conf must contain an entry as follows:
login stream tcp nowait root /usr/lbin/rlogind rlogind
In a secure environment, /etc/inetd.conf must contain an entry:
klogin stream tcp nowait root /usr/lbin/rlogind rlogind -K
The above configuration line will start rlogind in IPv4 mode. To start rlogind in IPv6 mode, the
configuration file /etc/inetd.conf must contain an entry as follows:
login stream tcp6 nowait root /usr/lbin/rlogind rlogind
Note: For IPv6 applications the protocol tcp has to be changed to tcp6 . See inetd.conf(4) for more
information.
To prevent non-secure access, the entry for login should be commented out in /etc/inetd.conf.
Any non-Kerberos access will be denied since the entry for the port indicated by login has now been
removed or commented out. In a such a situation, a generic error message,
rcmd: connect <hostname> : Connection refused
r is displayed. See DIAGNOSTICS for more details.

Options
rlogind recognizes the following options:
-l This option is used to prevent any authentication based on the user’s .rhosts file unless the
user is logging in as super-user.
-s This option is used in multi-homed NIS systems. It disables rlogind from doing a reverse
lookup, of the client’s IP address; see gethostbyname(3N). It can be used to circumvent an NIS
limitation with multihomed hosts.
-n This option is used to disable transport-level keepalive messages.
-B bannerfile
Causes the file, bannerfile, to be displayed to incoming rlogin requests.
In a secure environment, rlogind will recognize the following additional options:
-c Ignore checksum verification. This option is used to achieve interoperability between clients and
servers using different checksum calculation methods. For example, the checksum calculation in
a application developed with Kerberos V5 Beta 4 API is different from the calculation in a Ker-
beros V5-1.0 application.

256 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

rlogind(1M) rlogind(1M)

-K Authorization based on Kerberos V5 must succeed or access will be rejected (see sis(5) for details
on authorization).
-R Authentication based on privileged port numbers and authorization of the remote user through
equivalent accounts must succeed. For more information on equivalent accounts, see
hosts.equiv(4).
-r Either one of the following must succeed. The order in which, the authorization checks are done
is as specified below.
1. Authentication based on privileged port numbers and authorization of the remote user
through equivalent accounts (see hosts.equiv(4)).
2. Authorization based on Kerberos V5.
-k Either one of the following must succeed. The order in which, the authorization checks are done
is as specified below.
1. Authorization based on Kerberos V5.
2. Authentication based on privileged port numbers and authorization of the remote user
through equivalent accounts.
Note: The -k option is ignored when used with -K , and the -r option is ignored when used
with -R. Also, if no options are specified, the default option is -K .

Operation
When a service request is received, the following protocol is initiated by rlogind :
1. rlogind checks the client’s source port. If the port is not in a privileged port, that is, in the
range 512 through 1023, and rlogind is operating in a non-secure environment, the connec-
tion is terminated. In a secure environment, the action taken depends on the command line
options:
-R The source port must be a privileged port otherwise rlogind terminates the connection.
-r If the source port is not a privileged port then Kerberos authorization must succeed or the
connection is terminated.
-k The source port must be a privileged port if Kerberos authorization fails.
-K No action is taken.
2. rlogind checks the client’s source address and requests the corresponding host name (see
gethostent(3N), hosts(4), and named(1M)). If it cannot determine the hostname, it uses the
Internet dot-notation representation of the host address.
3. rlogind , in a secure environment, proceeds with the Kerberos authentication process
described in sis(5). If authentication succeeds, then the authorization selected by the command
r
line option -K , -R, -k, or -r is performed. The authorization selected could be as specified in
hosts.equiv or Kerberos authorization as specified in sis(5).
4. rlogind then allocates a STREAMS based pseudo-terminal (see ptm(7) and pts(7)), and mani-
pulates file descriptors so that the slave half of the pseudo-terminal becomes stdin , stdout ,
and stderr for a login process.
5. This login process is an instance of login invoked with the -f option if authentication has suc-
ceeded. In a non-secure environment, if automatic authentication fails, login prompts the user
with the normal login sequence. In a secure environment, if authentication fails, rlogind
generates an error message and quits.
The rlogind process manipulates the master side of the pseudo-terminal, operating as an intermediary
between the login process and the client instance of the rlogin program. The protocol described in
ptm(7) and pts(7) is used to enable and disable flow control via Ctrl-S/Ctrl-Q under the direction of the pro-
gram running on the slave side of the pseudo-terminal, and to flush terminal output in response to inter-
rupt signals. The login process sets the baud rate and TERM environment variable to correspond to the
client’s baud rate and terminal type (see environ(5)).
Transport-level keepalive messages are enabled unless the -n option is present. The use of keepalive mes-
sages allows sessions to be timed out if the client crashes or becomes unreachable.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 257

 rlogind(1M) rlogind(1M)

EXTERNAL INFLUENCES
International Code Set Support
Single and multibyte character code sets are supported.

DIAGNOSTICS
Errors in establishing a connection cause an error message to be returned with a leading byte of 1 through
the socket connection, after which the network connection is closed. Any errors generated by the login pro-
cess or its descendents are passed through by the server as normal communication.
fork: No more processes
The server was unable to fork a process to handle the incoming connection.
Next step: Wait a period of time and try again. If this message persists, the server’s host may
have runaway processes that are using all the entries in the process table.
Cannot allocate pty on remote host
The server was unable to obtain a pseudo-terminal for use with the login process. Either all
pseudo-terminals were in use, or the pty driver has not been properly set up. Note that the
number of slave devices that can be allocated depends on NSTRPTY, a kernel tunable parameter.
This can be changed via HP SMH (replacement for SAM); see ptm(7) and pts(7).
Next step: Check the pty configuration of the host where rlogind executes.
Permission denied
The server denied access because the client was not using a reserved port. This should only hap-
pen to interlopers trying to break into the system.
/usr/bin/login: ...
The login program could not be started via exec() for the reason indicated.
Next step: Try to correct the condition causing the problem. If this message persists, contact
your system administrator.
rcmd: connect : <hostname>: Connection refused.
This generic message could be due to a number of reasons. One of the reasons could be because
the entry for login service is not present in /etc/inetd.conf. This entry may have been
removed or commented out to prevent non-secure access.
Kerberos specific errors are listed in sis(5).

WARNINGS
The integrity of each host and the connecting medium is assumed if the "privileged port" authentication
procedure is used in a non-secure environment or if the command line options -R or -r are used in a
secure environment. Although both these methods provide insecure access, they are useful in an "open"
r environment. This is insecure, but is useful in an "open" environment.
Note that all the information, including any passwords, are passed unencrypted between the two hosts
when rlogind is invoked in a non-secure environment.

AUTHOR
rlogind was developed by the University of California, Berkeley.
FILES
/etc/hosts.equiv List of equivalent hosts
$HOME/.rhosts User’s private equivalence list

SEE ALSO
login(1), rlogin(1), inetd(1M), named(1M), gethostent(3N), ruserok(3N), hosts(4), hosts.equiv(4),
inetd.conf(4), services(4), environ(5), sis(5), pty(7).

258 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

rlp(1M) rlp(1M)

NAME
rlp - send LP print request to a remote system

SYNOPSIS
/usr/sbin/rlp -I id [-C class] [-J job ] [-T title] [-i[ numcols ] ] [-k font] [-w num]
[-cdfghlnptv ] file

DESCRIPTION
rlp transfers a spooling request to a remote system to be printed. rlp communicates with a spooling dae-
mon on a remote system to transfer the spooling request. Options can be set only on the original system
(the system where the request originated). The file name must be last. Transfers of a remote request use
only the -I option and the file.
This command is intended to be used only by the spool system in response to the lp command and should
not be invoked directly (see lp(1)).

Options
rlp recognizes the following options and command-line arguments:
-I id The argument id is the request ID.
-C class Take the class argument as a job classification for use on the banner page.
-J job Take the job argument as the job name to print on the banner page.
-T title Use the title argument as the title used by pr instead of the file name (see pr(1)). -T
is ignored unless the -p option is specified.
-h Suppress the printing of the banner page.
-i[numcols] Cause the output to be indented. If the next argument is numeric, it is used as the
number of blanks to be printed before each line; otherwise, 8 characters are printed.
-k font Specify a font to be mounted on font position k, where k is from 1 through 4.
-w num Use the num argument number as the page width for pr .
The following single-letter options are used to notify the LP spooler that the files are not standard text files.
The spooling system uses the appropriate filters (if the option is supported) to print the data accordingly.
These options are mutually exclusive.
-c The files are assumed to contain data produced by cifplot.
-d The files are assumed to contain data from tex (DVI format).
-f Use a filter that interprets the first character of each line as a standard FORTRAN car-
riage control character. r
-g The files are assumed to contain standard plot data as produced by the plot routines.
-l Use a filter that suppresses page breaks.
-n The files are assumed to contain data from ditroff (device-independent troff ).
-p Use pr to format the files.
-t The files are assumed to contain data from troff (cat phototypesetter commands).
-v The files are assumed to contain a raster image for devices such as the Benson Varian.

WARNINGS
Some remote line printer models may not support all of these options. Options not supported are silently
ignored.
When rlp is transferring a request that originated on another system, only the -I option and the file is
used. This saves rlp from having to set the various options multiple times. Specifying unused options
does not produce an error.

AUTHOR
rlp was developed by the University of California, Berkeley and HP.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 259

 rlp(1M) rlp(1M)

FILES
/etc/passwd
/usr/sbin/rlpdaemon
/var/spool/lp/*
/var/adm/lp/*
/etc/lp/*
/usr/lib/lp/*
SEE ALSO
accept(1M), enable(1), lp(1), lpadmin(1M), lpsched(1M), lpstat(1), rcancel(1M), rlpdaemon(1M), rlpstat(1M).

260 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

rlpdaemon(1M) rlpdaemon(1M)

NAME
rlpdaemon - daemon for queuing, displaying, removing and altering remote spool requests and writing
remote messages

SYNOPSIS
/usr/sbin/rlpdaemon [ -i ] [ -l ] [ -L logfile ]
DESCRIPTION
rlpdaemon is a LP daemon (spool area handler) for remote spool requests. rlpdaemon is normally
invoked at boot time from the /sbin/rc file or started by inetd(1M), when necessary. rlpdaemon runs
on a system that receives requests to be printed. rlpdaemon transfers files to the spooling area, displays
the queue, removes jobs from the queue, or alters jobs in the queue.
rlpdaemon is also used as a server process to write a message on the user’s terminal, upon receiving a
request from a remote system.

Options
-i Prevent rlpdaemon from remaining after a request is processed. This is required if
rlpdaemon is started from inetd(1M). When rlpdaemon is invoked with this option, error
messages and valid requests received from the network are logged to either
/var/adm/lp/lpd.log or logfile specified with -L option.
-l Cause rlpdaemon to log error messages and valid requests received from the network to the
file /var/adm/lp/lpd.log. This can be useful for debugging.
-L logfile Change the file used for writing error messages and valid requests received from the network
to the file /var/adm/lp/lpd.log to logfile.
When rlpdaemon is started by inetd(1M), access control is provided via the file
/var/adm/inetd.sec to allow or prevent a host from making requests. When rlpdaemon is not
started by inetd(1M), all requests must come from one of the machines listed in the file
/etc/hosts.equiv or /var/spool/lp/.rhosts. When /var/spool/lp/.rhosts is used
for access, the user name should be lp .
The following entry should exist in /etc/services for remote spooling:
printer 515/tcp spooler

Control File Processing

The lp subsystem expects that the control file associated with each request contain the datafile line entry
(starting with a lower case letter) indicating the file to be printed, and an associated unlink datafile entry
(U entry). The actual filename (N entry) for this datafile line entry can be above or below the datafile line
entry. If multiple copies of a file has to be printed, for example n copies, then the datafile line entry should
be repeated n times in succession. rlpdaemon may reorder or insert the U entries in the control file such r
that the datafile line entry and the U entry will be in succession for each file to be printed.

EXAMPLES
To start rlpdaemon from /sbin/rc , invoke the command:
/usr/sbin/rlpdaemon
To start rlpdaemon from inetd , the following line should be included in the file /etc/inetd.conf:
printer stream tcp nowait root /usr/sbin/rlpdaemon rlpdaemon -i
WARNINGS
If the remote system is the same as the local system and rlpdaemon was not started by inetd(1M), the
local system name must be included in file /etc/hosts.equiv.

AUTHOR
rlpdaemon was developed by the University of California, Berkeley and HP.
FILES
/etc/hosts.equiv
/etc/services
/var/spool/lp/*
/var/adm/lp/*
HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 261
 rlpdaemon(1M) rlpdaemon(1M)

/etc/lp/*
/usr/lib/lp/*
/var/adm/inetd.sec
SEE ALSO
enable(1), lp(1), lpstat(1), accept(1M), inetd(1M), lpadmin(1M), lpsched(1M), rcancel(1M), rlp(1M),
rlpdaemon(1M), rlpstat(1M). hosts.equiv(4), inetd.conf(4), inetd.sec(4), services(4).
HP-UX System Administrator manuals

262 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

rlpstat(1M) rlpstat(1M)

NAME
rlpstat - print status of LP spooler requests on a remote system

SYNOPSIS
/usr/sbin/rlpstat [-d printer] [-u user] [id]...
DESCRIPTION
rlpstat reports the status of the specified jobs or all requests associated with the specified users on the
specified printer. At least one id or the name of a printer must be specified.
For each request submitted (by lp command — see lp(1)) rlpstat reports the request ID, user’s name,
total size of the request, date of the request, and, if it is being transferred, the device.
This command is intended to be used only by the spool system in response to the lpstat command and
should not be invoked directly (see lpstat(1)).

Options
rlpstat recognizes the following options and command-line arguments:
-d printer Status is requested on the specified printer.
-u user Status is requested on all requests for the user who executed the rlpstat command
on the specified printer (see the -d option). You can repeat the -u option to specify
more users. The maximum number of users that can be specified is 50.
id Status is requested on the specified request IDs (as returned by lp ). All the request
IDs must be for the same printer. The maximum number of request IDs that can be
specified is 50.

AUTHOR
rlpstat was developed by the University of California, Berkeley, and HP.
FILES
/etc/lp/*
/usr/lib/lp/*
/var/adm/lp/*
/var/spool/lp/*
SEE ALSO
enable(1), lp(1), lpadmin(1M), lpsched(1M), lpstat(1), rcancel(1M), rlp(1M), rlpdaemon(1M).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 263

 rmsf(1M) rmsf(1M)

NAME
rmsf - remove a special (device) file

SYNOPSIS
/sbin/rmsf [-a-k] [-D directory] [-q-v] special_file ...
/sbin/rmsf [-C class  -d driver] [-D directory] -H hw_path [-k] [-q-v]
/sbin/rmsf -L
/sbin/rmsf -u -H hw_path
/sbin/rmsf -x
DESCRIPTION
The rmsf command removes one or more special files from the /dev directory and potentially removes
information about the associated device or devices with H/W type DEVICE , TGT_PATH or a LUN_PATH ,
(see ioscan(1M)) from the system.
If no options are specified, rmsf removes only the special_file specified on the command line. The -k
option causes rmsf to remove the definition of the device from the system without removing any special
files. The -a option causes rmsf to remove the device definition and all special files that map to it from
the /dev directory (or the directory specified with the -D option). When special_file is a persistent
device special file type, the device corresponding to special_file should not be in an open state in
order for the command to complete successfully.
Without the -D option, if special_file is specified with a relative path, the path is treated relative to
the default device directory /dev . If special_file is specified with an absolute path and the -D
option is also used, the special_file with absolute path will have precedence over the -D option.
Note that if special_file belongs to a node for which H/W type is not DEVICE , the device definition will not
be removed from the system and the special_file will be removed if it is a leaf node.
If a -H hw_path is specified, special files are removed as follows:
• If hw_path belongs to a node with H/W type DEVICE , all special files mapping to devices at that
hardware path and the system definition of those devices are removed. If the hw_path belongs to
LUN hardware path of a node of type DEVICE , the device should not be in an open state for the
command to complete successfully.
• If hw_path belongs to a node with H/W type LUN_PATH , all legacy special files mapping to devices
at that hardware path, as well as the system definition of those devices, are removed.
• If hw_path belongs to a node for which H/W type is TGT_PATH , no special files are removed; only
corresponding node is removed.
r • If hw_path belongs to a node for which H/W type is not DEVICE , then, a special file is removed as
follows:
• If it is a leaf node, only special files for that node will be removed.
• If the node has children, then a warning message will be issued and system definition of all the
children devices and their special files are removed.
The -C and -d options remove only those special files that are associated with the given device driver or
that belong to the given device class, respectively. This is useful when there is more than one type of spe-
cial file mapped to a single hardware path. These options are not supported with the class or device drivers
which do not have a hardware module on the system; for example, the pseudo class.
If the -k option is specified, the definition of all devices at that hardware path are removed from the sys-
tem, again without removing any special files.
The -v (verbose) option displays the name of each special file as it is deleted. The -q (quiet) option
suppresses the deletion message.
With the -L option, rmsf disables the legacy naming model, removing all legacy I/O nodes and their dev-
ice special files from the system.
If the -u and -H options are specified, rmsf performs an unbind on the driver associated with the given
hw_path. The hw_path must be a LUN hardware path (see intro(7)).

264 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

rmsf(1M) rmsf(1M)

The -x option removes stale device special files and the stale IO nodes from the system. Stale device spe-
cial files can be displayed using the lssf command with -s option (see lssf(1M)).
Note that most drivers do not support the ability to be removed from the system.
If the device being removed from the system uses a dynamically assigned major number, that number will
be freed up for future allocation.

Options
rmsf recognizes the following options:
-a Remove the definition of the device from the system along with all special files that
refer to the device. This option cannot be used with -k.
-C class Match devices that belong to a given device class, class. Device classes can be listed
with the lsdev command (see lsdev(1M)). They are defined in files in the directory
/usr/conf/master.d. This option cannot be used with -d.
-d driver Match devices that are controlled by the specified device driver, driver. Device
drivers can be listed with the lsdev command (see lsdev(1M)). They are defined in
files in the directory /usr/conf/master.d. This option cannot be used with -C.
-D directory Override the default device installation directory /dev and remove the special files
from directory instead. directory must exist; otherwise, rmsf displays an error mes-
sage and exits. See WARNINGS.
-H hw_path Match devices at a given hardware path, hw-path. Hardware paths can be listed with
the ioscan command (see ioscan(1M)).
A hardware path specifies the addresses of the hardware components leading to a dev-
ice. It consists of a string of numbers separated by periods (.), such as 52 (a card),
52.3 (a target address), and 52.3.0 (a device).
If a hardware component is a bus converter, the following period, if any, is replaced by
a slash (/) as in 2, 2/3 , and 2/3.0 . In the agile view (see intro(7)), the devices will
have new hardware path formats, which can be displayed with the ioscan -N com-
mand (see ioscan(1M)).
See WARNINGS section for more about using this option for critical resources.
-k Remove the definition of the device from the system, but not any special files. This
option cannot be used with -a.
-L Disable legacy naming model. This command removes all legacy I/O nodes and their
device special files. Therefore, before running this command, all applications should
have been migrated to use the agile naming model.
The iofind command (see iofind(1M)) can be used to find all the ASCII files on the
r
system containing legacy device file names or hardware paths.
The rmsf -L command will not complete successfully if any legacy I/O nodes are in
the open state. If this is the case, the command will fail and it will return information
about the processes that opened the legacy I/O nodes, such as process name, PID, and
device special file.
Note: If the legacy naming model needs to be re-enabled, run insf -L (see
insf(1M)). To check the current status of the legacy naming model, run insf -L
-v.
WARNING: Before running this command, check the latest release notes of HP-UX
11i Version 3 on http://docs.hp.com for information on limitations that exist when
legacy mode is disabled and how this may impact your system. This command will
not validate the presence or utilization of products with these limitations. Also note
that this option cannot be used in single user mode.
-q Quiet option. Normally rmsf displays a message as each driver is removed. This
option suppresses the driver message, but not error messages.
-u Unbind the driver associated with the given hardware path. The hardware path must
be a LUN hardware path. This option must be used with the -H option.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 265

 rmsf(1M) rmsf(1M)

-v Verbose option. Prints the name of the special file as it is removed by rmsf . May be
used as a progress indicator.
-x Remove all the stale IO nodes and the stale device special files from the system.
These entries correspond to those nodes which have an entry in the system I/O
configuration files but the corresponding device is not found (see ioconfig(4)).
This option removes the stale device special files in the following directories only:
/dev/dsk /dev/rdsk /dev/ct /dev/rmt
/dev/floppy /dev/rfloppy /dev/rscsi /dev/esctl
/dev/disk /dev/rdisk /dev/rtape
RETURN VALUE
rmsf exits with one of the following values:
0 Successful completion, including warning diagnostics.
1 Failure. An error occurred.
2 Driver does not support this feature.

DIAGNOSTICS
Most of the diagnostic messages from rmsf are self-explanatory. Listed below are some messages deserv-
ing further clarification. Errors cause rmsf to halt immediately. Warnings allow the program to continue.

Errors
No such device in the system
No device in the system matched the options specified. Use ioscan to list the devices in the system
(see ioscan(1M)).
special_file is not a special file
The file is not associated with an IO device.

Warnings
WARNING: The specified hardware path is BUS_NEXUS/INTERFACE type.
This will remove all the devices connected to it.
The H/W type of the node specified by hw_path is BUS_NEXUS/INTERFACE. All the devices under
this path will be removed.
Cannot remove driver at hw_path
The definition of the device located at hw_path and controlled by driver cannot be removed from the
r kernel. That is driver does not support the unbind function.
No device associated with special_file
The special file does not map to a device in the system; the file is removed unless the -k option was
specified.

EXAMPLES
Remove the special file mux0 from the current directory:
rmsf ./mux0
Remove the system definition of the device associated with /dev/lp0 along with all special files that refer
to the device:
rmsf -a /dev/lp0
Remove the system definitions for all devices associated with hardware path 52.6.0:
rmsf -k -H 52.6.0
Remove all the stale IO nodes and stale device special files from the system:
rmsf -x
Unbind a driver associated with a node corresponding to the hardware path 64000/0xfa00/0x6:

266 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

rmsf(1M) rmsf(1M)

rmsf -u -H 64000/0xfa00/0x6
WARNINGS
Most commands and subsystems assume their device files are in /dev , therefore the use of the -D option
is discouraged.
Most device drivers do not support the unbind operation necessary to remove the device from the system.
Use of the rmsf command should be done carefully when it is initiated on a node with H/W type
LUN_PATH , which maps to boot device or a node with H/W type INTERFACE , to which boot device is con-
nected as this could lead to a system hang if no mirroring Volume Group exists to the critical device.

AUTHOR
rmsf was developed by HP.
FILES
/dev/config
/etc/ioconfig
/etc/ext_ioconfig
/usr/conf/master.d/*
SEE ALSO
rm(1), insf(1M), iofind(1M), ioscan(1M), lsdev(1M), lssf(1M), mksf(1M), ioconfig(4), intro(7).

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 267

 rmt(1M) rmt(1M)

NAME
rmt - remote magnetic-tape protocol module

SYNOPSIS
/usr/sbin/rmt
DESCRIPTION
rmt is a program used by the remote dump and restore programs for manipulating a magnetic tape drive
through an interprocess communication (IPC) connection. The fbackup and frecover commands also
use rmt to achieve remote backup capability (see fbackup(1M) and frecover (1M)). rmt is normally
started up with an rexec() or rcmd() call (see rexec(3N) and rcmd(3N)).
rmt accepts requests specific to the manipulation of magnetic tapes, performs the commands, then
responds with a status indication. DDS devices that emulate magnetic tapes are also supported. All
responses are in ASCII and in one of two forms. Successful commands have responses of
Anumber \n
where number is an ASCII representation of a decimal number. Unsuccessful commands are responded to
with
Eerror-number \nerror-message \n
where error-number is one of the possible error numbers described in errno(2) and error-message is the
corresponding error string as printed from a call to perror() (see perror(3C)). The protocol is
comprised of the following commands:
Odevice \nmode \n Open the specified device using the indicated mode. device is a full pathname
and mode is an ASCII representation of a decimal number suitable for passing
to open() (see open(2)). If a device is already open, it is closed before a new
open is performed.
odevice \nmode \n Open the specified device using the indicated mode. device is a full pathname
and mode is an ASCII representation of an octal number suitable for passing to
open() . If a device is already open, it is closed before a new open is per-
formed.
Cdevice \n Close the currently open device. The device specified is ignored.
Lwhence \noffset \n Perform an lseek() operation using the specified parameters (see lseek(2)).
The response value is that returned from by lseek() .
Wcount \n Write data onto the open device. rmt reads count bytes from the connection,
aborting if a premature end-of-file is encountered. The response value is that
returned from by write() (see write(2)).
r Rcount \n Read count bytes of data from the open device. If count exceeds the size of the
data buffer (10 Kbytes), it is truncated to the data buffer size. rmt then per-
forms the requested read() and responds with Acount-read \n if the read
was successful. Otherwise an error is returned in the standard format. If the
read was successful, the data read is then sent.
Ioperation \ncount \n
Perform a MTIOCOP ioctl() command using the specified parameters.
Parameters are interpreted as ASCII representations of the decimal values to
be placed in the mt_op and mt_count fields of the structure used in the
ioctl() call. The return value is the count parameter when the operation is
successful.
S Return the status of the open device, as obtained with a MTIOCGET
ioctl() call. If the operation was successful, an ACK is sent with the size of
the status buffer, then the status buffer is sent (in binary).
s Return the status of the open device, as obtained with a fstat() call. If the
operation was successful, an ACK is sent with the size of the status buffer, then
the status buffer is sent (in binary). f Return the status of the open device, as
obtained with a fstat() call. If the operation was successful, an ACK is sent
with the size of the status buffer, then the status buffer is sent in the following
ASCII format:

268 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

rmt(1M) rmt(1M)

machine<blank>value<newline>
stat_struct_member_name<blank>value<newline>
The end of the data is indicated by an ASCII NULL character. See
/usr/include/sys/stat.h for the struct stat definition. In addi-
tion to the struct stat information, there is an entry in the buffer describing the
machine type as returned from a uname() call (see uname(2)). In the above
format ‘‘machine’’ is a key word. All fields except st_spare4 of the
struct stat are returned.
m Return the status of the open device, as obtained with a MTIOCGET
ioctl() call. If the operation was successful, an ack is sent with the size of
the status buffer, then the status buffer is sent in the following ASCII format:
machine<blank>value<newline>
mtget_struct_member_name<blank>value<newline>
The end of the data is indicated by an ASCII NULL character. See
/usr/include/sys/mtio.h for the struct mtget definition. In
addition to the struct mtget information there is an entry in the buffer describ-
ing the machine type as returned from a uname() call. In the above format
"machine" is a keyword.
Any other command causes rmt to exit.

RETURN VALUE
Device status is returned in the field mt_gstat . /usr/include/sys/mtio.h contains defined
macros for checking the status bits.

DIAGNOSTICS
All responses are of the form described above.

WARNINGS
Use of this command for remote file access protocol is discouraged.

AUTHOR
rmt was developed by the University of California, Berkeley.
SEE ALSO
ftio(1), fbackup(1M), frecover(1M), dump(1M), restore(1M), rcmd(3N), rexec(3N).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 269

 roleadm(1M) roleadm(1M)

NAME
roleadm - noninteractive editing of role-related information in RBAC databases

SYNOPSIS
roleadm add role [comments]
roleadm delete role
roleadm modify oldrolename newrolename
roleadm assign user role
roleadm revoke user [role]
roleadm list [user= username] [role= rolename] [sys ]

DESCRIPTION
roleadm is a noninteractive command that allows users with the appropriate authorization to modify and
list the role information in /etc/rbac/user_role, /etc/rbac/role_auth, and
/etc/rbac/roles.
See rbac(5) for information on these RBAC databases.
HP recommends that only the authadm , cmdprivadm , and roleadm commands be used to edit and
view the RBAC databases. Do not edit the RBAC files directly.

Options
roleadm recognizes the following options:
add role [comments]
Add a role to the system list of valid roles. Appends a line in /etc/rbac/roles file with
rolename. You can enter an optional comment after the role.
delete role
Remove a role from the system list of valid roles. If role is present in /etc/rbac/roles, remove
entry. If role is not present, then roleadm returns an error code; see RETURN VALUE.
modify oldrolename newrolename
Change the name of a role. This option causes a modification of the RBAC databases
(etc/rbac/user_role, /etc/rbac/role_auth, and /etc/rbac/roles), replacing each
occurrence of oldrolename with newrolename.
assign user role
Assign a role to a user or a group. First verifies that the user is a valid user, and the role is present in
the /etc/rbac/roles file. When this is the case, the role is appended to the user->role mapping
in the /etc/rbac/user_role file. If user argument has an ampersand at the beginning (such as
&users), then it is assumed that what follows after the ampersand is a group name - the ampersand
must be shell escaped or put in quotes such as users or "&users".
r An administrator may specify a default set of roles by assigning roles to the DEFAULT keyword. If a
user is not otherwise explicitly assigned roles in the /etc/rbac/user_role database, he or she
will be given roles assigned to the DEFAULT role.
revoke user [role]
Revoke a role from the specified user. If no role is specified, then all roles are revoked for the given
user. (The user entry is removed from /etc/rbac/user_role). If user argument has an amper-
sand at the beginning (such as &users), then it is assumed that what follows after the ampersand is a
group name - the ampersand must be shell escaped or put in quotes such as users or "&users".
list [user= username] [role= rolename] [sys ]
List user and role information from the RBAC databases, /etc/rbac/user_role and
/etc/rbac/roles.
If neither user= nor role= are specified, then list all the users with assigned roles.
If user= username is specified, then only the role(s) of the specified user will be listed. If user has an
ampersand at the beginning (such as &users), then it is assumed that what follows after the amper-
sand is a group name - the ampersand must be shell escaped or put in quotes such as users or
"&users". If only role= rolename is specified, then only list the user(s) assigned to the specified role.
If both user= username and role= rolename are specified, then the entry with the user username
and role rolename will be listed, if it exists.

270 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

roleadm(1M) roleadm(1M)

If the specified user does not exist in the system and there exists the special user, DEFAULT, in the
/etc/rbac/user_role database, then the roles listed for the specified user will be those of the
DEFAULT user. In the event that there is more than one DEFAULT user defined in the
/etc/rbac/user_role database, the system will recognize only the last one.
If sys is specified, then all the roles in the roles database, /etc/rbac/roles, will be listed.
When sys is specified, no other argument will be taken by roleadm.

Authorizations
In order to invoke roleadm , the user must either be root, (running with effective uid of 0), or have the
appropriate authorization(s). The following is a list of the required authorizations for running roleadm
with particular options:
hpux.security.access.role.add,*
Allows user to run roleadm with "add" option.
hpux.security.access.role.delete,*
Allows user to run roleadm with "delete" option.
hpux.security.access.role.modify,*
Allows user to run roleadm with "modify" option.
hpux.security.access.role.assign,*
Allows user to run roleadm with "assign" option.
hpux.security.access.role.revoke,*
Allows user to run roleadm with "revoke" option.
hpux.security.access.role.list,*
Allows user to run roleadm with "list" option.
EXTERNAL INFLUENCES
Environment Variables
LC_MESSAGES determines the language in which messages are displayed.
International Code Set Support
Single-byte character code set is supported.
RETURN VALUE
Upon completion, roleadm returns one of the following values:
0 Success.
1 Failure. An appropiate error message is printed to stderr.

EXAMPLES
The following command will append the line administrator to /etc/rbac/roles file.
r
# roleadm add administrator
The following command will append the line &adm:administrator to the /etc/rbac/user_role
file.
# roleadm assign "&adm" administrator
The following command will delete line accountant in /etc/rbac/roles file and other databases.
# roleadm delete accountant
The following command will delete line &adm:administrator from the /etc/rbac/user_role
file.
# roleadm revoke "&adm" administrator
The following command will replace role name webAdmin with webMaster in /etc/rbac/roles,
/etc/rbac/user_role, and /etc/rbac/role_auth.
# roleadm modify webAdmin webMaster
The following command will append line John:administrator
to /etc/rbac/user_role file:

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 271

 roleadm(1M) roleadm(1M)

# roleadm assign John administrator

The following command will remove the line John:administrator from /etc/rbac/user_role
file:
# roleadm revoke John administrator
The following command will remove all the roles for user John from /etc/rbac/user_role file:
# roleadm revoke John
The following command will remove all the roles for group name users from /etc/rbac/user_role
file:
# roleadm revoke "&users"
The following command will list all the roles for user Joe :
# roleadm list user=Joe
The following command will list all users and groups with role sysAdmin :
# roleadm list role=sysAdmin
The following command will list entries with user Joe and rolename sysAdmin :
# roleadm list user=Joe role=sysAdmin
The following command will list entries with group name vts
# roleadm list user="&vts"
The following command will list all the entries in /etc/rbac/user_role
# roleadm list
FILES
/etc/rbac/roles Database containing valid definitions of all roles.
/etc/rbac/auths Database containing definitions of all valid authorizations.
/etc/rbac/user_role Database specifying the roles allowed for each specified user.
/etc/rbac/role_auth Database that defines the allowed authorization for each specified role.
/etc/rbac/cmd_priv Database containing the authorization to execute specified commands and
the privileges to alter uid and gid for command execution.

SEE ALSO
authadm(1M), cmdprivadm(1M), privrun(1M), rbacdbchk(1M), rbac(5).
r

272 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

route(1M) route(1M)

NAME
route - manually manipulate the routing tables

SYNOPSIS
/usr/sbin/route [-f] [-n] [-p pmtu] add [net host ] destination [netmask mask] gateway
[count] [source src]
/usr/sbin/route inet6 [-f] [-n] [-p pmtu] add [net host ] v6destination [ / prefix]
v6gateway [count] [source v6src]
/usr/sbin/route [-f] [-n] delete [net host ] destination [netmask mask] gateway [count]
[source src]
/usr/sbin/route inet6 [-f] [-n] delete [net host ] v6destination [ / prefix] v6gateway
[count] [source v6src]
/usr/sbin/route -f [-n]
/usr/sbin/route inet6 -f [-n]

DESCRIPTION
The route command manipulates the network routing tables manually. You must have appropriate
privileges.

Subcommands
The following subcommands are supported.
add Add the specified host or network route to the network routing table. If the route
already exists, a message is printed and nothing changes.
delete Delete the specified host or network route from the network routing table.

Options and Arguments

route recognizes the following options and arguments.
inet6 Specifies an IPv6 route. When this option is used, the destination and the gateway
must have IPv6 addresses. When this option is not used, the command defaults to an
IPv4 route and the destination and the gateway must have IPv4 addresses.
-f Deletes all route table entries added through route command or through an ioctl. If
this is used with one of the subcommands, the entries are deleted before the subcom-
mand is processed.
-n Print any host and network addresses in Internet "dot" notation for IPv4 and in
"colon" notation for IPv6, except for the default network address, which is printed as r
default .
-p pmtu Specifies a path maximum transmission unit (MTU) value for a static route. The
minimum value allowed is 68 bytes for IPv4 and 1280 bytes for IPv6; the maximum is
the MTU of the outgoing interface for this route. This option can be applied to both
host and network routes.
net
or
host The type of destination address. If this argument is omitted, routes to a particular
host are distinguished from those to a network by interpreting the Internet address
associated with destination. For IPv4, if the destination has a local address part of
INADDR_ANY(0) , the route is assumed to be to a network; otherwise, it is treated
as a route to a host. For IPv6, if the destination has an address that is less than 128
bits, including any leading and trailing 0’s, the route is assumed to be a network; oth-
erwise, it is treated as a route to a host. An exception is the IPv6 "Unspecified
Address", typically represented as :: , which is always interpreted as the default net-
work route.
destination (inet only) The destination host system where the packets will be routed. destination
can be one of the following:

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 273

 route(1M) route(1M)

• A host name (the official name or an alias, see gethostent(3N)).

• A network name (the official name or an alias, see getnetent(3N)).
• An Internet address in "dot" notation (see inet(3N)).
• The keyword default , which signifies the wildcard gateway route (see rout-
ing(7)).
v6destination (inet6 only) The destination host system where the packets will be routed.
v6destination can be one of the following:
• A host name (the official name or an alias, see getaddrinfo(3N)).
• An IPv6 address in "colon" notation (see inet6(3N)).
• The keyword default , which signifies the wildcard gateway route.
prefix (inet6 only) The prefix is an integer between 0 and 128 inclusive. It specifies how
many of the leftmost contiguous bits of the v6destination address comprise the prefix.
Its format is similar to the CIDR notation in IPv4. A prefix of 0 would be a default
route. If the prefix is omitted when adding a network route, then the prefix would be
64 by default. It is advisable to specify the prefix when an IPv6 network route is
added. The prefix option can be applied to network routes only.
netmask mask
(inet only) The mask that will be bit-wise ANDed with destination to yield a net
address where the packets will be routed. mask can be specified as a single hexade-
cimal number with a leading 0x , with a "dot-notation" Internet address, or with a
pseudo-network name listed in the network table (see networks(4)). The length of the
mask, which is the number of contiguous 1’s starting from the left-most bit position of
the 32-bit field, can be shorter than the default network mask for the destination
address. (See routing(7)). If the netmask option is not given, mask for the route
will be derived from the netmasks associated with the local interfaces. (See
ifconfig(1M)). mask will be defaulted to the longest netmask of those local interfaces
that have the same network address. If there is not any local interface that has the
same network address, then mask will default to the default value of network mask of
destination.
gateway (inet only) The gateway through which the destination is reached. gateway can be one
of the following:
• A host name (the official name or an alias, see gethostent(3N)).
• An Internet address in "dot" notation (see inet(3N)).
v6gateway (inet6 only) The gateway through which the destination is reached. v6gateway can be
one of the following:
• A host name (the official name or an alias, see getaddrinfo(3N)).
r • An IPv6 address in "colon" notation (see inet6(3N)).
count An integer that indicates whether the gateway is a remote host or the local host. If
the route leads to a destination through a remote gateway, count should be a number
greater than 0. If the route leads to destination and the gateway is the local host,
count should be 0. The default for count is zero. The result is not defined if count is
negative.
source src (inet only) The specified source address. src can be one of the following:
• A host name (the official name or an alias, see gethostent(3N)).
• An Internet address in "dot" notation (see inet(3N)).
source v6src (inet6 only) The specified source address. v6src can be one of the following:
• A host name (the official name or an alias, see getaddrinfo(3N)).
• An IPv6 address in "colon" notation (see inet6(3N)).

Operation
All symbolic names specified for a destination or gateway are looked up first as a host name using
gethostbyname() for IPv4 and getaddrinfo() for IPv6; if the host name is not found, the destina-
tion is searched for as a network name using getnetbyname() for IPv4 only. destination and gateway
can be in "dot" notation (see inet(3N)). v6destination and v6gateway can be in "colon" notation (see
inet6(3N)).

274 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

route(1M) route(1M)

If the -n option is not specified, any host and network addresses are displayed symbolically according to
the name returned by gethostbyaddr() and getnetbyaddr(), respectively, except for the default
network address (printed as default ) and addresses that have unknown names. Addresses with
unknown names are printed in Internet "dot" notation (see inet(3N)).
If the -n option is specified, any host and network addresses are printed in Internet "dot" notation except
for the default network address which is printed as default .
If the -f option is specified, route deletes all route table entries that specify a remote host for a gateway.
If it is used with one of the subcommands described above, the entries are deleted before the subcommand
is processed.
Path MTU Discovery is a technique for discovering the maximum size of an IP datagram that can be sent
on an internet path without causing datagram fragmentation in the intermediate routers. In essence, a
source host that utilizes this technique initially sends out datagrams up to the the size of the outgoing
interface. The Don’t Fragment (DF) bit in the IP datagram header is set. As an intermediate router that
supports Path MTU Discovery receives a datagram that is too large to be forwarded in one piece to the
next-hop router and the DF bit is set, the router will discard the datagram and send an ICMP Destination
Unreachable message with a code meaning "fragmentation needed and DF set". The ICMP message will
also contain the MTU of the next-hop router. When the source host receives the ICMP message, it reduces
the path MTU of the route to the MTU in the ICMP message. With this technique, the host route in the
source host for this path will contain the proper MTU.
The -p pmtu option is useful only if you know the network environment well enough to enter an appropri-
ate pmtu for a host or network route. IP will fragment a datagram to the pmtu specified for the route on
the local host before sending the datagram out to the remote. It will avoid fragmentation by routers along
the path, if the pmtu specified in the route command is correct.
ping can be used to find the pmtu information for the route to a remote host. The pmtu information in
the routing table can be displayed with the netstat -r command (see netstat(1)).
The loopback interface (lo0) is automatically configured when the system boots with the TCP/IP
software. For IPv4, the default IP address and netmask of the loopback interface are 127.0.0.1 and
255.0.0.0, respectively. For IPv6, the default IP address and prefix of the loopback interface are ::1 and
128, respectively.
When lo0 is configured, the 127.0.0.0 loopback route for IPv4 and the ::1 loopback route for IPv6 are set
up automatically so that packets for any 127.*.*.* address and ::1 will loop back to the local host. Users
cannot add or delete any 127.*.*.* or ::1 loopback routes.

IPv6 Operation
The keyword inet6 is required for adding or deleting IPv6 routes.
Examples
add a direct IPv6 host route
r
route inet6 add 2345::1 4444::3
add an indirect IPv6 (sub)network route
route inet6 add net 2222::/64 4567::8 1
delete an indirect IPv6 (sub)network route
route inet6 delete net 2222::/64 4567::8 1
Output
add destination : gateway gateway
The specified route is being added to the tables.
delete destination : gateway gateway
The specified route is being deleted from the tables.

Flags
The values of the count and destination type fields in the route command determine the presence of the G
and H flags in the netstat -r display and thus the route type, as shown in the following table.

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 275

 route(1M) route(1M)

Count Destination Type Flags Route Type

=0 network U Route to a network directly from the local host
>0 network UG Route to a network through a remote host gateway
=0 host UH Route to a remote host directly from the local host
>0 host UGH Route to a remote host through a remote host gateway
=0 default U Wildcard route directly from the local host
>0 default UG Wildcard route through a remote host gateway

DIAGNOSTICS
The following error diagnostics can be displayed:
add a route that already exists
The specified entry is already in the routing table.
delete a route that does not exist
The specified route was not in the routing table.
cannot update loopback route
Routes for any 127.*.*.* loopback destination cannot be added or deleted.

WARNINGS
Reciprocal route commands must be executed on the local host, the destination host, and all intermediate
hosts if routing is to succeed in the cases of virtual circuit connections or bidirectional datagram transfers.
The HP-UX implementation of route does not presently support a change subcommand.

AUTHOR
route was developed by the University of California, Berkeley.
FILES
/etc/networks
/etc/hosts
SEE ALSO
netstat(1), ifconfig(1M), ndd(1M), ping(1M), getsockopt(2), recv(2), send(2), getaddrinfo(3N), gethostent(3N),
getnetent(3N), inet(3N), inet6(3N), route(7P), routing(7).

276 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

rpc.nisd_resolv(1M) rpc.nisd_resolv(1M)

NAME
rpc.nisd_resolv - DNS service daemon for NIS

SYNOPSIS
rpc.nisd_resolv [-v | -V] [-F [-C file_descriptor]] [-t transport] [-p program_number]
DESCRIPTION
rpc.nisd_resolv is an auxiliary process which provides DNS forwarding service for NIS hosts
requests. The rpc.nisd_resolv process is started by ypserv (NIS server) when invoked with the -d
option. It requires the /etc/resolv.conf file to be set up for communication with a DNS nameserver.
The nslookup utility can be used to verify communication with a DNS nameserver. See resolv.conf (4)
and nslookup(1).
Although it is not recommended, rpc.nisd_resolv can also be started independently with the follow-
ing options.

Options
-C file_descriptor Uses the specified file descriptor for service xprt .
-F Runs in foreground.
-p program_number Uses the specified transient program number for RPC service procedure.
-t transport Uses the specified transport.
-v Operates in verbose mode. Sends output to:
/var/yp/rpc.nisd_resolv.log.
-V Operates in verbose mode. Sends output to stdout.

AUTHOR
rpc.nisd_resolv was developed by Sun Microsystems, Inc.
FILES
/etc/resolv.conf resolver configuration file.

SEE ALSO
nslookup(1), ypserv(1M), resolv.conf(4), ypfiles(4).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 277

 rpcbind(1M) rpcbind(1M)

NAME
rpcbind - universal addresses to RPC program number mapper

SYNOPSIS
rpcbind [-d] [-w]
DESCRIPTION
rpcbind is a server that converts RPC program numbers into universal addresses. It must be running on
the host to be able to make RPC calls on a server on that machine.
When an RPC service is started, it tells rpcbind the address at which it is listening, and the RPC pro-
gram numbers it is prepared to serve. When a client wishes to make an RPC call to a given program
number, it first contacts rpcbind on the server machine to determine the address where RPC requests
should be sent.
rpcbind should be started before any other RPC service. Normally, standard RPC servers are started by
port monitors, so rpcbind must be started before port monitors are invoked.
When rpcbind is started, it checks that certain name-to-address translation calls function correctly. If
they fail, the network configuration databases may be corrupt. Since RPC services cannot function
correctly in this situation, rpcbind reports the condition and terminates.
rpcbind can only be started by the super-user.
Options
rpcbind recognizes the following options:
-d Run in debug mode. In this mode, rpcbind will not fork when it starts, will print addi-
tional information during operation, and will abort on certain errors. With this option, the
name-to-address translation consistency checks are shown in detail.
-w Do a warm start. If rpcbind aborts or terminates on SIGINT or SIGTERM , it will write
the current list of registered services to /tmp/portmap.file and
/tmp/rpcbind.file. Starting rpcbind with the -w option instructs it to look for
these files and start operation with the registrations found in them. This allows rpcbind
to resume operation without requiring all RPC services to be restarted.

WARNINGS
Terminating rpcbind with SIGKILL will prevent the warm-start files from being written.
All RPC servers must be restarted if the following occurs: rpcbind crashes (or is killed with SIGKILL )
and is unable to to write the warm-start files; rpcbind is started without the -w option after a graceful
termination; or, the warm-start files are not found by rpcbind .
r AUTHOR
rpcbind was developed by Sun Microsystems, Inc.
FILES
/tmp/portmap.file
/tmp/rpcbind.file
SEE ALSO
rpcinfo(1M), rpcbind(3N).

278 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

rpcinfo(1M) rpcinfo(1M)

NAME
rpcinfo - report RPC information

SYNOPSIS
rpcinfo [ -m ] [ -s ] [ host ]
rpcinfo -p [ host ]
rpcinfo -T transport host prognum [ versnum ]
rpcinfo -l [ -T transport ] host prognum [ versnum ]
rpcinfo [ -n portnum ] -u host prognum [ versnum ]
rpcinfo [ -n portnum ] -t host prognum [ versnum ]
rpcinfo -a serv_address -T transport prognum [ versnum ]
rpcinfo -b [ -T transport ] prognum versnum
rpcinfo -d [ -T transport ] prognum versnum
DESCRIPTION
rpcinfo makes an RPC call to an RPC server and reports what it finds.
In the first synopsis, rpcinfo lists all the registered RPC services with rpcbind on host. If host is not
specified, the local host is the default. If -s is used, the information is displayed in a concise format.
In the second synopsis, rpcinfo lists all the RPC services registered with rpcbind , version 2. Also
note that the format of the information is different in the first and the second synopsis. This is because the
second synopsis is an older protocol used to collect the information displayed (version 2 of the rpcbind
protocol).
The third synopsis makes an RPC call to procedure 0 of prognum and versnum on the specified host and
reports whether a response was received. transport is the transport which has to be used for contacting the
given service. The remote address of the service is obtained by making a call to the remote rpcbind .
The prognum argument is a number that represents an RPC program number (see rpc(4)).
If a versnum is specified, rpcinfo attempts to call that version of the specified prognum. Otherwise,
rpcinfo attempts to find all the registered version numbers for the specified prognum by calling version
0, which is presumed not to exist; if it does exist, rpcinfo attempts to obtain this information by calling
an extremely high version number instead, and attempts to call each registered version. Note that the ver-
sion number is required for -b and -d options.
The other ways of using rpcinfo are described in the EXAMPLES section.

Options r
-T transport Specify the transport on which the service is required. If this option is not specified,
rpcinfo uses the transport specified in the NETPATH environment variable, or if that is
unset or null, the transport in the netconfig(4) database is used. This is a generic option,
and can be used in conjunction with other options as shown in the SYNOPSIS.
-a serv_address
Use serv_address as the (universal) address for the service on transport to ping procedure
0 of the specified prognum and report whether a response was received. The -T option is
required with the -a option.
If versnum is not specified, rpcinfo tries to ping all available version numbers for that
program number. This option avoids calls to remote rpcbind to find the address of the
service. The serv_address is specified in universal address format of the given transport.
-b Make an RPC broadcast to procedure 0 of the specified prognum and versnum and report
all hosts that respond. If transport is specified, it broadcasts its request only on the
specified transport. If broadcasting is not supported by any transport, an error message is
printed. Use of broadcasting should be limited because of the potential for adverse effect on
other systems.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 279

 rpcinfo(1M) rpcinfo(1M)

-d Delete registration for the RPC service of the specified prognum and versnum. If transport
is specified, unregister the service on only that transport, otherwise unregister the service
on all the transports on which it was registered. Only the owner of a service can delete a
registration, except the super-user who can delete any service.
-l Display a list of entries with a given prognum and versnum on the specified host. Entries
are returned for all transports in the same protocol family as that used to contact the
remote rpcbind .
-m Display a table of statistics of rpcbind operations on the given host. The table shows
statistics for each version of rpcbind (versions 2, 3 and 4), giving the number of times
each procedure was requested and successfully serviced, the number and type of remote
call requests that were made, and information about RPC address lookups that were han-
dled. This is useful for monitoring RPC activities on host.
-n portnum Use portnum as the port number for the -t and -u options instead of the port number
given by rpcbind . Use of this option avoids a call to the remote rpcbind to find out
the address of the service. This option is made obsolete by the -a option.
-p Probe rpcbind on host using version 2 of the rpcbind protocol, and display a list of all
registered RPC programs. If host is not specified, it defaults to the local host. Note that
version 2 of the rpcbind protocol was previously known as the portmapper protocol.
-s Display a concise list of all registered RPC programs on host. If host is not specified, it
defaults to the local host.
-t Make an RPC call to procedure 0 of prognum on the specified host using TCP, and report
whether a response was received. This option is made obsolete by the -T option as shown
in the third synopsis.
-u Make an RPC call to procedure 0 of prognum on the specified host using UDP, and report
whether a response was received. This option is made obsolete by the -T option as shown
in the third synopsis.

EXAMPLES
To show all of the RPC services registered on the local machine use:
example% rpcinfo
To show all of the RPC services registered with rpcbind on the machine named klaxon use:
example% rpcinfo klaxon
To show whether the RPC service with program number prognum and version versnum is registered on the
machine named klaxon for the transport TCP use:
r example% rpcinfo -T tcp klaxon prognum versnum
To show all RPC services registered with version 2 of the rpcbind protocol on the local machine use:
example% rpcinfo -p
To delete the registration for version 1 of the walld (program number 100008 ) service for all transports
use:
example# rpcinfo -d 100008 1
or
example# rpcinfo -d walld 1
AUTHOR
rpcinfo was developed by Sun Microsystems, Inc.
SEE ALSO
rpcbind(1M), rpc(3N), netconfig(4), rpc(4).

280 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

rquotad(1M) rquotad(1M)

NAME
rquotad - remote quota server

SYNOPSIS
/usr/sbin/rpc.rquotad
DESCRIPTION
rquotad is an RPC server that returns quotas for a user of a local file system currently mounted by a
remote machine by means of NFS (see rpc(3N)). The results are used by quota to display user quotas for
remote file systems (see quota(1)).
rquotad might not work for local filesystems which support a 64-bit quota file format. The
Q_QUOTAINFO command of the quotactl() system call can be used to determine the quota file format
supported by a particular filesystem. (See quotactl(2)).
rquotad is normally invoked by inetd (see inetd(1M)).
AUTHOR
Disk Quotas were developed by the University of California, Berkeley, Sun Microsystems, Inc., and HP.

FILES
directory /quotas Quota statistics static storage for a file system, where directory is the root of the
file system.

SEE ALSO
inetd(1M), quotactl(2), rpc(3N), services(4), quota(5), nfs(7).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 281

 rstatd(1M) rstatd(1M)

NAME
rstatd - kernel statistics server

SYNOPSIS
/usr/lib/netsvc/rstat/rpc.rstatd [-l log_file] [-e-n]
DESCRIPTION
rstatd is an RPC server that returns performance statistics obtained from the kernel. The rup utility
prints this information (see rup(1)).
inetd invokes rstatd through /etc/inetd.conf (see inetd(1M)).
Options
rstatd recognizes the following options and command-line arguments:
-l log_file Log any errors to the named log file, log_file. Errors are not logged if the -l option
is not specified.
Information logged to the file includes date and time of the error, the host name, pro-
cess ID and name of the function generating the error, and the error message. Note
that different services can share a single log file because enough information is
included to uniquely identify each error.
-e Exit after serving each RPC request. Using the -e option, the inetd security file
/var/adm/inetd.sec can control access to RPC services.
-n Exit only if
•portmap dies (see portmap(1M)),
•another rpc.rstatd registers with portmap , or
• rpc.rstatd becomes unregistered with portmap.
The -n option is more efficient since a new process is not launched for each RPC
request. Note, this option is the default.

AUTHOR
rstatd was developed by Sun Microsystems, Inc.
SEE ALSO
rup(1), inetd(1M), portmap(1M), inetd.conf(4), inetd.sec(4), services(4).

282 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

rtradvd(1M) rtradvd(1M)

NAME
rtradvd - Router Advertisement daemon for IPv6

SYNOPSIS
rtradvd [-C] [-c configfile] [-d debuglevel] [-i] [-p pidfile] [debugfile]
DESCRIPTION
rtradvd , the router advertisement daemon for IPv6, implements router functionality as specified by RFC
2461 ("Neighbor Discovery for IP Version 6"). The daemon listens to router solicitation and sends router
advertisement messages on demand and periodically as described in "Neighbor Discovery for IP Version 6".
These advertisements allow any listening host to configure their addresses and some other parameters
automatically without manual intervention. They can also choose a default router based on these adver-
tisements.
Router advertisement is configured on a per interface basis, as described in rtradvd.conf(4). The
"PRIVATE" flag (IFF_PRIVATE ) on each interface must be cleared in order to enable sending Router
Advertisement packets out on that particular interface as described by ifconfig(1M). The daemon does not
listen on an interface when the "PRIVATE" flag is set.
rtradvd also implements four new Mobile IPv6 ICMPv6 message types, two for use in the dynamic home
agent address discovery mechanism, and two for mobile configuration mechanisms. These four new
ICMPv6 messages are activated if "Home Agent Flag" (see rtradvd.conf(4)) is enabled on any configured
interface and the daemon detects the Mobile IPv6 kernel module during startup (see mip6mod(7)) or via
mip6admin(1M) utility. In this case, rtradvd sends mip6mod the list of prefixes configured with the
"Router Address Flag" set to on , allowing the node to act as a home agent on all the links corresponding to
these prefixes (see rtradvd.conf(4)).
Options
-C Specifies that the configuration file will be parsed for syntax errors and coherency.
Any syntax error or incoherency data is printed to stderr . rtradvd will exit with
a status 1 if there were any errors or 0 (zero) if there were not. All other command
line options except -c are ignored.
-c configfile Use a configuration file other than /etc/rtradvd.conf.
-d debuglevel Print debugging information. If debugfile is not specified, the daemon stays in fore-
ground mode. A number after the d determines the level of messages printed. The
level must be an integer in the range from 1 to 10, with higher numbers resulting in
greater detail in debug messages.
-i Disable printing the inconsistency information via syslog(3C) in router advertisement
messages received from other routers on the link.
-p pidfile Use a pid file other than /var/run/rtradvd.pid. r
debugfile Specifies a debug file in which to place debug information. If a debug file is specified
on the command line, rtradvd detaches from the terminal and runs in the back-
ground. Otherwise, rtradvd assumes that debugging is desired to stderr and
remains in the foreground.
The rtradvd daemon includes Mobile IPv6 options in Router Advertisement messages when the
configuration file contains the specific Mobile IPv6 keywords (see rtradvd.conf(4)).
The rtradvd daemon can be started during boot-time initialization. To do so, see
/etc/rc.config.d/netconf-ipv6 for rtradvd entries.
The following signals have the specified effect when sent to the server process using the kill(1) command:
SIGHUP causes rtradvd to read the configuration file and reload the database. If the
configuration file contains an error or inconsistency, the daemon continues with the old
configuration database. The syslog file should be checked for errors.
SIGTERM terminates rtradvd gracefully. In this case, before exiting, rtradvd will transmit
router advertisement with Router Lifetime 0 to all the listening interfaces. This can
take up to 10 seconds.

DIAGNOSTICS
Any errors encountered by rtradvd in the configuration file, or in normal operation are logged via
syslog(3C).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 283

 rtradvd(1M) rtradvd(1M)

NOTE
The following ICMPv6 types are assigned for Mobile IPv6:
Home Agent Address Discovery Request: ICMPv6 type 144
Home Agent Address Discovery Reply: ICMPv6 type 145
Mobile Prefix Solicitation: ICMPv6 type 146
Mobile Prefix Advertisement: ICMPv6 type 147
Refer to the Mobile IPv6 Administrator’s Guide for information on configuring Virtual IPv6 Anycast
addresses.

AUTHOR
rtradvd was developed by HP.
FILES
/etc/rtradvd.conf The default configuration file
/var/run/rtradvd.pid Process ID of running rtradvd
/etc/rc.config.d/netconf-ipv6 To enable rtradvd at system initialization.

SEE ALSO
kill(1), ifconfig(1M), mip6admin(1M), syslog(3C), rtradvd.conf(4), mip6mod(7), ndp(7P).
1. T. Narten, E. Nordmark, W. Simpson, Neighbor Discovery for IP Version 6 (IPv6), RFC2461, December
1998.
2. S. Thompson, T. Narten, IPv6 Stateless Address Autoconfiguration, RFC2462, December 1998.
3. D. Johnson, C. Perkins, Mobility Support in IPv6, IETF document.

284 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

runacct(1M) runacct(1M)

NAME
runacct - run daily accounting

SYNOPSIS
/usr/sbin/acct/runacct [ mmdd [ state ] ]
DESCRIPTION
runacct is the main daily accounting shell procedure. It is normally initiated via cron(1M). runacct
processes connect, fee, disk, and process accounting files. It also prepares summary files for prdaily or bil-
ling purposes.
runacct takes care not to damage active accounting files or summary files in the event of errors. It records
its progress by writing descriptive diagnostic messages into active . When an error is detected, a mes-
sage is written to /dev/console , mail (see mail(1), mailx(1), or elm(1)) is sent to root and adm , and
runacct terminates. runacct uses a series of lock files to protect against re-invocation. The files lock and
lock1 are used to prevent simultaneous invocation, and lastdate is used to prevent more than one
invocation per day.
runacct breaks its processing into separate, restartable states using statefile to remember the last
state completed. It accomplishes this by writing the state name into statefile . runacct then looks in
statefile to see what it has done and to determine what to process next. states are executed in the fol-
lowing order:
SETUP Move active accounting files into working files.
WTMPFIX Verify integrity of wtmp file, correcting date changes if necessary.
CONNECT Produce connect session records in tacct.h format.
PROCESS Convert process accounting records into tacct.h format.
MERGE Merge the connect and process accounting records.
FEES Convert output of chargefee into tacct.h format and merge with connect and pro-
cess accounting records.
DISK Merge disk accounting records with connect, process, and fee accounting records.
MERGETACCT Merge the daily total accounting records in daytacct with the summary total
accounting records in /var/adm/acct/sum/tacct.
CMS Produce command summaries.
USEREXIT Any installation-dependent accounting programs can be included here.
CLEANUP Cleanup temporary files and exit.
To restart runacct after a failure, first check the active file for diagnostics, then fix up any corrupted r
data files such as pacct or wtmp . The lock files and lastdate file must be removed before runacct
can be restarted. The argument mmdd is necessary if runacct is being restarted, and specifies the month
and day for which runacct will rerun the accounting. Entry point for processing is based on the contents of
statefile ; to override this, include the desired state on the command line to designate where processing
should begin.

EXAMPLES
To start runacct.
nohup runacct 2> /var/adm/acct/nite/fd2log &
To restart runacct.
nohup runacct 0601 2>> /var/adm/acct/nite/fd2log &
To restart runacct at a specific state.
nohup runacct 0601 MERGE 2>> /var/adm/acct/nite/fd2log &
WARNINGS
Normally it is not a good idea to restart runacct in its SETUP state. Run SETUP manually, then restart
via:

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 285

 runacct(1M) runacct(1M)

runacct mmdd WTMPFIX

If runacct failed in its PROCESS state, remove the last ptacct file because it will not be complete.

FILES
/var/adm/acct/nite/active
/var/adm/acct/nite/daytacct
/var/adm/acct/nite/lastdate
/var/adm/acct/nite/lock
/var/adm/acct/nite/lock1
/var/adm/pacct*
/var/adm/acct/nite/ptacct*.mmdd
/var/adm/acct/nite/statefile
/var/adm/wtmp
SEE ALSO
mail(1), acct(1M), acctcms(1M), acctcom(1M), acctcon(1M), acctmerg(1M), acctprc(1M), acctsh(1M),
cron(1M), fwtmp(1M), acct(2), acct(4), utmp(4).

STANDARDS CONFORMANCE
runacct : SVID2, SVID3

286 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

rusersd(1M) rusersd(1M)

NAME
rusersd - network username server

SYNOPSIS
/usr/lib/netsvc/rusers/rpc.rusersd [-l log_file] [-e-n]
DESCRIPTION
rusersd is an RPC server that returns a list of users on the network. The rusers command prints this
information (see rusers(1)).
inetd invokes rusersd through /etc/inetd.conf (see inetd(1M)).
Options
rusersd recognizes the following options and command-line arguments:
-l log_file Log any errors to the named log file, log_file. Errors are not logged if the -l option is
not specified.
Information logged to the file includes date and time of the error, the host name, pro-
cess ID and name of the function generating the error, and the error message. Note
that different services can share a single log file since enough information is included
to uniquely identify each error.
-e Exit after serving each RPC request. Using the -e option, the inetd security file
/var/adm/inetd.sec can control access to RPC services.
-n Exit only if
• portmap dies (see portmap(1M)),
• another rpc.rusersd registers with portmap , or
• rpc.rusersd becomes unregistered with portmap .
The -n option is more efficient because a new process is not launched for each RPC
request. This option is the default.

AUTHOR
rusersd was developed by Sun Microsystems, Inc.
SEE ALSO
rusers(1), inetd(1M), portmap(1M), inetd.conf(4), inetd.sec(4), services(4).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 287

 rwall(1M) rwall(1M)

NAME
rwall - write to all users over a network

SYNOPSIS
/usr/sbin/rwall hostname ...
/usr/sbin/rwall -n netgroup ...
/usr/sbin/rwall -h host -n netgroup
DESCRIPTION
rwall reads a message from standard input until EOF, then sends the message, preceded by the line
Broadcast Message ... , to all users logged in on the specified host machines. With the -n option,
rwall sends the message to the specified network hosts defined in /etc/netgroup (see netgroup(4)).
A machine can only receive such a message if it is running rwalld , which is normally started from
/etc/inetd.conf by the inetd daemon (see inetd(1M)).
WARNINGS
The timeout is kept fairly short so that the message can be sent to a large group of machines (some of
which may be down) in a reasonable amount of time. Thus, the message may not get through to a heavily
loaded machine.

AUTHOR
rwall was developed by Sun Microsystems, Inc.
FILES
/etc/inetd.conf
SEE ALSO
rwalld(1M), shutdown(1M), wall(1M), netgroup(4).

288 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

rwalld(1M) rwalld(1M)

NAME
rwalld - network rwall server

SYNOPSIS
/usr/lib/netsvc/rwall/rpc.rwalld [-l log_file] [-e-n]
DESCRIPTION
rwalld is an RPC server that handles rwall requests (see rwall(1)). rwalld calls wall to send a
message to all users logged into the host on which rwalld is running (see wall(1)).
inetd invokes rwalld through /etc/inetd.conf (see inetd(1M)).
Options
rwalld recognizes the following options and command-line options:
-l log_file Log any errors to log_file. Errors are not logged if the -l option is not specified.
Information logged to the log file includes date and time of the error, the host name,
process ID and name of the function generating the error, and the error message.
Note that different services can share a single log file because enough information is
included to uniquely identify each error.
-e Exit after serving each RPC request. Using the -e option, the inetd security file
/var/adm/inetd.sec can control access to RPC services.
-n Exit only if:
• portmap dies (see portmap(1M)),
• another rpc.rwalld registers with portmap , or
• rpc.rwalld becomes unregistered with portmap .
The -n option is more efficient because a new process is not launched for each RPC request. Note, this
option is the default.

AUTHOR
rwalld was developed by Sun Microsystems, Inc.
SEE ALSO
inetd(1M), portmap(1M), rwall(1M), wall(1M), inetd.conf(4), inetd.sec(4), services(4).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 289

 rwhod(1M) rwhod(1M)

NAME
rwhod - system status server

SYNOPSIS
/usr/sbin/rwhod [-s] [-r]
DESCRIPTION
rwhod is the server that maintains the database used by rwho and ruptime (see rwho(1) and rup-
time(1)). rwhod sends status information to and receives status information from other nodes on the local
network that are running rwhod .
rwhod is started at system boot time if the RWHOD variable is set to 1 in the file
/etc/rc.config.d/netdaemons.
As an information sender, it periodically queries the state of the system and constructs status messages
that are broadcast on a network.
As an information receiver, it listens for other rwhod servers’ status messages, validates them, then
records them in a collection of files located in the /var/spool/rwho directory.
By default, rwhod both sends and receives information. rwhod also supports the following options:
-s Configures server to be an information sender only.
-r Configures server to be an information receiver only.
Status messages are generated approximately once every three minutes. rwhod transmits and receives
messages at the port indicated in the who service specification (see services (4)). The messages sent and
received, are of the form:
struct outmp {
char out_line[8]; /* tty name */
char out_name[8]; /* user id */
long out_time; /* time on */
};
struct whod {
char wd_vers;
char wd_type;
char wd_fill[2];
int wd_sendtime;
int wd_recvtime;
char wd_hostname[32];
int wd_loadav[3];
r int
struct
wd_boottime;
whoent {
struct outmp we_utmp;
int we_idle;
} wd_we[1024 / sizeof (struct whoent)];
};
All fields are converted to network byte order before transmission. System load averages are calculated
from the number of jobs in the run queue over the last 1-, 5- and 15-minute intervals. The host name
included is the one returned by the gethostname() system call (see gethostname(2)). The array at the
end of the message contains information about the users logged in on the sending machine. This informa-
tion includes the contents of the utmp entry for each non-idle terminal line and a value indicating the time
since a character was last received on the terminal line (see utmp(4)).
rwhod discards received messages if they did not originate at a rwho server’s port, or if the host’s name,
as specified in the message, contains any unprintable ASCII characters.
Validmessages received by rwhod are placed in files named whod. hostname in the
/var/spool/rwho directory. These files contain only the most recent message in the format described
above.

WARNINGS
rwhod does not relay status information between networks. Users often incorrectly interpret the server
dying as a machine going down.

290 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

rwhod(1M) rwhod(1M)

AUTHOR
rwhod was developed by the University of California, Berkeley.
FILES
/var/spool/rwho/whod.* Information about other machines.

SEE ALSO
rwho(1), ruptime(1), gethostname (2), services (4), utmp (4).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 291

 sa1(1M) sa1(1M)

NAME
sa1, sa2, sadc - system activity report package

SYNOPSIS
/usr/lbin/sa/sa1 [ t n ]
/usr/lbin/sa/sa2 [-aAbcdLHmqtuvwy ] [-s time ] [-e time ] [-i sec ]
/usr/lbin/sa/sadc [ t n ] [ ofile ]
DESCRIPTION
System activity data can be accessed at the special request of a user (see sar(1M)) and automatically on a
routine basis as described here. The operating system contains a number of counters that are incremented
as various system actions occur. These include CPU utilization counters, buffer usage counters, activity
counters for disk, lunpath, HBA, tape I/O, and tty devices, switching and system-call counters, file-access
counters, queue activity counters, and counters for inter-process communications.
sadc and shell procedures sa1 and sa2 are used to sample, save, and process this data.
sadc , the data collector, samples system data n times every t seconds and writes in binary format to ofile
or to standard output. If t and n are omitted, a special record is written. This facility is used at system
boot time to mark the time at which the counters restart from zero. Executing the following command in a
system startup script:
/usr/lbin/sa/sadc /var/adm/sa/sa‘date +%d‘
writes the special record to the daily data file to mark the system restart. Instructions for creating system
startup scripts may be found in the 10.0 File System Layout White Paper, which is online on
http://docs.hp.com.
The shell script sa1 , a variant of sadc , is used to collect and store data in binary file
/var/adm/sa/sadd where dd is the current day. The arguments t and n cause records to be written n
times at an interval of t seconds, or once if omitted. The following entries, if placed in crontab , produce
records every 20 minutes during working hours and hourly otherwise (see cron(1M)):
0 * * * 0,6 /usr/lbin/sa/sa1
0 8-17 * * 1-5 /usr/lbin/sa/sa1 1200 3
0 18-7 * * 1-5 /usr/lbin/sa/sa1
The shell script sa2 , a variant of sar , writes a daily report in file /var/adm/sa/sardd. The options
are explained in sar(1M). The following crontab entry reports important activities hourly during the
working day:
5 18 * * 1-5 /usr/lbin/sa/sa2 -s 8:00 -e 18:01 -i 3600 -A
Structure of the binary daily data file lists information about the active processors. The structure of the
binary daily data file is:
s struct sa {
long version[PST_MAX_CPUSTATES];
/* sadd file version */
psetid_t psetid[SAR_MAX_PROCS][2];
/* mapping of psetid and cpus in the
* system */
int cpus[SAR_MAX_PROCS];
/* active processors list */
unsigned long long cpu [PST_MAX_CPUSTATES];
/* average time spent in each state */
unsigned long mp_cpu [SAR_MAX_PROCS][PST_MAX_CPUSTATES];
/* per proc cpu time */
unsigned long proc_cnt; /* MP: number of active processors */
unsigned long max_proc_cnt; /* MP: max active processors */
unsigned long bread; /* transfer of data between system
* buffers and disk or other block devices
*/
unsigned long bwrite;
unsigned long lread; /* access of system buffers */
unsigned long lwrite;
292 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007
sa1(1M) sa1(1M)

unsigned long phread; /* transfer via physical device mechanism */

unsigned long phwrite;
unsigned long swapin; /* number of swap transfers */
unsigned long swapout;
unsigned long bswapin; /* number of 512-bytes transferred
* (for bswapin:include initial loading of
* some programs
*/
unsigned long bswapout;
unsigned long pswitch;/* process switches */
unsigned long syscall;/* system calls of all types */
unsigned long sysread;/* specific system calls */
unsigned long syswrite;
/* number of write() system calls */
unsigned long sysfork;/* number of fork() system calls */
unsigned long sysexec;/* number of exec() system calls */
unsigned long runque; /* run queue of processes in memory and
* runable */
unsigned long runocc; /* time occurring */
unsigned long mp_runque [SAR_MAX_PROCS];
unsigned long mp_runocc [SAR_MAX_PROCS];
unsigned long swpque; /* swap queue of processes swapped */
* out but ready to run. */
unsigned long swpocc;
unsigned long iget; /* use of file access system routines */
unsigned long namei;
unsigned long dirblk; /* number of directory blocks encountered */
unsigned long readch; /* characters transferred by read system
* calls */
unsigned long writech; /* characters transferred by write system
* calls*/
unsigned long rcvint; /* receive interrupt */
unsigned long xmtint; /* transfer interrupt */
unsigned long mdmint; /* modem interrupt */
unsigned long rawch; /* input character */
unsigned long canch; /* input character processed by cannon */
unsigned long outch; /* output character */
unsigned long msg; /* message primitive */
unsigned long sema; /* semaphore primitive */
unsigned long select; /* select system calls */
unsigned int sztext; /* current size of text table */
unsigned int szinode; /* current size of inode table */
unsigned int szfile; /* current size of file table */
unsigned int szproc; /* current size of proc table */ s
unsigned int msztext; /* maximum size of text table */
unsigned int mszinode; /* maximum size of inode table */
unsigned int mszfile; /* maximum size of file table */
unsigned int mszproc; /* maximum size of proc table */
unsigned long inodeovf; /* cumulative overflows of inode table */
* since boot */
unsigned long fileovf; /* cumulative overflows of file table */
* since boot */
unsigned long procovf; /* cumulative overflows of proc table */
* since boot */
time_t ts; /* time stamp */
unsigned long elements_in_use;
long elements[20];
};
WARNINGS
This structure can change in future releases, with no support for backward compatibility.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 293

 sa1(1M) sa1(1M)

FILES
/tmp/sa. adrfl address file
/var/adm/sa/sadd daily data file
/var/adm/sa/sardd daily report file

SEE ALSO
timex(1), cron(1M), sar(1M), intro(7).
10.0 File System Layout White Paper on http://docs.hp.com.

STANDARDS CONFORMANCE
sa1 : SVID2, SVID3
sa2 : SVID2, SVID3
sadc : SVID2, SVID3

294 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

sam(1M) sam(1M)
(TO BE OBSOLETED)

NAME
sam - HP System Administration Manager (HP SAM)

SYNOPSIS
/usr/sbin/sam [ -f login | -r ]
DESCRIPTION
The sam command launches the HP System Management Homepage (HP SMH) program for performing
system administration on the HP-UX operating system. HP SMH is an enhanced web-based program of HP
System Administration Manager (HP SAM) in the HP-UX 11i V3 release. For more information, see
smh(1M).
If the DISPLAY environment variable is set, the Web-based HP SMH is displayed. If the DISPLAY
environment variable is not set, the terminal user interface of HP SMH is displayed.

Deprecation Notice
The sam command is deprecated in HP-UX 11i V3 release. HP recommends you use the smh command.

Options
sam recognizes the following options.
-f login Execute SAM with the privileges associated with the specified login. When used in con-
junction with -r, the Restricted SMH Builder is invoked and initialized with the privileges
associated with the specified login.
You must be a superuser to use this option. See Restricted SMH below for more informa-
tion.
-r Invokes Restricted SMH. This enables the system administrator to assign limited
privileged user access to SMH functionality. You must be a privileged user to use this
option. See the Restricted SMH section below for more information.

Restricted SMH
Generally, SMH requires privileged user rights to execute successfully. However, through the use of Res-
tricted SMH, SMH can be configured to allow subsets of its functionality to certain non-privileged users or
groups of users.
System administrators access Restricted SMH by invoking SMH with the -r option (see Options above).
In Restricted SMH, system administrators may assign subsets of SAM functionality on a per-user or per-
group basis.
When Restricted SMH is used, non-privileged users are promoted to privileged users when necessary to
enable them to execute successfully.
By default, Restricted SMH executes all applications as privileged user. However, certain applications, like
software distributor (swacl ), have their own security mechanism and do not follow the Restricted SMH
security model. In such cases, the application launched through Restricted SMH will be executed with the
s
login ID of the user who invokes it.
A non-privileged user who has been given Restricted SMH privileges simply executes /usr/sbin/smh
and sees only those areas the user is privileged to access.
All the SMH functional areas require the user to be promoted to be a privileged user in order to execute
successfully. SMH does this automatically as needed.
SMH provides a default set of SMH functional areas that the system administrator can assign to other
users.
Restricted SMH applies only to terminal user interfaces. Restricted SMH does not apply to Web-based GUI
(HP SMH) since HP SMH has its own roles. For more information, refer to the HP SMH documentation
available at http://docs.hp.com and the HP SMH product online help system.

SAM Functional Areas

SAM has been replaced by SMH. For more information on the various functional areas, see smh(1M).

SAM Logging
All actions taken by SAM are logged into the SAM log file at /var/sam/log/samlog. The log entries
in this file can be viewed using the SAM utility command samlog_viewer (see samlog_viewer(1)).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 295

 sam(1M) sam(1M)
(TO BE OBSOLETED)

samlog_viewer can filter the log file by user name, by time of log entry creation, and by level of detail.
Functionality Obsolescence and Changes
The following functional areas of the previous SAM interface have been removed, changed, or are planned
to be obsolete in a future release of HP-UX. Alternate procedures are listed as appropriate.
• Trusted systems is planned for obsolescence post HP-UX 11i V3 release.
• Backup and Recovery. Use the fbackup and frecover commands from the HP-UX system prompt.
You can also use backup tools, such as pax(1), from the HP-UX command prompt.
• Tape Drives. Add or remove device entries by editing the /etc/inittab file or use insf , mksf , and
rmsf commands from the HP-UX command prompt.
• Terminals and Modems. Use insf , mksf , and rmsf commands from the HP-UX command prompt.
• Uninterruptable Power Supplies.
• Performance Management. Monitor the performance of HP-UX using the commands iostat , ipcs ,
top , sar , and vmstat .
• Process Management. To manage processes for such functions as stopping, continuing, changing priority,
use ps, nice , kill , and crontab .
• Routine Tasks. Tasks such as shutting down the system and removing files that are large, unowned, or
core files are handled by shutdown , and find .
• Run SAM on Remote Systems. Executing or configuring SAM on remote systems is no longer needed,
because all systems are managed through HP Systems Insight Manager (HP SIM). For more information
on HP SIM, see http://www.hp.com/go/hpsim.
• Custom applications cannot be added using SAM. Any custom application that needs to be added in SAM
must provide its own registration files. The registration file has a specific format. You can view a sample
registration file from /usr/sam/tui/sam/reg.

WARNINGS
sam cannot be run in the background even if the DISPLAY environment variable is set from HP-UX 11i
V3 release.
The Disks and File Systems area of SAM does not display or configure all the types of devices when the
legacy mode of mass storage stack is disabled.

AUTHOR
sam was developed by HP.
SEE ALSO
samlog_viewer(1), evweb(1M), fsweb(1M), hpsmh(1M), kcweb(1M), ncweb(1M), parmgr(1M), pdweb(1M),
s secweb(1M), smh(1M), smhstartconfig(1M), ugweb(1M), intro(7).
HP-UX System Administrator’s Guide at http://docs.hp.com.

296 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

sar(1M) sar(1M)

NAME
sar - system activity reporter

SYNOPSIS
sar [-aAbcdHLmMqPRStuvwy] [-p psetid ] [-o file ] t [ n ]
sar [-aAbcdHLmMqPRStuvwy] [-p psetid ] [-s time ] [-e time ] [-i sec ] [-f file ]
DESCRIPTION
In the first form above, sar samples cumulative activity counters in the operating system at n intervals of
t seconds. If the -o option is specified, it saves the samples in file in binary format. The default value of n
is 1. In the second form, with no sampling interval specified, sar extracts data from a previously recorded
file, either the one specified by -f option or, by default, the standard system activity daily data file
/var/adm/sa/sadd for the current day dd. The starting and ending times of the report can be bounded
via the -s and -e time arguments of the form hh [ :mm [ :ss ] ]. The -i option selects records at sec-
second intervals. Otherwise, all intervals found in the data file are reported.

Options
Subsets of data to be printed are specified by options:
-a Report use of file access system routines:
iget/s Number of file system iget() calls per second.
namei/s Number of file system lookuppn() (pathname translation) calls per
second.
dirblk/s Number of file system blocks read per second doing directory lookup.
-A Report all data. Equivalent to -abcdHLmqtuvwy.
-b Report buffer activity:
bread/s Number of physical reads per second from the disk (or other block devices)
to the buffer cache.
bwrit/s Number of physical writes per second from the buffer cache to the disk (or
other block device).
lread/s Number of reads per second from buffer cache.
lwrit/s Number of writes per second to buffer cache.
%rcache Buffer cache hit ratio for read requests, for example, 1 − bread/lread.
%wcache Buffer cache hit ratio for write requests, for example, 1 − bwrit/lwrit.
pread/s Number of reads per second from character device using the physio()
(raw I/O) mechanism.
pwrit/s Number of writes per second to character device using the physio()
s
(raw I/O) mechanism.
-c Report system calls:
scall/s Number of system calls of all types per second.
sread/s Number of read() and/or readv() system calls per second.
swrit/s Number of write() and/or writev() system calls per second.
fork/s Number of fork() and/or vfork() system calls per second.
exec/s Number of exec() system calls per second.
rchar/s Number of characters transferred by read system calls block devices only)
per second.
wchar/s Number of characters transferred by write system calls (block devices only)
per second.
-d Report activity for each block device, for example, disk or tape drive. One line is printed for
each device that had activity during the last interval. If no devices were active, a blank line is
printed. Each line contains the following data:

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 297

 sar(1M) sar(1M)

device Logical name of the device and its corresponding instance. Devices are
categorized into the following device types:
disk3 − SCSI and NIO FL disks
sdisk − SCSI disks.
%busy Portion of time device was busy servicing a request.
avque Average number of requests outstanding for the device.
r+w/s Number of data transfers per second (read and writes) from and to the dev-
ice.
r/s Number of reads per second from the device. This information is available
only when used with the -R option.
w/s Number of writes per second to the device. This information is available
only when used with the -R option.
blks/s Number of bytes transferred (in 512-byte units) from and to the device.
avwait Average time (in milliseconds) that transfer requests waited idly on queue
for the device.
avserv Average time (in milliseconds) to service each transfer request (includes
seek, rotational latency, and data transfer times) for the device.
-f Uses file as the data source for sar . Default is the current daily data file
/var/adm/sa/sadd.
-H Report activity for each HBA device. One line is printed for each HBA device that had activity
during the last interval. If no devices were active, a blank line is printed. Each line contains
the following data:
ctlr Logical name of the HBA device and its corresponding instance.
%util Portion of time device was busy servicing a request.
t-put Number of bytes transferred (in MBs) from and to the device.
IO/s Number of data transfers per second (read and writes) from and to the dev-
ice.
r/s Number of reads per second from the device.
w/s Number of writes per second to the device.
read Number of bytes read (in MBs) from the device.
write Number of bytes written (in MBs) to the device.
avque Average number of requests outstanding for the device.
s avwait Average time (in milliseconds) that transfer requests waited idly on queue
for the device.
avserv Average time (in milliseconds) to service each transfer request for the dev-
ice.
-L Report activity for each active lunpath. One line is printed for each lunpath that had activity
during the last interval. If no lunpath were active, a blank line is printed. The lunpaths are
not displayed in any specific order and it is not guaranteed that the current order will be main-
tained in future releases. Each line contains the following data:
lunpath symbolic name of the lunpath of the form: diskm_lunpathn, where m and
n are the instance numbers of LUN and lunpath respectively. These
instance numbers are displayed by ioscan using option -N , for the LUN
and lunpath entries. For more information on LUN and lunpath hardware
path, refer to intro(7).
%busy Portion of time lunpath was busy servicing a request.
avque Average number of requests outstanding for the lunpath.
r/s Number of reads per second from the lunpath.

298 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

sar(1M) sar(1M)

w/s Number of writes per second to the lunpath.

blks/s Number of bytes transferred (in 512-byte units) from and to the LUN using
this lunpath.
avwait Average time (in milliseconds) that transfer requests waited idly on queue
for this lunpath.
avserv Average time (in milliseconds) to service each transfer request (includes
seek, rotational latency, and data transfer times) for this lunpath.
-m Report message and semaphore activities:
msg/s Number of System V msgrcv() calls per second.
sema/s Number of System V semop() calls per second.
select/s Number of System V select() calls per second. This value will only be
reported if the -S option is also explicitly specified.
-M Report the per-processor data on a multi-processor system when used with -q and/or -u
options. If the -M option is not used on a multi-processor system, the output format of the -u
and -q options is the same as the uni-processor output format and the data reported is the
average value of all the active processors.
-o Saves the samples in binary format.
-p Report the specified ProcessorSet (pset) information. This option should be used with the -u or
-q option.
-P Report ProcessorSet (pset) information, mapping to the processor in the system or the specified
pset. This option can only be used with -M and -q , or -M and -u options. It can also be com-
bined with -p option to display information for a particular pset. If system is not pset
configured it will display a warning message.
-q Report average queue length while occupied, and percent of time occupied. On a multi-
processor machine, if the -M option is used together with the -q option, the per-CPU run
queue as well as the average run queue of all the active processors are reported. If the -M
option is not used, only the average run queue information of all the active processors is
reported. In a multi-processor pset configured system if the -M option is used with the option
-P then pset column will will be displayed before cpu column:
pset pset id (only on a multi-processor and pset configured system, used with
-P , -M and -q option).
cpu cpu number (only on a multi-processor system and used with the -M
option).
runq-sz Average length of the run queue(s) of processes (in memory and runnable).
%runocc The percentage of time the run queue(s) were occupied by processes (in s
memory and runnable).
swpq-sz Average length of the swap queue of runnable processes (processes swapped
out but ready to run). This column will not be displayed when -p option is
used to display a particular ProcessorSet (pset) information in a pset
configured system.
%swpocc The percentage of time the swap queue of runnable processes (processes
swapped out but ready to run) was occupied. This column will not be
displayed when -p option is used to display a particular ProcessorSet (pset)
information in a pset configured system.
-R This option is used with the -d option to report the number of reads and writes per second to
the device. Refer to the description of the -d option for details.
-S Report the number of System V select() calls per second. This option is valid only if the
-m option is specified.
-t Report activity for each tape device. One line is printed for each tape device that had activity
during the last interval. If no devices were active, a blank line is printed. Each line contains
the following data:

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 299

 sar(1M) sar(1M)

device Logical name of the tape device and its corresponding instance.
%busy Portion of time the device was busy servicing a request.
r/s Number of reads per second from the device.
w/s Number of writes per second to the device.
read Number of bytes read (in MBs) from the device.
write Number of bytes written (in MBs) to the device.
avserv Average time (in milliseconds) to service each transfer request (includes
seek, rotational latency, and data transfer times) for the device.
-u Report CPU utilization (the default); portion of time running in one of several modes. On a
multi-processor system, if the -M option is used together with the -u option, per-CPU utiliza-
tion as well as the average CPU utilization of all the active processors are reported. If the -M
option is not used, only the average CPU utilization of all the active processors is reported. On
a multi-processor ProcessorSet (pset) configured system, if the -P option is used together with
the -M and -u options, the column for pset mapping to processor will be displayed before the
cpu column.
pset pset id (only on a multi-processor pset configured system with the -P , -M
and -u option).
cpu cpu number (only on a multi-processor system with the -M option).
%usr user mode.
%sys system mode.
%wio idle with some process waiting for I/O (only block I/O, raw I/O, or VM
pageins/swapins indicated).
%idle otherwise idle.
-v Report status of text, process, inode and file tables:
text-sz (Not Applicable).
proc-sz The current-size and maximum-size of the process table.
inod-sz The current-size and maximum-size of the inode table (inode cache).
file-sz The current-size and maximum-size of the system file table.
text-ov (Not Applicable).
proc-ov The number of times the process table overflowed (number of times the
kernel could not find any available process table entries) between sample
points.
s inod-ov The number of times the inode table (inode cache) overflowed (number of
times the kernel could not find any available inode table entries) between
sample points.
file-ov The number of times the system file table overflowed (number of times the
kernel could not find any available file table entries) between sample
points.
-w Report system swapping and switching activity:
swpin/s Number of process swapins per second.
swpot/s Number of process swapouts per second.
bswin/s Number of 512-byte units transferred for swapins per second.
bswot/s Number of 512-byte units transferred for swapouts per second.
pswch/s Number of process context switches per second.
-y Report tty device activity:
rawch/s Raw input characters per second.

300 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

sar(1M) sar(1M)

canch/s Input characters per second processed by canon() .

outch/s Output characters per second.
rcvin/s Receive incoming character interrupts per second.
xmtin/s Transmit outgoing character interrupts per second.
mdmin/s Modem interrupt rate (not supported; always 0).

EXAMPLES
Watch CPU activity evolve for 5 seconds:
sar 1 5
Watch CPU activity evolve for 10 minutes and save data:
sar -o temp 60 10
Review disk and tape activity from that period later:
sar -d -f temp
Review cpu utilization on a multi-processor system later:
sar -u -M -f temp
Watch lunpath activity evolve for 5 seconds:
sar -L 1 5
Watch tape activity evolve for 5 seconds:
sar -t 1 5
Watch HBAs activity evolve for 5 seconds:
sar -H 1 5
Watch disk reads and writes per second for 5 seconds:
sar -R -d 1 5
WARNINGS
Users of sar must not rely on the exact field widths and spacing of its output, as these will vary depend-
ing on the system, the release of HP-UX, and the data to be displayed.
The output of sar is unpredictable if a corrupted or wrong data file is given as argument with the -f
option.

FILES
/var/adm/sa/sadd daily data file, where dd is two digits representing the day of the month.
s
SEE ALSO
ioscan(1M), sa1(1M), intro(7).

STANDARDS CONFORMANCE
sar : SVID2, SVID3

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 301

 savecrash(1M) savecrash(1M)

NAME
savecrash - save a crash dump of the operating system

SYNOPSIS
/sbin/savecrash [-cflprvzZ ] [-D dumpdevice -O offset] [-d sysfile] [-m minfree]
[-s chunksize] [-t tapedevice] [-w NOSWAP SWAPEACH SWAPEND ] [dirname]
DESCRIPTION
savecrash saves the crash dump information of the system (assuming one was made when the system
crashed) and writes a reboot message in the shutdown log file.
dirname is the name of the existing directory in which to store the crash dump; the default is
/var/adm/crash.
savecrash saves the crash image and related files in the directory dirname /crash. n. The trailing n
in the directory name is a number that increases by one every time savecrash is run with the same dir-
name. This number is kept in the file dirname /bounds , which is created if it does not already exist.
Usually, savecrash creates the INDEX file in the crash directory from the crash dump header, copies all
kernel modules that were loaded in memory at the time of the crash, and copies all dump device contents
into crash image files.
When savecrash writes out a crash dump directory, it checks the space available on the file system con-
taining dirname. savecrash will not use that portion of the file system space which is reserved for the
superuser. Additional space on the file system can be reserved for other uses with -m minfree, where min-
free is the amount of additional space to reserve. This option is useful for ensuring enough file system
space for normal system activities after a panic.
If there is insufficient space in the file system for the portions of the crash dump that need to be saved,
savecrash will save as much as will fit in the available space. (Priority is given to the index file, then to
the kernel module files, and then to the physical memory image.) The dump will be considered saved, and
savecrash will not attempt to save it again, unless there was insufficient space for any of the physical
memory image. (See the description of option -r .)
savecrash also writes a reboot message in the shutdown log file (/etc/shutdownlog), if one exists.
(If a shutdown log file does not exist, savecrash does not create one.) If the system crashes as a result
of a kernel panic, savecrash also records the panic string in the shutdown log.
By default, when the primary paging device is not used as one of the dump devices or after the crash image
on the primary paging device has been saved, savecrash runs in the background. This reduces system
boot-up time by allowing the system to be run with only the primary paging device.
It is possible for dump devices to be used also as paging devices. If savecrash determines that a dump
device is already enabled for paging, and that paging activity has already taken place on that device, a
warning message will indicate that the dump may be invalid. If a dump device has not already been
enabled for paging, savecrash prevents paging from being enabled to the device by creating the file
s /var/adm/crash/.savecrash.LCK. swapon does not enable the device for paging if the device is
locked in /var/adm/crash/.savecrash.LCK (see swapon(1M) for more details). As savecrash
finishes saving the image from each dump device, it updates the /var/adm/crash/.savecrash.LCK
file and optionally executes swapon to enable paging on the device.

Options and Operands

The savecrash command recognizes the following options and operands.
dirname
The name of the existing directory in which to store the crash dump; the default is
/var/adm/crash.
-c Mark the dump in the dump device as saved, without performing any other action. The -c option
is useful for manually inhibiting dump actions called by /sbin/init.d/savecrash.
-f Run savecrash in the foreground only. By default, savecrash runs in the background when
the primary paging device does not contain an unsaved portion of the crash image. Turning this
option on increases system boot-up time, but guarantees that the dump has been saved when con-
trol returns to the caller.
-l Logs the panic information to /etc/shutdownlog as described above, but does not actually
save the dump. The dump is marked as saved so that future invocations of savecrash do not
create duplicate log entries.

302 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

savecrash(1M) savecrash(1M)

-p Only preserves swap-endangered dump device contents into crash image files. Swap-endangered
dump devices are those devices that are also configured as swap devices by the system. If all dump
devices are configured as swap devices, the entire dump will be preserved in the crash directory. If
no swap devices are used as dump devices (dedicated dump devices), only the INDEX file and ker-
nel modules will be copied into the crash directory.
-r Resaves a dump that a previous invocation of savecrash has marked as already saved. This is
useful if the first invocation did ran out of space, and enough space has since been freed to try
again.
-v Enables additional progress messages and diagnostics.
-z savecrash will compress all physical memory image files and kernel module files in the dump
directory. This option is ignored if the dump image on the dump device is already compressed. See
crashconf(2). In this case, a warning message will be printed.
-Z savecrash will not compress any files in the dump directory.
If neither -z nor -Z is specified and the amount of free disk space is less than the total dump size,
savecrash will compress the image files.
-D dumpdevice
dumpdevice is the name of the device containing the header of the raw crash image. The console
messages from the time of the panic will identify the major and minor numbers of this device. This
option, in combination with -O , can be used to tell savecrash where to find the dump in the
rare instances that savecrash doesn’t know where to look.
-O offset
offset is the offset in kBytes, relative to the beginning of the device specified with -D above, of the
header of the raw crash image. The console messages from the time of the panic will identify this
offset. This option, in combination with -D , can be used to tell savecrash where to find the
dump in the rare instances that savecrash doesn’t know where to look.
-d sysfile
sysfile is the name of a file containing the image of the system that produced the core dump (that
is, the system running when the crash occurred). If this option is not specified, savecrash gets
the file name from the dump itself. If the file containing the image of the system that caused the
crash has changed, use this option to specify the new file name.
-m minfree
minfree is the amount of free space (in kBytes) that must be available for ordinary user files in the
file system into which the dump will be saved, in addition to space reserved for the superuser. If
necessary, only part of the dump will be saved to achieve this requirement. savecrash calcu-
lates the amount of disk space available when it starts saving the dump. Any space used by other
processes while dump is being saved is not taken into account.
minfree may be specified in bytes (b), kilobytes (k), megabytes (m), or gigabytes (g). The default
minfree value is zero, and the default unit is kilobytes. s
-s chunksize
chunksize is the size (default kBytes) of a single physical memory image file before compression.
The kByte value must be a multiple of page size (divisible by 4) and between 64 and 1048576.
chunksize may be specified in units of bytes (b), kilobytes (k), megabytes (m), or gigabytes (g).
Larger numbers increase compression efficiency at the expense of both savecrash time and
debugging time. If -s is not specified, a default is chosen based on the physical memory size and
the amount of available file system space. If the dump image on the dump device is compressed,
then the chunksize specification is only used as a size limit for the images copied into the file sys-
tem. See crashconf(2). If the size specified is smaller than the chunk size used for compression
while dumping, then a warning message will be printed and the compression chunk size used by
the dump will be used to create the file system images.
-t tapedevice
tapedevice is the tape device where the crash dump will be written. Crash dumps that are written
to tape are written using a tar format. The crash dump tape can be read using tar(1).
When the -t option is specified, the -p option is not allowed and the whole dump is always
preserved. In addition, -c and -l , are not allowed and -m is ignored. Also, when -t is specified,
savecrash will not perform any compression.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 303

 savecrash(1M) savecrash(1M)

When dirname is specified with the -t option, dirname is the name of the existing directory where
the INDEX file is created; the default directory is /tmp . The INDEX file is the first file that is
written out to the dump tape. This file is written a second time once all the dump files have been
written. The first copy of the file only contains crash dump header information and its filename on
tape is tmpindex . It does not contain information for the module and image files.
When writing to tape, the tape device must be online otherwise the command will fail with an
error. Additionally, when savecrash reaches end-of-tape, it will prompt the user for the next
tape. Any tape errors encountered will result in a generic tape error.
-w opt Defines the interaction between savecrash and swapon . opt can be one of the following
values:
NOSWAP Do not run swapon from savecrash .
SWAPEACH (default) Call swapon each time savecrash finishes saving the image from each
dump device. This option provides the most efficient use of paging space.
SWAPEND Only call swapon when savecrash finishes saving the image file from all dump
devices. If this option is used, no additional paging space other than the primary pag-
ing space is available until the complete crash dump image is saved. This option pro-
vides a second chance to retrieve the crash image if savecrash fails on first
attempt.
For compatibility with earlier savecore syntax, the values of 0, 1 and 2 can be used in place of
NOSWAP , SWAPEACH , and SWAPEND , respectively. This usage is obsolescent.
RETURN VALUE
Upon exit, savecrash returns the following values:
0 A crash dump was found and saved, or savecrash has preserved dump information from the
primary swap device and is continuing to run in the background to complete its tasks.
1 A crash dump could not be saved due to an error.
2 No crash dump was found to save.
3 A partial crash dump was saved, but there was insufficient space to preserve the complete dump.
4 The savecrash process continued in the background, see the INDEX file for actual results.

WARNINGS
savecrash relies on the expectation that device numbers have the same meaning (point to the same dev-
ices) at the time the system dumps and at the time the dump is saved. If, after a crash, the system was
booted from a different boot device in order to run savecrash , it is possible that this expectation will not
be met. If so, savecrash may save an incomplete or incorrect dump or may fail to save a dump at all.
Such cases cannot be reliably detected, so there may be no warning or error message.
If savecrash encounters an error while running in the background (such as running out of space), it will
not be easily detectable by the caller. If the caller must ensure that the savecrash operation was suc-
s cessful, for example before writing to a dump device, the caller should specify -f to force savecrash to
run in the foreground, and should then examine the exit status of the savecrash process when it
finishes.

AUTHOR
savecrash was developed by HP and the University of California, Berkeley.
FILES
/etc/shutdownlog shutdown log
/etc/rc.config.d/savecrash savecrash startup configuration file
/sbin/init.d/savecrash savecrash startup file
dirname /bounds crash dump number
/stand/vmunix default kernel image saved by savecrash

SEE ALSO
adb(1), tar(1), crashutil(1M), crashconf(1M), swapon(1M).

304 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

scsictl(1M) scsictl(1M)

NAME
scsictl - control a SCSI device

SYNOPSIS
scsictl [-akq ] [-m mode[=value] ]... [-c command]... device
scsictl -o ola_params arguments...
scsictl -p pr_clear key device
scsictl [-k] -t tgtid {-c command}... ctrl
DESCRIPTION
The scsictl command provides a mechanism for controlling a SCSI device. It can be used to query
mode parameters, set configurable mode parameters, and perform SCSI commands. The operations are
performed in the same order as they appear on the command line.
The second form, as shown above, supports the online addition of a supported SCSI card to a system. This
option cannot be used with any other options available for this command.
The scsictl command can be used to clear persistent reservation from a device, as shown in the third
form above, using the -p option.
Some of the commands can be used on a controller device as shown in the fourth form. The list of com-
mands supported on a controller device is provided in the -t option description below.
device specifies the character special file to use.
ctrl specifies the special file of a parallel SCSI controller node.

Options
scsictl recognizes the following options.
Mode parameters and commands need only be specified up to a unique prefix. When abbreviating a mode
parameter or command, at least the first three characters must be supplied.
-a Display the status of all mode parameters available, separated by semicolon-blank (; ) or
newline.
-c command
Cause the device to perform the specified command. If multiple commands need to be
specified, then each command must be prefixed by the -c option. command can be one of
the following:
erase For magneto-optical devices that support write without erase, this
command can be used to pre-erase the whole surface to increase
data throughput on subsequent write operations. This command
maintains exclusive access to the surface during the pre-erasure.
sync_cache For devices that have an internal write cache, this command s
causes the device to flush its cache to the physical medium.
domain_val Domain validation allows the user to check the quality of
transmissions across the bus and helps to find problems like
faulty and missing terminators, bad components, and so on. This
command is only valid for Ultra160 and later devices. If any
errors encountered during domain validation, they will be logged
in the syslog .
get_bus_parms This command displays information about limits and negotiable
parameters of a bus.
get_lun_parms This command displays information about limits and negotiable
parameters of a physical or a virtual peripheral device.
get_target_parms This command displays information about limits and negotiable
parameters of a target peripheral device.
reset_target This command causes a target reset task management function to
be sent to the associated target.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 305

 scsictl(1M) scsictl(1M)

reset_bus This command causes the system to generate a SCSI bus reset
condition on the associated bus. A SCSI bus reset condition
causes all devices on the bus to be reset (including clearing all
active commands on all devices).
-k Continue processing arguments even after an error is detected. The default behavior is to
exit immediately when an error is detected.
Command line syntax is always verified for correctness, regardless of the -k option.
Improper command line syntax causes scsictl to exit without performing any opera-
tions on the device.
-m mode Display the status of the specified mode parameter. mode can be one of the following:
immediate_report For devices that support immediate reporting, this mode controls
how the device responds to write requests. If immediate report is
enabled (1), write requests can be acknowledged before the data
is physically transferred to the media. If immediate report is dis-
abled (0), the device is forced to await the completion of any write
request before reporting its status.
ir Equivalent to immediate_report.
queue_depth For devices that support a queue depth greater than the system
default, this mode controls how many I/Os the driver will attempt
to queue to the device at any one time. Valid values are (1−255 ).
Some disk devices will not support the maximum queue depth
settable by this command. Setting the queue depth in software to
a value larger than the disk can handle will result in I/Os being
held off once a QUEUE FULL condition exists on the disk.
-m mode =value
Set the mode parameter mode to value. The available mode parameters and values are
listed above.
Mode parameters that take only a binary value (1 or 0) can also be specified as either on
or off , respectively.
-o command
Currently this option supports only the following command:
ola_params This command should be followed by five arguments namely,
hw_path, scsi_id, width, period, and offset. Actual values of
scsi_id, width, period and offset are decided by the hardware. If
the hardware is not capable of supporting the requested values,
they will be brought to the maximum capability of the card. A
value of -1 may be specified for scsi_id, width, period and offset
s in order to use the hardware default values.
Note: This command does not validate any of the arguments
passed. Therefore, it does not show any output upon successful
completion.
-p pr_clear key device
Use the scsictl command with the -p pr_clear option to clear the persistent reser-
vation from a device. This command cannot be used with any other scsictl options or
commands.
This command should be followed by two arguments: key and device. key is a string of
characters which was used while setting persistent reservation. This key can be in any of
the following two formats:
(a) Text format: can contain any of alphanumeric characters. In this format length of the
key should not exceed 8 characters.
(b) Hex format: preceded by 0x or 0X, can contain any of hexadecimal digit. In this format
length of the string should not exceed 18 characters in total (including 0x or 0X).
-q Suppress the labels that are normally printed when mode parameters are displayed. Mode
parameter values are printed in the same order as they appear on the command line,

306 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

scsictl(1M) scsictl(1M)

separated by semicolon-blank (; ) or newline.

-t tgtid ctrl
Specify tgtid as the SCSI target parameter on which operation needs to be initiated. The
valid range of tgtid value is between 0 and 15. In agile addressing the tgtid is the port_id
returned by the command scsimgr get_info -H target_path. See intro(7) for infor-
mation about agile addressing and scsimgr(1M). The commands supported with the -t
option are domain_val , get_bus_parms, get_target_parms, reset_target
and reset_bus . See the -c option for explanations of these commands. ctrl specifies
the special file of a parallel SCSI controller node.
RETURN VALUE
scsictl exits with one of the following values:
0 Operation successful.
>0 Error condition occurred.
DIAGNOSTICS
Diagnostic messages are generally self-explanatory.

EXAMPLES
To display all the mode parameters, turn immediate_report on, and redisplay the value of
immediate_report:
scsictl -a -m ir=1 -m ir /dev/rdsk/c0t6d0
producing the following output:
immediate_report = 0; queue_depth = 8; immediate_report = 1
The same operation with labels suppressed:
scsictl -aq -m ir=1 -m ir /dev/rdsk/c0t6d0
produces the following output:
0; 8; 1
To clear persistent reservation from a device:
scsictl -p pr_clear key /dev/rdsk/c0t6d0
To add a supported SCSI card online at 2/4.0.0 :
scsictl -o ola_params 2/4.0.0 -1 -1 -1 -1
To issue a get_target_parms command on a SCSI target with a tgtid of 2 using /dev/c8xx2 as the
ctrl device:
scsictl -t 2 -c get_target_parms /dev/c8xx2
To display limits and negotiable parameters of a device and then reset the SCSI target:
s
scsictl -c get_lun_parms -c reset_target /dev/rdsk/c0t6d0
WARNINGS
Not all devices support all mode parameters and commands listed above. Changing a mode parameter may
have no effect on such a device.
Issuing a command that is not supported by a device can cause an error message to be generated.
scsictl is not supported on sequential-access devices using the tape driver.
The immediate_report mode applies to the entire device; the section number of the device argument
is ignored.
To aid recovery, immediate reporting is not used for writes of file system data structures that are main-
tained by the operating system, writes to a hard disk (but not a magneto-optical device) through the
character-device interface, or writes to regular files that the user has made synchronous with O_SYNC or
O_DSYNC (see open(2) and fcntl(2)).

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 307

 scsictl(1M) scsictl(1M)

DEPENDENCIES
disc3
When the system is rebooted, the disc3 driver always resets the value of the immediate_report
mode parameter to off . If ioctl() or scsictl is used to change the setting of immediate reporting
on a SCSI device, the new value becomes the default setting upon subsequent configuration (for example,
opens) of this device and retains its value across system or device powerfail recovery. However, on the next
system reboot, the immediate-report mode parameter is again reset to the value of the tunable sys-
tem parameter, default_disk_ir. This is set using the kctune command.

sdisk
If ioctl() or scsictl is used to change the setting of immediate reporting on a SCSI device, the new
value becomes the default setting upon subsequent configuration (for example, opens) of this device until
the "last close" of the device, that is, when neither the system nor any application has the device open (for
example, unmounting a file system via umount and then mounting it again via mount (see mount(1M)).
On the next "first open", the immediate-report mode parameter is again reset to the value of the tun-
able system parameter, default_disk_ir. This is set using the kctune command.

SEE ALSO
diskinfo(1M), kctune(1M), scsimgr(1M), fcntl(2), open(2), intro(7).

308 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

scsimgr(1M) scsimgr(1M)

NAME
scsimgr - SCSI management and diagnostic utility

SYNOPSIS
/usr/sbin/scsimgr [-fpv ] command [-d driver] [identifier] [keyword]... [argument]...
/usr/sbin/scsimgr [-h] [-d driver] [command]
DESCRIPTION
scsimgr performs management and diagnostic operations on the SCSI objects and subsystems.
SCSI objects are identified by either their hardware path, character Device Special File (DSF), or their
class and instance number. These are typically visible in the output of ioscan(1M). SCSI objects are typi-
cally a single LUN (logical unit number), LUN path, target path, HBA controller, or a group of these. The
SCSI object is specified as an identifier in the command line.
A SCSI subsystem is typically the SCSI services module, a SCSI class driver, or a SCSI interface (also
known as I/F) driver.
scsimgr provides generic management and diagnostic capabilities for the SCSI subsystem as well as
specific management and diagnostic capabilities for SCSI class drivers or SCSI interface drivers through
plug-ins provided by these drivers.
Refer to the respective manpages of the scsimgr driver plug-ins for detailed description of commands and
other functions specific to that driver. The manpages of driver plug-ins are in section 7, and are of the
form: scsimgr_ driver where driver is the name of the driver. For example scsimgr_esdisk(7) is the
manpage of the scsimgr plug-in for the esdisk driver.
A SCSI subsystem may maintain a set of attributes. An attribute is a data value associated with either the
SCSI subsystem, a set of SCSI objects, or a single instance of a SCSI object. It has a name, a data type,
and may have one or more value instances: current (run-time value), saved (value in a persistent store),
and default.
An attribute can be read-only or read-write. Read-only attributes are global or per-object instance informa-
tion that can be queried individually through their name. Saved and default values are irrelevant for such
attributes.
Read-write (or settable) attributes are tunables. Users or user applications can change their current or
saved values. The saved value is used to set the current value of the attribute at system boot or other re-
initialization points. When no saved value exists, the default value is used to set the current value.
Attributes can be generic or driver specific. Generic attributes do not depend on a class or an interface
driver. They are described in this manpage. Driver specific attributes are maintained by a class or an
interface driver. They are described in the respective manpages of the driver plug-ins for scsimgr.
To ease management, adapt to various resource conditions, and increase the interoperability and reliability
of the SCSI stack, settable attributes can be defined at various scopes or levels:
• Global: A value of an attribute set at this scope, affects the default behavior for the SCSI stack, a class
s
driver or an interface driver. For instance, the default I/O timeout can be set to 60ms for all SCSI dev-
ices.
• Per device type, vendor identifier, product identifier or specific product revision of devices bound to a
driver. A value of an attribute set at this scope, affects the default behavior for the set of devices bound
to the specified driver and meeting the specified criteria. For instance, the default I/O time out can be
set to 60ms for disk devices from HP and bound to driver esdisk , and to 120ms for all tape devices
bound to driver estape .
• Per a specific instance of an object: A value of an attribute set at this scope overwrites the default
behavior for a specific instance of an object. For instance, I/O time out can be set to 50ms for disk0 .
When the change to the current value of an attribute takes effect depends on the level or scope where the
change is performed. Change of an attribute at a global or intermediate levels (such as, device type and
vendor id) will not affect existing objects until an event requiring re-initialization of the object occurs.
For instance, change of global default I/O time out will not affect I/O transfer for LUNs already opened. If
a LUN is closed and re-opened, the new default I/O time out will be used. When change of an attribute at a
per-object instance level takes effect depends on the attribute and the driver owning it. For more informa-
tion, refer to the manpage of the driver plug-in for scsimgr .

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 309

 scsimgr(1M) scsimgr(1M)

In general, change to current value of a per-object instance of a generic attribute takes effect immediately.
For instance, if the I/O time out is changed for disk0, the new value will be used for the next I/O transfer to
disk0.
A given attribute can not necessary be set at all levels. Certain attributes can only be set at a global level.
That is the case for attributes adjusting global resource usage. Other attributes can only be set at a per
object instance level. Some drivers do not provide the possibility to set attributes at intermediate level;
such as, device type and vendor identifier.
If setting an attribute causes the system to become unstable, it may be possible to recover by rebooting the
system in single user mode. The SCSI subsystem uses attribute factory default values for objects initialized
while in single user mode.
The attribute is specified as an argument in the command line.
scsimgr performs the following operations:
• Display and clear global statistics or statistics for SCSI objects.
• Display status and other information for SCSI objects.
• Display information for all the LUN paths to a LUN.
• Get, set and save attributes for SCSI objects.
• Add, remove and list settable attribute scopes for drivers
• Validate the change of LUN associated to a LUN path (replace WWID).
• Validate the change of LUN associated to a legacy DSF (replace a legacy DSF).
• Disable or enable SCSI objects.
• Perform SCSI task management functions such as LUN reset, cold target reset, warm target reset.
• Set or get the user friendly character string identifying a LUN (helpful when the LUN is relocated).
• Synchronize cache for block devices.
• Erase blocks of optical memory devices.
• Inquire SCSI devices for its characteristics.

Options
-d driver Specifies the name of the driver for driver specific commands.
Note: When this option is specified, the driver plug-in (if present) executes the command. The
driver plug-in may not necessarily support all commands. To list the commands supported by
the driver module run the following command:
scsimgr -h -d driver
-f Forces execution of destructive/disruptive operations. With this option, the command executes
without warning or prompting for confirmation.
-h Prints general usage information or help information on a specific operation
-p Produces a one line parse-able output of values separated by a colon (:).

s -v Displays verbose or extended output where applicable.

command Specifies a supported scsimgr command. Supported commands include:
clear_stat Clears statistics.
cold_bdr Performs a cold reset on a target device.
ddr_add Defines a new settable attribute scope for a driver
ddr_del Deletes a settable attribute scope for a driver
ddr_list Lists driver settable attribute scopes
disable Disables a SCSI object.
enable Enables a SCSI object.
erase Pre-erases the medium of a magneto-optical device.
get_attr Displays information on attributes.
get_devid Gets an identifier for a device.
get_info Displays information.

310 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

scsimgr(1M) scsimgr(1M)

get_stat Displays statistics.

inquiry Requests information on parameters of the target and a component LUN.
lun_map Displays information about LUN paths of a LUN.
lun_reset Resets a LUN.
replace_leg_dsf
Validates change of a LUN associated with a legacy DSF.
replace_wwid Validates the change of a LUN associated to a LUN path.
save_attr Saves value persistently (across reboot) for attributes.
set_attr Sets current values for attributes.
set_devid Sets an identifier for a device.
sync_cache Requests synchronization of the write cache of a block device.
warm_bdr Performs a warm reset on a target device.
Refer to the Supported scsimgr Commands section below for details about these commands.
identifier Identifies the SCSI object on which the operation applies. It can be of the following form:
-D { dsf | leg_dsf } | -H hw_path | (-C class -I instance) | -N attr_scope
where the following means:
dsf Full path of character persistent device special file of a LUN or a SCSI HBA con-
troller.
leg_dsf Full path of character legacy device special file of a LUN (see intro(7)).
hw_path Hardware path of a LUN, LUN path, target path, or SCSI HBA controller.
class Class of a LUN, LUN path, target path, or SCSI HBA controller. (Must be used
in combination with the instance.)
instance Instance of a LUN, LUN path, target path, or SCSI HBA controller. (Must be
used in combination with the class.)
attr_scope Scope of settable attributes for a driver. It must be of the following form:
/escsi/ driver[/pdt[/vid[/pid[/rev]]]]
Where :
driver Name of the driver (for example, esdisk ).
pdt Peripheral device type in hex (for example, 0x0, 0x1) as returned from
inquiry data.
vid Vendor identifier as returned in inquiry data (for example, "HP ")
s
pid Product identifier as returned in inquiry data (for example,
"SDLT600 ")
rev Product revision as returned in inquiry data (for example, "HP06")
Note: If the settable attribute scope is defined at the vendor identifier (vid), pro-
duct identifier (pid), or product revision level (rev), the vid, pid, or rev can be
partially specified by terminating it with the special string _*_ . This wildcard
covers a family of devices from the same vendor, which share the same charac-
teristics, but may have different product identification information.
The following examples show partial level specification for devices bound to the
esdisk driver:
• /escsi/esdisk/0x0/HP_*_:
All disk devices with a vid starting with "HP"
• ’/escsi/esdisk/0x0/HP /ST39103_*_’ :
All disk devices from HP with a pid starting with "ST39103".

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 311

 scsimgr(1M) scsimgr(1M)

• ’/escsi/esdisk/0x0/HP /ST336706LC /HP_*_’ :

All disk devices from HP with a vid of "ST336706LC " and a rev starting
with "HP".
Note: Only a few commands support legacy device special file of a LUN as SCSI object
identifiers. See the command description to determine whether a command supports this
identifier.
keyword Provides additional information on the scope of the command. The following keywords are
defined. A given command may not necessary support all the keywords.
all_ctlr Operation applicable to all SCSI HBA controllers.
all_lpt Operation applicable to all LUN paths of the LUN or the target path
identified by the parameter identifier.
all_lun Operation applicable to all LUNs.
all_tp Operation applicable to all target paths of the SCSI HBA controller
identified by the parameter identifier.
all_ddr Operation applicable to all attribute scopes registered
current Operation applicable to current values of the attributes.
default Operation applicable to default values of the attributes.
nonsettable Operation applicable to read only attributes.
saved Operation applicable to saved values of the attributes.
settable Operation applicable to read-write attributes.
argument Provides additional parameter depending on the command. For attribute related commands,
argument is of the form:
-a attribute
where attribute is an attribute argument in one of the three forms below:
attr | attr =value | attr =default
with the following meaning:
attr Name of an attribute.
value Value to set current and/or saved value of the attribute.
default When specified with the command save_attr , the default value of the attri-
bute is persistently restored.
Note: Valid attribute names can be obtained by running the command:
s scsimgr get_attr identifier
They depend on the identifier.

Supported scsimgr Commands

To get the list of supported scsimgr commands, run: "scsimgr -h". These commands are described
below. These commands are described below.
clear_stat /get_stat
The clear_stat command clears while get_stat displays global statistics or statistics
of a SCSI object or a group of SCSI objects, respectively.
The -v option with get_stat , displays all statistics. If -v is not specified, only basic
statistics are displayed.
The -v option with clear_stat specifies a verbose output of the execution of the com-
mand. For instance, if executed on a group of objects (for example, all_lun ), the com-
mand shows all the result for each SCSI object.
If no identifier or keyword for a group of SCSI objects is specified, get_stat or
clear_stat displays or clears global generic statistics respectively.

312 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

scsimgr(1M) scsimgr(1M)

If an identifier or a keyword for a group of SCSI objects is specified, get_stat or

clear_stat displays or clears generic statistics (in other words, statistics commonly
defined for all class or interface drivers), respectively. It also displays or clears class and/or
interface driver specific statistics if any, if the driver provides a scsimgr plug-in module.
So there is no need to specify "-d driver" to display or clear driver specific statistics for
SCSI objects. However, to display or clear a class or interface driver global statistics, you
must specify the option "-d driver" without any SCSI object identifier or keyword for a
group of SCSI objects.
Usage:
scsimgr [-v] clear_stat [ identifier | all_lun | all_ctlr ]
scsimgr [-v] clear_stat identifier {all_lpt |all_tp }
scsimgr [-v] clear_stat -D leg_dsf
scsimgr [-v] get_stat [ identifier | all_lun | all_ctlr ]
scsimgr [-v] get_stat identifier {all_lpt |all_tp }
scsimgr [-v] get_stat -D leg_dsf
Note: identifier identifies a LUN, LUN path, target path, or SCSI HBA controller.
cold_bdr /lun_reset /warm_bdr
Respectively performs the following SCSI task management functions (if supported by the
interface driver):
• TARGET COLD RESET management task sent to the device.
Actions necessary to perform a cold target reset depend on the SCSI transport. In case
of Fibre Channel transports, the target is reset and a TPLO (Third Party Log Out) is per-
formed.
• LUN RESET management task sent to the device.
• TARGET WARM RESET management task sent to the device.
Usage:
scsimgr [-f] cold_bdr identifier
scsimgr [-f] lun_reset identifier
scsimgr [-f] warm_bdr identifier
Note: identifier identifies only a LUN.
ddr_add /ddr_del
Respectively adds and deletes a settable attribute scope for a driver.
Once a scope is added, it is possible to set specific attribute values at this scope. These
values will affect the default behavior for devices covered by the scope.
It is not necessary to add a scope to be able to display the values of attributes for devices
covered by the scope. The values are inherited from highest scope where the attributes are s
explicitly set.
WARNING: These commands should be used with caution. It is recommended to
consult your HP support representative before adding or deleting a settable attri-
bute scope.
Usage:
scsimgr [-f] ddr_add -N attr_scope
scsimgr [-f] ddr_del -N attr_scope
ddr_list Lists driver settable attribute scopes registered on the system.
Usage:
scsimgr ddr_list
Note: The attribute scope specifies the set of devices affected by attribute values set at this
level.
To display the list of attributes that can be set at a given scope and their values, run the
command:

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 313

 scsimgr(1M) scsimgr(1M)

scsimgr get_attr -N attr_scope

For instance, if you add the scope corresponding to all disk devices from HP:
’/escsi/esdisk/0x0/HP ’, to list attributes which can be set at this level
and their values, run the following command:
scsimgr get_attr -N ’/escsi/esdisk/HP ’ settable
For description of attributes, refer to the manpage of the scsimgr plug-in for the
corresponding driver.
disable /enable
Disables/enables a SCSI object. Upon disable, the object cannot be used to transfer I/Os. If
the disabled object is a LUN, all pending I/Os are aborted for that LUN. Currently sup-
ported SCSI objects are LUNs and LUN paths.
The SCSI object can be disabled either administratively by invoking the disable command,
or by the SCSI stack upon detection of certain types of critical errors. When this condition
has occurred, HP-UX logs a message in syslog which informs the user that a SCSI object
has been disabled. In the case of the SCSI stack disabling the SCSI object, the system
administrator, after resolving the problem on the device, can invoke the enable command
to resume data transfers on the SCSI object.
Usage:
scsimgr enable identifier
scsimgr [-f] disable identifier
Note:
disable and enable operations are currently only supported on block devices and their LUN
paths.
identifier identifies either a LUN or a LUN path.
erase Pre-erase the whole medium for magneto-optical devices that support write without erase.
Usage:
scsimgr [-f] erase identifier
Note: identifier identifies only a LUN.
get_attr Displays information of global attributes or attributes of a SCSI object or a group of SCSI
objects. All the values of the attribute (current, saved and default) are displayed. The
displayed values can be restricted by using the appropriate keyword (in other words --
current , saved , and default ).
All settable or read-write attributes are system-wide; in other words, they do not depend on
the kernel instance used to boot the system. The output is guaranteed to remain
s unchanged across scsimgr releases for an attribute name-value pair.
The -v option displays a brief description for each attribute.
The -p option displays the values of the attributes requested on a single line and separated
with the colon delimiter (:). By default the current value is displayed. Saved and default
values can be requested using the corresponding keyword. The -p option requires a list of
attributes using the "-a attribute" option.
If no identifier or keyword for a group of SCSI objects is specified, get_attr displays glo-
bal generic attributes (in other words, global attributes common to all class and interface
drivers).
If an identifier or a keyword for a group of SCSI objects is specified, get_attr displays
generic attributes (in other words, attributes commonly defined for all class or interface
drivers). It also displays class and/or interface driver specific attributes if any, if the driver
provides a scsimgr plug-in module. So there is no need to specify "-d driver" to display
driver specific attributes. However, to display global attributes maintained by a class or
interface driver, you must specify the option "-d driver" without any SCSI object identifier
or keyword for a group of SCSI objects.
The list of generic attributes currently supported by scsimgr is described in the Table:
scsimgr Attributes section later in this manpage. To view the list of specific attributes

314 Hewlett-Packard Company −6− HP-UX 11i Version 3: February 2007

scsimgr(1M) scsimgr(1M)

maintained by a class or interface driver, if any, refer to the manpage of the driver’s plug-in
for scsimgr . See scsimgr_ <driver_name>(7), where <driver_name> is the name of the
driver. For example, see scsimgr_esdisk(7).
Usage:
scsimgr [-v] get_attr [ identifier | all_lun | all_ctlr | all_ddr ]
[current ] [default ] [saved ]
[ nonsettable | settable | { -a attr... -a attr } ]
scsimgr -v get_attr [ identifier {all_lpt | all_tp | all_ddr }]
[current ] [default ] [saved ]
[ nonsettable | settable | { -a attr... -a attr } ]
scsimgr -p get_attr [ identifier | all_lpt | all_ctlr | all_ddr ]
[ current | default |saved ] -a attr... -a attr
scsimgr -p get_attr [ identifier { all_lpt | all_tp | all_ddr }]
[ current | default | saved ] -a attr... -a attr
Note: identifier identifies either a LUN, LUN path, target path, SCSI HBA controller, or a
settable attribute scope for a driver.
The user can specify the following command to get the current and default value of a sett-
able attribute:
scsimgr get_attr -D /dev/rdisk/disk0 current default settable
But with the -p option, only one attribute value can be specified; either current (by
default), saved , or default , and a list of attributes is required.
get_devid /set_devid
Respectively gets and sets an identifier for a device.
An identifier is a user friendly readable string (maximum size of 128 characters) that is
stored on the device itself which remains viewable even if the device is moved physically.
These commands can only be performed on devices that support the SCSI commands:
REPORT DEVICE IDENTIFIER and SET DEVICE IDENTIFIER. Devices implementing
these commands are mandated to accept identifier of up to 64 bytes. They can optionally
accept identifiers of up to 512 bytes. So even if scsimgr allows to specify identifiers of up
to 128 bytes, it is safer to limit to 64 bytes.
Usage:
scsimgr get_devid identifier
scsimgr [-f] set_devid identifier device_id
Note: identifier identifies only a LUN. device_id is a user friendly device identifier.
get_info Displays global status and other information, or per-SCSI object instance status or other
information of a SCSI object or a group of SCSI objects.
s
Use -v option to display all information. If -v is not specified only a basic set of informa-
tion is displayed.
If no identifier or keyword for a group of SCSI objects is specified, get_info displays glo-
bal information maintained by SCSI services module.
If an identifier or a keyword for a group of SCSI objects is specified, get_info displays
generic information (in other words, information defined for all class or interface drivers).
It also displays class and/or interface driver specific information if any, if the driver pro-
vides a scsimgr plug-in module.
So there is no need to specify -d driver to display driver specific information.
However, to display a class or interface driver specific global information, you must specify
the option -d driver without any SCSI object identifier or keyword for a group of SCSI
objects.
Usage:
scsimgr [-v] get_info [ identifier | all_lun | all_ctlr ]

HP-UX 11i Version 3: February 2007 −7− Hewlett-Packard Company 315

 scsimgr(1M) scsimgr(1M)

scsimgr [-v] get_info { identifier all_lpt | all_tp }

Note: identifier identifies a LUN, LUN path, target path, or SCSI HBA controller.
get_stat See clear_stat above.
inquiry Requests and displays information regarding parameters of the target and a component
LUN including: standard inquiry data, vital product data and SCSI commands supported by
the device server.
Usage:
scsimgr inquiry identifier [ page-key | page ]
Note: page is page number in hexadecimal
page-key is the page as ASCII string, and can be one of the following:
* supported: supported pages (0x00)
* wwid: identifier page (0x83)
* serial: serial number page (0x80)
* implemented: implemented operating definitions (0x81)
* ascii: ASCII operating definitions (0x82)
Note: identifier identifies a LUN or a LUN path.
lun_map Displays information (Class and Instance, Hardware Path, type of SCSI transport protocol,
State) about all the LUN path/s of a LUN. It also displays the World Wide Identifier
(WWID), if it exists, of the LUN and the number of LUN paths to this LUN.
If no identifier is specified, information about LUN paths of all the LUNs will be displayed.
If used with the -p option, information for each LUN path is displayed in a single line in a
parse-able manner. The fields are separated with the colon delimiter (:).
Note that the -p option can be used only when a LUN identifier is specified.
Usage:
scsimgr [-v] lun_map
scsimgr [-p] lun_map identifier
Note: identifier identifies only a LUN.
lun_reset See cold_bdr above.
replace_leg_dsf
Validates change of a LUN associated with a legacy Device Special File (DSF).

s Typically when a LUN is replaced, the new LUN has a different WWID (WorldWide
IDentifier). A new persistent DSF is created for this LUN, but legacy DSFs continue to be
associated with the replaced LUN until the system is rebooted. replace_leg_dsf
removes the current binding of legacy DSFs with LUN and invokes ioscan to establish a
new binding.
A change on the storage network (SAN) or target may affect several legacy device special
files (DSFs). Identifying all the affected legacy DSFs may be cumbersome. Therefore,
scsimgr allows you to invoke replace_leg_dsf on a target path or a LUN.
When replace_leg_dsf is invoked on a target path or a LUN, scsimgr validates the
change of the binding to LUNs for all legacy DSFs corresponding to the LUN paths of the
target path or the LUN.
Note that this operation can be performed on a legacy DSF only after it has been closed.
The replace_leg_dsf command combined with the replace_wwid command
replaces the fcmsutil replace_dsk command which is now obsolete. See the
fcmsutil(1M) manpage.
To replace the fcmsutil replace_dsk command, use the scsimgr
replace_wwid command if LUN paths are affected by the replacement and use the
scsimgr replace_leg_dsf command to validate the association of legacy device
316 Hewlett-Packard Company −8− HP-UX 11i Version 3: February 2007
scsimgr(1M) scsimgr(1M)

files with the new LUN. If all affected legacy DSFs are closed, it is not necessary to invoke
replace_leg_dsf after invoking replace_wwid on corresponding LUN paths.
Usage:
scsimgr [-f] replace_leg_dsf identifier
Note: identifier identifies a legacy Device Special File for the LUN, a LUN, or a target
path.
replace_wwid
Validates the change of a LUN associated to a LUN path. It clears the binding of the LUN
path with an existing LUN and rescans the parent controller or target path so that the
LUN path can be associated with the new LUN.
Note: The scan of the parent object may result in change of state of unrelated LUN paths.
To prevent accidental data corruption, the SCSI stack implements an authentication
mechanism based on the LUN WorldWide Identifier (WWID). When a LUN with a
different WWID is discovered through a previously discovered LUN path, further access to
the device through that LUN path is prevented. The LUN path is put in "Authentication
Failure" state. Then, HP-UX logs a message in syslog which informs the user that the
replace_wwid operation needs to be performed.
If the user has intentionally replaced the LUN, the scsimgr replace_wwid command
must be run to authorize the re-use of that LUN path for a different LUN.
In some situations, a replacement of a target controller may cause LUN paths of
corresponding target paths to be put in authentication failure state. To validate the
replacement and re-authorize all the affected paths, scsimgr replace_wwid can be
used with the target path identifier.
If the LUN itself has been replaced and all its previous LUN paths are now connected to
the replaced LUN, scsimgr replace_wwid can be used with the LUN identifier to
allow replacement of all LUN paths associated with that LUN.
If the keyword dsf is specified, the DSF of the replaced LUN is re-assigned to the new
LUN. This allows applications such as volume groups or file systems to continue to use the
same DSF to access the replacing LUN.
This authentication mechanism replaced the one implemented by Fibre Channel Tachyon
TL, Tachyon TL2 and FCD drivers on releases prior to HP-UX 11i Version 3. The
scsimgr replace_wwid command combined with the scsimgr
replace_leg_dsf command replaces the fcmsutil replace_dsk command. See
the explanation of the scsimgr replace_leg_dsf command and the fcmsutil(1M)
manpage.
Usage:
scsimgr [-f] replace_wwid identifier [dsf ]
s
Note: identifier identifies a LUN, LUN path, or a target path. In case of LUN replacement
(that is, the identifier is a LUN), the keyword dsf directs replace_wwid to also assign
the device file name of the replaced LUN to the new LUN. If the identifier is a LUN path,
or target path, dsf is just ignored.
save_attr Saves values, persistently, of global attributes or attributes of a single SCSI object. If the
keyword default is specified, or the argument is of the form: "-a attr =default ", then
the default value is restored persistently across system reboots.
If the keyword default is not mentioned and the argument is of the form: "-a attr =value",
then the current value is replaced with the specified value, and it is saved in a persistent
store.
Attribute values saved in a persistent store are maintained across reboots.
Only values of attributes that are settable or read-write values can be saved. To view the
settable values, use get_attr command with the keyword settable . In case of the
value being saved is a string including a space, it should be put within double quotes
("...").

HP-UX 11i Version 3: February 2007 −9− Hewlett-Packard Company 317

 scsimgr(1M) scsimgr(1M)

If no identifier or keyword for a group of SCSI objects is specified, attributes specified

should be global generic attributes.
If an identifier for a SCSI object is specified, attributes specified can be generic, class driver
specific or interface driver specific attributes maintained for the SCSI object. So there is no
need to specify option "-d driver" to save driver specific attribute for SCSI objects.
However, to save a class or interface driver’s global specific attributes you must specify the
"-d driver" option. If you specify the option "-d driver", you can only specify this driver
specific attributes, otherwise, the command will fail for all non driver specific attributes.
Usage:
scsimgr save_attr [identifier] default [ -a attr... -a attr ]
scsimgr save_attr [-d driver] [identifier] -a attr ={value |default }...
-a attr ={value |default }
Note:
• identifier identifies either a LUN, LUN path, target path, a SCSI HBA controller or a
settable attribute scope for a driver.
• To differentiate the string default from the keyword default , you must assign the
string as:
attr =’default’
• WARNING: Changing attribute values at a registered scope for a driver (e.g.
device type, vendor identifier, product identifier, etc.) should be done with
extreme care. We recommend you consult your HP support representative
before doing so.
set_attr Set current values of global attributes or attributes of a single SCSI object. Values set in
this manner remain so only until the system is rebooted (non persistent). To save this
value across reboots (persistent), use the save_attr command.
Only values of attributes that are settable or read-write values can be set. To view the sett-
able values, use get_attr with the keyword settable . In case of the value being set
is a string including a space, it should be specified within double quotes ("...").
If no identifier or keyword for a group of SCSI objects is specified, attributes specified
should be global generic attributes.
If an identifier for a SCSI object is specified, attributes specified can be generic, class driver
specific or interface driver specific attributes maintained for the SCSI object. So there is no
need to specify option "-d driver" to set driver specific attribute for SCSI objects.
However, to set a class or interface driver’s global specific attributes, you must specify the
s "-d driver" option. If you specify the option "-d driver", you can only specify this driver
specific attributes, otherwise, the command will fail for all non driver specific attributes.
Usage:
scsimgr set_attr [ identifier ] -a attr =value... -a attr =value
Note:
• identifier identifies either a LUN, LUN path, target path, SCSI HBA controller, or a sett-
able attribute scope for a driver.
• WARNING: Changing attribute values at a registered scope for a driver (e.g.
device type, vendor identifier, product identifier, etc.) should be done with
extreme care. We recommend you consult your HP representative before doing
so.
set_devid See get_devid above.
sync_cache Requests synchronization of the write cache of a block device. Data in the cache are writ-
ten in the medium.
Usage:

318 Hewlett-Packard Company − 10 − HP-UX 11i Version 3: February 2007

scsimgr(1M) scsimgr(1M)

scsimgr sync_cache identifier

Note: identifier identifies only a LUN.
warm_bdr See cold_bdr above.

Table: scsimgr Attributes

This table lists the scsimgr generic attributes.
Note: In this attribute description table, the following conventions are used:
• RO is Read Only.
• RW is Read Write.
• Range of values for applicable attributes is listed.

Object Attribute Name RO/RW Type Description

Global version RO string Version of SCSI services
max_lunid RW uint32 Max value of lunid to probe for devices
which do not support REPORT LUNS
command.
Range: 1 - 32
transient_secs RO uint32 Seconds to wait after a LUN has gone
OFFLINE before failing I/Os
lun_cnt RO uint32 Number of LUNs discovered on the
host
ctlr_cnt RO uint32 Number of SCSI HBA controllers
registered with the SCSI stack
escsi_dbg_lvl RW uint32 debug level used to filter diagnostic
messages logged.
Range:
0 (lvl_panic) System unusable
1 (lvl_alert) Immediate action
required
2 (lvl_critical) Critical condition
3 (lvl_err) Error condition
4 (lvl_warn) Warning condition
5 (lvl_note) Normal, but need spe-
cial handling
6 (lvl_info) Informative
max_q_depth RO uint32 Default maximum queue depth.
leg_mpath_enable RW boolean Default setting of tunable to enable or
disable multi-pathing on legacy DSF of s
a LUN.
Values: false(0) or true(1)
escsi_maxphys RW uint32 Maximum I/O size allowed by the
SCSI subsystem in 4KB units.
Range: 64 - 1048575
LUN state RO string state of the LUN
dev_type RO string Type of the device
device_file RO string default DSF
class RO string class of the LUN
instance RO uint LUN instance number
hw_path RO string Hardware path of the LUN
wwid RO binary ascii LUN World Wide Identifier (WWID)
string
uniq_name RO binary HP-UX specific LUN unique identifier.
string It corresponds to the WWID displayed
in binary string format, for non paral-

HP-UX 11i Version 3: February 2007 − 11 − Hewlett-Packard Company 319

 scsimgr(1M) scsimgr(1M)

lel SCSI devices, and a combination of

WWID, serial number, vendor
identifier and product identifier for
parallel SCSI devices. It allows to
uniquely identify devices in the pres-
ence of old parallel SCSI devices with
non unique WWID
serial_number RO string Serial Number of the device
vid RO string Vendor identifier
pid RO string Product identifier
firmware_rev RO string Firmware revision of the device
protocol_rev RO string SPC protocol revision
total_path_cnt RO uint32 Total number of LUN paths
alias RO string Alias that can be assigned to the LUN.
Note: By default, no value is pre-
assigned (empty string).
Range: ASCII string < 1024 chars.
transient_secs RW uint32 Seconds to wait after a LUN has gone
OFFLINE before failing I/Os.
Range: 0 - 600
leg_mpath_enable RW boolean Enable (true) or disable (false) multi-
pathing on legacy DSF of this LUN.
Values: false(0) true(1).
max_q_depth RW uint32 Maximum queue depth.
Range: 1 - 0xFFFFFFFE
lpt_lockdown RO string LUN path which is locked down for
the LUN. All I/Os are issued on this
LUN path only (for tape, changer,
pass-thru LUNs only).
Note: This attribute is only valid
when the device is opened.
LUN path state RO string State of the LUN path
protocol RO string SCSI transport protocol
lunid RO uint64 LUN identifier within the target
class RO string Class of the LUN path
instance RO uint32 Instance number of the LUN path
hw_path RO string Hardware path of the LUN path
s Target path state RO string State of the target path
port_id RO uint64 target port identifier
protocol RO string SCSI transport protocol
port_name RO binary/ Target port name
ascii string
node_name RO binary/ Target node name
ascii string
lpt_cnt RO uint32 Number of LUN paths of the target
path
class RO string Class of the target path
instance RO uint32 Instance number of the target path
hw_path RO string Hardware path of the target path
HBA state RO string State of the controller
device_file RO string DSF of the controller

320 Hewlett-Packard Company − 12 − HP-UX 11i Version 3: February 2007

scsimgr(1M) scsimgr(1M)

class RO string Class of the controller

instance RO uint32 Instance of the controller
hw_path RO string Hardware path of the controller
lpt_cnt RO uint32 Total number of LUN paths for this
controller
tp_cnt RO uint32 Total number of target paths for this
controller
port_id RO uint64 Controller port identifier
protocol RO string SCSI transport protocol
port_name RO binary/ Controller port name (WWN)
ascii string
driver_name RO string Name of the interface driver of the
controller
driver_rev RO string Revision of the interface driver
managing the controller
firmware_rev RO string Firmware revision of the controller
cur_speed RO string Current configured link speed
max_speed RO string Maximum link speed
capability RO string Controllers capabilities. It may be
combination of none or several of the
following:
boot: able to be used for boot.
dump: able to be used for dump.

Notes:
• Setting the value of attribute max_q_depth for a LUN, will set the queue depth for all LUN paths of
the LUN to the value specified.
• The queue depth of LUN paths of a LUN can also be changed as follows:
scsictl -m queue_depth
However scsictl -m queue_depth only affects the current value while scsimgr can set the
value persistently across system reboots.
• If scsictl is invoked on a persistent DSF, it only affects the current value of all LUN paths. If it is
invoked on a legacy DSF, it only affects the current value of the queue depth on the LUN path
corresponding to the legacy DSF.
• If the current value is changed with the ssictl command while the LUN is not opened, this value will s
be lost when the LUN is opened. The value saved or set at a higher scope with the scsimgr command
will be restored.
• If the value of the escsi_maxphys global attribute is changed, the new value is used for the computation
of the actual maximum I/O size of a given LUN only when one or more of these situations occurs:
• The LUN is opened the first time.
• A new lunpath is registered for the LUN.
• An existing lunpath for the LUN is deleted.
The actual maximum I/O size for a LUN is determined by whichever is the smallest of these two values:
• the escsi_maxphys attribute or
• the maximum I/O sizes reported by interface drivers on lunpaths of the LUN.

RETURN VALUE
scsimgr exits with one of the following values:
0 Operation successful.

HP-UX 11i Version 3: February 2007 − 13 − Hewlett-Packard Company 321

 scsimgr(1M) scsimgr(1M)

>0 Error condition occurred.

When an error condition occurs, scsimgr will display an error message specifying the nature and/or the
cause of the error conditions.
However, for operations supporting scriptable output (when the -p option is used), no errors will be
printed if the error condition only affects one or more of the output fields. scsimgr will leave the affected
field(s) empty and exit with a non-zero value.
In the following example, the max_io attribute is not a valid LUN attribute. In the displayed output,
scsimgr leaves the second field corresponding to max_io empty and exits with EFAULT(14).

# scsimgr -p get_attr -D /dev/rdisk/disk20 -a wwid -a max_io -a max_q_depth

0x20000020371972eb::16
EXAMPLES
To display scsimgr general usage:
scsimgr -h
To display scsimgr usage for get_attr command:
scsimgr -h get_attr
To figure out the SCSI object on which to invoke the command (note that /dev/rdisk/disk961 is the
character device special file (DSF) in this example):
ioscan -kfnN
Class I H/W Path Driver S/W State H/W Type Desc
=======================================================================
disk 961 64000/0xfa00/0xf9 esdisk CLAIMED DEVICE HP HSV101
/dev/disk/disk961 /dev/rdisk/disk961
To get basic global statistics:
scsimgr get_stat
To get all global statistics:
scsimgr -v get_stat
To display global statistics for driver esdisk :
scsimgr -v get_stat -d esdisk
To get basic statistics for disk0 :
scsimgr get_stat -D /dev/rdisk/disk0
s To get basic statistics for all LUN paths of disk0 :
scsimgr get_stat -D /dev/rdisk/disk0 all_lpt
To get all statistics for the SCSI controller with class fc and instance number 1:
scsimgr -v get_stat -C fc -I 1
To get all the statistics for target path with the hardware path of
0/4/1/0.0x60060b000014f45a0001000000000011:
scsimgr -v get_stat -H 0/4/1/0.0x60060b000014f45a0001000000000011
To get driver esdisk specific statistics for disk0 :
scsimgr get_stat -D /dev/rdisk/disk0 -d esdisk
To clear global statistics:
scsimgr clear_stat
To clear statistic for the SCSI controller with class fc and instance number 1:
scsimgr clear_stat -C fc -I 1
To clear statistic for all target paths of the SCSI controller with class fc and instance number 1:

322 Hewlett-Packard Company − 14 − HP-UX 11i Version 3: February 2007

scsimgr(1M) scsimgr(1M)

scsimgr clear_stat -C fc -I 1 all_tp

To get basic global status and information:
scsimgr get_info
To get global status information for driver esdisk :
scsimgr -v get_info -d esdisk
To get all status information of all the LUNs:
scsimgr -v get_info all_lun
To get basic status information for disk0 :
scsimgr get_info -D /dev/rdisk/disk0
To get basic status information for all LUN paths of disk0 :
scsimgr get_info -D /dev/rdisk/disk0 all_lpt
To get all status information for the SCSI controller with class escsi_ctlr and instance number 1:
scsimgr -v get_info -C escsi_ctlr -I 1
To get all status information for target path with the hardware path of
0/4/1/0.0x60060b000014f45a0001000000000011:
scsimgr -v get_info -H 0/4/1/0.0x60060b000014f45a0001000000000011
To display LUN path information for all LUNs:
scsimgr lun_map
To display LUN path information for disk0 :
scsimgr lun_map -D /dev/rdisk/disk0
To display LUN path information for disk0 in a form that can be parsed:
scsimgr -p lun_map -D /dev/rdisk/disk0
To display extended information on generic global attributes:
scsimgr -v get_attr
To display driver esdisk global attributes:
scsimgr -v get_attr -d esdisk
To display information on attribute for disk0 :
scsimgr get_attr -D /dev/rdisk/disk0
To display current values only of attributes for LUN whose class is disk and instance 0:
s
scsimgr get_attr -D /dev/rdisk/disk0 current
To display default values only of settable attributes for a SCSI HBA controller with DSF /dev/fcd3 :
scsimgr get_attr -D /dev/fcd3 default settable
To display saved values only of settable attributes for all LUNs:
scsimgr get_attr all_lun saved settable
To display default attribute values for devices bound to driver esdisk
scsimgr get_attr -N /escsi/esdisk
To display default attributes values for all disk devices from HP bound to driver esdisk
scsimgr get_attr -N ’/escsi/esdisk/0x0/HP ’
To display current values only of specific attributes for all target paths of a SCSI HBA controller:
scsimgr get_attr -D /dev/fcd0 all_tp current -a port_name -a node_name
To display information on disk driver specific attributes for disk0 :

HP-UX 11i Version 3: February 2007 − 15 − Hewlett-Packard Company 323

 scsimgr(1M) scsimgr(1M)

scsimgr get_attr -d esdisk -D /dev/rdisk/disk0

To set current values of attributes leg_mpath_enable and max_q_depth for disk0 :
scsimgr set_attr -D /dev/rdisk/disk0 -a leg_mapth_enable=false \
-a max_q_depth=10
To save value of attribute leg_mpath_enable for disk0 :
scsimgr save_attr -D /dev/rdisk/disk0 -a leg_mapth_enable=false
To save default value of attribute leg_mpath_enable for disk0 :
scsimgr save_attr -D /dev/rdisk/disk0 -a leg_mapth_enable=default
To save default value of all settable attributes for disk0 :
scsimgr save_attr -C disk -I 0 default
To save default values for specific global attributes:
scsimgr save_attr default -a max_q_depth -a escsi_dbg_lvl
To add a settable attribute scope corresponding to all disk devices from HP with product identifier
"ST39103FC" bound to driver esdisk Default values for attributes can be changed for these devices.
scsimgr ddr_add -N ’/escsi/esdisk/0x0/HP /ST39103FC’
To delete a settable attribute scope for disk devices from HP with product identifier "ST39103FC" bound to
driver esdisk It will no longer be possible to modify default attributes values for these devices only.
scsimgr ddr_del -N ’/escsi/esdisk/0x0/HP /ST39103FC’
To list settable attribute scopes registered for all drivers.
scsimgr ddr_list
To validate replacement of disk0 and re-assign its DSF to the replacing LUN:
scsimgr replace_wwid -D /dev/rdisk/disk0 dsf
To unbind all LUN paths that were associated with disk0 :
scsimgr replace_wwid -D /dev/rdisk/disk0
To validate change of LUN associated with LUN path with class lunpath and instance number 2:
scsimgr replace_wwid -C lunpath -I 2
To validate change of LUN to which legacy DSF /dev/rdsk/c0t5d0 is bound to:
scsimgr replace_leg_dsf -D /dev/rdsk/c0t5d0
To force reset of LUN disk0 :
s scsimgr -f lun_reset -D dev/rdisk/disk0
To cause a warm target reset of device corresponding to disk0 :
scsimgr warm_bdr -D dev/rdisk/disk0
To cause a cold target reset of device corresponding to disk0 :
scsimgr warm_bdr -D dev/rdisk/disk0
To disable LUN path with the hardware path
0/4/1/0.0x60060b000014f45a.0x4001000000000000:
scsimgr disable -H 0/4/1/0.0x60060b000014f45a.0x4001000000000000
To enable disk0 :
scsimgr enable -D /dev/rdisk/disk0
To set user friendly device identifier for LUN of class disk and instance 7:
scsimgr set_devid -C disk -I 7 "Disk with Credit Card information"
To get user friendly device identifier for LUN of class disk and instance 7:

324 Hewlett-Packard Company − 16 − HP-UX 11i Version 3: February 2007

scsimgr(1M) scsimgr(1M)

scsimgr get_devid -C disk -I 7

To sync write data cache on LUN with DSF /dev/rdisk/disk47:
scsimgr sync_cache -D /dev/rdisk/disk47
To forcefully pre-erase the medium of the magneto-optical device with hardware path
64000/0xfa00/0x6:
scsimgr erase -H 64000/0xfa00/0x6
To display standard inquiry data for LUN with DSF /dev/rdisk/disk47:
scsimgr inquiry -D /dev/rdisk/disk47
To display vital product data of page 83 of LUN disk23 :
scsimgr inquiry -C disk -I 23 0x83
scsimgr inquiry -C disk -I 23 wwid
AUTHOR
scsimgr was developed by Hewlett Packard Company.
SEE ALSO
diskinfo(1M), fcmsutil(1M), scsictl(1M), autochanger(7), intro(7), scsi(7), scsi_ctl(7), scsi_disk(7),
scsi_tape(7), scsimgr_eschgr(7), scsimgr_esdisk(7), scsimgr_estape(7).
Note: The manpage of a driver plug-in for scsimgr is scsimgr_ <driver_name>(7), where <driver_name>
is the name of the driver. For example, see scsimgr_esdisk(7).

HP-UX 11i Version 3: February 2007 − 17 − Hewlett-Packard Company 325

 security_patch_check(1M) security_patch_check(1M)

NAME
security_patch_check - check security-bulletin compliance state of HP-UX 11.x system or depot

SYNOPSIS
security_patch_check [-a] [-n] [-q  -qq] [-c security-catalog]
[-  -f file  -h depot  -h remote-host] [-i ignore-file]
[-m  -o [bcdmprs ] ] [-r [url] ] [-s os-version]
security_patch_check -t [-a] [-n] [-q  -qq] [-c security-catalog]
[-h depot  -h remote-host] [-i ignore-file]
[-m  -o [bcdmprs ] ] [-r [url] ] [-s os-version]
security_patch_check -u
DESCRIPTION
The security_patch_check command runs a bulletin-compliance analysis of an HP-UX system.
security_patch_check will determine which minimal security patches, updates and manual actions
have yet to be applied to the system, and will generate a report listing the patches and actions recom-
mended that apply to the specific system analyzed. It is likely that the analysis will be incomplete for
products and operating systems that are obsolete or unsupported. This includes products from pre-
vious OS versions that remain after an OS update. If your system was updated from a prior OS, you may
choose to use the -s option to identify additional issues that may have been announced for the prior OS
version.
Note: Security Patch Check does not support OS versions older than 11.00, even with the -s option.
Normally, security_patch_check will call the swlist command directly to do its analysis; see
swlist(1M). However, if the - or -f option is specified, security_patch_check will use standard
input (-) or a file (-f filename) as though it were output from a call to swlist . Thus,
security_patch_check can effectively analyze sets of systems and depots by sending it swlist out-
put from those sources. You can also choose whether to analyze superseded patches using the -x
show_superseded_patches=TRUE option of swlist . (Without the - or -f options, use the -t
option to control the analysis of superseded patches.)
security_patch_check must have local access to a security bulletin catalog to run its analysis.
security_patch_check is able to download the most recent security patch catalog from an HP
HTTPS or FTP site. security_patch_check will perform the download if the -r option is used.
Refer to -r in the Options subsection for important information on this option.
security_patch_check will tell you about any patches with warnings which are present on your sys-
tem. (Note: the default is to analyze only active patches. If you want to analyze all installed patches, use
the -t option.) These patches need not be security-related. If a patch with warnings is active on a system,
you should read its "Warn" field. The Warn field of every 11.x patch with warnings is in the security cata-
log. To find the patch warnings that are applicable to your system, you may look up the patch records
manually in the catalog, after running the script, or you may run security_patch_check with the
s -m (machine-parsable) option.
Before installing patches, you should be familiar with the general patching process. See the Patch Manage-
ment User Guide for HP-UX 11.x Systems, available on http://docs.hp.com, for an introduction to
patching. It is important that you read this document and understand the patching process. Patches that
are installed incorrectly or incompletely can cause a system to stop functioning in serious and
difficult-to-recover ways. The instructions for updates (removals) and manual actions are covered in the
bulletins themselves, but you should be familiar with swinstall(1M) and swremove (1M) before installing
and removing software.
Patches: Hewlett-Packard provides integrated bundles of recommended patches that contain fixes to many
security issues as well as other known system defects. They are available on Support Plus media or elec-
tronically from Software Depot (http://software.hp.com). Openview patches are available at
http://support.openview.hp.com/patches.
If closing patch-related security holes with the minimum system change is required, the Patch Database
(found at the IT Resource Center, http://itrc.hp.com) may be used in combination with
security_patch_check to download the minimum set of patches with their dependencies. The Patch
Database will always display the set of patches that HP currently recommends. These patches may be
newer than those identified by security_patch_check.
Updates: In general, most HP-UX software is available from software.hp.com, via the OEUR/AR
media releases, and from the product-specific web sites on http://www.hp.com. The security bulletin

326 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

security_patch_check(1M) security_patch_check(1M)

will normally have more specific source information.

Removal actions: Sometimes the only fix for software is to remove it. Generally, the security bulletin will
recommend an upgrade path to another product with the same functionality.
Manual actions: Security Patch Check may recommend a manual action when a packaged product or
patch does not completely solve the problem, when human intelligence needs to be involved, or when the
data available is partial or incomplete. Refer to the bulletin for more information. The only way to indicate
completed manual actions is to use an "ignore" file. (see -i option below.)
Monitoring security bulletins from HP and other sources is recommended as a security best practice. If you
think you have found a discrepancy between actions required on your system and those reported by Secu-
rity Patch Check, please report this discrepancy to bulletin [email protected]
for investigation. HP appreciates reporting any discrepancies to us and assisting us to protect all of our
valued customers.
The default behavior of security_patch_check is to use the security patch catalog located at
./security_catalog to analyze localhost, and the ignore file at $HOME/.spc_ignore to decide
which bulletins to ignore. It will then run swlist and will generate a report in an easy-to-read table for-
mat. These defaults can be overridden on the command line, or in the
/etc/sec_mgmt/spc/spc_config file.
Additional Security Patch Check documentation (such as FAQs and an up-to-date README) may be found
at http://docs.hp.com

Options
Command line arguments cannot be clustered; for example, -r -q is valid, but -rq is not.
security_patch_check supports the following options.
-a This option causes security_patch_check to behave as though all ancestors (filesets) are
installed on the target system. This option is useful for analyzing a patch depot by itself.
- or -f filename
Using - causes security_patch_check to read from standard input. Using -f filename causes
security_patch_check to read from a file.
Both of these options can be used to analyze a set of depots. The data used by
security_patch_check must be in the format that is generated by the following command.
Note that giving security_patch_check input in a different format can lead to undefined
results.
swlist -l fileset -a supersedes -a revision \
-a software_spec -a state [-d] [@ host]
where -d specifies a depot instead of a root file system, and @ host specifies a target host system.
See swlist(1M).
If either of these options is used, security_patch_check will not call swlist directly, but will
treat standard input or file filename as though it were output from swlist as described above.
s
The - and -f options are mutually exclusive. See the -s and -n options also.
-c security-catalog
Use the security bulletin catalog located at the path security-catalog. The default path to the security
bulletin catalog is ./security_catalog.
-h depot or -h remote-host
Run an analysis on a remote host or depot, rather than localhost (default). remote-host is an HP-UX
11.x system. depot is the full path to a directory- or tape-format depot on a remote or local system.
Use of the -h option is possible only if the user running security_patch_check has SWACL
permissions to swlist . For remote hosts or depots, swagentd must be running on the remote
host. See swagentd(1M) and swacl(1M).
-i ignore-file
Specifies the ignore file. This file is useful in the case of actions which you have analyzed but cannot
be automatically detected by Security Patch Check. Perform all actions recommended by a given bul-
letin, and then put the security bulletin identifier in the file to cross it off your "to do" list. This will
remove all actions associated with that particular bulletin from the report. (including patches,
upgrades, removals, and manual actions.) In the ignore-file, security_patch_check expects one bul-
letin identifier per line. Comments, preceded with a pound sign (#), are allowed either on their own

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 327

 security_patch_check(1M) security_patch_check(1M)

lines, or after action identifiers. A bulletin identifier is in the same format as the "Bull" column in the
human-readable output, with the bulletin number, optionally followed by "r" and the revision number
of the bulletin. If the bulletin is revised, Security Patch Check will notify you again the next time you
download an updated catalog, in case the revision affects you. The default file is
$HOME/.spc_ignore.
-m Display output in a machine-parsable format. This format contains zero or more recommended-action
records in the format:

action-name :
{<tab>field-name:<tab>field-text
[<tab><tab>more-field-text]... }...
The record is for either a recommended action or patch with warnings (which is present on the target
system). Patches with warnings contain "with Warnings" in their Status field. Recommended security
actions contain a SecBul field. -m should not be used with the -o option. Three fields that are
unique to the catalog used by security_patch_check will appear. The Min field indicates the
oldest patch in the recommended patch’s chain that resolves the security issue. The MFset field is the
list of ancestor filesets for the oldest patch, and the SecBul field indicates in which security bulletins
the patch’s chain was introduced. There is no guarantee that the same fields will exist for each patch
record, or that the fields will be in a certain order. Notes are suppressed when -m is used. Warnings
and errors are written to standard error.
-n Suppress warnings about currently installed patches whose state is neither configured nor available.
A patch which is not in one of these states is misconfigured and should be fixed.
-o [bcdmprs ]
Alter the information printed by security_patch_check in the human-readable patch informa-
tion table. By default, the "#", "Bull", "Cnt", "Recommended", "Spec", "Reboot", "PDep", and "Descrip-
tion" columns appear. The full text of the patch records can be obtained only by running
security_patch_check with the -m option (instead of the -o option). Ordering of the options
passed to the -o option is ignored. The table’s columns will be printed in the following order:
#, Recommended, [Bull], [Cnt], [Minimum], [Spec], [Reboot], [PDep], [Description].
"#" indicates the patch’s number within the table.
Note that -o should not be used with -m. -m overrides -o. The options passed to -o have the fol-
lowing effects:
b Print a "Bull" field and show the highest-numbered security bulletin this recommended action
applies to.
c Print a "Cnt" field to indicate how many bulletins relate to this recommendation. For example:
1st = this is the first and only bulletin, 2nd = this is the 2nd of 2, 3rd = 3rd of three, etc.

s d Print a "Description" field and show a description of each recommended action.

m Print a "Minimum" field and show the oldest patch in the chain of patches including the recom-
mended patch, which resolves the security problem.
p Print a "PDep" field and indicate whether each recommended patch has patch dependencies.
r Print a "Reboot" field and indicate whether each recommended patch/action requires a reboot.
s Print a "Spec" field and indicate whether each recommended patch/action has special instructions
associated with it or, in some cases, the nature of the special instructions. For example: "man"
indicates there are manual steps, "upd" indicates there are updates to be applied, "warn" indi-
cates that the patch has warnings, etc.
-q Operate in quiet mode. security_patch_check will print a table or machine-parsable output
only if it determines that there are patches/actions missing from the system (or input data). Warnings
will be printed. Notes will be suppressed.
-qq Operate in very quiet mode. Warnings, which may be critical to system security (that is, patch warn-
ings, world-writable catalogs) are suppressed. -qq implies -q.
-r [url]
Retrieve the latest security bulletin catalog from an HP HTTPS, HTTP, or FTP site, as specified by
url.

328 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

security_patch_check(1M) security_patch_check(1M)

By default security_patch_check will store the catalog in ./security_catalog, unless

the -c option is used, in which case the catalog will be stored at the location specified by -c.
If the url is specified, then the catalog must be in gzip format (must end in .gz ).
For more retrieval configuration details refer to the SECURITY CATALOG RETRIEVAL section
below.
-s os-version
Specify the OS version. Without the -s option, security_patch_check uses the software_spec
field of the OS-Core fileset to determine which OS is running on the target system. os-version
should be in the format 11. xx. This option is useful when analyzing a patch-only depot.
-t Gather information about superseded patches from a live host (default "localhost" or the host specified
with -h) for security_patch_check to analyze. The default behavior is to gather and analyze
only information on active patches. If you wish to analyze the full patch tree when using input from
standard input or from a file, then use the -x show_superseded_patches=TRUE option on
the swlist command (instead of -t on security_patch_check) to ensure that the full patch
tree is included when you generate the input. This analysis is useful before rolling back a patch to see
if it will activate a patch with warnings or a misconfigured patch.
-u Print usage message and exit.
SECURITY ISSUES
Following the recommendations of security_patch_check will result in a system that is up-to-date
with HP’s recommended security actions.
There are many security advisories that require manual actions on a system. Since some advisories or bul-
letins contain no patches and others contain both patches and manual actions, these advisories, if output by
security_patch_check, must be read and appropriate action taken.
To access an archive of HP-UX security advisories, you must have an account on the ITRC. Go to
http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin .
security_patch_check uses Perl’s tainting checks. This means that security_patch_check
will exit if the command line options it receives contain any character besides a letter (A-Za-z), number
(0-9), slash (/), dot (.), underscore (_), or dash (-). Keep this in mind when using -c security-catalog
with the -r option. Perl’s security features may also prevent some URLs from being used with the -r
option on the command line.
security_patch_check performs a check on the security catalog being used. It prints a warning in
case the catalog is world or group writable, or if one of its parent directories is world or group writable and
the sticky bit is not set on that directory.
When using FTP, security_patch_check does not validate the security patch catalog it downloads.
It is possible to download an invalid catalog if HP’s FTP site is being spoofed on the subnet where
security_patch_check is running. For that reason, the default HTTPS download is the recom-
mended method. Note that if the prerequisites for HTTPS communication (OpenSSL and HP’s SSL- s
Enabled Perl, also OpenSSL if CRL checking is needed) are not installed, then Security Patch Check will
default to HTTP.
security_patch_check can be run by any user who has permissions to execute Perl and swlist .
SECURITY CATALOG RETRIEVAL
The following configuration options deal mainly with the -r option.

Proxy Settings
When using the -r option from behind a firewall which requires a proxy to be used for Internet connec-
tivity, the https_proxy , http_proxy , or ftp_proxy configuration settings (depending on which
download protocol you intend to use) must indicate the proxy for the local subnet. The proxy settings tell
security_patch_check how to perform transfers from behind the firewall. The default proxy
behavior can be configured in the security_patch_check configuration file,
/etc/opt/sec_mgmt/spc/spc_config, and behavior on a per-user basis can be specified as
environment variables in the user’s shell. The proxy URL must be in the form:
proxy-protocol :// proxy-address :port
For example:

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 329

 security_patch_check(1M) security_patch_check(1M)

https_proxy=http://myproxy.mynet.com:8088
A web proxy generally uses the HTTP protocol (even for proxying HTTPS and FTP data). If you specify a
URL on the command line and you wish to traverse a proxying firewall, then you must specify the proxy
which corresponds to that URL. For example, set the http_proxy option if the URL begins with
http:// . Some protocols (such as telnet ) do not do file transfers, and other protocols (such as file )
cannot be used over a proxy.
NOTE: If you are running security_patch_check from within Systems Insight Manager, instead of
running the "Get Bulletin Catalog" tool, you can also download the catalog manually from one of the above
URLs and save the catalog to /var/opt/sec_mgmt/security_catalog. To allow Systems Insight
Manager to use your proxy to get the catalog, you must set the https_proxy , http_proxy , or
ftp_proxy (and all other configuration environment variables not set in the
security_patch_check clients’ configuration file, /etc/opt/sec_mgmt/spc/spc_config).
For example, insert
export ftp_proxy=http://myproxy.mynet.com:8088
into /etc/profile to enable FTP download through the specified proxy. The "Get Patch Catalog" tool
in Systems Insight Manager will read in /etc/profile before executing security_patch_check.

HTTPS Specific Configuration

Each of the following variables can be configured in the security_patch_check configuration file,
/etc/opt/sec_mgmt/spc/spc_config, or as environment variables in the user shell. For each of
these variables, reasonable defaults are set in the configuration file, and can be used as examples. By
default, security_patch_check requires server certificate validation for all HTTPS requests. There-
fore, you must specify the trusted CA certificate used to issue the remote server’s certificate by correctly
setting either the HTTPS_CA_FILE or the HTTPS_CA_DIR variables below.
CRLCHECK
When this variable is set to 1, security_patch_check will require the certificate revocation list
to be updated and checked for the trusted CA certificate being used to validate the remote server.
This means the CRLURL variable must also be set and only the certificate used to sign the down-
loaded revocation list can be used to validate the server connection. When enabled, this configuration
provides the remote server a mechanism to revoke its certificate through the certificate authority, but
also requires regular downloads from the certificate authority, which can lengthen the
security_patch_check run time. If you do not wish to validate a revocation list, set this vari-
able to 0.
CRLURL
Contains the URL where the certificate revocation list (CRL), for the trusted certificate being used to
download the security catalog, can be downloaded. If you are behind a proxy then you will need to
configure the proxy information for the protocol being used to download the CRL.
HTTPS_CA_DIR
s A directory containing files, each of which consists of one PEM-encoded trusted CA certificate. If
using certificates other than the defaults shipped by HP, note that these files should be indexed using
the certificate’s subject name hash value, in the form "hash.0". Use the OpenSSL utility, c_rehash ,
to index the certificates in the directory, creating the hash.0 format files for each certificate file in the
directory which ends with the .pem extension.
HTTPS_CA_FILE
The fully qualified path to a file containing PEM-encoded CA certificates which will be trusted by
security_patch_check.
OPENSSLDIR
The directory path containing the openssl and c_rehash binaries.
The security bulletin catalog can also be downloaded manually from any of the following URLs:
https://itrc.hp.com/service/patch/securityPatchCatalog.do?
item=security_catalog2.gz
http://itrc.hp.com/service/patch/securityPatchCatalog.do?
item=security_catalog2.gz
ftp://ftp.itrc.hp.com/export/patches/security_catalog2.gz

330 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

security_patch_check(1M) security_patch_check(1M)

EXAMPLES
Get the latest security patch catalog, and then analyze the local system; print (the default) human-readable
report.
security_patch_check -r
Get the latest security bulletin catalog, and then analyze localhost; write all output including warnings and
errors to file report (using /usr/bin/sh ). This is useful for using security_patch_check in a
cron job to execute nightly.
security_patch_check -r > report 2>&1
If you would prefer to have a report mailed to you, then you can use the following (using /bin/sh ). This
will put the standard output and standard error streams together and mail them to the given e-mail
address.
security_patch_check.pl -r 2>&1 | mail user @hostname
Analyze localhost by downloading the latest security bulletin catalog, and take swlist output from file
swout_output .
security_patch_check -f swout_output -r
Analyze localhost, print in which security bulletins the recommended patches’ or actions’ chains were men-
tioned, whether the recommended patches or actions require reboot, and their descriptions.
security_patch_check -o brd
Analyze remote host named machineA ; give output in machine-parsable format.
security_patch_check -h machineA -m
Analyze depot /patch_depot on machineA along with depot /fileset_depot on machineB .
Assume that the depots are for HP-UX 11.00. security_patch_check takes swlist output from
standard input.

swlist -l fileset -a supersedes \

-a software_spec -a revision -a state -d \
@ machineA:/patch_depot \
machineB:/fileset_depot \
|
security_patch_check -s 11.00" -"
Analyze remote system machineA after downloading the security bulletin catalog. This example may be
considered a typical usage of security_patch_check as a cron job.
security_patch_check -r -q -h machineA
Analyze machineA ; print a table in machine-readable format only if missing patches are found.
security_patch_check -h machineA -q -m
s
RETURN VALUES
security_patch_check sets its exit status to one of the following values.
0 Indicates successful exit, whether or not missing actions were found.
1 Indicates an error in the command-line arguments.
2 Indicates security_patch_check received SIGQUIT , SIGINT , or SIGSTOP .
>2 Indicates other function-level run-time errors.
In the case of an error, security_patch_check prints an error message.

ENVIRONMENT
Security Patch Check uses the HOME environment variable to set default locations for the ignore file and
the default trust store. If the tool is run by root without HOME set, Security Patch Check will default to
using /var/opt/sec_mgmt/spc. Otherwise, the lack of a valid HOME will cause Security Patch Check
to terminate with an error.
When security_patch_check is run with the -r option, proxy and trust store configuration vari-
ables should be set and exported in your shell environment.

HP-UX 11i Version 3: February 2007 −6− Hewlett-Packard Company 331

 security_patch_check(1M) security_patch_check(1M)

The https_proxy , http_proxy , or ftp_proxy variable must indicate a proxy that the script can
use, if your network requires the use of a proxy. Use the appropriate proxy variable based on the protocol
you are using to download the security catalog.
If you are using the HTTPS protocol, then all the required trust store variables must be configured.
Review the HTTPS Specific Configuration subsection above for details concerning the HTTPS_CA_FILE,
HTTPS_CA_DIR , CRLCHECK , and CRLURL trust store environment variables.
The /etc/profile file must be altered to allow Systems Insight Manager to find the variables. Refer to
the SECURITY CATALOG RETRIEVAL section above for more information.

AUTHOR
security_patch_check was developed by HP.
FILES
$HOME/.spc_ignore
./security_catalog
/etc/opt/sec_mgmt/spc_config
SEE ALSO
gzip(1), openssl(1), swacl(1M), swagentd(1M), swinstall(1M), swlist(1M), swremove(1M).
Patch Management User Guide for HP-UX 11.x Systems, on http://docs.hp.com.

332 Hewlett-Packard Company −7− HP-UX 11i Version 3: February 2007

secweb(1M) secweb(1M)

NAME
secweb - invokes the HP-UX Security Attributes Configuration tool

SYNOPSIS
secweb [ -F ] [ -b ]
secweb -t
DESCRIPTION
The HP-UX Security Attributes Configuration tool (secweb ) is used to view and configure system-wide
and per-user (local users and NIS users) values of security attributes. It also gives information about
account locks.
The HP-UX Security Attributes Configuration tool provides both Web-based and terminal user interface.
The Web-based interface is launched through the HP System Management Homepage.
Superuser privileges are required to access the HP-UX Security Attributes Configuration tool. A user who
does not have superuser privileges has read-only access to the System Defaults area in the HP-UX Security
Attributes Configuration tool and cannot modify or reset per-user values.
The terminal user interface is invoked if any of the following conditions are true:
• The command /usr/sbin/secweb is invoked with -t option.
• The DISPLAY environment variable is not set.
The Web-based interface is launched if all the following conditions are true:
• The command /usr/sbin/secweb is invoked with -F option.
• The DISPLAY environment variable is set.
• The command /opt/hpsmh/lbin/samweb is available on the system.
If the Web-based interface cannot be launched, secweb invokes the terminal user interface.

Options
secweb recognizes the following options:
-F Forces a client browser to be used in less secure ways.
The -F option forces the client browser to be used or started, even when the X-traffic
between the X-server and the Mozilla browser is not secure.
Use this option only when you are sure the network traffic between the host where Mozilla
is running and the host in the DISPLAY variable is secure.
If secweb cannot start the Web browser, the terminal interface is started.
When the HP-UX Security Attributes Configuration Web interface is invoked by SAM, the
-F option is used. s
-b If a privileged user (root) executes the secweb command with the -b option, a temporary
login bypass key is generated. The bypass key enables the user to access the Web interface
without having to provide login information again.
When the HP-UX Security Attributes Configuration Web interface is invoked by SAM, the
-b option is used.
-t Opens the terminal interface for setting system-wide and per-user values of security attri-
butes regardless of the current setting of the DISPLAY environment variable.
Note: You can also start the HP-UX Security Attributes Configuration tool using one of the following
methods:
• Invoke /usr/sbin/sam and select the Security Attributes Configuration (character mode) func-
tional area to launch the terminal user interface and the Security Attributes Configuration (Web-
based Interface) to launch the Web-based tool.
• Invoke the HP-UX Security Attributes Configuration tool Web interface by typing the URL
http:// hostname :2301/secweb/secweb.cgi in the address bar of your browser, where host-
name is the name of the server.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 333

 secweb(1M) secweb(1M)

• Launch the HP-UX Systems Insight Manager on the server and select the Security Attributes
Configuration tool from Configure -> HP-UX Configuration menu.
Online Help
After the HP-UX Security Attributes Configuration tool is started, the online help provides details on how
to use the tool.

RETURN VALUES
Upon completion, secweb returns one of the following values:
0 Successful
1 An error occurred

WARNINGS
• For increased security, paste the URL http:// hostname :2301/secweb/secweb.cgi in your
browser, click on the Tools menu in the menu bar, then the Security Attributes Configuration func-
tional area.
• The default minimum values of the security attributes PASSWORD_MIN_LOWER_CASE_CHARS,
PASSWORD_MIN_UPPER_CASE_CHARS, PASSWORD_MIN_DIGIT_CHARS, and
PASSWORD_MIN_SPECIAL_CHARS do not meet the requirements for the passwd command. A
password must contain at least two letters and at least one numeric or special character. HP recom-
mends that you change the default values in /etc/default/security for the above mentioned
security attributes as per passwd requirements. For more information on password construction
requirements, refer to passwd(1).

AUTHOR
secweb was developed by Hewlett-Packard Company.
SEE ALSO
sam(1M), security(4), userdb(4)

334 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

sendmail(1M) sendmail(1M)

NAME
sendmail - send mail over the Internet

SYNOPSIS
/usr/sbin/sendmail [ mode ] [ flags ] [ address ... ]
DESCRIPTION
sendmail sends a message to one or more recipients or addresses and routes the message over whatever
networks are necessary. sendmail does internetwork forwarding as necessary to deliver the message to
the correct place.
sendmail is not intended as a user interface routine. Other programs provide user-friendly front ends.
sendmail is used only to deliver pre-formatted messages.
With no flags specified in the command line, sendmail reads its standard input up to an end-of-file or a
line consisting only of a single dot (.) and sends a copy of the message found there to all of the addresses
listed in the command line. It determines the network(s) to use based on the syntax and contents of the
addresses, according to information in the sendmail configuration file. The default configuration file is
/etc/mail/sendmail.cf.
Local addresses are looked up in a file and aliased appropriately, and sendmail also supports the use of
NIS and LDAP for address lookup. Aliasing can be prevented by preceding the address with a backslash
(\). Normally the sender is not included in any alias expansions. For example, if ‘john’ sends to ‘group’,
and ‘group’ includes ‘john’ in the expansion, then the letter will not be delivered to ‘john’.
If newaliases is invoked, sendmail will rebuild the alias database. newaliases is identical to
sendmail -bi . See newaliases(1M). Mail that is temporarily undeliverable is saved in a mail queue. If
mailq is invoked, sendmail will print the contents of the mail queue. The mail queue files are in the
directory /var/spool/mqueue. mailq is identical to sendmail -bp . See mailq(1).
For mail delivery failures, users get a Delivery Status Notification (DSN).
Note: DSNs resulting from attempts to relay a message to one or more recipients will contain a
"Diagnostic-Code" message citing the reasons for failure. This message will not contain the user’s
address.
A non-root user does not have access to the files and databases associated with sendmail , for example,
/etc/mail/aliases, /etc/mail/aliases.*, /etc/mail/sendmail.st, and
/etc/mail/sendmail.pid.
Note: Only root users are privileged to kill any sendmail process. Non-root users cannot send sig-
nals to their sendmail process.

Arguments
sendmail recognizes the following arguments:
mode A mode selected from those described in the "Modes" subsection below. Only one mode can
be specified. The default is -bm .
s
address The address of a recipient. Several addresses can be specified.
flags A flag selected from those described in the "Flags" subsection below. Several flags can be
specified.

Modes
sendmail operates in one of the following modes. The default is -bm , deliver mail in the usual way.
-ba Go into ARPANET mode. All input lines must end with a CR-LF, and all messages will be gen-
erated with a CR-LF at the end. Also, the ‘‘From:’’ and ‘‘Sender:’’ fields are examined for the
name of the sender.
-bd Run as a daemon. sendmail will fork and run in background listening on socket 25 for incom-
ing SMTP connections.
-bD Run as a daemon, but run in foreground.
-bh Print the persistent host status database.
-bH Purge the persistent host status database.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 335

 sendmail(1M) sendmail(1M)

-bi Initialize the alias database for the mail aliases file. newaliases is identical to sendmail
-bi . See newaliases(1M).
-bm Deliver mail in the usual way (default).
-bp Print a listing of the mail queue. mailq is identical to sendmail -bp . See mailq(1).
-bs Use the SMTP protocol as described in RFC821 on standard input and output. This flag implies
all the operations of the ba flag that are compatible with SMTP.
-bt Run in address test mode. This mode reads addresses and shows the steps in parsing; it is used
for debugging configuration tables.
-bv Verify names only; i.e, do not try to collect or deliver a message. Verify mode is normally used
for validating users or mailing lists.

Flags
sendmail recognizes the following flags:
-Ac Use the submit.cf file even if the operation mode does not indicate an initial mail sub-
mission.
-Am Use the sendmail.cf file even if the operation mode indicates an initial mail submis-
sion.
-Btype Set the body type. type can be either 7BIT or 8BITMIME .
-Cfile Use alternate configuration file. sendmail refuses to run as root if an alternate
configuration file is specified.
-dX Set debugging value to X. X can also be of the form category.level (eg; -d56.12 ). A low
level or category produces less output; but a high level or category produces more output.
The default for category is 0 and that for level is 1.
-Ffullname Set the full name of the sender.
-fname Set the name of the ‘‘from’’ person (i.e., the sender of the mail) to name. If the user of
the -f option is not a ‘‘trusted’’ user (normally root, daemon, and network) and if the
name set using the -f option and the login name of the person actually sending the mail
are not the same, then it results in an X-Authentication-Warning in the mail
header.
-G Relay the message without any processing.
-hN Set the hop count to N. The hop count is incremented every time the mail is processed.
When it reaches a limit, the mail is returned with an error message, the victim of an
aliasing loop. If not specified, ‘‘Received:’’ lines in the message are counted.
-i Ignore dots alone in lines by themselves in incoming messages. This should be set if you
s are reading from a file.
-Ltag Specify an identifier to be used in syslog messages. The identifier is set to tag.
-n Do not do aliasing.
-Ndsn Set delivery status notification conditions. Following are the valid conditions to which
dsn can be set:
never For no notifications.
failure If delivery failed.
delay If delivery is delayed.
success When message is successfully delivered.
-Ooption =value
Set the configuration option option to a specified value. Options are described below in
"Processing Options."
-ox =value Set option x to a specified value. Options are described below in "Processing Options."
-pprotocol Set the name of the protocol used to receive the message. This can be a simple protocol
name such as UUCP or a protocol and hostname, such as UUCP:ucbvax .
-qtime Process saved messages in the queue at given intervals. If time is omitted, process the
queue once. time is given as a tagged number, with s being seconds, m being minutes,

336 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

sendmail(1M) sendmail(1M)

h being hours, d being days, and w being weeks. For example, -q1h30m or -q90m
would both set the timeout to one hour thirty minutes. If time is specified, sendmail
will run in background. This option can be used safely with bd .
-qp[time] Similar to -qtime except that instead of periodically forking a child to process the queue,
sendmail forks a single persistent child for each queue that alternates between pro-
cessing the queue and sleeping. The sleep time is given as an argument and default
value for the sleep time is 1 second. The process sleeps for at least 5 seconds if the queue
was empty in the previous queue run.
-qf Process saved messages in the queue once and do not fork() , but run in the fore-
ground.
-qGname Process jobs only in the queue called name.
-q[!]Isubstr
Limit processed jobs to those containing substr as a substring of the queue ID. When ! is
specified, limit processed jobs to those not containing substr as a substring of the queue
ID.
-q[!]Qsubstr
Limit processed jobs to quarantined jobs containing substr as a substring of the quaran-
tine reason, or limit jobs to those not containing the substring when ! is specified.
-Q[reason] Quarantine a normal queue with the given reason or unquarantine a quarantined queue
if a reason is not given. This option must be used with a matching item.
-q[!]Rsubstr
Limit processed jobs to those containing substr as a substring of one of the recipients, or
limit jobs to those not containing the substring when ! is specified.
-q[!]Ssubstr
Limit processed jobs to those containing substr as a substring of the sender, or limit jobs
to those not containing the substring when ! is specified.
-rname An alternate and obsolete form of the f flag.
-Rreturn Set the amount of the message to be returned if the message bounces. The values that
can be set for return are as follows:
full To return the entire message
hdrs To return only the headers.
-t Read message for recipients. To:, Cc:, and Bcc: lines will be scanned for recipient
addresses. The Bcc: line will be deleted before transmission.
-U Initial (user) submission. This flag should always be set when sendmail is called from
a user agent such as mail or elm . This flag should never be set when called from a net-
work delivery agent such as rmail . s
-v Go into verbose mode. Alias expansions will be announced, etc.
-Venvid Set the original envelope identification. This is propagated across SMTP to servers that
support DSN’s (delivery status notification) and is returned in DSN-compliant error mes-
sages.
-Xlogfile Log all traffic in and out of mailers in the indicated logfile. This should only be used as a
last resort for debugging mailer bugs. It will log a lot of data very quickly.
-- Stop processing command flags and use the rest of the arguments as addresses.

Processing Options
There are various processing options available. Normally these will only be used by a system administra-
tor. Options may be set either on the command line using the -o flag or in the configuration file,
/etc/mail/sendmail.cf. The options are:
AliasFile= file
Use alternate alias file.
AlertTmpFailure
If set, sendmail logs transient error messages as LOG_ALERT messages at
Loglevel >=2, else it logs as LOG_INFO messages at Loglevel >8.
HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 337
 sendmail(1M) sendmail(1M)

HoldExpensive
On mailers that are considered ‘‘expensive’’ to connect to, do not initiate immediate con-
nection. This requires queuing.
CheckpointInterval=N
Checkpoint the queue file after every N successful deliveries (default 10). This avoids
excessive duplicate deliveries when sending to long mailing lists interrupted by system
crashes.
DeliveryMode= x
Set the delivery mode to x. The delivery modes are:
b background (asynchronous) delivery.
d deferred; the same as q except that database lookups (DNS and NIS lookups) are
avoided.
i interactive (synchronous) delivery.
q queue only; expect the messages to be delivered the next time when the queue is
run.
ErrorMode= x
Set error processing to mode x. The valid modes are:
e do special processing for the BerkNet.
m mail back the error message.
p print the errors on the terminal (default).
q throw away error messages (only exit status is returned).
w ‘‘write’’ back the error message (or mail it back if the sender is not logged in).
If the text of the message is not mailed back by modes m or w, and if the sender is local
to this machine, then a copy of the message is appended to the file dead.letter in the
sender’s home directory.
SaveFromLine
Save UNIX -style ‘‘From’’ lines at the front of messages.
MaxHopCount= N
Use this option to set the maximum number of times a message is allowed to ‘‘hop’’ before
it is considered in a loop.
IgnoreDots
Use this option to instruct sendmail to ignore dots in a line by themselves as a mes-
sage terminator.

s SendMimeErrors
Send error messages in MIME format.
ConnectionCacheTimeOut=timeout
Set connection cache timeout.
ConnectionCacheSize=N
Set connection cache size.
Loglevel= n
Set the log level.
MeToo Send to ‘‘me’’ (the sender) also if the sender is in an alias expansion.
CheckAliases
Validate the right hand side of aliases during a newaliases command. See
newaliases(1M).
OldStyleheaders
Set this option to have old style headers in the message. If not set, this message is
guaranteed to have new style headers (i.e., commas instead of spaces between addresses).
If set, an adaptive algorithm is used that will correctly determine the header format in
most cases.

338 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

sendmail(1M) sendmail(1M)

QueueDirectory=queuedir
Select the directory in which the messages are to be queued.
StatusFile= file
Use this option to save mail traffic statistics into the specified file.
DeadLetterDrop
Define the location of the system-wide dead.letter file.
ConnectOnlyTo
Override the connection address (for testing).
TrustedUser
Define trusted user for changing the file ownership and also for starting the daemon.
ControlSocketName
Set this option to create a daemon control socket. This socket allows an external pro-
gram to control and query status from the running sendmail daemon via a named
socket.
MaxMimeHeaderLength
Limit the size of MIME headers and parameters within those headers. This option is
intended to protect mail user agents (MUAs) from buffer overflow attacks.
MaxAliasRecursion
Specify the maximum depth of alias recursion.
PidFile Define the location of the pid file. The /etc/mail/sendmail.pid file will be the
default even if this option is not set.
ProcessTitlePrefix
Specify a prefix string for the process title shown in ps listings.
DataFileBufferSize
Control the maximum size of a memory-buffered data (df) file before a disk-based file is
used.
XscriptFileBufferSize
Control the maximum size of a memory-buffered transcript (xf) file before a disk-based
file is used.
AuthMechanisms
Use this option to list all the authentication mechanisms used.
DefaultAuthInfo
Set filename that contains authentication information for outgoing connections. This file
must contain the user id, the authorization id, the password (plain text), and the realm to
use, each on a separate line and must be readable by root (or the trusted user) only. If no
realm is specified, $j will be used. s
AuthOptions
If this option is set to ’A’ then the AUTH= parameter for the MAIL FROM command is
issued only when the authentication succeeds.
LDAPDefaultSpec
Default map specification for LDAP maps. The value should contain only LDAP specific
settings like ‘‘-h host -p port -d bindDN ’’, etc. The settings will be used for all
LDAP maps unless they are specified in the individual map specification (K command).
CACERTPath
Path to directory with certs of CAs.
CACERTFile
File containing one CA cert.
ServerCertFile
File containing the cert of the server; i.e., this cert is used when sendmail acts as a
server.
ServerKeyFile
File containing the private key belonging to the server cert.

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 339

 sendmail(1M) sendmail(1M)

ClientCertFile
File containing the cert of the client; i.e., this cert is used when sendmail acts as a
client.
ClientKeyFile
File containing the private key belonging to the client cert.
DHParameters
File containing the DH parameters.
RandFile File containing random data (use prefix file: ) or the name of the UNIX socket if EGD
is used (use prefix egd: ).
Timeout.control
Set this option to limit the total time spent in satisfying a control socket request.
Timeout.resolver.retrans
Use this option to set the resolver’s retransmission time interval in seconds. This also
sets Timeout.resolver.retrans.first and
Timeout.resolver.retrans.normal options.
Timeout.resolver.retrans.first
Use this option to set the resolver’s retransmission time interval in seconds for the first
attempt to deliver a message.
Timeout.resolver.retrans.normal
Use this option to set the resolver’s retransmission time interval in seconds for all
resolver lookups except the first delivery attempt.
Timeout.resolver.retry
Use this option to set the number of times to retransmit a resolver query. This also sets
Timeout.resolver.retry.first and
Timeout.resolver.retry.normal options.
Timeout.resolver.retry.first
Use this option to set the number of times to retransmit a resolver query for the first
attempt to deliver a message.
Timeout.resolver.retry.normal
Use this option to set the number of times to retransmit a resolver query for all resolver
lookups except the first delivery attempt.
Timeout.queuereturn=time
Use this option to set the timeout on undelivered messages in the queue to the specified
time. The failed messages will be returned to the sender after the delivery fails for this
amount of time (e.g., because of a host being down). The default is three days.
UserDatabaseSpec=userdatabase
s Set this option to get forwarding information from the user database. You can consider
this as an adjunct to the aliasing mechanism, except that the database is intended to be
distributed; aliases are local to a particular host.
ForkEachJob
Use this option to fork each job during queue runs. This may be convenient on memory-
poor machines.
SevenBitInput
Use this option to strip incoming messages to seven bits.
EightBitMode= mode
Set the handling of 8-bit input to 7-bit destinations. Mode can be set to the following
values:
m Convert to 7-bit MIME format.
p Pass it as eight bits.
s Bounce the mail.
MInQueueAge= timeout
Use this option to set the time interval between attempts to send a message from the
queue.

340 Hewlett-Packard Company −6− HP-UX 11i Version 3: February 2007

sendmail(1M) sendmail(1M)

DefaultCharSet=charset
Use this option to set the default character-set used to label 8-bit data that is not other-
wise labeled.
DialDelay= sleeptime
If opening a connection fails, sleep for sleeptime seconds and try again. This is useful on
dial-on-demand sites.
NoRecipientAction=action
Use this option to set the behaviour when there are no recipient headers (To:, Cc: or Bcc:)
in a message to action. The action can be set to the following values:
none Leaves the message unchanged.
add-to Adds a To: header with the envelope recipients.
add-apparently-to
Adds an Apparently-To: header with the envelope recipients.
add-bcc Adds an empty Bcc:
add-to-undisclosed
Adds a header reading To:undisclosed-recipients:
MaxDaemonChildren=N
Use this option to set the maximum number of children that an incoming SMTP daemon
will allow to spawn at any time to N.
ConnectionRateThrottle=N
Use this option to set the maximum number of connections per second to the SMTP port
to N.
AutoRebuildAliases
Use this option to rebuild the alias database when needed. Setting this option may cause
excessive overhead and is not recommended.
DontProbeInterfaces
Use this option to turn off the inclusion of all the interface names in $=w on startup. In
particular, if you have many virtual interfaces, this option speeds up the startup. How-
ever, unless you make other arrangements, mails sent to those addresses will bounce.
This is useful for sending mail to hosts which have dynamically assigned names.
DontBlameSendmail=options
This options allows you to bypass some of sendmail file security checks at the expense
of system security. This should be used only if you are aware of the consequences. The
options available for DontBlameSendmail are:
Safe
AssumeSafeChown
ClassFileInUnsafeDirPath
s
ErrorHeaderInUnsafeDirPath
GroupWritableDirPathSafe
GroupWritableForwardFileSafe
GroupWritableIncludeFileSafe
GroupWritableAliasFile
HelpFileinUnsafeDirPath
WorldWritableAliasFile
ForwardFileInGroupWritableDirPath
IncludeFileInGroupWritableDirPath
ForwardFileInUnsafeDirPath
IncludeFileInUnsafeDirPath
ForwardFileInUnsafeDirPathSafe
IncludeFileInUnsafeDirPathSafe
MapInUnsafeDirPath
LinkedAliasFileInWritableDir
LinkedClassFileInWritableDir
LinkedForwardFileInWritableDir
LinkedIncludeFileInWritableDir

HP-UX 11i Version 3: February 2007 −7− Hewlett-Packard Company 341

 sendmail(1M) sendmail(1M)

LinkedMapInWritableDir
LinkedServiceSwitchFileInWritableDir
FileDeliveryToHardLink
FileDeliveryToSymLink
WriteMapToHardLink
WriteMapToSymLink
WriteStatsToHardLink
WriteStatsToSymLink
RunProgramInUnsafeDirPath
RunWritableProgram
DontInitGroups=True |False
Set this option to true, to prevent program deliveries from picking up extra group
privileges.
MaxRecipientsPerMessage=no_of_recipients
Use this option to limit the number of recipients, no_of_recipients that will be accepted in
a single SMTP transaction. After this number is reached, sendmail starts returning
"452 Too many recipients" to all RCPT commands. This can be used to limit the number
of recipients per envelope (in particular, to discourage use of the server for spamming).
Note: A better approach is to restrict relaying entirely.
MaxHeadersLength=max_header_length
Use this option to specify the maximum length of the sum of all headers,
max_header_length. This can be used to prevent a Denial-of-Service(DoS) attack.
RunAsUser= user
Use this option to enable sendmail do a setuid to that user early in processing to
avoid potential security problems. However, this means that /var/spool/mqueue
directory owned by the user and all .forward and :include: files must be readable
by that user, and all files to be written must be writable by that user, and all programs
will be executed by that user. It is also incompatible with the SafeFileEnviron-
ment option. In other words, it may not actually add much to security. However, it
should be useful on firewalls and other places where users do not have accounts and the
aliases file is well constrained.
SafeFileEnvironment=option
Files named as delivery targets must be regular files in addition to the regular checks in
order to use this option. Also, if the option is non-null, then it is used as the name of a
directory that is used as a chroot() environment for the delivery; the file names listed
in an alias or forward should include the name of this root.
QueueSortOrder=option
Use this option to sort the queue based on the following values:
s host This makes better use of the connection cache, but may delay more ‘‘interac-
tive’’ messages behind large backlogs under some circumstances. It is
recommended to use this option if you have high speed links or do not pro-
cess too many ‘‘batch’’ messages; it might not perform better, if you are
using something like PPP on a 14.4 modem.
time This option causes the queue to be sorted strictly on the time of submission.
This might adversely affect the performance over slow lines and on nodes
with heavy traffic. Also, this does not guarantee that jobs will be delivered
in submission order unless you set DeliveryMode=queue option. In
general, it should be used only on the command line, and in conjunction with
-qRhost.domain.
Filename This option sorts the queue by filename. This avoids opening and reading
each queue file while preparing to run the queue. This will speed up the
queue processing.
PrivacyOptions=flag
The flag can be set to the following values:
public Allow open access.

342 Hewlett-Packard Company −8− HP-UX 11i Version 3: February 2007

sendmail(1M) sendmail(1M)

needmailhelo Insist on HELO (or EHLO) before the MAIL command.

needexpnhelo Insist on HELO (or EHLO) before the EXPN command.
noexpn Disallow EXPN command totally.
needvrfyhelo Insist on HELO (or EHLO) before the VRFY command.
novrfy Disallow VRFY command totally.
restrictmailq Restrict mailq command.
restrictqrun Restrict -q command-line flag.
noreceipts Do not return success DSN’s.
goaway Disallow essentially all SMTP status queries.
authwarnings Put X-Authentication-Warning headers in messages if
HELO was not used inside SMTP transaction.
noverb Flag to disable the SMTP VERB command.
noetrn Flag to disable the SMTP ETRN command.
By default, authwarnings and restrictqrun are enabled.
DaemonPortOptions=field1=value,field2=value,...
The fields currently supported by sendmail are:
Family The values can be either inet or inet6 . The default value is
inet .
Address IP address or hostname
Name Name of the agent (MTA or MSA )
Port Port number (for Name=MSA , the port number should be 587)
Send Send buffer size
Receive Receive buffer size
Listen Listen queue size
M Modifier flags.
Following are the values to which the modifier flag can be set:
a Require authentication.
b Bind to interface through which mail has been received.
c Pass the address for canonification.
f Enable fully qualified address for From address. s
h Use name of interface for outgoing HELO command.
u Disable fully qualified address for From address.
C Do not pass the address for canonification.
E Turn off ETRN connections.
Note: In order to use the IPv6 feature, you need to set the DaemonPortOp -
tions with Family=inet6 . If this option is set with Name=MSA , a separate
daemon starts at port 587 that acts as a Message Submission Agent (MSA).
ClientPortOptions=field1=value,field2=value,...
This option is similar to DaemonPortOptions but meant for outgoing connections. See
DaemonPortOptions above for the option values available.
Aliases
You can set up system aliases and user forwarding. The alias and .forward files are described in the
aliases(5) manpage.

HP-UX 11i Version 3: February 2007 −9− Hewlett-Packard Company 343

 sendmail(1M) sendmail(1M)

EXIT STATUS
sendmail returns an exit status describing what it did. The codes are defined in <sysexits.h> :
EX_OK Successful completion on all addresses.
EX_NOUSER User name not recognized.
EX_UNAVAILABLE Catchall meaning necessary resources were not available.
EX_SYNTAX Syntax error in address.
EX_SOFTWARE Internal software error, including bad arguments.
EX_OSERR Temporary operating system error, such as ‘‘cannot fork’’ .
EX_NOHOST Host name not recognized.
EX_TEMPFAIL Message could not be sent immediately, but was queued.

WARNING
Terminating and restarting the sendmail daemon may not be instantaneous.

AUTHOR
The sendmail command was developed by the University of California, Berkeley, and originally appeared
in BSD 4.2.

FILES
$HOME/.forward User’s mail forwarding file
$HOME/dead.letter User’s failed message file
Except for the /etc/mail/sendmail.cf file and the daemon process ID file, the below mentioned
default pathnames are all specified in the configuration file, /etc/mail/sendmail.cf. These default
file names can be overridden in the configuration file.
/etc/mail/aliases raw data for alias names
/etc/mail/aliases.db data base of alias names
/etc/mail/sendmail.cf configuration file
/usr/share/lib/sendmail.hf help file
/etc/mail/sendmail.st collected statistics
/var/spool/mqueue/* mail queue files
/etc/mail/sendmail.pid The process id of the daemon
/etc/mail/sendmail.cw The list of all hostnames that are recognized as local, which causes
sendmail to accept mail for these hosts and attempt local delivery
/etc/nsswitch.conf configuration file for the name-service switch

SEE ALSO
s elm(1), expand_alias(1), idlookup(1), mail(1), mailq(1), mailstats(1), mailx(1), praliases(1), convert_awk(1M),
identd(1M), killsm(1M), mtail(1M), newaliases(1M), smrsh(1M), aliases(5).

344 Hewlett-Packard Company − 10 − HP-UX 11i Version 3: February 2007

service.switch(1M) service.switch(1M)

NAME
service.switch - indicate lookup sources and fallback mechanism

SYNOPSIS
/etc/mail/service.switch
DESCRIPTION
/etc/mail/service.switch is a sendmail(1M) service switch similar to /etc/nsswitch.conf
(see nsswitch.conf(4)) that indicates the lookup source for hostnames and aliases. It consists of two lines,
one for hosts and one for aliases . The lookup sources are listed after the hosts or aliases name.
For hosts , one or more of the following can be listed:
files (for /etc/hosts )
dns (for Domain Name Service)
nis (for NIS)
For aliases , one or more of the following can be listed:
files (for /etc/mail/aliases)
nis (for NIS)
Sample Configurations
1. The default configuration for service.switch is to use dns for hostname lookups and the
aliases file for aliases. (Note that due to a bug, the hostname lookup will never fallback to a file
lookup, so anything listed after dns will be ignored.)
hosts dns files
aliases files
2. To work with a non-DNS environment that uses file lookups (/etc/hosts ), the following
service.switch can be used:
hosts files
aliases files
3. To work with a NIS environment that does not use DNS, the following service.switch can be
used:
hosts nis files
aliases nis files
Modifying sendmail.cf
The sendmail.cf file must be modified to request the usage of the service.switch file. Otherwise,
the default for sendmail.cf is to use DNS for hostname lookups, and files for alias lookups. To use
NIS or files , the following line must be uncommented in sendmail.cf :
#O ServiceSwitchFile=/etc/mail/service.switch s
SEE ALSO
sendmail(1M).

HISTORY
The service.switch file appeared in sendmail V8.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 345

 set_parms(1M) set_parms(1M)

NAME
set_parms - set system initial identity parameters: hostname, date/time, root password, and networking

SYNOPSIS
set_parms initial
set_parms hostname
set_parms timezone
set_parms date_time
set_parms ip_address
set_parms addl_netwrk
set_parms locale
DESCRIPTION
The set_parms command is an interactive system set-up command that allows you to specify various
"initial identity parameters" when first booting a newly installed operating system (whether preinstalled, or
installed locally from media or an install server), and to revise these parameters later on a running system.
Initial identity parameters are a minimal set of values required to bring a system to an initially useful
state. They include the following:
• system hostname
• timezone for the system’s location
• date and time
• root password
• IP address, netmask
• routemask, routing gateway, DNS, and NIS information
• local language
In a first-boot situation, set_parms is invoked automatically by /sbin/auto_parms. For
set_parms purposes, "first-boot" is defined as having no hostname set when the system starts up. This
causes set_parms to step through all of its sub-areas to help you set all of the initial identity parameters.
After the system has booted and is running, set_parms may also be called directly from the command
line to step through all areas (via set_parms initial ), similar to how it works at first-boot, or to
finish setting up a particular sub-area (the latter forms above). There are certain limitations to its actions
when it’s run after first-boot, as described see below.
Note: The set_parms command only sets the root (superuser) password during "initial" processing, and
then only if it is not already set. If so, it uses the passwd command, so the effect is immediate. See the
passwd(1) manpage.
The set_parms command is also DHCP-aware. If you attempt to change DHCP-supplied data such as
the hostname or IP address, set_parms issues a warning. If you continue with the changes,
set_parms relinquishes the DHCP lease. On first-boot, set_parms asks if you would like to try get-
ting set-up data from a DHCP server.
s However invoked, the set_parms command often knows and provides default values for many of the ini-
tial identity parameters, based on values specified to Ignite-UX in a previous or recent installation of the
system or found in system configuration files.
The set_parms command can be run only by the user with appropriate privilege.

Options
Each sub-area of set_parms is described below. In a first-boot situation all of the sub-areas are run
sequentially. Special first-boot behavior is noted below if applicable, along with any special cases when
invoking set_parms on a running system. When calling a sub-area directly, only a unique portion of the
sub-area name is required to be given; for example, set_parms h.
initial This allows the user to sequentially invoke all the sub-areas mentioned below. The user can
configure multiple interfaces which are physically connected to the network using the Ter-
minal User Interface (TUI). A # in the user interface field indicates a lan which is not phy-
sically connected to the network. If lan interfaces are configured as DHCP, the options
ip_address and addl_netwrk are skipped.
hostname Set the system hostname: Validates a user-supplied hostname according to host-naming
conventions and sets various system initialization variables to operate with that hostname.
Particularly, set_parms edits /etc/hosts to associate the new hostname with the
current IP address of the system, if that can be determined. Note: It does not notify DNS

346 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

set_parms(1M) set_parms(1M)

(Domain Name Servers), etc. This higher level of configuration is handled later by broader
configuration tools.
WARNING: When changing the hostname, set_parms does not know about optionally-
installed software. If any such software remembers the previous hostname, it might not
work properly after the hostname is changed.
A mechanism is provided that helps generalize the hostname changing function. The
set_parms command calls, in ls sorted order, any executable commands found in the
directory /sbin/ch_hostname.d. This occurs for both first-boot and non-first-boot
calls. HP may in the future supply special commands in this location. The system adminis-
trator may also supply custom commands (programs or scripts) for site installations using,
for example, Ignite-UX.
The system must be rebooted for any change to take full effect.
timezone Select a timezone based on your country of location. Also allows you to set a user-supplied
timezone. The system must be rebooted for any change to take effect.
date_time Set the system date and time interactively: This is similar to calling date as a privileged
user, but without having to format a time specification string. The change takes effect
immediately.
ip_address Set or change the IP address and subnet mask for the system. This function edits the
/etc/hosts file to associate the new IP address with the current hostname. Note: it
does not notify DNS (Domain Name Servers), etc. This higher level of configuration is han-
dled later by broader configuration tools.
If multiple lan interfaces are present, the user can select each LAN interface (network
interface card or NIC) separately to configure it.
The system must be rebooted for any change to take effect.
addl_netwrk
Set the route mask (which defines the network and local subnet portions of a network
address), set the routing gateway, and define access to the Domain Name System (DNS)
and Network Information Service (NIS).
First-boot: These changes take effect immediately, without a reboot, because set_parms
starts networking after setting the parameters.
Non-first-boot: A reboot is required for all of these changes to take effect.
locale Allow the user to set the local language settings. The user can either select one of the
languages from the menu or they can set new valid language. set_parms will verify
whether the new language is installed. If it is not installed, the user must install the
language before executing this option.

set_parms, Ignite-UX or Cold Install s

After "cold-installing" HP-UX from tape, CD-ROM, or DVD, or using Ignite-UX to install HP-UX from any
source including an install server, the file /tmp/install.vars is generally left on the system. This
file is used to communicate to set_parms and other tools the hostname, networking, and other informa-
tion that was used during the installation, to make it easier to use any of these values as final system
parameters. In particular, set_parms uses as defaults the shell-style variables in this file that begin
with INST_ . For example, INST_LAN_DEV indicates which LAN interface was used during a network
cold install. This is the LAN interface that set_parms configures.
In general, set_parms first looks in /tmp/install.vars for default information, then in the system
configuration files in the /etc/rc.config.d directory. If any parameter is defined in both locations,
the latter takes precedence.
If Ignite-UX is installed on your system, see the manpage entries for ignite(5) and instl_adm(4). In particu-
lar, read instl_adm(4) for descriptions of the is_net_info_temporary, run_setparms , and
final variables.
Interaction with auto_parms
During the boot-up sequence, /sbin/rc always invokes auto_parms , which in turn detects the first-
boot situation and it calls set_parms if either or both of these conditions are true. The set_parms
starts its interface and, based on user input, might call back into auto_parms to obtain and set up the

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 347

 set_parms(1M) set_parms(1M)

management of a DHCP lease. After set_parms completes this and other system set-up tasks, control
passes back to /sbin/rc , which completes the boot-up sequence using the newly-created system initial
identity parameters.
See the rc(1M) manpage for information about /sbin/rc for invocation context in the first-boot case.
If the system has multiple lan interfaces and the user wishes to configure some with DHCP and others with
static IP, the user must invoke set_parms initial first to configure all the lan interfaces which they
wish to configure as DHCP. The user should not allow the system to be rebooted while doing this
configuration. Then the user should invoke set_parms ip_address to configure the remaining lan
interfaces.
set_parms initial also allows the user to specify the DHCP server from which to get hostname and
networking parameters and Class ID.
If multiple interfaces are configured with DHCP, there is a chance that multiple hostnames will be
returned through different DHCP enabled lan interfaces. If hostname is not set in
/etc/rc.config.d/netconf and none of the interfaces are configured with static IP addresses,
then the hostname returned by the least index interface is updated in
/etc/rc.config.d/netconf.
FILES
/sbin/set_parms The command itself.
/sbin/set_parms.util Common subroutines used by set_parms and the sub-area com-
mands.
/sbin/set_parms.d/ Directory holding all of sub-area commands called by set_parms ,
which runs them in sorted order.
/sbin/ch_hostname.d/ Directory containing any hostname-change commands defined by the
user. These are standalone commands run, in sorted order, by
set_parms when setting or changing the hostname.
/tmp/install.vars File set by Ignite-UX or Cold Install that contains networking and other
system information used during the installation.
System configuration files modified by set_parms .
/etc/hosts
/etc/passwd
/etc/rc.config.d/LANG
/etc/rc.config.d/namesvrs
/etc/rc.config.d/netconf
/etc/resolv.conf
/etc/TIMEZONE
/usr/dt/config/Xconfig
s
AUTHOR
The set_parms command was developed by HP.

SEE ALSO
passwd(1), auto_parms(1M), dhcpdb2conf(1M), rc(1M), instl_adm(4), ignite(5).

348 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

setboot(1M) setboot(1M)

NAME
setboot - display and modify boot variables in stable storage

SYNOPSIS
setboot [-p primary-path] [-h HA_alternate-path] [-a alternate-path]
[-b on|off ] [-s on|off ] [-m on|off ] [-r] [-v]
[-t testname =on |off |default ]... [-T testname =on off default ]...

DESCRIPTION
The setboot command displays and sets boot variables in stable storage (also known as nonvolatile
memory). Any user can display the values; only a superuser can change them.
On all systems, the variables are: primary path, alternate path, HA alternate path (if applicable; see -h
option), autoboot flag, and autosearch flag. If SpeedyBoot is installed, the variables expand to
include: early CPU tests, late CPU tests, memory initialization (on Integrity systems), full memory tests,
processor hardware tests (on PA-RISC), platform dependent tests (on Integrity systems), IO Hardware
tests (on Integrity systems), chipset tests (on Integrity systems), and central electronic complex tests (on
PA-RISC), hyperthreading (on some Integrity systems).
With no options, setboot displays the current values for the primary boot path, alternate boot path, HA
alternate boot path, and the autoboot and autosearch flags. If SpeedyBoot is installed, setboot
-v also displays the status of the CPU, memory, hardware, and electronics tests. If the platform supports
hyperthreading, setboot displays whether processor hyperthreading is enabled/disabled for current and
subsequent system boots.

SpeedyBoot
The SpeedyBoot firmware and software extensions allows a superuser to control which firmware tests are
executed by the system during the boot process. The tests settings can be specified both for all subsequent
boots and for the next one only. They are described in the The Tests section below.
The -v, -t, and -T options of the setboot command provide the user interface to the firmware tests.
Currently -t options is not supported on Integrity system architecture.
SpeedyBoot augments the test control that is available on systems that have the Boot Console Handler
(BCH). By turning off some or all of the boot tests, you can shorten boot time appreciably. However, in the
event of a system panic or boot failure, all tests are executed on the subsequent boot.
SpeedyBoot Tests
The SpeedyBoot tests and the possible display values on a PA-RISC platform are summarized in the follow-
ing table:
Test Current Supported Default NEXT BOOT
all on|off|partial yes|no|partial on|off|partial on|off|partial
SELFTESTS on|off|partial yes|no|partial on|off|partial on|off|partial
early_cpu on|off yes|no on|off on|off
late_cpu on|off yes|no on|off on|off s
FASTBOOT on|off|partial yes|no|partial on|off|partial on|off|partial
full_memory on|off yes|no on|off on|off
PDH on|off yes|no on|off on|off
CEC on|off yes|no on|off on|off
The SpeedyBoot tests and the possible display values on an Integrity platform are summarized in the fol-
lowing table:
Test Current Default
all on|off|partial on|off|partial
SELFTESTS on|off|partial on|off|partial
early_cpu on|off on|off
late_cpu on|off on|off
FASTBOOT on|off|partial on|off|partial
Platform on|off on|off
Full_memory on|off on|off

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 349

 setboot(1M) setboot(1M)

Memory_init on|off on|off

IO_HW on|off on|off
Chipset on|off on|off

The Columns
Test The keyword names of the tests that can be controlled by SpeedyBoot. See The
Tests section below.
Current The current enablement of each test. on means the test is normally executed on
each boot. off means the test is normally omitted on each boot. partial
means some of the subtests are normally executed on each boot. On Integrity plat-
form any test modified using the -T option will be reflected in Current.
Supported Whether the test is supported by the system firmware. yes means the test is sup-
ported. no means the test is not supported. partial means some of the sub-
tests are supported. On Integrity platform, this Column is not supported.
Default The default values for each test. on , off , and partial are the same as for
Current.
NEXT BOOT The values for each test that will be used on the next boot. If they are different
from Current, the Current values will be reestablished after the next boot. on ,
off , and partial are the same as for Current. On Integrity platform, this
Column is same as that of Current and hence not displayed separately.

The Tests
These are keywords for the hardware tests that are executed by processor-dependent code (PDC) or
firmware upon a boot or reboot of the system.
all All the listed tests.
SELFTESTS Includes the early_cpu and late_cpu tests. This is equivalent to the
SELFTESTS option in the boot console handler (BCH) service menu. The
difference is that setboot can control the subtests separately, while BCH can-
not.
early_cpu When on, run firmware, cache, and CPU-specific tests. Performed out of firmware.
When off, skip the tests.
late_cpu When on, run firmware, cache, and CPU-specific tests. Performed out of memory
and therefore faster than the early_cpu tests. When off, skip the tests.
FASTBOOT Includes the full_memory and PDH tests on PA-RISC Platform. Includes the
Platform and Full_memory tests on Integrity platform. This is equivalent to
the FASTBOOT option in the boot console handler (BCH) service menu. The
s difference is that setboot can control the subtests separately, while BCH can-
not.
Note: When FASTBOOT is on, the tests are performed, and vice versa.
full_memory When on, run write/read-write/read tests on all memory locations. When off, only
initialize memory. Supported only on PA-RISC Platform.
Platform When on, enables general platform hardware tests. When off, do not. Supported
only on Integrity platform.
Full_memory When on, enables full destructive memory tests. When off, do not. Supported only
on Integrity platform.
PDH Processor-dependent hardware. When on, test a checksum of read-only memory
(ROM). When off, do not. Supported only on PA-RISC Platform.
CEC Central electronic complex. When on, test low-level bus converters and I/O chips.
When off, do not. CEC is not available on all systems. Supported only on PA-RISC
Platform.
Memory_init When on, enables full destructive memory tests. When off, do not. Supported only
on Integrity platform.

350 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

setboot(1M) setboot(1M)

IO_HW IO Hardware. When on, enables system firmware, or EFI drivers to perform all
the tests of IO hardware (boot devices only). When off, do not. Supported only on
Integrity platform.
Chipset When on, enables Chipset tests. When off, does not enable Chipset tests. Sup-
ported only on Integrity platform.

Hyperthreading
Some Integrity processors support chip level multiprocessing which is a physical core presenting itself as
two (or possibly more) logical CPUs (or hardware threads). Hyperthreading increases the instruction
throughput by making use of the idle cycles and idle functional units that occur due to stalls.
Supported on some Integrity platform.
Failover
setboot will support boot path failover irrespective of whether a persistent device special file, lunpath
hardware path, or legacy hardware path is given as input.
A persistent device special file is associated with a device based on its worldwide identifier, rather than its
physical hardware path. When a persistent device special file is given as input, setboot writes an avail-
able lunpath hardware path to the LUN into stable storage.
Note: There is no order in which the available lunpath hardware paths get selected. Also, when the same
persistent device special file is given as input for more than one boot path, setboot will avoid setting the
same lunpath for the concerned boot paths.
When a lunpath hardware path is given as input, setboot writes that path into stable storage.
When a legacy hardware path is given as input, setboot writes the corresponding lunpath hardware path
into stable storage. For more information on legacy hardware path and lunpath hardware path mapping,
see ioscan(1M).
For more information on Hardware Paths and Device File Naming Conventions, including persistent device
special file names, see intro(7).
If the hardware path written into stable storage goes offline, setboot retrieves an alternate available
hardware path to the LUN and writes that path into stable storage. setboot supports failover by sub-
scribing to the health of the hardware path that it writes to stable storage using EVM (see EVM(5)).
Options
The setboot command supports the following options:
(none)
Display the current values for the primary, HA alternate (if applicable) and alternate boot paths
and the autoboot and autosearch flags. See example 2 in the EXAMPLES: General sec-
tion.
-p primary-path
Set the primary boot path variable to primary-path. setboot will accept legacy hardware paths, s
lunpath hardware paths, and persistent device special files as valid input (see intro(7)).
-h HA_alternate-path
Set the High Availability alternate boot path variable to HA_alternate-path. setboot will accept
legacy hardware paths, lunpath hardware paths, and persistent device special files as valid input
(see intro(7)).
High Availability alternate boot path is supported only on Integrity system architecture and for
PA-RISC systems that support hardware partitions.
-a alternate-path
Set the alternate boot path variable to alternate-path. setboot will accept legacy hardware paths,
lunpath hardware paths, and persistent device special files as valid input (see intro(7)).
-r Reinitialize the EVM subscription for boot paths currently set in stable storage. This option is
useful when the boot path health event subscriptions are not updated after a change in boot
paths. For example, when the boot paths are updated between an evmd stop and restart. See
evmd(1M). Refer to the Failover section for more information.
-s onoff
Enable or disable the autosearch sequence. The interpretation of Autoboot and Autosearch has
changed for PA-RISC systems that support hardware partitions. Refer to the WARNINGS

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 351

 setboot(1M) setboot(1M)

section. The -s option is not supported on Integrity system architecture.

-b onoff
Enable or disable the autoboot sequence. The interpretation of Autoboot and Autosearch has
changed for PA-RISC systems that support hardware partitions. Refer to the WARNINGS sec-
tion.
-m onoff
Enable or disable hyperthreading. -m option is supported only on Integrity system architecture.
-v Display the current values for the primary and alternate boot paths and the autoboot and
autosearch flags and a status table of the SpeedyBoot tests. See example 1 in the EXAM-
PLES: SpeedyBoot section.
-t testname =value
Change the value for the test testname in stable storage to value for all following boots. -t
option is not supported on Integrity system architecture. The changes are reflected in the
Current and NEXT BOOT columns of the setboot -v display.
testname can be one of the following keywords, as described above in the DESCRIPTION:
SpeedyBoot Tests section.
all
SELFTESTS
early_cpu
late_cpu
FASTBOOT
full_memory
PDH
CEC
value can be one of:
on Enable the test.
off Disable the test.
default Reset the test to the system default, which is shown in the Defaults column of
the setboot -v display.
-T testname =value
Change the value for the test testname to value for the next system boot only. The change does
not modify stable storage, so the permanent values are restored after the boot.
testname can be one of the keywords described above in the DESCRIPTION: SpeedyBoot Tests
section. and value are the same as for the -t option.

RETURN VALUE
The setboot command returns one of:
s 0 Successful completion
1 Failure

DIAGNOSTICS
The setboot command returns the following error messages:
"bootpath" is not a valid bootpath. Bootpaths should be specified with a
persistent dsf, lunpath hardware path or a legacy hardware path.
The boot path, bootpath, should be one of the following: persistent LUN dsf, lunpath hardware path
or legacy hardware path. See ioscan(1M) and intro(7) for more information on hardware path and
persistent dsf format.
cannot open /dev/kepd - message
setboot cannot open the kernel pseudo driver file /dev/kepd . The message explains why.
cannot set autoboot/autosearch flags
The autoboot or autosearch flag could not be set.
cannot set type boot path

352 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

setboot(1M) setboot(1M)

setboot can’t set the specified boot path. type may be primary , HA_alternate , or alter-
nate .
error accessing boot path - message
The message explains why. For example, you may not have permission (not be superuser) to change
parameters.
error accessing firmware - message
The firmware could not be read or written. The message explains why.
Failed to retrieve lun token
An error occurs when one of the boot paths is invalid (when running setboot -r or
/sbin/init.d/setboot). This kind of error occurs when there is no valid LUN entry
corresponding to the boot path or lunpath.
No dsf found
An error occurs when displaying boot paths when there is no valid LUN entry corresponding to the
boot path. For example, one or more of these situations has occurred regarding the persistent LUN
dsf entry:
• The persistent LUN dsf corresponding to the boot path (lunpath in stable storage) has been
removed (most likely with the rmsf command).
• The boot path is set to a lunpath, but the associated HBA to that lunpath has been removed or
disabled.
• The boot path is set to a non-existent or invalid boot device in the I/O system.
Invalid Arguments Passed to the invoked PDC routine
This is an internal error.
test not found in /etc/setboot_tests file
The test you specified is not defined for your system.
The firmware of your system does not support querying or changing
SELFTEST and FASTBOOT settings except through the boot-time console
interface, ie, BCH menu. Invoked PDC routine [option ] not implemented. (On
PA-RISC Platform only.)
or
The firmware of your system does not support querying or changing the
SpeedyBoot settings. (On Integrity platform only.)
You have specified a SpeedyBoot option (-t , -T , or -v ) and your system does not have the firmware
to support SpeedyBoot. Currently, the Integrity platform does not support -t options. s
Unknown error errornum encountered by setboot(1M)
An unexpected error, number errornum, was encountered while setboot was processing Speedy-
Boot parameters.
Warning: Autoboot flag must be on for autosearch flag to have effect
If the autoboot flag is off, automatic searching for a bootable system cannot occur, even if the
autosearch flag is on.
warning: invalid data in /etc/setboot_tests
The /etc/setboot_tests file contains tests that are not supported by setboot on your sys-
tem. Do not modify this file.

EXAMPLES
General
1. Set the primary path to 2/4.1.0 and enable the autoboot sequence:
setboot -p 2/4.1.0 -b on
2. Set the alternate path (using a persistent device special file) to /dev/disk/disk2 and enable the
autoboot sequence:

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 353

 setboot(1M) setboot(1M)

setboot -a /dev/disk/disk2 -b on
setboot displays:
Alternate boot path set to 0/0/0/3/0.0x6.0x0 (/dev/disk/disk2)
3. Display the boot paths, auto flags and hyperthreading:
setboot
on PA-RISC and Integrity system architecture displays:
Primary bootpath : 0/0/0/3/0.0x5.0x0 (/dev/rdisk/disk3)
HA Alternate bootpath : 0/0/0/3/0.0x6.0x0 (/dev/rdisk/disk2)
Alternate bootpath : 0/0/0/3/0.0x6.0x0 (/dev/rdisk/disk2)
Autoboot is ON (enabled)
Autosearch is ON (enabled)
on Integrity system architecture which support hardware threads displays:
Primary bootpath : 0/3/2/0.0x50001fe15002c7f9.0x4001000000000000
(/dev/rdisk/disk7)
HA Alternate bootpath : 0/1/1/1.0x0.0x0 (/dev/rdisk/disk10)
Alternate bootpath : 0/1/1/0.0x1.0x0 (/dev/rdisk/disk9)
Autoboot is ON (enabled)
Hyperthreading : ON
: ON (next boot)
SpeedyBoot
1. Display all current stable storage values.
setboot -v
on PA-RISC architecture displays:
Primary bootpath : 0/0/0/3/0.0x5.0x0 (/dev/rdisk/disk3)
HA Alternate bootpath : 0/0/0/3/0.0x6.0x0 (/dev/rdisk/disk2)
Alternate bootpath : 0/0/0/3/0.0x6.0x0 (/dev/rdisk/disk2)
Autoboot is ON (enabled)
Autosearch is OFF (disabled)
TEST CURRENT SUPPORTED DEFAULT NEXT BOOT
---- ------- --------- ------- ---------
all partial partial partial partial
s SELFTESTS
early_cpu
partial
off
yes
yes
on
on
partial
off
late_cpu on yes on on
FASTBOOT partial yes on partial
full_memory off yes on off
PDH on yes on on
CEC off no off off
on Integrity system architecture displays:
Primary bootpath : 0/1/1/0.0x1.0x0 (/dev/rdisk/disk9)
HA Alternate bootpath : 0/1/1/1.0x0.0x0 (/dev/rdisk/disk10)
Alternate bootpath : 0/1/1/1.0x0.0x0 (/dev/rdisk/disk10)
Autoboot is ON (enabled)
TEST CURRENT DEFAULT
---- ------- -------
all partial partial
SELFTESTS off on
early_cpu off on
late_cpu off on
354 Hewlett-Packard Company −6− HP-UX 11i Version 3: February 2007
setboot(1M) setboot(1M)

FASTBOOT on on
Platform on on
Full_memory on on
Memory_init on on
IO_HW off off
Chipset on on
2. Enable full_memory and PDH tests and have those tests executed on all subsequent reboots.
setboot -t FASTBOOT=on
3. Disable the late processor tests and have those tests skipped on all subsequent reboots. If early CPU
tests are on when this command is executed, the SELFTESTS state in BCH stays on while set-
boot -v shows the state as partial .
setboot -t late_cpu=off
4. Reset all tests to the machine-shipped default values.
setboot -t all=default
5. Reset only the FASTBOOT (full_memory and PDH ) tests to their default values.
setboot -t FASTBOOT=default
6. Cause the early and late CPU tests to be executed on the next system boot. The previously set test
values take effect again after the single boot.
setboot -T SELFTESTS=on
7. Cause all tests to be skipped on the next reboot. The previously set test values will take effect for sub-
sequent reboots.
setboot -T all=off
8. Enable hyperthreading for next system boot.
setboot -m on
WARNINGS
The setboot command fails under the following circumstances:
• On Integrity systems, a device cannot be set as a boot path if the device does not have an EFI parti-
tion.
• The number of writes to the stable storage exceeds the number allowed by the architecture implemen-
tation.
• Hardware failure.
• The implementation does not have memory for the alternate boot path, in which case, this variable is
neither readable nor writable. s
Autoboot and Autosearch on PA-RISC Systems
The interpretation of Autoboot and Autosearch has changed for PA-RISC systems that support hardware
partitions. The firmware interprets the bits in combination and not individually as done before. In order to
approximate the traditional behavior of setboot , the user input for the autoboot and autosearch
flags is internally mapped to the right combination to achieve the desired behavior. This mapping should
be transparent to the user of setboot , but might show up when accessing the firmware using means
other than setboot .
For the primary path, the boot action corresponds to the Autoboot and Autosearch flags in the following
manner:
AutoBoot AutoSearch Boot Action
off off Go to the BCH and prompt the user.
on off Attempt the primary path; on failure
go to BCH.
on on Attempt the primary path; on failure

HP-UX 11i Version 3: February 2007 −7− Hewlett-Packard Company 355

 setboot(1M) setboot(1M)

try next path.

off on Skip the primary path and try alternate path.
If the alternate paths are not configured to
boot or fail, go to BCH.
Additionally, systems with hardware partitions support a boot action for each path. However the boot
action for the paths other than the primary path cannot be set using setboot. Instead, these must be set
through the Boot Console Handler using the pf (path flags) command of the BCH Configuration menu.
The default boot action for the hardware partitions is to "skip this device and try next path". The case
where both the autosearch and autoboot flags are on, will not work as expected until the path flags
for the alternate paths are set appropriately through the BCH. In the default case, specifying setboot
-b on -s on will not cause an alternate path to be automatically booted when the primary path fails,
instead the user will be prompted.

DEPENDENCIES
If SpeedyBoot is not installed on a system, options -v, -t, and -T will produce a diagnostic error.
Currently -t option is not supported on Integrity system architecture.
If the platform does not support hyperthreading, then the -m option will produce a diagnostic error.

AUTHOR
setboot was developed by HP.
FILES
/dev/kepd Special device file used by the setboot command.
/var/evm/adm/config/logger/setboot*.conf
Secondary EVM logger configuration files for setboot .
/etc/setboot_tests Definitions of tests which can be viewed or controlled with the -v, -t, and
-T options.
SEE ALSO
evmlogger(1M), evmreload(1M), hpux(1M), ioscan(1M), isl(1M), mkboot(1M), EVM(5), intro(7).

356 Hewlett-Packard Company −8− HP-UX 11i Version 3: February 2007

setfilexsec(1M) setfilexsec(1M)

NAME
setfilexsec - set extended security attributes on a binary file

SYNOPSIS
setfilexsec -d filename
setfilexsec -D absolutepath
setfilexsec [-c compartmentname] [-f flags] [-p privs] [-P privs] [-r privs] [-R privs]
filename

DESCRIPTION
setfilexsec sets various extended security attributes of binary files. The attributes currently include
retained privileges, permitted privileges, compartment, and the privilege start flag. See privileges(5) and
execve (2) for a description of these attributes. The security attributes are stored in a configuration file and
maintain persistence across reboot. The attributes are stored in a configuration file and loaded when the
system reboots.

Options
setfilexsec recognizes the following options:
-c Sets the compartment name for the binary executable file.
-d Deletes any security information for the file from the configuration file and the kernel.
-D Delete any security information for the file given by absolutepath from the configuration file
only. This is used to clear attributes of a deleted file.
-f Sets the security attribute flags. The only defined flag is the privilege start flag.
The privilege_start flag must be either start_full or start_nil . If the value is
start_full , when the binary is executed, the process’ effective privileges are set to the newly
computed permitted privilege set. If the value is start_nil , when the binary file is executed,
the process’ effective privileges are set to nil (no privileges). If this option is not specified and
the process start flag is not already set for the binary file, the flag is set to start_nil .
-p Adds or changes the minimum permitted privileges. This must be a subset of the maximum per-
mitted privileges.
-P Adds or changes the maximum permitted privileges. This must be equal to or a superset of the
minimum permitted privileges, minimum retained privileges, and maximum retained privileges.
-r Adds or changes the minimum retained privileges. This must be a subset of the maximum
retained privileges as well as minimum permitted privileges.
-R Adds or changes the maximum retained privileges. This must be equal to or a superset of the
minimum retained privileges. This set must also be a subset of the maximum permitted
privileges. s
For the third form of the command, if any of the options are not specified, setfilexsec takes the follow-
ing action:
• If the binary’s extended attributes are already set (e.g., through a previous invocation of the set-
filexsec command), the previous value for the option is used.
• If the binary’s extended attributes are not set, they default to null (i.e., empty sets for privileges
and empty value for compartment).

Option Arguments
privs This is a list of privileges seperated by comma (,). See the desciption of priv_list
argument in priv_str_to_set(3).
compartmentname This must be a valid compartment on the system or an empty string (""). If it is
an an empty string, the compartment part of the security attributes are cleared.

Operands
setfilexsec recognizes the following operands:
filename A binary executable. Extended attributes set on executable scripts are ignored by the
kernel.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 357

 setfilexsec(1M) setfilexsec(1M)

Security Restrictions
The caller must have the following authorization:
hpux.security.xsec.filexsec.unrestricted
—or—
hpux.security.xsec.filexsec.restricted
RETURN VALUE
setfilexsec returns the following values:
0 Successful completion. The security attributes are updated successfully.
>0 An error occurs. An error can be caused by an invalid option, an invalid argument, or
insufficient permissions for the user to perform the operation.

EXAMPLES
Example 1: Add a security attributes entry for the binary executable /web/java for the first time:
setfilexsec -r cmptread \
-R policy,!changecmpt -p cmptread,cmptwrite \
-P policy -f start_nil -c web /web/java
The Example 1 command has the following effect:
When a process performs a exec() of the binary /web/java , the process’s attributes are modified
as follows:
• The retained privilege set includes at least cmptread and cmptwrite .
• The retained privilege set does not include dacwrite .
• The permitted privilege set includes at least cmptread .
• The permitted privilege set is equal to the policy privilege set (depends on the inheritable set
before the exec() ).
• The process changes its compartment to web .
• Since the process is privilege-aware, the effective privilege set is empty (and the application
/web/java may raise the privileges in the permitted privilege set at run time).
Example 2: Modify the minimum retained privilege set and flags for the same binary:
setfilexsec -r cmptwrite -f start_full /web/java
Because the start_full flag is specified, the effective privilege set is equal to the permitted
privilege set (the application presumably does not manipulate the privileges at run time).
Example 3: Delete all extended security attributes for the same binary:

s setfilexsec -d /web/jar
WARNINGS
If a binary file that has extended security attributes set is modified or replaced, the attributes are no longer
applied for that file, but are still present in system tables. On reboot, the system would detect that the file
contents have changed using a simple checksum mechanism. Upon detecting such a scenario, the attri-
butes of the file are ignored and an error message is issued corresponding to the file entry. For proper
operation, when a file is modified, run setfilexsec -d to remove the extended attributes instead of
relying on the checksum mechanism.
When replacing a binary, in order to retain the privileges on the binary, run setfilexsec -d first to
remove the prior privilege attributes, replace the binary, and then run setfilexsec to re-assign attri-
butes.
Note that the NFS protocol is not extended to support extended security attributes. Hence the NFS
mounted binaries should not be configured with any extended security attributes.

SEE ALSO
getfilexsec(1M), exec(2), priv_str_to_set(3), privileges(5).

358 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

setmemwindow(1M) setmemwindow(1M)

NAME
setmemwindow - change window ID of running program or start program in particular memory window

SYNOPSIS
setmemwindow
[-bcfjnov ] [-i WinId] { -p pid | program [arg]... }

DESCRIPTION
setmemwindow is the command that changes the window ID of a running process or starts a specified
program in a particular memory window.
If the -p option is specified with a nonzero pid, only the process’s window ID is changed, and any value
specified for program is ignored.
The executable program is only executed if the process ID pid is either 0 or unspecified.
Changing the window ID for the running process does not mean the process immediately attaches to or
creates objects using that window. The targeted process does not begin using the window until it executes
a new image.
setmemwindow , used as a wrapper for an existing executable, starts the program in the desired (see -i
option below) memory window. In order to execute program, setmemwindow changes the window ID,
forks a child and executes program in the child process. The default behavior of setmemwindow is to
wait until program finishes. If -n is specified, the waiting for program is bypassed and setmemwindow
exits immediately after forking the child.
If -c and -j are unspecified, the default behavior is to place the process into the window specified by
WinId. If WinId exists, then the process is placed into that memory window. If no window exists with
WinId, an unused window is allocated and associated with WinId. -c specifies the creation of a window. If
the window already exists and -c is specified, the call fails. -j specifies the joining to an existing window.
If the window does not exist and -j is specified, the call fails.
The -f option instructs the command to execute program even if setmemwindow is unable to change the
process’s window to the specified WinId. The failure to create a specific window may be the effect of the
lack of available memory windows; that is, the underlying kernel:
• Has not been configured with enough memory windows (exit status [ENOMEM]);
• Was unable to allocate memory for a new window to meet this request (exit status [ENOMEM]); or
• Does not implement the feature (exit status [ENOSYS]).

Options
-b Create a memory window where both memory window quadrants use the same space ID.
For SHMEM_MAGIC executables this generates two quadrants with the same space ID.
Applications can use this to generate the appearance of larger contiguous shared memory
ranges with a maximum of 2 gigabytes. For example, an application that generates a 1
s
gigabyte shared memory segment has that segment placed into the 2nd quadrant by
default. If the application creates another 1 gigabyte segment that segment is placed in the
3rd quadrant. Both segments are contiguous virtually, allowing the application to treat the
virtual range as if it were a contiguous 2 gigabyte segment.
This option only benefits SHMEM_MAGIC executables. They are the only type of executable
format able to place shared objects in the 2nd quadrant.
-c Create a window with ID WinId and attach the specified process to it. If WinId already
exists the call fails.
-f The default behavior for setmemwindow is to exit without executing the user specified
program if the memory window cannot be set. The failure to set the memory window may
be caused by:
• The lack of enough memory windows in the system.
• The memory windows feature is not implemented.
• The request requires a new memory window be initialized and the system was not
able to allocate the memory to do so.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 359

 setmemwindow(1M) setmemwindow(1M)

• A memory window with WinId could not be found in the attempt to join a memory
window.
• A memory window with the WinId was found in the attempt to create a memory win-
dow.
The -f option instructs setmemwindow to execute program whether the desired memory
window was set or not. Obviously, using this option there is no guarantee program has
been attached to the desired memory window and it is unclear in what memory window it
is running. Using this option is strongly discouraged.
-i WinId Specifies the desired memory window. WinId is a key to the desired memory window.
WinId is a user specified value and should be one of the values contained in the file
/etc/services.window.
Applications extract the user key from /etc/services.window according to a unique
string contained in /etc/services.window, using the getmemwindow command.
(See getmemwindow(1M) and services.window(4).)
The kernel tries to locate an existing window with WinId. If one is found, that window is
used. If no window with WinId is found, an unused entry is located and assigned to WinId.
The value 0 for WinID is special. If specified, the process/program is placed into the
default global window instead of a unique window with ID WinId.
If WinID is unspecified, the process and its children will run in a private memory window,
and no other processes in the system can attach to this memory window. This memory
window remains active until the process and its children terminate.
-j Join an existing window with ID WinId. The specified process attaches to an existing
memory window. If no entry exists the call fails.
-n If program is executed, the default behavior is to waitpid() (see the wait(2) manual
page) for the process to terminate. Specifying -n causes setmemwindow to exit after
forking the child (that will execute program).
-o Send the PID of the executed program to standard output. The message sent out is:
setmemwindow:pid=dddd\n, where dddd is the decimal value of the PID.
-p pid | program [arg]...
Change the memory window for process pid, or start program in the specified memory win-
dow. If program has arguments (arg ... ), they must also be specified.
If -p is unspecified or the value of pid is 0, the calling process has its window ID changed,
and program is executed.
If a nonzero process pid is specified, only the window in that process is changed, and pro-
gram is ignored.
s -v Execute in verbose (debug) mode.

Application Usage
Memory Windows helps alleviate the 1.75-gigabyte limitation on system-wide shared memory for 32-bit
applications by allowing cooperating applications to configure their own 1-gigabyte window of shared
resources.
The definition of a memory window is only available for 32-bit processes.
Note that memory windows allows the creation of more than 1.75 gigabytes of total system-wide shared
memory, but it does not extend how much shared memory a single process can create. SHARED_MAGIC
executables are still limited to 1.75 gigabytes.
HP-UX ships memory windows disabled. To enable memory windows, the kernel tunable parameter,
max_mem_window, must be set to the desired number. max_mem_window represents the number of
memory windows beyond the global default window. Setting max_mem_window to 2, for example, would
produce a total of three memory windows, the default global window plus two user defined windows. Set-
ting max_mem_window to 0 leaves only the default or global memory window.
There are two new commands and one file introduced by memory windows: setmemwindow , get-
memwindow , and /etc/services.window file.

360 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

setmemwindow(1M) setmemwindow(1M)

The /etc/services.window file maps a memory window application to a particular window ID.
Using this central file allows applications to share memory windows, by using the same window ID, as well
as avoid unintentional memory window collisions. See services.window(4) for more information.
The getmemwindow command is used to extract the window ID of a user process from the
/etc/services.window file. The setmemwindow command starts a particular process in a
memory window. A common usage of these commands is to extract a memory window ID with get-
memwindow , which is then passed to setmemwindow to start a process with the given window ID.
Processes must be in the same window to share data. Processes wanting to share global data, such as
shared memory or MAP_SHARED memory mapped files, must make sure all processes are in the same
memory window. If processes in different memory windows wish to share data reliably, the creator of the
data must take steps to guarantee the data is placed in a location accessible to all processes.
For more detailed information on memory windows, refer to the Memory Windows in HP-UX 11.0 White
Paper.

RETURN VALUE
The exit value is 0 on success or a positive number on failure.
If -n is not specified, the value is the exit status of the executed program, obtained from the waitpid()
system call.

EXAMPLES
Start the program myprog in a memory window extracted by the string myapp .
WinId=$(getmemwindow myapp)
setmemwindow -i $WinId myprog arg1 arg2
Start the program myprog in a newly created memory window extracted by the string myapp .
WinId=$(getmemwindow myapp)
setmemwindow -c -i $WinId myprog arg1 arg2
Start the program myprog in an existing memory window extracted by the string myapp .
WinId=$(getmemwindow myapp)
setmemwindow -j -i $WinId myprog arg1 arg2
Start the program myprog in a private memory window. Only myprog and its descendents can access
the window.
setmemwindow myprog arg1 arg2
WARNINGS
Programs using a memory window can access shared memory objects created by other programs using the
same window (depending upon permissions). However, by default, programs using a memory window may
not be able to access shared memory objects created by programs using other windows or those not using
windows at all.
s
To enable access to a shared memory object across programs using different windows, or between those
using windows and those not using windows, the program must specify special options when creating the
object. See shmget(2) and mmap(2) for details.

AUTHOR
setmemwindow was developed by HP.
FILES
/etc/services.window File containing applications’ associated window IDs.
SEE ALSO
getmemwindow(1M), services.window(4).
Memory Windows in HP-UX 11.0 White Paper.

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 361

 setoncenv(1M) setoncenv(1M)

NAME
setoncenv - NFS environment configuration command

SYNOPSIS
/usr/sbin/setoncenv [-av ] variable value
/usr/sbin/setoncenv -l [v] [subsystem|variable]
/usr/sbin/setoncenv -r [v] variable [value]
DESCRIPTION
setoncenv initializes, displays, and removes the value of NFS configuration variables, found either in
/etc/rc.config.d/nfsconf, /etc/rc.config.d/namesvrs, /etc/default/autofs,
/etc/default/key, /etc/default/nfs, or /etc/default/nfslogd. The value can be an
integer or a string and should be consistent with the variable being set. There is limited validation of the
value parameter. Quotes should be avoided unless the value can have white space; then quotes should be
used. The setoncenv command can also be used to display the NFS kernel tunable variables.
Options
setoncenv recognizes the following flags:
-a Add a supported configuration variable, or change the value of an existing configuration
variable in the configuration file. The -a option cannot be used to set a kernel tunable
variable. You must use kctune to manage kernel tunable variables.
-l Display the values of all configuration variables and kernel tunable variables supported by
setoncenv . Optionally you can specify either a subsystem or an individual variable.
-r Remove or comment out a configuration variable in a configuration file. The setoncenv
command will not remove or comment out variables from
/etc/rc.config.d/nfsconf or /etc/rc.config.d/namesvrs; it also cannot
be used to remove kernel tunable variables. The value parameter is only used when remov-
ing an entry for a configuration variable that supports multiple entries in a configuration
file (for example, AUTOMOUNTD_ENV).
-v Provide verbose output.
NOTE: Using a command or editor other than setoncenv to modify the supported configuration files can
cause problems if used simultaneously. The setoncenv command will attempt to correct some issues,
such as duplicate entries where duplicate entries are not allowed, but there is no guarantee that seton-
cenv can recover a configuration file once the file has been edited by another process. In the event of
duplicate entries in a configuration file, the following precedence is followed. For
/etc/rc.config.d/nfsconf and /etc/rc.config.d/namesvrs, the last entry is the value
used. For /etc/default/nfs, /etc/default/nfslogd, /etc/default/key, and
/etc/default/autofs, the first entry is the value used.
s The setoncenv command recognizes the following subsystem names:
autofs Will display all variables associated with the AutoFS subsystem.
key Will display all variables associated with the KEY, keyserv subsystem.
klm Will display all variables associated with the Kernel Lock Manager subsystem.
krpc Will display all variables associated with the kernel RPC subsystem.
nfs Will display all variables associated with the NFS subsystem.
nfslogd
Will display all variables associated with the NFS logging, nfslogd subsystem.
nis Will display all variables associated with the NIS subsystem.
rpcbind
Will display all variables associated with the rpcbind subsystem.
The setoncenv command recognizes the following configuration variable names for the AutoFS subsys-
tem:
AUTO_MASTER [path ]
The location of the default auto_master file.

362 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

setoncenv(1M) setoncenv(1M)

AUTOFS [0 | 1]
Used to enable or disable the AutoFS service during system startup. Can only be 0 to dis-
able the service or 1 to enable the service. This variable will be obsolete in a future release.
AUTOMOUNT_OPTIONS [option_string]
The run time arguments for the automount command used by
/sbin/init.d/autofs. This variable will be obsolete in a future release.
AUTOMOUNT_TIMEOUT [number]
Specifies a duration, in seconds, that a file system is to remain mounted when not in use.
The default value is 600 (10 minutes). Equivalent to the -t option in automount .
AUTOMOUNT_VERBOSE [TRUE | FALSE ]
Verbose mode. Causes you to be notified of non-critical events, such as autofs mounts
and unmounts. The default value is FALSE. Equivalent to the -v option in automount .
AUTOMOUNTD_ENV [name=value]
Environment variables. Each environment variable-value pairing must be on its own line.
You can specify multiple such pairings. When using the -r option, just specifying
AUTOMOUNTD_ENV will remove all variables, using AUTOMOUNTD_ENV name =value will
remove that value only.
AUTOMOUNTD_NOBROWSE [TRUE | FALSE ]
Turn on or off browsing for all AutoFS mount points. The default value is FALSE.
Equivalent to the -n option in automountd .
AUTOMOUNTD_OPTIONS [option_string]
The
run time arguments for the automount daemon used by
/sbin/init.d/autofs. This variable will be obsolete in a future release.
AUTOMOUNTD_TRACE [number]
Expands each RPC call and displays it on standard output. The default value, 0, turns off
such tracing. Tracing starts with value 1 and with each higher value the verbosity of trace
output increases.
AUTOMOUNTD_VERBOSE [TRUE | FALSE ]
Verbose mode. Causes status messages to be logged to the console. The default value is
FALSE. Equivalent to the -v option in automountd .
The setoncenv command recognizes the following configuration variable names for the KEY subsystem:
ENABLE_NOBODY_KEYS [yes | no]
Specifies whether default keys for nobody are used. ENABLE_NOBODY_KEYS=NO is
equivalent to the -d command-line option for keyserv . The default value for
ENABLE_NOBODY_KEYS is yes.
KEYSERV_OPTIONS [option_string]
The run time arguments for the keyserv daemon used by
/sbin/init.d/nis.client or /sbin/init.d/nis.server. This variable will
s
be obsolete in a future release.
The setoncenv command recognizes the following configuration variable names for the Kernel Lock
Manager subsystem:
GRACE_PERIOD [number]
Grace period, in seconds, that all clients (both NLM and NFSv4) have to reclaim locks after
a server reboot. This variable also controls the NFSv4 lease interval. The default value is
90.
LOCKD_LISTEN_BACKLOG [number]
Set connection queue length for rpc.lockd over a connection-oriented transport. The
default value is 32.
LOCKD_OPTIONS [option_string]
The run time arguments for the rpc.lockd daemon used by
/sbin/init.d/lockmgr. This variable will be obsolete in a future release.
LOCKD_PORT [number]
Obsolete. The port number rpc.lockd should use for listening for incoming requests.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 363

 setoncenv(1M) setoncenv(1M)

LOCKD_RETRANSMIT_TIMEOUT [number]
Retransmit timeout, in seconds, before rpc.lockd retries. The default is 5.
LOCKD_SERVERS [number]
Maximum number of concurrent rpc.lockd requests. The default value is 20.
LOCKMGR [0 | 1]
Used to enable or disable the klm service by /sbin/init.d/lockmgr. Value can
either be 0 to disable the service or 1 to enable the service. This variable will be obsolete in
a future release.
STATD_OPTIONS [option_string]
The run time arguments for the rpc.statd daemon used by
/sbin/init.d/lockmgr. This variable will be obsolete in a future release.
STATD_PORT [number]
The port number rpc.statd should use for listening for incoming requests.
The setoncenv command recognizes the following kernel tunable variable names for the kernel RPC
subsystem (a complete description of all KRPC kernel tunable variables can be found in the NFS Services
Administrator’s Guide):
rpc_clnt_idle_timeout
Controls the amount of time on the client a connection can stay idle before being closed.
rpc_clnt_max_conns
Controls the number of TCP connections between an NFS client and an NFS server.
rpc_svc_cltsmaxdupreqs
Controls the size of the duplicate request cache over UDP.
rpc_svc_cotsmaxdupreqs
Controls the size of the duplicate request cache over TCP.
rpc_svc_default_max_same_xprt
Controls the maximum number of requests that are processed for each transport endpoint
before switching transport endpoints.
rpc_svc_idle_timeout
Controls the amount of time a connection on the server can stay idle before being closed.
The setoncenv command recognizes the following configuration variable names for the NFS subsystem:
MOUNTD_OPTIONS [option_string]
The run time arguments for the rpc.mountd daemon used by
/sbin/init.d/nfs.server. This variable will be obsolete in a future release.
MOUNTD_PORT [number]
The port number rpc.mountd should use for listening for incoming requests.
s MOUNTD_TRACE [number]
Enables rpc.mountd tracing. This is equivalent to the -t command-line option. A value
of 1 enables error tracing and a value greater than 1 increases the verbosity of the output.
NFS_CLIENT [0 | 1]
Used to enable or disable the NFS client service by /sbin/init.d/nfs.client. Can
either be 0 to disable or 1 to enable the service. This variable will be obsolete in a future
release.
NFS_CLIENT_VERSMAX [number]
The NFS client only uses NFS versions in the range specified by the
NFS_CLIENT_VERSMAX and NFS_CLIENT_VERSMIN variables. Valid values are 2, 3,
and 4. The default value for NFS_CLIENT_VERSMAX is 3. You can override this range
on a per-mount bases by using the -o vers= option to mount_nfs .
NFS_CLIENT_VERSMIN [number]
The NFS client only uses NFS versions in the range specified by the
NFS_CLIENT_VERSMAX and NFS_CLIENT_VERSMIN variables. Valid values are 2, 3,
and 4. The default values for NFS_CLIENT_VERSMIN is 2. You can override this range
on a per-mount bases by using the -o vers= option to mount_nfs .

364 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

setoncenv(1M) setoncenv(1M)

NFS_SERVER [0 | 1]
Used to enable or disable the NFS server service by /sbin/init.d/nfs.server.
Can either be 0 to disable or 1 to enable the service. This variable will be obsolete in a
future release.
NFS_SERVER_DELEGATION [on | off ]
The NFS server by default does not provide delegations to clients. Delegations can be
turned on for all exported file systems by setting this variable to be on. This variable only
applies to NFS Version 4. If local processes can access files in exported directories,
NFS_SERVER_DELEGATION should not be turned on. The default is off.
NFS_SERVER_VERSMAX [number]
The NFS server only uses NFS versions in the range specified by
NFS_SERVER_VERSMAX and NFS_SERVER_VERSMIN. Valid values are 2, 3, and 4.
The default value is 3.
NFS_SERVER_VERSMIN [number]
The NFS server only uses NFS versions in the range specified by
NFS_SERVER_VERSMAX and NFS_SERVER_VERSMIN. Valid values are 2, 3, and 4.
The default value is 2.
NFSD_DEVICE [device_name ]
Start nfsd on the transport specified by the given device only. Equivalent to the -t
option in nfsd . Mutually exclusive of NFSD_PROTOCOL. Either NFSD_DEVICE or
NFSD_PROTOCOL must be commented out.
NFSD_LISTEN_BACKLOG [number]
Set the connection queue length for NFS over a connection-oriented transport. The default
value is 32, meaning 32 entries in the queue. Equivalent to the -l option in nfsd .
NFSD_MAX_CONNECTIONS [number]
Sets the maximum number of concurrent connection-oriented connections. This variable is
read every time nfsd is run.
NFSD_PROTOCOL [string ]
Start nfsd over the specified protocol only. Equivalent to the -p option in nfsd . ALL is
equivalent to the -a option on the nfsd command line. Mutually exclusive of
NFSD_DEVICE . Either NFSD_DEVICE or NFSD_PROTOCOL must be commented out.
For the UDP protocol, only version 2 and version 3 NFS service is established. NFS Ver-
sion 4 is not supported for the UDP protocol.
NFSD_SERVER [number]
The maximum number of concurrent NFS requests. Equivalent to last numeric argument
on the nfsd command line. The default is 16.
NFSMAPID_DOMAIN [domain_string]
By default, the nfsmapid uses the DNS domain of the system. This setting overrides the
default. This domain is used for identifying user and group attribute strings in the NFS
s
Version 4 protocol. Clients and servers must match with this domain for operations to
proceed normally. This variable only applies to NFS Version 4.
PCNFS_SERVER [0 | 1]
Used to enable or disable the pcnfsd daemon by /sbin/init.d/nfs.server. This
variable will be obsolete in a future release.
START_MOUNTD [0 | 1]
Used to enable or disable the rpc.mountd daemon by /sbin/init.d/nfs.server.
This variable will be obsolete in a future release.
The setoncenv command recognizes the following kernel tunable variable names for the NFS subsystem
(a complete description of all NFS kernel tunable variables can be found in the NFS Services
Administrator’s Guide):
nfs2_async_clusters
Controls the mix of asynchronous requests for NFS version 2 clients.
nfs2_bsize
Controls the logical block size used by NFS version 2 clients.

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 365

 setoncenv(1M) setoncenv(1M)

nfs2_cots_timeo
Controls the default RPC timeout for NFS version 2 mounted file systems using a
connection-oriented transport.
nfs2_do_symlink_cache
Used to enable or disable the symbolic link cache for NFS version 2 mounted file systems.
nfs2_dynamic
Used to enable or disable dynamic retransmission for NFS version 2 mounted file systems.
nfs2_lookup_neg_cache
Used to enable or disable the negative name cache used for NFS version 2 mounted file sys-
tems.
nfs2_max_threads
Controls the number of kernel threads that perform asynchronous I/O for NFS version 2
mount points.
nfs2_nra
Controls the number of read-ahead operations that are queued by the NFS version 2 client
when sequentially accessing a file.
nfs2_shrinkreaddir
Limit the size of a READDIR request to be no greater than 1024 bytes of directory informa-
tion.
nfs3_async_clusters
Controls the mix of asynchronous requests for NFS version 3 clients.
nfs3_bsize
Controls the logical block size used by NFS version 3 clients.
nfs3_cots_timeo
Controls the default RPC timeout for NFS version 3 mounted file systems using a
connection-oriented transport.
nfs3_do_readdirplus
Control the ability to turn off the NFS version 3 readdirplus functionality on the NFS
server.
nfs3_do_symlink_cache
Used to enable or disable the symbolic link cache for NFS version 3 mounted file systems.
nfs3_dynamic
Used to enable or disable dynamic retransmission for NFS version 3 mounted file systems.
nfs3_jukebox_delay
Controls the length of time the NFS version 3 client waits before re-transmitting a request
s after receiving the error [NFS3ERR_JUKEBOX].
nfs3_lookup_neg_cache
Used to enable or disable the negative name cache used for NFS version 3 mounted file sys-
tems.
nfs3_max_threads
Controls the number of kernel threads that perform asynchronous I/O for NFS version 3
mount points.
nfs3_max_transfer_size
Controls the size of the data portion of an NFS version 3 READ, WRITE, READDIR, or
READDIRPLUS request.
nfs3_max_transfer_size_clts
Controls the size of the data portion of an NFS version 3 READ, WRITE, READDIR, or
READDIRPLUS request over UDP.
nfs3_max_transfer_size_cots
Controls the size of the data portion of an NFS version 3 READ, WRITE, READDIR, or
READDIRPLUS request over TCP.
nfs3_nra
Controls the number of read-ahead operations that are queued by the NFS version 3 client

366 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

setoncenv(1M) setoncenv(1M)

when sequentially accessing a file.

nfs3_pathconf_disable_cache
Used to enable or disable the caching of pathconf information for NFS version 3
mounted file systems.
nfs4_async_clusters
Controls the mix of asynchronous requests for NFS version 4 clients.
nfs4_bsize
Controls the logical block size used by NFS version 4 clients.
nfs4_cots_timeo
Controls the default RPC timeout for NFS version 4 mounted file systems using a
connection-oriented transport.
nfs4_do_symlink_cache
Used to enable or disable the symbolic link cache for NFS version 4 mounted file systems.
nfs4_lookup_neg_cache
Used to enable or disable the negative name cache used for NFS version 4 mounted file sys-
tems.
nfs4_max_threads
Controls the number of kernel threads that perform asynchronous I/O for NFS version 4
mount points.
nfs4_max_transfer_size
Controls the size of the data portion of an NFS version 4 READ, WRITE, READDIR, or
READDIRPLUS request.
nfs4_max_transfer_size_cots
Controls the size of the data portion of an NFS version 4 READ, WRITE, READDIR, or
READDIRPLUS request over TCP.
nfs4_nacache
Tunes the number of hash queues that access the file access cache on the NFS version 4
client.
nfs4_nra
Controls the number of read-ahead operations that are queued by the NFS version 4 client
when sequentially accessing a file.
nfs4_nrnode
Controls the size of the NFS version 4 rnode cache on the NFS client.
nfs4_pathconf_disable_cache
Used to enable or disable the caching of pathconf information for NFS version 4
mounted file systems. s
nfs_async_timeout
Controls the duration of time that the client’s asynchronous I/O threads sleep with nothing
to do before exiting.
nfs_disable_rddir_cache
Used to enable or disable the NFS directory caches.
nfs_exi_cache_time
Control the duration of time entries are held in the NFS authentication cache.
nfs_nacache
Tunes the number of hash queues that access the file access cache on the NFS version 2 and
version 3 client.
nfs_nrnode
Controls the size of the rnode cache on the NFS version 2 and version 3 client.
nfs_portmon
Used to enable or disable the check to verify that the source port is a reserved port.
nfs_write_error_interval
Controls the duration between logging [ENOSPC] and [EDQUOT] errors.

HP-UX 11i Version 3: February 2007 −6− Hewlett-Packard Company 367

 setoncenv(1M) setoncenv(1M)

nfs_write_error_to_cons_only
Used to enable or disable logging messages to both the system console and syslog .
The setoncenv command recognizes the following configuration variable names for the NFS logging sub-
system:
CYCLE_FREQUENCY [number]
Specifies how often, in hours, the log files are cycled. This variable is used to insure that
the log files do not get too large.
IDLE_TIME [number]
Specifies the amount of time, in seconds, the daemon, nfslogd should sleep while waiting
for more information to be placed in the buffer file. This variable also determines how often
the configuration file will be re-read.
MAX_LOGS_PRESERVE [number]
The nfslogd daemon periodically cycles its logs. This variable specifies the maximum
number of log files to save. When MAX_LOGS_PRESERVE is reached, the oldest files will
be overwritten as new log files are created. These files will be saved with a numbered
extension, beginning with filename.0. The oldest file will have the highest numbered exten-
sion up to the value configured for MAX_LOGS_PRESERVE.
MIN_PROCESS_SIZE [number]
Specifies the minimum size, in bytes, that the buffer file must reach before processing the
work information and writing to the log file.
START_NFSLOGD [0 | 1]
Used to enable or disable the nfslogd daemon by /sbin/init.d/nfs.server.
This variable will be obsolete in a future release.
UMASK [mode]
Sets the file mode for the log files, work buffer files and file handle mapping database.
The setoncenv command recognizes the following configuration variable names for the NIS subsystem:
MAX_NISCHECKS [number]
The maximum number of times the NIS client should attempt to contact an NIS server
before failing. This variable is used during system startup.
NIS_CLIENT [0 | 1]
Used to enable or disable the NIS client during system startup. Can either be 0 to disable
or 1 to enable the service.
NIS_DOMAIN [domain_string]
Used to set the domain name by /sbin/init.d/nis.server and
/sbin/init.d/nis.client.
NIS_MASTER_SERVER [0 | 1]
s Used to enable or disable the NIS Master Server by /sbin/init.d/nis.server. Can either be 0
to disable or 1 to enable the service.
NIS_SLAVE_SERVER [0 | 1]
Used to enable or disable the NIS Slave Server by /sbin/init.d/nis.server. Can
either be 0 to disable or 1 to enable the service.
SHADOW_MODE [0 | 1]
Enables and disables support for shadow passwords in NIS. Can either be 0 to disable or 1
to enable shadow password support.
YPBIND_OPTIONS [option_string]
The run time arguments for the ypbind daemon used by
/sbin/init.d/nis.client.
YPPASSWDD_OPTIONS [option_string]
The run time arguments for the rpc.yppasswdd daemon used by
/sbin/init.d/nis.server.
YPSERV_OPTIONS [option_string]
The run time arguments for the ypserv daemon used by
/sbin/init.d/nis.server.

368 Hewlett-Packard Company −7− HP-UX 11i Version 3: February 2007

setoncenv(1M) setoncenv(1M)

YPSET_ADDR [string ]
This sets the IP address of an NIS server that the client should bind to. This value is used
by /sbin/init.d/nis.client.
YPUPDATED_OPTIONS [option_string]
The run time arguments for the rpc.ypupdated daemon used by
/sbin/init.d/nis.server.
YPXFRD_OPTIONS [option_string]
The run time arguments for the ypxfrd daemon used by
/sbin/init.d/nis.server.
The setoncenv command recognizes the following configuration variable names for the rpcbind subsys-
tem:
NFS_CORE [0 | 1]
Used to enable or disable the rpcbind service by /sbin/init.d/nfs.core. Can
either be 0 to disable or 1 to enable the service. This variable will be obsolete in a future
release.
RPCBIND_OPTIONS
The run time arguments for the rpcbind daemon used by
/sbin/init.d/nfs.core. This variable will be obsolete in a future release.
COMMAND_START_DAEMON [0 | 1]
Used to enable or disable the functionality that allows the NFS commands to start subsys-
tem daemons required for the NFS subsystem to work properly. If this variable is enabled,
the NFS subsystem start and stop scripts will no longer start the NFS daemons. The dae-
mons will only be started if one of NFS subsystem commands is run. For example, if a file
system is shared using the share command, the NFS daemons, rpc.statd ,
rpc.lockd , nfsmapid , rpc.mountd , and nfsd will be started if not already run-
ning. If an NFS file system is mounted, the NFS mount command will start the NFS dae-
mons, rpc.statd , rpc.lockd , and if it is an NFSv4 mount, nfsmapid , and
nfs4cbd will be started if not already running.
AUTHOR
setoncenv was developed by the Hewlett-Packard Company.
SEE ALSO
automount(1M), automountd(1M), kctune(1M), keyserv(1M), lockd(1M), mountd(1M), mount_nfs(1M),
nfsd(1M), nfslogd(1M), nfsmapid(1M) pcnfsd(1M), rpcbind(1M), statd(1M), syslogd(1M), yppasswdd(1M),
ypupdated(1M), ypserv(1M), autofs(4), nfs(4), rc.config(4), nfs2_max_threads(5), nfs2_nra(5), nfs3_bsize(5),
nfs3_do_readdirplus(5), nfs3_jukebox_delay(5), nfs3_max_threads(5), nfs3_max_transfer_size(5),
nfs3_max_transfer_size_cots(5), nfs3_nra(5), nfs4_bsize(5), nfs4_max_threads(5), nfs4_max_transfer_size(5),
nfs4_max_transfer_size_cots(5), nfs4_nra(5), nfs_portmon(5).
s

HP-UX 11i Version 3: February 2007 −8− Hewlett-Packard Company 369

 setprivgrp(1M) setprivgrp(1M)

NAME
setprivgrp - set special privileges for groups

SYNOPSIS
setprivgrp groupname [privileges]
setprivgrp -g [privileges]
setprivgrp -n [privileges]
setprivgrp -f file
DESCRIPTION
The setprivgrp command associates a group with a list of privileges, thus providing access to certain
system capabilities for members of a particular group or groups. The privileges can be displayed with the
getprivgrp command (see getprivgrp (1)).
Privileges can be granted to individual groups, as defined in the /etc/group file, and globally for all
groups.
Only a superuser can use the setprivgrp command.

Options and Arguments

setprivgrp recognizes the following options and arguments:
privileges One or more of the keywords described below in Privileged Capabilities.
groupname The name of a group defined in the file named /etc/group . The current privileges
for groupname, if any, are replaced by the specified privileges. To retain prior
privileges, they must be respecified.
-g Specify global privileges that apply to all groups. The current privileges, if any, are
replaced by the specified privileges, To retain prior privileges, they must be
respecified.
-n If no privileges are specified, delete all privileges for all groups, including global
privileges.
If one or more privileges are specified, delete the specified privileges from the current
privilege lists of all groups, including the global privilege list, but do not delete
unspecified privileges.
-f file Set the privileges according to entries in the file file. This file is usually
/etc/privgroup. The entry formats are described below in Group Privileges File
Format.

Privileged Capabilities
s The following system capabilities can be granted to groups:
CHOWN Can use chown() to change file ownerships (see chown(2)).
LOCKRDONLY Can use lockf() to set locks on files that are open for reading only (see lockf(2)).
MLOCK Can use plock() to lock process text and data into memory, and the shmctl()
SHM_LOCK function to lock shared memory segments (see plock(2) and shmctl(2)).
RTPRIO Can use rtprio() to set real-time priorities (see rtprio(2)).
RTSCHED Can use sched_setparam() and sched_setscheduler() to set POSIX.4
real-time priorities (see rtsched(2)).
SERIALIZE Can use serialize() to force the target process to run serially with other
processes that are also marked by this system call (see serialize(2)).
SETRUGID Can use setuid() and setgid() to change, respectively, the real user ID and
real group ID of a process (see setuid(2) and setgid(2)).
FSSTHREAD Allows certain administrative operations in the Process Resource Manager (PRM) pro-
duct. See that product’s documentation for more information.
SPUCTL Allows certain administrative operations in the Instant Capacity (iCAP) product. See
that product’s documentation for more information.

370 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

setprivgrp(1M) setprivgrp(1M)

PSET Can change system pset configuration (see pset_create (2)).

MPCTL Can use mpctl() to change processor binding, locality domain binding or launch pol-
icy of a process (see mpctl(2)).

Group Privileges File Format

The file specified with the -f option should contain one or more lines in the following formats:
groupname [privileges]
-g [privileges]
-n [privileges]
They are described above in "Options and Arguments".

RETURN VALUE
setprivgrp exits with one of the following values:
0 Successful completion.
>0 Failure.
AUTHOR
setprivgrp was developed by HP.
FILES
/etc/group
/etc/privgroup
SEE ALSO
getprivgrp(1), chown(2), getprivgrp(2), lockf(2), plock(2), rtprio(2), rtsched(2), serialize(2), setgid(2),
setuid(2), shmctl(2), mpctl(2), pset_create(2), privgrp(4).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 371

 setrules(1M) setrules(1M)

NAME
setrules - set compartment rules

SYNOPSIS
setrules [-p]
DESCRIPTION
setrules takes the current rules files on the system and puts them into effect. Prior to using this com-
mand, changes in the rules files have no effect on the system. This command can only be used when com-
partmentalization is enabled (see cmpt_tune(1M)).

Options
setrules recognizes the following option:
-p Preview the rules. This option parses the rules files, checking for syntax and semantic errors,
but setrules makes no changes to the system.

Security Restrictions
The user invoking this command must have one of the following authorizations:
hpux.security.xsec.secrules.unrestricted
hpux.security.xsec.secrules.restricted
A user with hpux.security.xsec.secrules.unrestricted authorization can invoke this com-
mand from any compartment, while a user with hpux.security.xsec.secrules.restricted
authorization can invoke this command from only those compartments that have read and write access to
the /etc/cmpt directory heirarchy.
See authadm(1M)).

Notes
If a compartment is tagged for automatic discovery of rules using the keyword discover , subsequent
runs of setrules command does NOT clear the rules that are already discovered. This means the rules
applied are inconsistent with the rules currently in the /etc/cmpt directory. To make them consistent,
first run "getrules -m compartment_name >file.rules", and then run setrules ; where,
compartment_name is the name of the compartment which is under for discovery mode and file.rules is the
rules file containing the rules for this compartment.

RETURN VALUE
setrules returns the following values:
0 Successful completion. The rules are displayed.
>0 An error occurred. An error can be caused by the following:
• An invalid option.
s • The user does not having permissions to perform the operation.
• A syntax or semantic error in a rule file.
• Other system errors (for example, insufficient system resources).

EXAMPLES
Example 1: Execute setrules to push the configured rules:
# setrules
Example 2: Execute setrules to push syntactically incorrectly configured rules:
# setrules
Sample Output:
Error: "/etc/cmpt/11.cmpt.1.rules", line 10 # Unexpected token ’web’ \
or rule terminated prematurely setrules: Exiting due to parse errors
Example 3: Execute setrules to find any syntactically or semantically incorrectly configured rules:
# setrules -p
Sample Output:

372 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

setrules(1M) setrules(1M)

Error: "/etc/cmpt/iface.rules", line 10 # Undefined compartment "ooutside".

Error: "/etc/cmpt/iface.rules", line 14 # Undefined compartment "cgi".

SEE ALSO
authadm(1M), cmpt_tune(1M), getrules(1M), compartments(4), compartments(5).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 373

 setuname(1M) setuname(1M)

NAME
setuname - change machine information

SYNOPSIS
setuname [-s name] [-n node] [-t]
DESCRIPTION
The setuname command is used to modify the value for system name and/or the node name by using the
appropriate option(s).
The setuname command attempts to change the parameter values in both the running kernel and the
system configuration to cross reboots. A temporary change affects only the running kernel.

Options
The setuname command supports the following options:
-s name Changes the system name (for example, HP-UX) in the sysname field of the
utsname structure where name is the new system name and consists of
alphanumeric characters and the special characters dash, underbar, and dollar sign.
-n node Changes the name in the nodename field of the utsname structure where node
specifies the new node name and consists of alphanumeric characters and the special
characters dash, underbar, and dollar sign.
-t Signifies a temporary change. The change will not survive a reboot.
Either or both of the -s or -n options must be given when invoking setuname .
The size of the name and node is limited to UTSLEN −1 characters. UTSLEN is defined in
<sys/utsname.h>. Only users having appropriate privileges can use this command.
EXAMPLES
To permanently change the system name to HP-UX and the node name to the-node , issue the following
command:
setuname -s HP-UX -n the-node
To temporarily change the system name to SYSTEM and the node name to new-node , issue the following
command:
setuname -s SYSTEM -n new-node -t
WARNINGS
Setting a nodename of more than 8 bytes is possible only with the appropriate configuration options
enabled. It is strongly recommended that all related documentation be completely understood before set-
ting a larger node name. A node name larger than 8 bytes can cause anomalous or incorrect behavior in
s applications which use the uname command or the uname() system function to access the name.

SEE ALSO
uname(1), uname(2), nodehostnamesize(5).

374 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

share(1M) share(1M)

NAME
share - make local resource available for mounting by remote systems

SYNOPSIS
/usr/sbin/share [-F FSType] [-o specific_options] [-d description] [pathname]
DESCRIPTION
The share command exports, or makes a resource available for mounting, through a remote file system of
type FSType.
If the option -F FSType is omitted, the first file system type listed in /etc/dfs/fstypes is used as
default.
For a description of NFS specific options, see share_nfs(1M).
pathname is the pathname of the directory to be shared. When invoked with no arguments, share
displays all shared file systems.

Options
share recognizes the following options:
-F FStype Specify the file system type.
-o specific_options
The specific_options are used to control access of the shared resource. (See share_nfs(1M) for
NFS specific options.) They may be any of the following:
rw pathname is shared read/write to all clients. This is also the default behavior.
rw= client[:client] ...
Share the pathname read-mostly if sec= option is not provided. Read-mostly means
read-write to those clients specified and read-only for all other systems. If a sec= option
is provided, pathname is shared read/write only to the listed clients. No other systems
can access pathname.
ro pathname is shared read-only to all clients.
ro= client[:client] ...
pathname is shared read-only only to the listed clients. No other systems can access
pathname.
-d description
The -d flag may be used to provide a description of the resource being shared.

WARNINGS
Old terminology (export)
File system sharing used to be called exporting on HP-UX, and exportfs was used for exporting file sys-
tems. With the new share NFS model, the share command replaces exportfs(1M) or s
/usr/sbin/exportfs.
If share commands are invoked multiple times on the same file system, the last share invocation super-
sedes the previous; the options set by the last share command replace the old options. For example, if
read-only permission was previously given to usera on somefs , use the following share command to
also give read-only permission to userb on somefs :
share -F nfs -o ro=usera:userb /somefs
This behavior is not limited to sharing the root file system, but applies to all file systems.

EXAMPLES
The following command wll share the disk file system read-only.
share -F nfs -o ro /disk
FILES
/etc/dfs/dfstab list of share commands to be executed at boot time
/etc/dfs/fstypes list of distributed file system types, NFS by default
/etc/dfs/sharetab system record of shared file systems

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 375

 share(1M) share(1M)

AUTHOR
share was developed by Sun Microsystems, Inc.
SEE ALSO
mountd(1M), nfsd(1M), share_nfs(1M), shareall(1M), unshare(1M), dfstab(4), fstypes(4), sharetab(4).

376 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

share_nfs(1M) share_nfs(1M)

NAME
share_nfs: share - make local NFS file systems available for mounting by remote systems

SYNOPSIS
/sbin/fs/nfs/share [-d description] [-F nfs ] [-o specific_options] pathname
DESCRIPTION
The share utility makes local file systems available for mounting by remote systems.
If no argument is specified, then share displays all file systems currently shared, including NFS file sys-
tems and file systems shared through other distributed file system packages.

Options
The following options are supported:
-d description
Provide a comment that describes the file system to be shared.
-F nfs
Share NFS file system type.
-o specific_options
Specify specific_options in a comma-separated list of keywords and attribute-value-assertions for
interpretation by the file-system-type-specific command. If specific_options is not specified, then by
default sharing will be read-write to all clients. specific_options can be any combination of the fol-
lowing:
async All NFS Protocol Version 2 mounts will be asynchronous. This option is ignored for
NFS PV3. Specifying async increases write performance on the NFS server by caus-
ing asynchronous writes on the NFS server. The async option can be specified any-
where on the command line after directory. Before using this option, refer to APPLI-
CATION USAGE section below.
anon= uid Set uid to be the effective user ID of unknown users. By default, unknown users are
given the effective user ID UID_NOBODY . If uid is set to -1, access is denied.
index= file Load file rather than a listing of the directory containing this file when the directory is
referenced by an NFS URL.
log [=tag] Enables NFS server logging for the specified file system. The optional tag determines
the location of the related log files. The tag is defined in
/etc/nfs/nfslog.conf. If no tag is specified, the default values associated
with the "global" tag in /etc/nfs/nfslog.conf will be used.
nosub Prevents clients from mounting subdirectories of shared directories. For example, if
/export is shared with the nosub option on server fooey , then a NFS client will
not be able to do: s
mount -F nfs fooey:/export/home/mnt
nosuid By default, clients are allowed to create files on the shared file system with the
setuid or setgid mode enabled. Specifying nosuid causes the server file sys-
tem to silently ignore any attempt to enable the setuid or setgid mode bits.
public Moves the location of the public file handle from root (/) to the exported directory
for Web NFS-enabled browsers and clients. This option does not enable Web NFS ser-
vice; Web NFS is always on. Only one file system per server may use this option. Any
other option, including the ro= list and rw= list options can be included with the
public option.
ro Sharing will be read-only to all clients.
ro= access_list
Sharing will be read-only to the clients listed in access_list ; overrides the rw subop-
tion for the clients specified. See access_list below.
root= access_list
Only root users from the hosts specified in access_list will have root access. See
access_list below. By default, no host has root access, so root users are mapped to an
anonymous user ID (see the anon= uid option described above). Netgroups can be

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 377

 share_nfs(1M) share_nfs(1M)

used if the file system shared is using UNIX authentication (AUTH_SYS ).

rw Sharing will be read-write to all clients. This is the default behavior.
rw= access_list
Sharing will be read-mostly to clients in access_list . Read-mostly means read-write to
those clients specified and read-only for all other systems. If sec= option is provided,
sharing will be read-write to the clients listed in access_list ; overrides the ro subop-
tion for the clients specified. See access_list below.
sec= mode[:mode] ...
Sharing will use one or more of the specified security modes. The mode in the
sec= mode option must be a mode name supported on the client. If the sec= option
is not specified, the default security mode used is AUTH_SYS . Multiple sec= options
can be specified on the command line, although each mode can appear only once. The
security modes are defined in nfssec(5).
Each sec= option specifies modes that apply to any subsequent window= , rw , ro ,
rw= , ro= , and root= options that are provided before another sec= mode. Each
additional sec= resets the security mode context, so that more window= , rw , ro ,
rw= , ro= , and root= options can be supplied for additional modes.
sec=none If the option sec=none is specified when the client uses AUTH_NONE , or if the
client uses a security mode that is not one that the file system is shared with, then the
credential of each NFS request is treated as unauthenticated. See the anon=uid
option for a description of how unauthenticated requests are handled.
window= value
When sharing with sec= dh, set the maximum life time (in seconds) of the RPC
request’s credential (in the authentication header) that the NFS server will allow. If a
credential arrives with a life time larger than what is allowed, the NFS server will
reject the request. The default value is 30000 seconds (8.3 hours).

Operands
The following operands are supported:
pathname The pathname of the file system to be shared.

The access_list Argument

The access_list argument is used in many of the options described above. The access_list is a colon-
separated list whose components may be any number of the following.
hostname
The name of a host. With a server configured for DNS or LDAP naming in the nsswitch "hosts"
entry, any hostname must be represented as a fully qualified DNS or LDAP name.

s netgroup
A netgroup contains a number of hostnames. With a server configured for DNS or LDAP naming in
the nsswitch "hosts" entry, any hostname in a netgroup must be represented as a fully qualified
DNS or LDAP name.
domain name suffix
To use domain membership, the server must use DNS or LDAP to resolve hostnames to IP addresses;
that is, the "hosts" entry in the /etc/nsswitch.conf must specify dns or ldap ahead of nis ,
since only DNS and LDAP return the full domain name of the host. Other name services like NIS
cannot be used to resolve hostnames on the server, because when mapping an IP address to a host-
name they do not return domain information. For example,
NIS 129.144.45.9 --> "myhost"
DNS or LDAP 129.144.45.9 --> "myhost.mydomain.mycompany.com"
The domain name suffix is distinguished from hostnames and netgroups by a prefixed dot. For exam-
ple,
rw=.mydomain.mycompany.com

378 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

share_nfs(1M) share_nfs(1M)

A single dot can be used to match a hostname with no suffix. For example,
rw=.
will match "mydomain" but not "mydomain.mycompany.com". This feature can be used to match hosts
resolved through NIS rather than DNS and LDAP.
network
The network or subnet component is preceded by an at-sign (@). It can be either a name or a dotted
address. If a name, it will be converted to a dotted address by getnetbyname(). For example,
=@mynet would be equivalent to:
[email protected] or [email protected]
The network prefix assumes an octet aligned netmask determined from the zero octets in the low-
order part of the address. In the case where network prefixes are not byte-aligned, the syntax will
allow a mask length to be specified explicitly following a slash (/) delimiter. For example,
=@mynet/17 or [email protected]/17
where the mask is the number of leftmost contiguous significant bits in the corresponding IP address.
A prefixed minus sign (-) denies access to that component of access_list . The list is searched sequen-
tially until a match is found that either grants or denies access, or until the end of the list is reached.

EXAMPLES
The following example shows the /export file system shared with logging enabled:
example% share -o log /export
The default global logging parameters are used since no tag identifier is specified. The location of the log
file, as well as the necessary logging work files, is specified by the global entry in
/etc/nfs/nfslog.conf.
APPLICATION USAGE
If the async option is used, an unreported data loss may occur ONLY on a write and ONLY if the NFS
server experiences a failure after the write reply has been sent to the client. Specifically, blocks which have
been queued for the server’s disk, but have not yet been written to the disk may be lost.
You cannot export either a parent directory or a subdirectory of an exported directory that resides within
the same file system . It is not allowed, for instance, to export both /usr and /usr/local if both direc-
tories reside on the same disk partition.
If the sec= option is presented at least once, all uses of the window= , rw , ro , rw= , ro= , and root=
options must come after the first sec= option. If the sec= option is not presented, then sec=sys is
implied.
If one or more explicit sec= options are presented, sys must appear in one of the options mode lists for
accessing using the AUTH_SYS security mode to be allowed. For example: s
share -F nfs /var
share -F nfs -o sec=sys /var
will grant read-write access to any host using AUTH_SYS , but
share -F nfs -o sec=dh /var
will grant no access to clients that use AUTH_SYS .
Access checking for the window= , rw , ro , rw= , and ro= options is done per NFS request, instead of per
mount request.
Combining multiple security modes can be a security hole in situations where the ro= and rw= options are
used to control access to weaker security modes. In this example,
share -F nfs -o sec=dh,rw,sec=sys,rw=hosta /var
an intruder can forge the IP address for hosta (albeit on each NFS request) to side-step the stronger con-
trols of AUTH_DES . Something like:
share -F nfs -o sec=dh,rw,sec=sys,ro /var
is safer, because any client (intruder or legitimate) that avoids AUTH_DES will only get read-only access.
In general, multiple security modes per share command should only be used in situations where the

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 379

 share_nfs(1M) share_nfs(1M)

clients using more secure modes get stronger access than clients using less secure modes.
If rw= , and ro= options are specified in the same sec= clause, and a client is in both lists, the order of the
two options determines the access the client gets. If client hosta is in two netgroups - group1 and
group2 - in this example, the client would get read-only access:
share -F nfs -o ro=group1,rw=group2 /var
In this example hosta would get read-write access:
share -F nfs -o rw=group2,ro=group1 /var
If within a sec= clause, both the ro and rw= options are specified, for compatibility, the order of the
options rule is not enforced. All hosts would get read-only access, with the exception to those in the read-
write list. Likewise, if the ro= and rw options are specified, all hosts get read-write access with the excep-
tions of those in the read-only list.
The ro= and rw= options are guaranteed to work over UDP and TCP but may not work over other tran-
sport providers.
The root= option with AUTH_SYS is guaranteed to work over UDP and TCP but may not work over
other transport providers.
The root= option with AUTH_DES is guaranteed to work over any transport provider.
There are no interactions between the root= option and the rw , ro , rw= , and ro= options. Putting a
host in the root list does not override the semantics of the other options. The access the host gets is the
same as when the root= options is absent. For example, the following share command will deny access
to hostb:
share -F nfs -o ro=hosta,root=hostb /var
The following will give read-only permissions to hostb:
share -F nfs -o ro=hostb,root=hostb /var
The following will give read-write permissions to hostb:
share -F nfs -o ro=hosta,rw=hostb,root=hostb /var
If the file system being shared is a symbolic link to a valid pathname, the canonical path (the path which
the symbolic link follows) will be shared. For example, if /export/foo is a symbolic link to
/export/bar (/export/foo -> /export/bar ), the following share command will result in
/export/bar as the shared pathname (and not /export/foo ).
example# share -F nfs /export/foo
Note that an NFS mount of server:/export/foo will result in server:/export/bar really
being mounted.
This line in the /etc/dfs/dfstab file will share the /disk file system read-only at boot time:
s share -F nfs -o ro /disk
Note that the same command entered from the command line will not share the /disk file system unless
there is at least one file system entry in the /etc/dfs/dfstab file.

EXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
FILES
/etc/dfs/fstypes list of distributed file system types, NFS by default
/etc/dfs/sharetab system record of shared file systems
/etc/nfs/nfslogtab system record of logged file systems
/etc/nfs/nfslog.conf logging configuration file

AUTHOR
share_nfs was developed by Sun Microsystems, Inc.

380 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

share_nfs(1M) share_nfs(1M)

SEE ALSO
mount(1M), mountd(1M), nfsd(1M), nfslogd(1M), share(1M), unshare(1M), getnetbyname(3N), fstypes(4),
netgroup(4), nfslog.conf(4), sharetab(4), nfssec(5).

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 381

 shareall(1M) shareall(1M)

NAME
shareall, unshareall - share, unshare multiple resources

SYNOPSIS
/usr/sbin/shareall [-F FSType[,FSType ]...] [ - | file ]
/usr/sbin/unshareall [-F FSType[,FSType ]...]
DESCRIPTION
When used with no arguments, shareall shares all resources from file , which contains a list of
share command lines. If the operand is a hyphen (-), then the share command lines are obtained from
the standard input. Otherwise, if neither a file nor a hyphen is specified, then the /etc/dfs/dfstab
file is used as the default.
Resources may be shared by specific file system types by specifying the file systems in a comma-separated
list as an argument to -F .
unshareall unshares all currently shared resources. Without a -F flag, it unshares resources for all
distributed file system types.

Options
The following options are supported:
-F FStype Specify file system type. Defaults to the first entry in /etc/dfs/fstypes.

FILES
/etc/dfs/dfstab file containing commands for sharing resources across a network
/etc/dfs/fstypes file that registers distributed file system packages

AUTHOR
shareall and unshareall was developed by Sun Microsystems, Inc.
SEE ALSO
share(1M), unshare(1M), dfstab(4), fstypes(4).

382 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

showmount(1M) showmount(1M)

NAME
showmount - show all remote mounts

SYNOPSIS
/usr/sbin/showmount [-a] [-d] [-e] [ host ]
DESCRIPTION
showmount lists all clients that have remotely mounted a file system from host. This information is
maintained by the mountd server on host (see mountd(1M)). The default value for host is the value
returned by hostname (see hostname(1)).

Options
-a Print all remote mounts in the format
hostname :directory
where hostname is the name of the client, and directory is the root of the file system that has been
mounted.
-d List directories that have been remotely mounted by clients.
-e Print the list of shared file systems.
WARNINGS
If a client crashes, executing showmount on the server will show that the client still has a file system
mounted. In other words, stale entries may accumulate for clients that crash without sending an unmount
request.
Also, if a client mounts the same remote directory twice, only one entry appears in /etc/rmtab . Doing a
umount of one of these directories removes the single entry and showmount no longer indicates that the
remote directory is mounted.

FILES
/etc/rmtab remote mounted filesystem table

AUTHOR
showmount was developed by Sun Microsystems, Inc.
SEE ALSO
hostname(1), mountd(1M), share(1M), share_nfs(1M), rmtab(4).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 383

 shutdown(1M) shutdown(1M)

NAME
shutdown - terminate all processing

SYNOPSIS
/sbin/shutdown [-h-r] [-y] [-o] [grace]
/sbin/shutdown -R [-H] [-y] [-o] [grace]
DESCRIPTION
The shutdown command is part of the HP-UX system operation procedures. Its primary function is to
terminate all currently running processes in an orderly and cautious manner. shutdown can be used to
put the system in single-user mode for administrative purposes such as backup or file system consistency
checks (see fsck(1M)), to halt or reboot the system, or to make the partition ready for reconfiguration. By
default, shutdown is an interactive program.

Options and Arguments

shutdown recognizes the following options and arguments.
-h Shut down the system and halt.
-r Shut down the system and reboot automatically.
-R Shut down the system to a ready-to-reconfigure state and reboot if possible. If the partition
is unable to reboot, it will stop at a ready-to-reconfigure state. However, if the -H option is
also specified, the system will always stop at ready-to-reconfigure state. This option is
available only on systems that support hardware partitions.
-H Shut down the system to a ready-to-reconfigure state and do not reboot. This option can be
used only in combination with the -R option. This option is available only on systems that
support hardware partitions.
-y Do not require any interactive responses from the user. (Respond yes or no as appropri-
ate to all questions, such that the user does not interact with the shutdown process.)
-o When executed on the cluster server in a diskless cluster environment, shutdown the
server only and do not reboot clients. If this argument is not entered the default behavior
is to reboot all clients when the server is shutdown.
grace Either a decimal integer that specifies the duration in seconds of a grace period for users to
log off before the system shuts down, or the word now . The default is 60. If grace is either
0 or now , shutdown runs more quickly, giving users very little time to log out.
If -r (reboot) or -h (halt) or -R (reconfigure) are not specified, standalone and server systems are
placed in single-user state. Either -r (reboot) or -h (halt) must be specified for a client; shutdown to
single-user state is not allowed for a client. See init(1M).

s Shutdown Procedure
shutdown goes through the following steps:
• The PATH environment variable is reset to /usr/bin:/usr/sbin:/sbin.
• The IFS environment variable is reset to space, tab, newline.
• The user is checked for authorization to execute the shutdown command. Only authorized users
can execute the shutdown command. See FILES for more information on the
/etc/shutdown.allow authorization file.
• The current working directory is changed to the root directory (/).
• All file systems’ super blocks are updated; see sync(1M). This must be done before rebooting the
system to ensure file system integrity.
• The real user ID is set to that of the superuser.
• A broadcast message is sent to all users currently logged in on the system telling them to log out.
The administrator can specify a message at this time; otherwise, a standard warning message is
displayed.
• The next step depends on whether a system is standalone, a server, or a client.

384 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

shutdown(1M) shutdown(1M)

• If the system is standalone, /sbin/rc is executed to shut down subsystems, unmount file
systems, and perform other tasks to bring the system to run level 0.
• If the system is a server, the optional -o argument is used to determine if all clients in the
cluster should also be rebooted. The default behavior (command-line parameter -o is not
entered) is to reboot all clients using /sbin/reboot; entering -o results in the server
only being rebooted and the clients being left alone. Then /sbin/rc is executed to shut
down subsystems, unmount file systems, and perform other tasks to bring the system to run
level 0.
• If the system is a client, /sbin/rc is executed to bring the system down to run-level 2, and
then /sbin/reboot is executed. Shutdown to the single-user state is not an allowed option
for clients.
• The system is rebooted, halted, or put in the ready-to-reconfigure state by executing
/sbin/reboot if the -h or -r or -R option was chosen. If the system was not a cluster client
and the system was being brought down to single-user state, a signal is sent to the init process
to change states (see init(1M)).
DIAGNOSTICS
device busy
This is the most commonly encountered error diagnostic, and happens when a particular file system
could not be unmounted; see mount(1M).
user not allowed to shut down this system
User is not authorized to shut down the system. User and system must both be included in the
authorization file /etc/shutdown.allow.

EXAMPLES
Immediately reboot the system and run HP-UX again:
shutdown -r 0
Halt the system in 5 minutes (300 seconds) with no interactive questions and answers:
shutdown -h -y 300
Go to run-level s in 10 minutes:
shutdown 600
Immediately shut down a partition so that it can be deleted:
shutdown -R -H 0
Reboot a partition in 5 minutes so that new cells that have been assigned to the partition become active:
shutdown -R 300
s
WARNINGS
The user name compared with the entry in the shutdown.allow file is obtained using getpwuid()
(see getpwent(3C)).
The hostname in /etc/shutdown.allow is compared with the hostname obtained using gethost-
byname() (see gethostent(3N)).
shutdown must be executed from a directory on the root volume, such as the / directory.
The maximum broadcast message that can be sent is approximately 970 characters.
When executing shutdown on an NFS diskless cluster server and the -o option is not entered, clients of
the server will be rebooted. No clients should be individually rebooted or shutdown while the cluster is
being shutdown.
If the -R option is used in a virtual partition environment on a partitionable system, then the requested
reconfiguration will not take place until all the virtual partitions on that hard partition are shut down and
the virtual partition monitor is rebooted.

FILES
/etc/shutdown.allow

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 385

 shutdown(1M) shutdown(1M)

Authorization file.
The file contains lines that consist of a system host name and the login name of a user who is
authorized to reboot or halt the system. A superuser’s login name must be included in this file in
order to execute shutdown . However, if the file is missing or of zero length, the root user
can run the shutdown program to bring the system down.
This file does not affect authorization to bring the system down to single-user state for mainte-
nance purposes; that operation is permitted only when invoked by a superuser.
A comment character, #, at the beginning of a line causes the rest of the line to be ignored (com-
ments cannot span multiple lines without additional comment characters). Blank lines are also
ignored.
The wildcard character + can be used in place of a host name or a user name to specify all hosts
or all users, respectively (see hosts.equiv(4)).
For example:
# user1 can shut down systemA and systemB
systemA user1
systemB user1
# root can shut down any system
+ root
# Any user can shut down systemC
systemC +
SEE ALSO
fsck(1M), init(1M), killall(1M), mount(1M), reboot(1M), sync(1M), gethostent(3N), getpwent(3C),
hosts.equiv(4).
For more information about shutdowns and reboots on Superdome systems, see the manual, Managing
Superdome Complexes: A Guide for System Administrators, available on the web at
http://docs.hp.com.

386 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

sig_named(1M) sig_named(1M)
(BIND 9.3)

NAME
sig_named - send signals to the domain name server

SYNOPSIS
sig_named [kill |restart ]
DESCRIPTION
sig_named sends the appropriate signal to the domain name server /usr/sbin/named. The process
ID is obtained from /var/run/named.pid or from the ps command (see ps(1)) if
/var/run/named.pid does not exist.
Operands
sig_named recognizes the following operands:
kill Kill the name server process.
restart
Signal the name server to reload its database.

Previous Functionality
The sig_named command shipped with earlier versions of BIND was used to dump the database, to set
debug levels, and to obtain named statistics. You can use the rndc utility for that purpose instead. See
rndc(1).

AUTHOR
sig_named was developed by HP.
FILES
/var/run/named.pid Process ID

SEE ALSO
kill(1), ps(1), rndc(1), named(1M), rndc.conf(4).
HP-UX IP Address and Client Management Administrator’s Guide, available online at
http://docs.hp.com.
BIND 9 Administrator Reference Manual, available from the Internet Systems Consortium at
http://www.isc.org/sw/bind/arm93.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 387

 slpd(1M) slpd(1M)

NAME
slpd - Service Location Protocol (SLP) Daemon

SYNOPSIS
slpd [-c configuration_file] [-r registration_file] [-l log_file ] [-p pid_file] [-d]
DESCRIPTION
The slpd daemon provides the functionality of the Directory Agent and Service Agent for the Service
Location Protocol ("SLP") version 2. SLP provides a scalable framework that allows the networking appli-
cations to discover the existence, location and configuration of networked services in the enterprise net-
works.
slpd provides the functionality of the following services:
Directory Agent (DA)
This agent collects service advertisements from the service agents or applications providing the services
and caches them in its memory. The DA then provides this services information to the clients (user agents)
trying to discover the service information. Directory agents advertise their presence through directory
agent advertisements.
Service Agent Server (SA)
This server registers the service information of all the services that are advertised by the corresponding
service agents to this server. It then answers the queries from the user agents about the information on
the services that were registered with this server by the services agents. It also forwards the registrations
to any Directory Agents that may be present in its scope.
slpd also provides a -r option whereby the existing services which are not slp enabled can advertise
information by storing this information in a static registration file. See below for the options. slpd reads
this file and provides the information to the user agents.
slpd can be either started as an SA server or DA by setting net.slp.isDA to either false or true in the
configuration file. In both the cases, slpd runs as a daemon listening for SLP requests. When slpd is
acting as a DA, it registers the services coming from within the host acting as a SA server and acts as DA
for the User Agents (UAs) running on the remote machines.
slpd can be configured to provision services within a scope that is configured by the administrator by set-
ting net.slp.useScopes in the configuration file. SLP daemon will answer to requests only if it falls
within this scope. This feature of scoping of SLP daemon provides provisioning of services in an Enterprise
network based on administration needs, geographical needs or department needs and also provides scalabil-
ity.
See RFC2608 for more information on the Service Location Protocol. Without any arguments, slpd reads
the default configuration file, /etc/slp.conf.

s Options
The options are:
-c configuration_file Specifies the configuration file to slpd . The default configuration file is
/etc/slp.conf .
-d Do not detach from the terminal.
-l log_file Specifies the log file that receives slpd log messages. The default log file is
/var/adm/syslog/slpd.log.
-p pid_file Specifies the file that holds the slpd process id. The default slpd process
id file is /var/run/slpd.pid.
-r registration_file Specifies the registration file to slpd for reading service information. The
default registration file is /etc/slp.reg .
To restart the slpd daemon, send it a SIGHUP signal.
To kill the slpd daemon, send it a SIGTERM signal.
The slpdc command can also be used for sending signals to the server process (see the slpdc(1M) man-
page).

388 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

slpd(1M) slpd(1M)

DIAGNOSTICS
Any errors encountered by slpd in the registration or configuration file or in normal operation are logged
in the log file, /var/adm/syslog/slpd.log, which is the default file. To change this log file, use the
slpd -l log_file command.
AUTHOR
slpd was developed by the Caldera Systems, Inc.
FILES
/etc/slp.conf SLP configuration file
/etc/slp.reg SLP registration file
/var/run/slpd.pid File storing slpd process ID
/var/adm/syslog/slpd.log Default SLP log file
SEE ALSO
kill(1), slpdc(1M), signal(2), libslp(3N), slp.conf(4), slp.reg(4).
RFC 2165, RFC 2608, RFC 2609, RFC 2614.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 389

 slpdc(1M) slpdc(1M)

NAME
slpdc - send signals to the SLP daemon or starts slpd

SYNOPSIS
slpdc [start  stop  restart  dump ]
DESCRIPTION
slpdc sends the appropriate signal to the SLP daemon or starts slpd /usr/sbin/slpd. The process
ID is obtained from /var/run/slpd.pid or from the ps command if /var/run/slpd.pid does
not exist (see ps(1)).

Options
slpdc recognizes the following command-line arguments:
dump Sends the SIGINT signal to slpd and makes slpd dump its database. The database of registra-
tions is dumped to the log file. The default logfile is /var/adm/syslog/slpd.log
restart Restarts slpd by sending the SIGHUP signal.
start Starts slpd with the arguments following it on the command-line.
stop Stops slpd by sending the SIGTERM signal.

AUTHOR
slpdc was developed by HP.
FILES
/var/run/slpd.pid File storing the slpd process ID
/var/adm/syslog/slpd.log Default SLP log output file and slpd database dump
SEE ALSO
kill(1), ps(1), slpd(1M).

390 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

slweb(1M) slweb(1M)

NAME
slweb - start the HP-UX hardware event viewer tool (a Web interface)

SYNOPSIS
/usr/sbin/diag/contrib/slweb [-h hostname ] [-F]
/usr/sbin/diag/contrib/slweb -c
/usr/sbin/diag/contrib/slweb -s {stop|startssl |status|restart}
DESCRIPTION
The HP-UX hardware event viewer tool (slweb ) can be used to display hardware events from log files or
raw hexadecimal word pairs.
The slweb command starts the user interface. Once started, the help facility of slweb is available and
can be used to learn more about slweb by clicking on field labels or column headings.
The HP-UX hardware event viewer tool user interface uses a Web browser. Executing the slweb com-
mand without any options performs the following tasks:
• create server certificates if needed,
• start the management Web server if it is not running,
• start a Web client (browser).
An attempt will be made to connect to a Netscape Web browser running on the X server defined by the
DISPLAY environment variable. If a running Netscape client is found, it will be used, otherwise a new
Netscape session will be initiated. This will only happen if the Netscape process is running the same sys-
tem as that referenced by the DISPLAY variable, unless the -F option is used.
If slweb is executed without any options, the server will stop automatically after a period of inactivity. If
the server is started explicitly using slweb -s startssl , it will run until the system is rebooted or
the server is stopped with slweb -s stop .

Options
The slweb recognizes the following options:
-h hostname Display events on a remote system (hostname), using a client on the local system. The
slweb Web server on the remote system must already be running.
-F Forces a client browser to be used in less secure ways. Two security features are overrid-
den by the -F option.
The -F option forces the client browser to be used or started, even if the X-traffic between
the X-server and the Netscape browser is not secure.
If slweb is executed by privileged user with the -F option, a temporary login bypass key
will be generated. The bypass key allows the user to access the Web interface without hav-
ing to provide login information again.
s
Only use this option if you are sure the network traffic between the host where Netscape is
running, and the host in the DISPLAY variable is secure.
-c Forces the creation of new server certificates. This can be performed if the server’s
certificates expire, or if the security of the certificates has been compromised. When new
certificates are created, the slweb command will also restart the slweb Web server.
The -c option is only available to the privileged user, because it requires creation of an
SSL certificate.
-s {stop|startssl |status|restart}
The -s option is only available to the privileged user.
stop stops the running slweb Web server.
startssl starts the slweb Web server, if started this way, it will run until rebooted or
until stopped with slweb -s stop .
status displays the status of the slweb Web server.
restart stops and then starts (startssl ) the slweb Web server.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 391

 slweb(1M) slweb(1M)

Security Certificates
slweb will generate an SSL certificate authority and use that to sign a generated SSL certificate. Because
this certificate is self signed, your web browser will probably prompt you to see if you want to accept this
certificate before it connects to the HP-UX hardware event viewer application.
It is possible to accept these certificates each time, just for the session, or you can accept the certificates on
a permanent basis (10 years), and not have to accept them again later.
slweb regenerates the certificates when they are not there, if the hostname is changed on the system, or
when the -c option is used.

Online Help
Once the HP-UX hardware event viewer is started, the online help provides details on how to use the tool.

RETURN VALUES
Upon completion, slweb returns one of the following values:
0 Successful.
1 An error occurred.

WARNINGS
Accepting a certificate saves an identifier for the certificate in a file where the browser is running. If you
reinstall the slweb gui, the certificate will be altered, and some browsers report the change in id as a
potential security violation.
When this happens, you have to instruct your browser to delete the saved certificate. On Netscape 4.7x
this is done by selecting the Communicator:Tools:Security Info menu pick. On the resulting
dialog box, select the Certificates:Web Sites area and delete any certificates for machine associ-
ated with the security violation.

AUTHORS
slweb was developed by Hewlett-Packard.
SEE ALSO
privileges(5).

392 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

smh(1M) smh(1M)

NAME
smh - HP System Management Homepage (HP SMH)

SYNOPSIS
/usr/sbin/smh [ -F | -w | -r ]
DESCRIPTION
The smh command launches HP System Management Homepage (HP SMH) for performing system
administration on an HP-UX system. HP SMH is an enhanced version of HP System Administration
Manager (HP SAM). HP SMH provides web-based graphical user interface (GUI), terminal user interface
(TUI), and command line interface (CLI).
You can access these interfaces using the smh command. However you can also use the sam command
which behaves the same as smh command except that the deprecation message is displayed in the begin-
ning. For more information on HP SAM, refer to the sam(1M) manpage.
When you run either the smh command or the sam command and if the DISPLAY environment variable is
set, HP SMH opens in the default web browser. If the DISPLAY environment variable is not set, HP SMH
opens in the terminal user interface (TUI).

Options
smh recognizes the following options.
-F Launches HP SMH on a web browser without security warnings.
-w Launches HP SMH on a web browser with security warnings.
-r The -r option applies only to the TUI of HP SMH. This option invokes Restricted SMH
which, enables the system administrator to assign limited privileged user access to SMH
functionality. You must be a privileged user to use this option. See the Restricted SMH
section below for more information.

Restricted SMH
SMH can be configured to provide a subset of its functionality to certain users or groups of users. This is
done through Restricted SMH. System administrators access Restricted SMH by invoking SMH with the
-r option (see Options above). In Restricted SMH, system administrators may assign subsets of SMH
functionality on a per-user or per-group basis.
Generally, SMH requires privileged user rights to execute successfully. However, through the use of Res-
tricted SMH, SMH can be configured to allow subsets of its capabilities to be used by non-privileged users.
When Restricted SMH is used, non-privileged users are promoted to privileged users when necessary to
enable them to execute successfully.
By default, Restricted SMH executes all applications as privileged user. However, certain applications like
software distributor have their own security mechanism (swacl ) and do not follow the Restricted SMH
security model. In such cases, the application launched through Restricted SMH will be executed with the
login id of the user who invokes it.
s
A non-privileged user that has been given Restricted SMH privileges simply executes /usr/sbin/smh
and sees only those areas the user is privileged to access.
All the SMH functional areas require the user to be promoted to be a privileged user in order to execute
successfully. SMH does this automatically as needed.
SMH provides a default set of SMH functional areas that the system administrator can assign to other
users.
Restricted SMH does not apply to web-based GUI of HP SMH from HP-UX 11i V3 release as HP SMH has
its own roles. For more information, refer HP SMH documentation available at http://docs.hp.com
and the HP SMH product online help system.
Logging
For more information on logging, see samlog_viewer(1).

AUTHOR
smh was developed by HP.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 393

 smh(1M) smh(1M)

SEE ALSO
samlog_viewer(1), fsweb(1M), hpsmh(1M), kcweb(1M), ncweb(1M), parmgr(1M), pdweb(1M), sam(1M),
secweb(1M), smhstartconfig(1M), ugweb(1M), intro(7), evweb(9).
HP SMH White Paper available on http://www.docs.hp.com.

394 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

smhstartconfig(1M) smhstartconfig(1M)

NAME
smhstartconfig - configures the startup mode of the HPSMH server and of the Tomcat instance used by
HPSMH

SYNOPSIS
/opt/hpsmh/bin/smhstartconfig [-a {on|off } | -b {on|off }] [-t {on|off }]
DESCRIPTION
The smhstartconfig script is used to configure the startup mode of the HPSMH server and of the
Tomcat instance used by HPSMH.
If no options are specified, smhstartconfig displays the current configuration.
The smhstartconfig command does not accept simultaneously -a on and -b on options.
Note: The -t on option will not take effect until at least one Java web application is registered (i.e., the
Tomcat server will not be started if there are no Java web applications available).

Options
The smhstartconfig command supports the followings options:
-a {on | off} Enable/disable the "autostart URL" mode
-b {on | off} Enable/disable the "automatic startup on boot" mode
-t {on | off} Set the Tomcat startup mode where:
on Start Tomcat when HPSMH starts.
off Start Tomcat on demand (default).
RETURN VALUES
The smhstartconfig command returns:
0 upon successful completion
1 if the command failed

EXAMPLES
Enables autostart:
smhstartconfig -a on
Shows settings:
smhstartconfig
HPSMH ’autostart url’ mode.........: ON
HPSMH ’start on boot’ mode.........: OFF
Start Tomcat when HPSMH starts.....: OFF
s
WARNINGS
You must be superuser to run smhstartconfig.

AUTHORS
smhstartconfig was developed by Hewlett-Packard.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 395

 smrsh(1M) smrsh(1M)

NAME
smrsh - restricted shell for sendmail

SYNOPSIS
smrsh -c command
DESCRIPTION
The smrsh program is intended as a replacement for sh for use in the prog mailer in sendmail
configuration files. It sharply limits the commands that can be run using the |program syntax of send-
mail in order to improve the overall security of your system. Briefly, even if a ‘‘bad guy’’ can get send-
mail to run a program without going through an alias or forward file, smrsh limits the set of programs
that he or she can execute.
Briefly, smrsh limits programs to be in the directory /var/adm/sm.bin, allowing the system adminis-
trator to choose the set of acceptable commands. It also rejects any commands with the characters \, <, >,
|, ;, &, $, (, ), \r (carriage return), and \n (newline) on the command line to prevent ‘‘end run’’
attacks.
Initial pathnames on programs are stripped, so forwarding to /usr/ucb/vacation,
/usr/bin/vacation, /home/server/mydir/bin/vacation, and vacation all actually for-
ward to /var/adm/sm.bin/vacation.
System administrators should be conservative about populating /var/adm/sm.bin. Reasonable addi-
tions are vacation and rmail . Do not include any shell or shell-like program (such as perl ) in the
sm.bin directory. Note that this does not restrict the use of shell or perl scripts in the sm.bin directory
(using the #! syntax); it simply disallows execution of arbitrary programs.

FILES
/var/adm/sm.bin Directory for restricted programs

SEE ALSO
sendmail(1M).

396 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

snmpd(1M) snmpd(1M)

NAME
snmpd, snmpdm - Simple Network Management Protocol (SNMP) Process

SYNOPSIS
/usr/sbin/snmpd [ -a ] [ -authfail ] [ -C contact ] [ -Contact contact ] [ -h ] [ -help ]
[ -L location ] [ -Location location ] [ -l logfile ] [ -logfile logfile ] [ -m logmask ]
[ -mask logmask ] [ -n ] [ -P portnum ] [ -Port portnum ] [ -sys description ]
[ -sysDescr description ]
/usr/sbin/snmpd [ -e extendFile ]
/usr/sbin/snmpdm [ -apall ] [ -aperror ] [ -aptrace ] [ -apwarn ] [ -a ] [ -authfail ]
[ -C contact ] [ -Contact contact ] [ -h ] [ -help ] [ -L location ] [ -Location location ]
[ -l logfile ] [ -logfile logfile ] [ -m logmask ] [ -mask logmask ] [ -log_format value ]
[ -n ] [ -sys description ] [ -sysDescr description ] [ -tcpany ] [ -tcplocal ] [ -tcpnone ]

DESCRIPTION
The Master SNMP Agent (/usr/sbin/snmpdm) and the collection of subAgents (/usr/sbin/*agt)
that would attach to the Master Agent collectively form a single SNMP Agent. The SNMP Agent accepts
SNMP Get, GetNext and Set requests from an SNMP Manager which cause it to read or write the Manage-
ment Information Base (MIB ). The MIB objects are instrumented by the subAgents.
The Master Agent can bind to separate process subagents.

Options
The Master agent /usr/sbin/snmpdm and the manual startup script /usr/sbin/snmpd recognize
the following command line options:
-apall Log all error messages, warnings messages and trace messages. This option forces
snmpdm to run in the foreground.
-aperror Log all error messages. This option can be used in conjunction with -aptrace and
-apwarn .
-aptrace Log all trace messages. This option can be used in conjunction with -aperror and
-apwarn .
-apwarn Log all warning messages. This option can be used in conjunction with -aperror
and -aptrace .
-authfail
-a Suppress sending authenticationFailure traps.
-Contact contact
-C contact Specify the contact person responsible for the network management agent. This
option overrides the contact person specified in the Master Agent configuration file
/etc/SnmpAgent.d/snmpd.conf. It does not alter the value specified in the
file. By default, the agent’s contact is a blank string. To configure the agent’s contact,
s
add the contact after the word contact: in the configuration file
/etc/SnmpAgent.d/snmpd.conf or use the -C option.
-e extendFile This option is provided for backward compatibility with the pre-emanate snmpd.ea
extensible SNMP agent. It is applicable only to the script /usr/sbin/snmpd, and
only if the EMANATE extensible agent is installed. It is installed if the file
/usr/sbin/extsubagt exists. This option causes the extsubagt to use the com-
mand line specified extendFile instead of the default file
/etc/SnmpAgent.d/snmpd.extend to add user defined MIB objects to the
SNMP agent.
-help
-h Display command line options and log mask values.
-Location location
-L location Specify the location of the agent. This option overrides the location specified in
/etc/SnmpAgent.d/snmpd.conf. It does not alter the value in
/etc/SnmpAgent.d/snmpd.conf. By default, the agent’s location is a blank
string. To configure the agent’s location, add the location to
/etc/SnmpAgent.d/snmpd.conf or use the -L option.
HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 397
 snmpd(1M) snmpd(1M)

-logfile logfile
-l logfile Use the logfile for logging rather than the default logfile, /var/adm/snmpd.log.
A value of - will direct logging to stdout .
-log_format value
The value can be 0 or 1. 0 means use traditional logging format for
/var/adm/snmpd.log file. 1 means use new logging format. The new logging
format gives the Log level, Timestamp, Program Name, File name, Line Number and
message in separate lines.
-mask logmask
-m logmask Sets the initial logging mask to logmask. The logmask option may not be used in the
agent start up scripts. This option should be used only while debugging the agent.
See the SNMP Agent Logging section for valid values of logmask and for other
details.
-n Normally snmpdm puts itself into the background as if the command was terminated
with an ampersand(&). This option inhibits that behavior and makes the agent run in
the foreground.
-Port portnum
-P portnum Specify the UDP port number that the agent will listen on for SNMP requests. The
default is port 161. The value can also be specified in /etc/services. Only the
super-user can start snmpdm and only one snmpdm can execute on a particular UDP
port.
-sysDescr description
-sys description
Allows the user to specify the value for the system.sysDescr MIB object. The for-
mat is a text string enclosed in quotes. This option overrides the sysDescr specified
in /etc/SnmpAgent.d/snmpd.conf. For example,
snmpdm -sys "nsmd1, test system"
-tcpany Allow Master agent to accept connections from any subagent. This is a default option.
-tcplocal Allow Master agent to accept connections from local TCP subagents.
-tcpnone Do not allow Master agent to accept connections from any TCP subagent.

SNMPv1 Security
Each SNMP request is accompanied by a community name, which is essentially a password that enables
SNMP access to MIB values on an agent. A Manager can request to read a MIB value by issuing an SNMP
GetRequest/GetNextRequest, or a manager may request to alter a MIB value by issuing an SNMP SetRe-
quest.
By default, the agent does not respond to any SNMP requests, regardless of community name used in the
s request. To configure the agent to respond to SNMP GetRequests/GetNextRequests, add a get-
community-name to /etc/SnmpAgent.d/snmpd.conf. See the snmpd.conf(4) manpage. To
configure the agent to respond to SNMP SetRequests AND GetRequests/GetNextRequests, add a set-
community-name to /etc/SnmpAgent.d/snmpd.conf.
SNMPv2c
Simple Network Management Protocol Community based Version 2 (SNMPv2 ) is supported in this version
of the SNMP Agent.

Traps
The agent also sends information to a manager without an explicit request from the manager. Such an
operation is called a trap . By default, SNMP traps are not sent to any destination. To configure the agent
to send traps to one or more specific destinations, add the trap destinations to
/etc/SnmpAgent.d/snmpd.conf.
The Master Agent (snmpdm ) and the MIB-2 subAgent (mib2agt ) collaborate to send the following SNMP
traps:
coldStart Sends a coldStart trap when the SNMP Agent is invoked.
linkDown Sends a linkDown trap when an interface goes down.

398 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

snmpd(1M) snmpd(1M)

linkUp Sends a linkUp trap when an interface comes up.

authenticationFailure
Sends an authenticationFailure trap when an SNMP request is sent to the SNMPR
agent with a community name that does not match the community names specified in
/etc/SnmpAgent.d/snmpd.conf.
The Master Agent (snmpdm ) and the IPv6 subAgent (ipv6agt ) collaborate to send the following SNMP
traps:
linkDown Sends a linkDown trap when an IPv6 interface goes down.
linkUp Sends a linkUp trap when an IPv6 interface comes up.

SNMP Agent Logging

The SNMP Agent provides the capability to log various types of errors and events. There are three types of
logging: Errors, Warnings and Traces.

Log Masks
Log masks enable the user to specify the particular classes of messages that should be logged to
/var/adm/snmpd.log or the specified logfile. There are three different ways in which you can specify
the logmask that you want. They are: (1) decimal number, (2) hex number, or (3) text string. The three may
not be used in combination.
To select multiple output types do the following. For decimal or hex format simply add the individual log-
mask values together and enter that number. When entering strings, place multiple strings on the same
line, space separated, without quotes.
==================================================================
LOG MASK VALUES
FUNCTION Decimal Hex String
==================================================================
Turn off logging 0 0x00000000 LOGGING_OFF
Log factory trace messages 8388608 0x00800000 FACTORY_TRACE
Log factory warning messages 268435456 0x10000000 FACTORY_WARN
Log factory error messages 536870912 0x20000000 FACTORY_ERROR
Log factory configure messages 65536 0x00010000 FACTORY_CONFIG
Log factory packet messages 131072 0x00020000 FACTORY_PACKET
Log factory trap messages 262144 0x00040000 FACTORY_TRAP
Log factory access messages 524288 0x00080000 FACTORY_ACCESS
Log factory emanate messages 1048576 0x00100000 FACTORY_EMANATE
Log factory verbose messages 2097152 0x00200000 FACTORY_VERBOSE
Log factory user messages 4194304 0x00400000 FACTORY_USER
Log factory thread messages 1073741824 0x40000000 FACTORY_THREAD
Log factory timer messages 2147483648 0x80000000 FACTORY_TIMER
For example, to turn on error log messages:
s
decimal format: snmpdm -m 536870912
hex format: snmpdm -m 0x20000000
string format: snmpdm -m FACTORY_ERROR
Supported MIB Objects
The Management Information Base (MIB ) is a conceptual database of values on the agent. The Master
SNMP Agent implements a small number of MIB objects but most MIB objects are implemented by
subAgents that have attached to the Master Agent. See /var/opt/OV/share/snmp_mibs/ on sys-
tems with HP OpenView products installed for definitions of particular MIB objects.
This version of the SNMP Agent includes the subAgents, /usr/sbin/mib2agt,
/usr/sbin/hp_unixagt and /usr/sbin/ipv6agt which implement the MIB-2, HP UNIX and
IPv6 MIBs respectively. The IPv6 subagent is supported ONLY on HP-UX 11i Version 1 platform with the
IPv6 depot installed. The MIB-II and HP-UX MIBs are described in
/var/opt/OV/share/snmp_mibs/Standard/rfc1213-MIB-II and
/var/opt/OV/share/snmp_mibs/Vendor/Hewlett-Packard/hp-unix on systems with HP
Openview products installed.

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 399

 snmpd(1M) snmpd(1M)

It also includes the subagents /usr/sbin/trapdestagt and /usr/sbin/naaagt. The trapdes-

tagt supports the MIB variables used for updating the trapdest entries in snmpd.conf file. For details on the
naaagt subagent please refer to naaagt man page.
The MIB-2 subAgent supports most of the objects in RFC1213 . The EGP group is not supported. The
HP-UX subAgent supports most of the objects in the HP-UX MIB. The IPv6 subagent supports most of the
objects in RFC2452 , RFC2454 , RFC2465 and RFC2466 .
Deprecated MIBS
The ieee8023Mac MIB group corresponding to the following OID is no longer supported:
private(4).enterprises(1).hp(11).nm(2).interface(4).ieee8023Mac(1)
This MIB group is replaced with the "Ether-Like" MIB group (RFC1398) which corresponds to OID:
mgmt(2).mib-2(1).transmission(10).dot3(7)

SNMP Agent Startup

The SNMP Agent startup mechanism is built upon the System V.4 file system paradigm. The startup
script, /etc/netmanrc, which was used in previous releases of the SNMP Agent is no longer used.

Automatic Startup
As installed, the SNMP Master Agent and all subAgents should startup automatically each time the system
re-boots or any time the system transitions from run level 1 to run level 2. When the system enters run
level 2 the operating system will execute /sbin/init.d/SnmpMaster which will startup the Master
Agent. Similarly, /sbin/init.d/SnmpMib2, /sbin/init.d/SnmpHpunix and
/sbin/init.d/SnmpIpv6 will startup the MIB2, HP-UX and IPv6 subAgents respectively immedi-
ately after the Master Agent is started. The trapdestagt and naaagt subagents are started by
/sbin/init.d/SnmpTrpDst and /sbin/init.d/SnmpNaa.
Prior to executing these startup scripts the system will examine all scripts in /etc/rc.config.d for
environment variables which could potentially influence the startup of the Master Agent and each
subAgent. See the particular startup script or configuration file for details on supported environment vari-
ables. The user should never modify scripts in /sbin/init.d . Instead the startup behavior should be
controlled by adjusting values in the appropriate configuration script in /etc/rc.config.d.
The interactions and relationships among these processes and files at invocation time is shown below.
Solaris
/etc/rc2 invokes /etc/rc2.d/S98SnmpMaster
/etc/rc2.d/S98SnmpMaster invokes /sbin/init.d/SnmpMaster
/sbin/init.d/SnmpMaster invokes /usr/sbin/snmpdm
/usr/sbin/snmpdm reads /etc/SnmpAgent.d/snmpd.conf

/etc/rc2 invokes /etc/rc2.d/S97SnmpMib2

/etc/rc2.d/S97SnmpMib2 invokes /sbin/init.d/SnmpMib2
s /sbin/init.d/SnmpMib2 invokes /usr/sbin/mib2agt
/etc/rc2 invokes /etc/rc2.d/S97SnmpHpunix
/etc/rc2.d/S97SnmpHpunix invokes /sbin/init.d/SnmpHpunix
/sbin/init.d/SnmpHpunix invokes /usr/sbin/hp_unixagt

/etc/rc2 invokes /etc/rc2.d/S97SnmpTrpDst

/etc/rc2.d/S97SnmpTrpDst invokes /sbin/init.d/SnmpTrpDst
/sbin/init.d/SnmpTrpDst invokes /usr/sbin/trapdestagt

/etc/rc2 invokes /etc/rc2.d/S97Naa

/etc/rc2.d/S97SnmpNaa invokes /sbin/init.d/SnmpNaa
/sbin/init.d/SnmpNaa invokes /usr/sbin/naaagt
HP-UX 10.X, 11i
/sbin/rc invokes /sbin/rc2.d/S560SnmpMaster
/sbin/rc2.d/S560SnmpMaster invokes /sbin/init.d/SnmpMaster
/sbin/init.d/SnmpMaster invokes /usr/sbin/snmpdm
/usr/sbin/snmpdm reads /etc/SnmpAgent.d/snmpd.conf

/sbin/rc invokes /sbin/rc2.d/s565SnmpMib2

/sbin/rc2.d/s565SnmpMib2 invokes /sbin/init.d/SnmpMib2

400 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

snmpd(1M) snmpd(1M)

/sbin/init.d/SnmpMib2 invokes /usr/sbin/mib2agt

/sbin/rc invokes /sbin/rc2.d/s565SnmpHpunix

/sbin/rc2.d/s565SnmpHpunix invokes /sbin/init.d/SnmpHpunix
/sbin/init.d/SnmpHpunix invokes /usr/sbin/hp_unixagt

/sbin/rc invokes /sbin/rc2.d/s565SnmpTrpDst

/sbin/rc2.d/s565SnmpTrpDst invokes /sbin/init.d/SnmpTrpDst
/sbin/init.d/SnmpTrpDst invokes /usr/sbin/trapdestagt
HP-UX 11i Version 1 (with IPv6 depot installed)
/sbin/rc invokes /sbin/rc2.d/S560SnmpMaster
/sbin/rc2.d/S560SnmpMaster invokes /sbin/init.d/SnmpMaster
/sbin/init.d/SnmpMaster invokes /usr/sbin/snmpdm
/usr/sbin/snmpdm reads /etc/SnmpAgent.d/snmpd.conf

/sbin/rc invokes /sbin/rc2.d/s565SnmpMib2

/sbin/rc2.d/s565SnmpMib2 invokes /sbin/init.d/SnmpMib2
/sbin/init.d/SnmpMib2 invokes /usr/sbin/mib2agt

/sbin/rc invokes /sbin/rc2.d/s565SnmpHpunix

/sbin/rc2.d/s565SnmpHpunix invokes /sbin/init.d/SnmpHpunix
/sbin/init.d/SnmpHpunix invokes /usr/sbin/hp_unixagt

/sbin/rc invokes /sbin/rc2.d/s565SnmpIpv6

/sbin/rc2.d/s565SnmpIpv6 invokes /sbin/init.d/SnmpIpv6
/sbin/init.d/SnmpIpv6 invokes /usr/sbin/ipv6agt

/sbin/rc invokes /sbin/rc2.d/s565SnmpTrpDst

/sbin/rc2.d/s565SnmpTrpDst invokes /sbin/init.d/SnmpTrpDst
sbin/init.d/SnmpTrpDst invokes /usr/sbin/trapdestagt

Manual Startup
There are two ways to start the SNMP Agent manually. The first way is to execute snmpdm and then
start each subAgent. Separate process subAgents are started by invoking the particular subAgent execut-
ables.
The second and simplest way to start the SNMP Agent manually is to execute the snmpd startup script
which will invoke the Master Agent and all subAgents who have been installed and designed to operate in
this paradigm. The snmpd script is layered upon the V.4 startup paradigm and so makes use of the com-
ponent startup scripts in /sbin/init.d and configuration scripts in /etc/rc.config.d. When
snmpd is invoked it starts /usr/sbin/snmpdm, passes all its command line arguments to it and then
executes each script (S*) found in /sbin/SnmpAgtStart.d.
Objects on which the agent supports snmpset requests:
s
• syscontact
sysName
sysLocation
ifAdminStatus
atPhysAddress
ipRouteNextHop
ipRouteType
ipRouteAge
ipNetToMediaPhysAddress
ipNetToMediaTypesysName
snmpEnableAuthTraps
ipv6Forwarding
ipv6DefaultHopLimit
ipv6IfAdminStatus
ipv6RouteValid
ipv6NetToMediaValid
ipv6TcpConnState

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 401

 snmpd(1M) snmpd(1M)

Objects that return Null values (Solaris only):

• ifInNUcastPkts
ifInDiscards
ifOutNUcastPkts
ifOutDiscards
Objects that return noSuchName errors (Solaris only):
• ifLastChange
ifInOctets
ifInUnknownProtos
ifOutOctets
• ipInReceives
ipInAddrErrors
ipForwDatagrams
ipInUnknownProtos
ipInDiscards
ipInDelivers
ipOutRequests
ipOutDiscards
ipOutNoRoutes
ipReasmTimeout
ipReasmReqds
ipReasmOKs
ipReasmFails
ipFragOKs
ipFragFails
ipFragCreates
ipAdEntReasmMaxSize
ipRouteAge
ipRoutingDiscards
• tcpActiveOpens
tcpPassiveOpens
tcpAttemptFails
tcpEstabResets
tcpInSegs
tcpOutSegs
tcpRetransSegs
tcpInErrs
tcpOutRsts
• udpInDatagrams
s udpNoPorts
udpOutDatagrams
• egp group

ERRORS
Duplicate community names may not be used in the configuration file. In the past the agent allowed a user
to have the same name used many times in the file. This typically happens when the user would set the
same name for a get and set community name. The implication being that the name could be used for gets
and sets. Due to the new Emanate agent, it would cause problems to allow this. So, now the set com-
munity names have read/write access. That is, they are both a set and get community name. When this
error occurs, the agent will still start. However, an ERROR log will be written in the logfile and you will
likely end up with undesirable results.

EXTERNAL INFLUENCES
Environment Variables
$LANG determines the language in which messages appear. If $LANG is not specified or is set to the
empty string, a default of "C" (see lang(5)) is used instead of $LANG . If any internationalization variable
contains an invalid setting, snmpdm behaves as if all internationalization variables are set to "C." See
environ(5).

402 Hewlett-Packard Company −6− HP-UX 11i Version 3: February 2007

snmpd(1M) snmpd(1M)

The environment variables specific to the master agent snmpdm are as below:

Environment Variables
SNMP_LOG_SIZE Exporting this variable to >= 1MB restricts the size of the snmp log file.
When the size grows beyond the value exported, the log file rolls over.
SR_SNMP_TEST_PORT This variable can be exported to change the default port on which snmpdm
listens.
SR_TRAP_TEST_PORT This variable can be exported to change the default port to which snmpdm
sends traps.
COLDSTART_TIMEOUT Exporting this variable to any value between 1 and 600 seconds will control
the behaviour of snmpdm in sending the coldstart trap. The trap will be
sent after the expiry of the number of seconds specified or mib2agt regis-
tering, whichever is earlier.
SR_LOG_DIR This variable can be exported to specify the directory where the log file
snmpd.log will be created.
SR_AGT_CONF_DIR This variable can be exported to specify the directory in which the
configuration file snmpd.conf is available.

International Code Set Support

Supports single-byte character code sets.

AUTHOR
snmpd was developed by HP, Massachusetts Institute of Technology and SNMP Research.
FILES
/usr/sbin/snmpd
/usr/sbin/snmpdm
/usr/sbin/mib2agt
/usr/sbin/hp_unixagt
/usr/sbin/ipv6agt
/usr/sbin/trapdestagt
/etc/SnmpAgent.d/snmpd.conf
/var/adm/snmpd.log
/var/opt/OV/share/snmp_mibs/
/sbin/SnmpAgtStart.d/
SEE ALSO
snmpd.conf(4).
RFC 1155, RFC 1157, RFC 1212, RFC 1213, RFC 1231, RFC 1398, RFC 2452 RFC 2454, RFC 2465, RFC
2466 s

HP-UX 11i Version 3: February 2007 −7− Hewlett-Packard Company 403

 softpower(1M) softpower(1M)

NAME
softpower - determine if softpower hardware is installed on the system

SYNOPSIS
/sbin/softpower
DESCRIPTION
The softpower command determines whether a software controlled power switch is installed on the sys-
tem.

RETURN VALUE
softpower returns the following values:
0 Softpower hardware detected on the system.
1 Softpower hardware was not detected on the system.
2 The command failed because it is being run on an earlier version of HP-UX that does not support
the appropriate sysconf call.

AUTHOR
softpower was developed by HP.
SEE ALSO
sysconf(2).

404 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

spray(1M) spray(1M)

NAME
spray - spray packets

SYNOPSIS
/usr/sbin/spray [-c count ] [-d delay ] [-l length ] [-t nettype ] host
DESCRIPTION
spray sends a one-way stream of packets to host using RPC, then reports how many were received by
host and what the transfer rate was. The host name can be either a name or an internet address.
spray is not useful as a networking benchmark, as it uses unreliable connectionless transports, UDP, for
example. spray can report a large number of packets dropped when the drops were caused by spray
sending packets faster than they can be buffered locally, that is, before the packets get to the network
medium.

Options
spray recognizes the following options and command-line arguments:
-c count Specify how many packets to send. The default value of count is the number of pack-
ets required to make the total stream size 100 000 bytes.
-d delay Specify how many microseconds to pause between sending each packet. The default is
0.
-l length Specify the number of bytes in the Ethernet packet that holds the RPC call message.
Since the data is encoded using XDR, and XDR only deals with 32 bit quantities, not
all values of length are possible, and spray rounds up to the nearest possible value.
When length is greater than 1514, then the RPC call can no longer be encapsulated in
one Ethernet packet. In that case, the length field no longer has a simple correspon-
dence to the Ethernet packet size. The default value of length is 86 bytes, the size of
the RPC and UDP headers.
-t nettype Specify class of transports. Defaults to netpath . See rpc(3N) for a description of
supported classes.

AUTHOR
spray was developed by Sun Microsystems, Inc.
SEE ALSO
ping(1M), sprayd(1M), rpc(3N).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 405

 sprayd(1M) sprayd(1M)

NAME
rpc.sprayd, sprayd - spray server

SYNOPSIS
/usr/lib/netsvc/spray/rpc.sprayd [-l log_file ] [-e-n]
DESCRIPTION
sprayd is an RPC server that records the packets sent by spray from another system (see spray(1M)).
sprayd daemon may be started by inetd or through the command line. The service provided by
sprayd is not useful as a networking benchmark as it uses unreliable connectionless transports, UDP, for
example. It can report a large number of packets dropped when the drops were caused by the program
sending packets faster than they can be buffered locally, that is, before the packets get to the network
medium.

Options
sprayd recognizes the following options and command-line arguments:
-l log_file Log any errors to the named log file, log_file. Errors are not logged if the -l option is
not specified.
Information logged to the file includes date and time of the error, host name, process id
and name of the function generating the error, and the error message. Note that
different services can share a single log file since enough information is included to
uniquely identify each error.
-e Exit after serving each RPC request. Using the -e option, the inetd security file
/var/adm/inetd.sec can control access to RPC services.
-n Exit only if
• portmap dies (see rpcbind(1M)),
• Another sprayd registers with portmap , or
• sprayd becomes unregistered with portmap .
The -n option is more efficient because a new process is not launched for each RPC request. -n is the
default.

AUTHOR
sprayd was developed by Sun Microsystems, Inc.
SEE ALSO
inetd(1M), rpcbind(1M), spray(1M), inetd.conf(4), inetd.sec(4), services(4).

406 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

st(1M) st(1M)

NAME
st - shared tape administration

SYNOPSIS
st -f device_file [-r] [-s]
DESCRIPTION
The st command provides users with a command-line interface to check the status of a shared tape device
or to reclaim a shared tape device from a host system that has failed while holding a reservation on the
shared tape device. The st command can also be used for the same purpose on shared library robotic dev-
ices. To use the st command you must have root user id.
Please see examples below for usage.

Options
st recognizes the following options and arguments:
-f device_file Specifies the tape device file or sctl/esctl pass-through device file for the shared tape/library
device. This parameter is mandatory and st will report an error if -f device_file is omit-
ted.
-r Allows the user to reclaim a shared tape device or shared library robotic device in the case
where a host failed while holding a reservation on the shared device. This option causes a
bus device reset to be issued to the device specified by the -f option.
-s Prints out the current status of the shared tape/library device specified by the -f option.

RETURN VALUE
st returns 0 upon successful completion and 1 otherwise.
EXAMPLES
st -f /dev/rscsi/st_device -s
The following shows three examples of output from the above command.
Device is reserved by another host
The above output indicates that the shared device is reserved by another host and is therefore unavailable
at this time.
Device not ready
The above output indicates that the shared device is not ready for use at this time.
Device is OK and available
The above output indicates that the shared device is ready for use at this time.
To reclaim a shared tape/library device from a failed host, the following command can be used: s
st -f /dev/rscsi/st_device -r
WARNINGS
The -r option must be used with care. When reclaiming devices, it must be ensured that the host from
which the device is being reclaimed has in fact failed, as data may be lost as the result of reclaiming a dev-
ice that is currently in use by another host.

AUTHOR
st was developed by Hewlett-Packard.
SEE ALSO
mt(1), scsi(7), scsi_ctl(7).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 407

 statd(1M) statd(1M)

NAME
statd, rpc.statd - network status monitor

SYNOPSIS
/usr/sbin/rpc.statd
DESCRIPTION
statd is an RPC server. It interacts with lockd to provide the crash and recovery functions for the lock-
ing services on NFS (see lockd(1M)).
statd keeps track of the clients with processes which hold locks on a server. When the server reboots
after a crash, statd sends a message to the statd on each client indicating that the server has rebooted.
The client statd processes then informs the lockd on the client that the server has rebooted. The client
lockd then attempts to reclaim the lock(s) from the server.
statd on the client host also informs the statd on the server(s) holding locks for the client when the
client has rebooted. In this case, the statd on the server informs its lockd that all locks held by the
rebooting client should be released, allowing other processes to lock those files.

Options
statd recognizes the following options and command-line arguments:
-l log_file This is an obsolete option. All messages and errors are logged to
/var/nfs/rpc.statd.log.
WARNINGS
The crash of a server is only detected upon its recovery.

FILES
/var/statmon/sm lists hosts and network addresses to be contacted after a reboot
/var/statmon/sm.bak lists hosts and network addresses that could not be contacted after last reboot
/var/statmon/state includes a number which changes during a reboot
AUTHOR
statd was developed by Sun Microsystems, Inc.
SEE ALSO
lockd(1M), fcntl(2), lockf(2), signal(2), sm(4).

408 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

strace(1M) strace(1M)

NAME
strace - write STREAMS event trace messages to standard output

SYNOPSIS
strace [ mod sub pri ] ...
DESCRIPTION
strace gets STREAMS event trace messages from STREAMS drivers and modules via the STREAMS log
driver (strlog(7) ), and writes these messages to standard output. By default, strace without argu-
ments writes all STREAMS trace messages from all drivers and modules. strace with command-line
arguments limits the trace messages received.
The arguments, which must be specified in groups of three, are:
mod Specifies the STREAMS module identification number from the streamtab entry.
sub Specifies a subidentification number (often corresponding to a minor device).
pri Specifies a tracing priority level. strace gets messages of a level equal to or less than the
value specified by pri. Only positive integer values are allowed.
The value all can be used for any argument in the strace command line to indicate that there are no
restrictions for that argument.
Multiple sets of the three arguments can be specified to obtain the messages from more than one driver or
module.
Only one strace process can open the STREAMS log driver at a time.
When strace is invoked, the log driver compares the sets of command line arguments with actual trace
messages, returning only messages that satisfy the specified criteria.
STREAMS event trace messages have the following format:
seq time tick pri ind mod sub text
Components are interpreted as follows:
seq Trace event sequence number.
time Time the message was sent expressed in hh:mm:ss.
tick Time the message was sent expressed in machine ticks since the last boot.
pri Tracing priority level as defined by the STREAMS driver or module that originates the mes-
sages.
ind Can be any combination of the following three message indicators:
E The message has also been saved in the error log.
F The message signaled a fatal error. s
N The message has also been mailed to the system administrator.
mod Module identification number of the trace message source.
sub Subidentification number of the trace message source.
text Trace message text.
strace runs until terminated by the user.
EXAMPLES
Display all trace messages received from the driver or module identified by mod 28 :
strace 28 all all
Display trace messages of any tracing priority level from the driver or module identified by mod 28 and its
minor devices identified by the sub 2, 3, or 4:
strace 28 2 all 28 3 all 28 4 all
Display the trace messages from the same driver or module and subs but limit the priority levels to 0 for
subs 2 and 3; 1 for sub 4, driver or module 28 :

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 409

 strace(1M) strace(1M)

strace 28 2 0 28 3 0 28 4 1
WARNINGS
Running strace with several sets of arguments can impair STREAMS performance, particularly for
those modules and drivers that are sending the messages.
Also be aware that strace may not be able to handle a large number of messages. If drivers and
modules return messages to strace too quickly, some may be lost.

FILES
/usr/lib/nls/msg/C/strace.cat NLS catalog for strace .

SEE ALSO
strclean(1M), strerr(1M), strlog(7).

410 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

strchg(1M) strchg(1M)

NAME
strchg, strconf - change or query stream configuration

SYNOPSIS
strchg -h module1[, module2]...
strchg -p [ -a-u module]
strchg -f file
strconf
strconf -t
strconf -m module
DESCRIPTION
The strchg and strconf commands are used to change or query the configuration of the stream associ-
ated with the user’s standard input. The strchg command pushes modules on and/or pops modules off
the stream. The strconf command queries the configuration of the stream. Only the superuser or
owner of a STREAMS device may alter the configuration of that stream.
strchg Options
The strchg command uses the following options:
-h module1[,module2] ...
strchg pushes modules onto a stream. The modules are pushable STREAMS
modules as defined by module1, module2, and so on. The modules are pushed in
order. That is, module1 is pushed first, module2 is pushed second, etc.
-p With the -p option alone, strchg pops the topmost module from the stream.
-a With the -p and -a options, all the modules above the topmost driver are popped.
-u module With the -p and -u module options, all modules above but not including module are
popped off the stream.
The -a and -u options are mutually exclusive.
-f file The user can specify a file that contains a list of modules representing the desired
configuration of the stream. Each module name must appear on a separate line where
the first name represents the topmost module and the last name represents the
module that should be closest to the driver. The strchg command will determine
the current configuration of the stream and pop and push the necessary modules in
order to end up with the desired configuration.
The -h, -f, and -p options are mutually exclusive.
strconf Options
Invoked without any arguments, strconf prints a list of all the modules in the stream as well as the top- s
most driver. The list is printed in one name per line where the first name printed is the topmost module on
the stream (if one exists) and the last item printed is the name of the driver.
The strconf command uses the following options:
-t Only the topmost module (if one exists) is printed.
-m module strconf checks if the named module is present on the stream. If so, strconf prints
the message, yes , and returns zero. If not, strconf prints the message, no , and
returns a non-zero value.
The -t and -m options are mutually exclusive.

Notes
If the user is neither the owner of the stream nor the superuser, the strchg command will fail. If the
user does not have read permissions on the stream and is not the superuser, the strconf command will
fail.
If modules are pushed in the wrong order, one could end up with a stream that does not function as
expected. For ttys, if the line discipline module is not pushed in the correct place, one could have a termi-
nal that does not respond to any commands.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 411

 strchg(1M) strchg(1M)

DIAGNOSTICS
strchg returns zero on success. It prints an error message and returns non-zero status for various error
conditions, including usage error, bad module name, too many modules to push, failure of an ioctl on the
stream, or failure to open file from the -f option.
strconf returns zero on success (for the -m or -t option, "success" means the named or topmost module
is present). It returns a non-zero status if invoked with the -m or -t option and the module is not
present. It prints an error message and returns non-zero status for various error conditions, including
usage error or failure of an ioctl on the stream.
EXAMPLES
The following command pushes the module ldterm on the stream associated with the user’s standard
input:
strchg -h ldterm
The following command pops the topmost module from the stream associated with /dev/term/24 . The
user must be the owner of this device or be superuser.
strchg -p < /dev/term/24
If the file, fileconf , contains the following:
compat
ldterm
ptem
then the command
strchg -f fileconf
will configure the user’s standard input stream so that the module ptem is pushed over the driver, followed
by ldterm and compat closest to the stream head.
The strconf command with no arguments lists the modules and topmost driver on the stream. For a
stream that only has the module ldterm pushed above the ports driver, it would produce the following
output:
ldterm
ports
The following command asks if ldterm is on the stream:
strconf -m ldterm
and produces the following output while returning an exit status of 0:
yes
FILES
s /usr/lib/nls/msg/C/strchg.cat NLS catalogs
/usr/lib/nls/msg/C/strconf.cat NLS catalogs

SEE ALSO
streamio(7).

412 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

strclean(1M) strclean(1M)

NAME
strclean - remove outdated STREAMS error log files

SYNOPSIS
strclean [-d logdir ] [-a age ]
DESCRIPTION
strclean cleans the STREAMS error logger directory of log files (error. mm-dd) that contain error
messages sent by the STREAMS log driver, strlog(7). If the -d option is not used to specify another direc-
tory, strclean removes error log files in the /var/adm/streams directory. If the -a option is not
used to specify another age, strclean removes error log files that have not been modified in three days.

Options
strclean recognizes the following options and command-line arguments:
-d logdir Specifies a directory for the location of the STREAMS error log files to be removed if this is
not the default directory /var/adm/streams.
-a age Specifies a maximum age in days for the STREAMS error log files if this not the default age
of 3. The value of age must be an integer greater than or less than 3.

EXAMPLES
Remove day-old error log files from a directory called /tmp/streams :
strclean -d /tmp/streams -a 1
FILES
/var/adm/streams/error.mm-dd One or more error log file or files on which
strclean operates. The mm-dd in the filename
indicates the month and day of the messages con-
tained in the file.
/usr/lib/nls/msg/C/strclean.cat NLS catalog for strclean .

SEE ALSO
strerr(1M), strlog(7).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 413

 strerr(1M) strerr(1M)

NAME
strerr - receive error messages from the STREAMS log driver

SYNOPSIS
strerr [-a sys_admin_mail_name ] [-d logdir ]
DESCRIPTION
strerr receives error messages from the STREAMS log driver (strlog(7)) for addition to the STREAMS
error log files (error. mm-dd) in the STREAMS error logger directory (/var/adm/streams by
default). When first called, strerr creates the log file error. mm-dd. This is a daily log file, where
mm indicates the month and dd indicates the day of the logged messages. strerr then appends error
messages to the log file as they are received from the STREAMS log driver.
STREAMS error log messages have the following format:
seq time tick pri ind mod sub text
Components are interpreted as follows:
seq Error event sequence number.
time Time the message was sent expressed in hh:mm:ss.
tick Time the message was sent expressed in machine ticks since the last boot.
pri Error priority level as defined by the STREAMS driver or module that originates the messages.
ind Can be any combination of the following three message indicators:
T The message has also been saved in the trace log.
F The message signaled a fatal error.
N The message has also been mailed to the system administrator.
mod Module identification number of the error message source.
sub Subidentification number of the error message source.
text Error message text.
strerr runs continuously until terminated by the user.
Options
strerr recognizes the following options and command-line arguments:
-a sys_admin_mail_name Specify the user’s mail name for sending mail messages. Mail is sent to the
system administrator by default.
-d logdir Specify the directory to contain the error log file. Default is
s /var/adm/streams.
WARNINGS
Only one strerr process can open the STREAMS log driver at a time. This restriction is intended to
maximize performance.
The STREAMS error logging mechanism works best when it is not overused. strerr can degrade
STREAMS performance by affecting the response, throughput, and other behaviors of the drivers and
modules that invoke it. strerr also fails to capture messages if drivers and modules generate messages
at a higher rate than its optimum read rate. If there are missing sequence numbers among the messages
in a log file, messages have been lost.

FILES
/usr/lib/nls/msg/C/strerr.cat NLS catalog for strerr .
/var/adm/streams/error.mm-dd error log file or files on which strerr operates

SEE ALSO
strace(1M), strlog(7).

414 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

strvf(1M) strvf(1M)

NAME
strvf - STREAMS verification tool

SYNOPSIS
strvf [-v]
DESCRIPTION
strvf executes a series of subcommands that verify whether or not STREAMS is currently installed and
configured on your system. All output is sent to stdout . Verbose output is always sent to the logfile
/var/adm/streams/strvf.log.
These subcommands make sure that the STREAMS kernel daemons are running and that open() ,
putmsg() , getmsg() , ioctl() , and close() can be performed on /dev/echo .
Options
-v Specifies verbose output to be displayed

EXAMPLES
strvf Verify STREAMS is working. Brief summary of status is displayed on screen. Verbose
description of each subcommand and its status is copied to the logfile.
strvf -v Verify STREAMS is working. Verbose description of each subcommand and its status
is displayed on the screen and copied to the logfile. This option is useful in troub-
leshooting strvf failures.

FILES
/var/adm/streams/strvf.log Logfile containing a verbose description and status of all sub-
commands.
/dev/echo Loopback STREAMS driver used by strvf .

SEE ALSO
open(2), close(2), getmsg(2), putmsg(2), streamio(7).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 415

 swacl(1M) swacl(1M)

NAME
swacl - view or modify the Access Control Lists (ACLs) which protect software products

SYNOPSIS
swacl -l level [-D acl_entry | -F acl_file | -M acl_entry ] [-f software_file ] [-t target_file ]
[-x option=value ] [-X option_file ] [software_selections] [@ target_selections]

Remarks
• This command supports operations on remote systems. See the Remote Operation section below
for details.
• Type man 5 sd to display sd(5) for an overview of all SD commands.

DESCRIPTION
The swacl command displays or modifies the Access Control Lists (ACLs) which:
• Protect the specified target_selections (hosts, software depots or root filesystems).
• Protect the specified software_selections on each of the specified target_selections (software depots
only).
All root filesystems, software depots, and products in software depots are protected by ACLs. The SD com-
mands permit or prevent specific operations based on whether the ACLs on these objects permit the opera-
tion. The swacl command is used to view, edit, and manage these ACLs. The ACL must exist and the
user must have the appropriate permission (granted by the ACL itself) in order to modify it.
ACLs offer a greater degree of selectivity than standard file permissions. ACLs allow an object’s owner (i.e.
the user who created the object) or the local superuser to define specific read, write, or modify permissions
to a specific list of users, groups, or combinations thereof.
Some operations allowed by ACLs are run as local superuser. Because files are loaded and scripts are run
as superuser, granting a user write permission on a root filesystem or insert permission on a host
effectively gives that user superuser privileges.

Protected Objects
The following objects are protected by ACLs:
• Each host system on which software is being managed by SD,
• Each root filesystem on a host (including alternate roots),
• Each software depot on a host,
• Each software product contained within a depot.

Remote Operation
You can enable SD to manage software on remote systems. To let the root user from a central SD con-
s troller (also called the central management server or manager node) perform operations on a remote target
(also called the host or agent):
1) Set up the root, host, and template Access Control Lists (ACLs) on the remote machines to permit
root access from the controller system. To do this, run the following command on each remote system:
/usr/lib/sw/mx/setaccess controller
NOTES:
• controller is the name of the central management server.
• If remote system is 11.00, make sure SD patch PHCO_22526 or a superseding patch is installed on
remote system before running setaccess .
• If remote system is older than 11.00 or for some other reason does not have setaccess in place,
copy setaccess script from an 11.11 or higher system to the remote system.
2) swinstall , swcopy , and swremove have enhanced GUI interfaces for remote operations.
Enable the enhanced GUIs by creating the .sdkey file on the controller. Use this command:
touch /var/adm/sw/.sdkey
See sd(5), swinstall(1M), swcopy(1M), swjob(1M), swlist(1M) or swremove (1M) for more information
on interactive operations.

416 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

swacl(1M) swacl(1M)

NOTE: You can also set up remote access by using swacl directly on the remote machines to grant root
or non-root access to users from the controller system.

Options
If the -D, -F, or -M option is not specified, swacl prints the requested ACL(s) to the standard output.
The swacl command supports the following options:
-D acl_entry Deletes an existing entry from the ACL associated with the specified object(s). For
this option, the permission field of the ACL entry is not required. You can specify
multiple -D options. See the ACL Entries heading for more information.
-f software_file
Read the list of software_selections from software_file instead of (or in addition to) the
command line.
-F acl_file Assigns the ACL contained in acl_file to the object. All existing entries are removed
and replaced by the entries in the file. Only the ACL’s entries are replaced; none of
the information contained in the comment portion (lines with the prefix #) of an ACL
listing is modified with this option. The acl_file is usually the edited output of a
swacl list operation.
If the replacement ACL contains no syntax errors and the user has control permis-
sion on the ACL (or is the local superuser), the replacement succeeds.
-l level Defines which level of SD ACLs to view/modify.
The supported levels of depot, host, root, and product objects that can be protected
are:
depot View/modify the ACL protecting the software depot(s) identified by the
target_selections.
host View/modify the ACL protecting the host system(s) identified by the
target_selections.
root View/modify the ACL protecting the root filesystem(s) identified by the
target_selections.
product View/modify the ACL protecting the software product identified by the
software_selection. Applies only to products in depots, not installed pro-
ducts in roots.
The supported levels of templates are:
global_soc_template
View/modify the template ACL used to initialize the ACL(s) of future software
depot(s) or root filesystem(s) added to the host(s) identified by the
target_selections. Additionally, swacl can create templates that you can re-use
to create new ACLs.
s
global_product_template
View/modify the template ACL used to initialize the product_template
ACL(s) of future software depot(s) added to the host(s) identified by the
target_selections.
product_template
View/modify the template ACL used to initialize the ACL(s) of future product(s)
added to the software depot(s) identified by the target_selections.
-M acl_entry Adds a new ACL entry or changes the permissions of an existing entry. You can
specify multiple -M options. See the ACL Entries heading for more information.
-t target_file Read the list of target_selections from file instead of (or in addition to) the command
line.
-x option=value
Set the session option to value and override the default value (or a value in an alter-
nate option_file specified with the -X option). You can specify multiple -x options.
-X option_file Read the session options and behaviors from option_file.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 417

 swacl(1M) swacl(1M)

You can specify only one of the -D, -F , or -M options at each invocation of swacl .

Operands
Most SD commands support two types of operands: software selections followed by target selections. These
operands are separated by the "at" (@) character. This syntax implies that the command operates on
"software selections at targets".

Software Selections
The swacl command supports the following syntax for each software_selection:
product[,version ]
• The = (equals) relational operator lets you specify selections with the following shell wildcard and
pattern-matching notations:
[ ], *, ?
• The \* software specification selects all products in the depot when used with -l product.
The version component usually has the following form:
[,r <op> revision][,a <op> arch][,v <op> vendor]
[,c <op> category ]
• The <op> (relational operator) component can take the form:
=, ==, >=, <=, <, >, or !=
which performs individual comparisons on dot-separated fields.
For example, r>=B.10.00 chooses all revisions greater than or equal to B.10.00 . The system
compares each dot-separated field to find matches. Shell patterns are not allowed with these
operators.
• The = (equals) relational operator lets you specify selections with the shell wildcard and pattern-
matching notations:
[ ], *, ?, !
For example, the expression r=1[01].* returns any revision in version 10 or version 11.
• All version components are repeatable within a single specification (e.g. r>=A.12 , r<A.20 ). If
multiple components are used, the selection must match all components.
• Fully qualified software specs include the r= , a= , and v= version components even if they contain
empty strings.
• No space or tab characters are allowed in a software selection.
• The software instance_id can take the place of the version component. It has the form:
s [instance_id]
within the context of an exported catalog, where instance_id is an integer that distinguishes ver-
sions of products and bundles with the same tag.

Target Selections
The SD commands support this syntax for each target_selection.
[host ][:][/directory ]
The colon (:) is required if both a host and directory are specified.

EXTERNAL INFLUENCES
Default Options
In addition to the standard options, you can change SD behaviors and policy options by editing the default
values found in:
/var/adm/sw/defaults the system-wide default values,
$HOME/.swdefaults the user-specific default values.
You must use the following syntax to specify values in the defaults file:

418 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

swacl(1M) swacl(1M)

[command_name.]option=value
The optional command_name prefix denotes one of the SD commands. Using the prefix limits the change
in the default value to that command. If you leave the prefix off, the change applies to all commands.
You can also override default values from the command line with the -x or -X options:
command -x option =value
command -X option_file
The following section lists all of the keywords supported by the swacl command. If a default value exists,
it is listed after the =.
admin_directory=/var/adm/sw (for normal mode)
admin_directory=/var/home/LOGNAME/sw (for nonprivileged mode)
The location for SD logfiles and the default parent directory for the installed software cata-
log. The default value is /var/adm/sw for normal SD operations. When SD operates in
nonprivileged mode (that is, when the run_as_superuser default option is set to
true ):
• The default value is forced to /var/home/LOGNAME/sw
• The path element LOGNAME is replaced with the name of the invoking user, which SD
reads from the system password file.
• If you set the value of this option to HOME/ path, SD replaces HOME with the invoking
user’s home directory (from the system password file) and resolves path relative to that
directory. For example, HOME/my_admin resolves to the my_admin directory in
your home directory.
• If you set the value of the installed_software_catalog default option to a
relative path, that path is resolved relative to the value of this option.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. You cannot use this mode to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the installed_software_catalog and run_as_superuser options.
distribution_target_directory=/var/spool/sw
Defines the default location of the target depot.
installed_software_catalog=products
Defines the directory path where the Installed Products Database (IPD) is stored. This
information describes installed software. When set to an absolute path, this option defines
the location of the IPD. When this option contains a relative path, the SD controller
appends the value to the value specified by the admin_directory option to determine
the path to the IPD. For alternate roots, this path is resolved relative to the location of the s
alternate root. This option does not affect where software is installed, only the IPD loca-
tion.
This option permits the simultaneous installation and removal of multiple software applica-
tions by multiple users or multiple processes, with each application or group of applications
using a different IPD.
Caution: use a specific installed_software_catalog to manage a specific application. SD does
not support multiple descriptions of the same application in multiple IPDs.
See also the admin_directory and run_as_superuser options, which control
SD’s nonprivileged mode. (This mode is intended only for managing applications that are
specially designed and packaged. You cannot use this mode to manage the HP-UX operat-
ing system or patches to it. For a full explanation of nonprivileged SD, see the Software
Distributor Administration Guide, available at the http://docs.hp.com web site.)
level= Defines the level of SD ACLS to view/modify. The supported levels are: host , depot ,
root , product , product_template, global_soc_template, or
global_product_template.
See the discussion of the -l option above for more information.

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 419

 swacl(1M) swacl(1M)

rpc_binding_info=ncacn_ip_tcp:[2121] ncadg_ip_udp:[2121]
Defines the protocol sequence(s) and endpoint(s) on which the daemon listens and which the
other commands use to contact the daemon. If the connection fails for one protocol
sequence, the next is attempted. SD supports both the tcp (ncacn_ip_tcp:[2121])
and udp (ncadg_ip_udp:[2121]) protocol sequence on most platforms.
rpc_timeout=5
Relative length of the communications timeout. This is a value in the range from 0 to 9 and
is interpreted by the DCE RPC. Higher values mean longer times; you may need a higher
value for a slow or busy network. Lower values will give faster recognition on attempts to
contact hosts that are not up, or are not running swagentd . Each value is approximately
twice as long as the preceding value. A value of 5 is about 30 seconds for the
ncadg_ip_udp protocol sequence. This option may not have any noticeable impact when
using the ncacn_ip_tcp protocol sequence.
run_as_superuser=true
This option controls SD’s nonprivileged mode. This option is ignored (treated as true) when
the invoking user is super-user.
When set to the default value of true, SD operations are performed normally, with permis-
sions for operations either granted to a local super-user or set by SD ACLs. (See swacl(1M)
for details on ACLs.)
When set to false and the invoking user is local and is not super-user, nonprivileged mode
is invoked:
• Permissions for operations are based on the user’s file system permissions.
• SD ACLs are ignored.
• Files created by SD have the uid and gid of the invoking user, and the mode of created
files is set according to the invoking user’s umask.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. You cannot use this mode to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the admin_directory and installed_software_catalog options.
select_local=true
If no target_selections are specified, select the default target_directory of the local
host as the target_selection for the command.
software=
Defines the default software_selections. There is no supplied default. If there is more than
one software selection, they must be separated by spaces.
s targets=
Defines the default target_selections. There is no supplied default (see select_local
above). If there is more than one target selection, they must be separated by spaces.
verbose=1
Controls the verbosity of the output (stdout). A value of:
0 disables output to stdout. (Error and warning messages are always written to stderr).
1 enables verbose messaging to stdout.
Environment Variables
SD programs are affected by external environment variables, set environment variables for use by the con-
trol scripts, and use other environment variables that affect command behavior.
The external environment variable that affects the swacl command is:
LANG Determines the language in which messages are displayed. If LANG is not specified or
is set to the empty string, a default value of C is used. See the lang(5) man page by
typing man 5 lang for more information.
Note: The language in which the SD agent and daemon log messages are displayed is set
by the system configuration variable script, /etc/rc.config.d/LANG. For exam-
ple, /etc/rc.config.d/LANG, must be set to LANG=ja_JP.SJIS or

420 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

swacl(1M) swacl(1M)

LANG=ja_JP.eucJP to make the agent and daemon log messages display in

Japanese.
LC_ALL Determines the locale used to override any values for locale categories specified by the
settings of LANG or any environment variables beginning with LC_ .
LC_CTYPE Determines the interpretation of sequences of bytes of text data as characters (e.g.,
single-versus multibyte characters in values for vendor-defined attributes).
LC_MESSAGES
Determines the language in which messages are written.
LC_TIME Determines the format of dates (create_date and mod_date) when displayed by swlist .
Used by all utilities when displaying dates and times in stdout , stderr , and log-
ging .
TZ Determines the time zone for use when displaying dates and times.

OPERATION
ACL Entries
Each entry in an ACL has the following form:
entry_type [:key]:permissions
For example: user:steve@newdist:crwit
An ACL can contain multiple entries. See the Entry Types and Permissions headings below for
more information.

Entry Types
The following entry_types are supported:
any_other Permissions for all other users and hosts that do not match a more specific entry in
the ACL. (Example: any_other:-r--t.)
group Permissions for a named group. This type of ACL entry must include a key that
identifies that group. The format can be: group: group_name :permissions or
group: group_name @hostname :permissions. (Example: group:adm:crwit.)
host Permissions for an SD agent from the specified host system. SD agents require pro-
duct level read access via either a host , other , or any_other entry type in order
to copy or install products from depots. This type of ACL entry must include a key
containing a hostname or number (in Internet dot notation) of a system or the asterisk
character (*) to denote all systems. (Example: host:[email protected]:-
r--t .)
object_owner
Permissions for the object’s owner, whose identity is listed in the comment header.
(Example: object_owner:crwit.) s
object_group
Permissions for members of the object’s group, whose identity is listed in the comment
header. (Example: object_group:crwit.)
other Permissions for others who are not otherwise named by a more specific entry type.
The format for other can be: other: permissions for others on the local host (only
one such entry allowed) or other:@ hostname :permissions for others at remote
hosts (Only one such entry per remote host allowed). (Example:
other:@newdist:-r--t.)
user Permissions for a named user. This type of ACL entry must include a key that
identifies that user. The format for user can be: user: user_name :permissions or
user: user_name@hostname :permissions. (Example: user:rml:crwit.)
Permissions
Permissions are represented as the single character abbreviations indicated below. Some permissions
either apply only to, or have different meaning for, certain types of objects, as detailed below. The follow-
ing permissions may be granted:

HP-UX 11i Version 3: February 2007 −6− Hewlett-Packard Company 421

 swacl(1M) swacl(1M)

r ead Grants permission to read the object. On host , depot , or root objects, read permis-
sion allows swlist operations. On products within depots, read permission allows pro-
duct files to be installed or copied with swinstall or swcopy .
w rite Grants permission to modify the object itself.
• On a root object (e.g. installed root filesystem), this also grants permission to modify
the products installed (contained) within it.
• On a depot object, it does not grant permission to modify the products contained
within it. Write access on products is required to modify products in a depot.
• On a host container, write permission grants permission to unregister depots. It
does not grant permission to modify the depots or roots contained within it.
i nsert On a host object, grants permission to create (insert) a new software depot or root
filesystem object, and to register roots and depots. On a depot object, grants permis-
sion to create (insert) a new product object into the depot .
c ontrol Grants permission to modify the ACL using swacl .
t est Grants permission to perform access checks and to list the ACL.
a ll A wildcard which grants all of the above permissions. It is expanded by swacl to
crwit .
List Output Format
The output of a list operation is in the following format:
# swacl Object_type Access Control List
#
# For depot|host:[host]:[/directory]
#
# Date: date_stamp
#
# Object Ownership: User= user_name
# Group= group_name
# Realm= host_name
#
# default_realm = host_name
entry_type :[key:]permissions
entry_type :[key:]permissions
entry_type :[key:]permissions
You can save this output into a file, modified it, then use it as input to a swacl modify operation (see the
-F option above).
s Object Ownership
An owner is also associated with every SD object, as defined by the user name, group and hostname. The
owner is the user who created the object. When using swacl to view an ACL, the owner is printed as a
comment in the header.

Default Realm
An ACL defines a default realm for an object. The realm is currently defined as the name of the host sys-
tem on which the object resides. When using swacl to view an ACL, the default realm is printed as a
comment in the header.

Keys
Expressions (patterns) are not permitted in keys.
A key is required for user , group and host entry types. A key is optional for other entry types, and
specifies the hostname to which the entry applies. Only one other entry type may exist without a key,
and this entry applies to users at the default realm (host) of the ACL.
A hostname in a key is listed in its Internet address format (dot notation) if swacl cannot resolve the
address using the local lookup mechanism (DNS, NIS, or /etc/hosts). A hostname within an ACL entry
must be resolvable when used with the -D and -M options. Unresolvable hostname values are accepted in
files provided with the -F option.

422 Hewlett-Packard Company −7− HP-UX 11i Version 3: February 2007

swacl(1M) swacl(1M)

RETURN VALUE
The swacl command returns:
0 The software_selections and/or target_selections were successfully displayed or modified.
1 The display/modify operation failed on all target_selections.
2 The modify/modify operation failed on some target_selections.

DIAGNOSTICS
The swacl command writes to stdout, stderr, and to the daemon logfile.

Standard Output
The swacl command prints ACL information to stdout when the user requests an ACL listing.

Standard Error
The swacl command writes messages for all WARNING and ERROR conditions to stderr. A report that
the software_selections do not exist is also given if the user has no access permissions to the object.

Logging
The swacl command does not log summary events. It logs events about each ACL which is modified to
the swagentd logfile associated with each target_selection.

swagentd Disabled
If the swagentd daemon has been disabled on the host, it can be enabled by the host’s system administra-
tor by setting the SW_ENABLE_SWAGENTD entry in /etc/rc.config.d/swconfig to 1 and exe-
cuting /usr/sbin/swagentd -r .

EXAMPLES
To list the ACLs for the C and OPENVIEW products in depot /var/spool/swtest:
swacl -l product C OPENVIEW @ /var/spool/swtest
The ACL listed to the standard output is similar to this example ACL:
#
# swacl Product Access Control Lists
#
# For depot: newdist:/var/spool/swtest
#
# Date: Wed May 26 11:14:31 2000
#
#
# For product: OPENVIEW,r=3.2
#
#
# Object Ownership: User= robason s
# Group= swadm
# Realm= newdist.fc.hp.com
#
# default_realm=newdist.fc.hp.com
object_owner:crwit
group:swadm:crwit
any_other:-r--t
#
# For product: C,r=9.4
#
#
# Object Ownership: User= robason
# Group= swadm
# Realm= newdist.fc.hp.com
#
# default_realm=newdist.fc.hp.com
object_owner:crwit
user:[email protected]:-r--t
user:barb:-r--t
HP-UX 11i Version 3: February 2007 −8− Hewlett-Packard Company 423
 swacl(1M) swacl(1M)

user:ramon:-r--t
group:swadm:crwit
other:-r--t
host:lehi.fc.hp.com:-r--t
To list the product template ACL on host newdist :
swacl -l global_product_template @ newdist
To list the host ACL on the local system:
swacl -l host
To read, edit, then replace the ACL protecting the default depot /var/spool/sw:
swacl -l depot > new_acl_file
vi new_acl_file
swacl -l depot -F new_acl_file
To allow user allen to create, register, and manage all new depots and roots on the local system:
swacl -l host -M user:allen:a
swacl -l global_soc_template -M user:allen:a
swacl -l global_product_template -M user:allen:a
To allow user allen to fully manage my_depot , which already exists:
swacl -l depot -M user:allen:a @ /my_depot
swacl -l product_template -M user:allen:a @ /my_depot
swacl -l product -M user:allen:a \* @ /my_depot
To deny general access to a depot:
swacl -l depot -M any_other:- @ /restricted_depot
swacl -l product -M any_other:- \* @ /restricted_depot
swacl -l product_template -M any_other:- @ /restricted_depot
To allow user allen on host gemini access to restricted_depot and all products it currently
contains:
swacl -l depot -M host:*:rt @ /restricted_depot
swacl -l depot -M user:allen@gemini:rt @ /restricted_depot
swacl -l product -M user:allen@gemini:rt \* @ /restricted_depot
To revoke previously granted ACL permission for user allen on host gemini to access the WDB pro-
duct in the default depot on lehi :
swacl -l product -D user:allen@gemini WDB @ lehi
To deny access to the default depot on the local system from host numenal :
s swacl -l depot -M host:numenal:-
To deny access to the OPENVIEW product in the default depot on host lehi to all users who do not have
an explicit ACL entry:
swacl -l product -M any_other:t OPENVIEW @ lehi
To allow user george on host newdist access to the OPENVIEW product in the default depot on host
lehi , you must specify both a user ACL for george and a host ACL for newdist :
swacl -l product -M user:george@newdist:rt OPENVIEW @ lehi
swacl -l product -M host:newdist:rt OPENVIEW @ lehi
To revoke a user ACL for user allen on host gemini that allowed access to the OPENVIEW product in
the default depot on host lehi :
swacl -l product -D user:allen@gemini OPENVIEW @ lehi
To revoke any previously issued access to the OPENVIEW product in the default depot on host lehi by
users on host numenal :
swacl -l product -D host:numenal OPENVIEW @ lehi
To deny all access to the users steve and george for the depot /var/spool/sw at host newdist :

424 Hewlett-Packard Company −9− HP-UX 11i Version 3: February 2007

swacl(1M) swacl(1M)

swacl -l depot -M user:steve:- -M user:george:- \

@ newdist:/var/spool/sw
To delete entries for local user rick from all products in the default local depot:
swacl -l product -D user:rick \*
WARNINGS
• You can edit an ACL in such a way that it will leave a system inaccessible. Do not remove all control
permissions on an ACL. (Note, however, that the local super-user can always edit SD ACLs, regardless
of permissions.)
• ACLs can grant the equivalent of local superuser permission. SD loads and runs files and scripts as
superuser. Therefore, if an SD ACL gives a user write permission on a root filesystem or insert permis-
sion on a host, that user has the equivalent of superuser privileges.
• Note that swacl is not a general purpose ACL editor. It works only on ACLs protecting SD objects.

FILES
$HOME/.swdefaults
Contains the user-specific default values for some or all SD options.
/usr/lib/sw/sys.defaults
Contains the master list of current SD options (with their default values).
/var/adm/sw/
The directory which contains all of the configurable (and non-configurable) data for SD. This directory
is also the default location of logfiles.
/var/adm/sw/defaults
Contains the active system-wide default values for some or all SD options.
/var/adm/sw/products/
The Installed Products Database (IPD), a catalog of all products installed on a system.
/var/adm/sw/security/
The directory which contains ACLs for the system itself, template ACLS, and the secrets file used to
authenticate remote requests.
/var/spool/sw/
The default location of a source and target software depot.

AUTHOR
swacl was developed by the Hewlett-Packard Company.
SEE ALSO
install-sd(1M). swagentd(1M), swask(1M), swconfig(1M), swcopy(1M), swinstall(1M), swjob(1M), swlist(1M),
swmodify(1M), swpackage(1M), swreg(1M), swremove(1M), swverify(1M), sd(4), swpackage(4), sd(5). s
Software Distributor Administration Guide, available at http://docs.hp.com.
SD customer web site at http://docs.hp.com/en/SD/.

HP-UX 11i Version 3: February 2007 − 10 − Hewlett-Packard Company 425

 swagentd(1M) swagentd(1M)

NAME
swagent, swagentd - serve local or remote SD software management tasks; daemon that invokes swagent

SYNOPSIS
swagent executed by swagentd only.
swagentd [-k] [-n] [-r] [-x option=value ] [-X option_file ]

Remarks
• This command supports operation on remote systems. See Remote Operation below.
• For an overview of all SD commands, see the sd(5) man page by typing man 5 sd on the command
line.

DESCRIPTION
The roles of UNIX target and source systems require two processes known as the daemon and agent .
For most purposes, the distinction between these two processes is invisible to the user and they can be
viewed as a single process.
Each SD command interacts with the daemon and agent to perform its requested tasks.
The swagentd daemon process must be scheduled before a UNIX system is available as a target or source
system. This can be done either manually or in the system start-up script. The swagent agent process is
executed by swagentd to perform specific software management tasks. The swagent agent is never
invoked by the user.

Remote Operation
You can enable SD to manage software on remote systems. To let the root user from a central SD con-
troller (also called the central management server or manager node) perform operations on a remote target
(also called the host or agent):
1) Set up the root, host, and template Access Control Lists (ACLs) on the remote machines to permit
root access from the controller system. To do this, run the following command on each remote system:
/usr/lib/sw/mx/setaccess controller
NOTES:
• controller is the name of the central management server.
• If remote system is 11.00, make sure SD patch PHCO_22526 or a superseding patch is installed
on remote system before running setaccess .
• If remote system is older than 11.00 or for some other reason does not have setaccess in
place, copy setaccess script from an 11.11 or higher system to the remote system.
2) swinstall , swcopy , and swremove have enhanced GUI interfaces for remote operations.
s Enable the enhanced GUIs by creating the .sdkey file on the controller. Use this command:
touch /var/adm/sw/.sdkey
See sd(5), swinstall(1M), swcopy(1M), swjob(1M), swlist(1M) or swremove (1M) for more information
on interactive operations.
NOTE: You can also set up remote access by using swacl directly on the remote machines to grant root or
non-root access to users from the controller system.

Disable and Enable

The swagentd daemon can be disabled by the system administrator by setting the
SW_ENABLE_SWAGENTD entry in /etc/rc.config.d/swconfig to 0 and executing
/usr/sbin/swagentd -k .
The swagentd daemon can be enabled by the system administrator by setting the
SW_ENABLE_SWAGENTD entry in /etc/rc.config.d/swconfig to 1 and executing
/usr/sbin/swagentd -r .
Options
The swagentd command supports the following options to control its behavior. (These options do not
apply to swagent , which you cannot start from the command line.)

426 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

swagentd(1M) swagentd(1M)

-k The kill option stops the currently running daemon. Stopping the daemon will not
stop any agent processes currently performing management tasks (such as installing
or removing software), but will cause any subsequent management requests to this
host to be refused. This option is equivalent to sending a SIGTERM to the daemon
that is running.
-n The no fork option runs the daemon as a synchronous process rather than the default
behavior of forking to run it asynchronously. This is intended for running the daemon
from other utilities that schedule processes, such as init .
-r The restart option stops the currently running daemon and restarts a new daemon.
Because the swagentd daemon processes options only at startup, you must restart
the daemon after you have modified any daemon options. Otherwise, the modified
options have no effect.
-x option=value
Set the option to value and override the default value (or a value in an option_file
specified with the -X option). Multiple -x options can be specified.
-X option_file Read the session options and behaviors from options_file.
EXTERNAL INFLUENCES
Default Options
In addition to the standard options, you can change SD behaviors and policy options by editing the system-
wide default values found in the /var/adm/sw/defaults file. (Note that the user-specific default
values in $HOME/.swdefaults do not apply to the agent or daemon.)
To specify values in the defaults file, you must use the following:
[command_name.]option=value
The optional command_name prefix denotes one of the SD commands. Using the prefix limits the value
change to that command. If you leave the prefix off, the change applies to all commands that use the
option.
You can also override swagentd default values from the command line with the -x or -X options:
command -x option =value
command -X option_file
NOTE: the only way to change default values for the agent is to modify the system-wide defaults file. You
cannot change agent defaults from the command line.
The following section lists all of the keywords supported by the swagentd command. If a default value
exists, it is listed after the =.

Daemon Options
These options apply only to the daemon, swagentd . After changing daemon options, you must restart the s
daemon for these options to take effect (see the -r command-line option above).
agent=/usr/lbin/swagent
The location of the agent program invoked by the daemon.
logfile=/var/adm/sw/swagentd.log
This is the default log file for the swagentd daemon.
max_agents=-1
The maximum number of agents that are permitted to run simultaneously. The value of -1
means that there is no limit.
minimum_job_polling_interval=1
Defines in minutes how often the daemon wakes up to scan the job queue to determine if
any scheduled jobs must be started. When set to 0, no scheduled jobs will be initiated.
rpc_binding_info=ncacn_ip_tcp:[2121] ncadg_ip_udp:[2121]
Defines the protocol sequence(s) and endpoint(s) on which the daemon listens and which the
other commands use to contact the daemon. If the connection fails for one protocol
sequence, the next is attempted. SD supports both the tcp (ncacn_ip_tcp:[2121])
and udp (ncadg_ip_udp:[2121]) protocol sequence on most platforms.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 427

 swagentd(1M) swagentd(1M)

Agent Options
These options apply only to the agent, swagent . You cannot set these options directly from the command
line. To set agent options, you must edit the system-wide defaults file. See the Default Options
heading above for instructions.
alternate_source=
If the swinstall or swcopy controller has set use_alternate_source=true,
the target agent will consult and use the configured value of its own
alternate_source option to determine the source that it will use in the install or
copy.
The agent’s value for alternate_source is specified using the host:path syntax.
If the host portion is not specified, the local host is used. If the path portion is not
specified, the path sent by the command is used. If there is no configured value at all for
alternate_source, the agent will apply the controller-supplied path to its own local
host.
compress_cmd=/usr/contrib/bin/gzip
Defines the command called by the source agent to compress files before transmission. If
the compression_type is set to other than gzip or compress , this path must be
changed.
compression_type=gzip
Defines the default compression_type used by the agent when it compresses files
during or after transmission. If uncompress_files is set to false, the
compression_type is recorded for each file compressed so that the correct uncompres-
sion can later be applied during a swinstall , or a swcopy with
uncompress_files set to true. The compress_cmd specified must produce files
with the compression_type specified. The uncompress_cmd must be able to pro-
cess files of the compression_type specified unless the format is gzip , which is
uncompressed by the internal uncompressor (funzip ). The only supported compression
types are compress and gzip .
config_cleanup_cmd=/usr/lbin/sw/config_clean
Defines the script called by the agent to perform release-specific configure cleanup steps.
Please Note: Transition links do not exist on 11.31 and newer releases so there are no
configure cleanup steps to perform therefore the config_cleanup_cmd is never exe-
cuted for these releases.
install_cleanup_cmd=/usr/lbin/sw/install_clean
Defines the script called by the agent to perform release-specific install cleanup steps
immediately after the last postinstall script has been run. For an OS update, this script
should at least remove commands that were saved by the install_setup script. This
script is executed after all filesets have been installed, just before the reboot to the new
s operating system.
Please Note: Transition links do not exist on 11.31 and newer releases so there are no
install cleanup steps to perform; therefore, the install_cleanup_cmd is never exe-
cuted for these releases.
install_setup_cmd=/usr/lbin/sw/install_setup
Defines the script called by the agent to perform release-specific install preparation. For an
OS update, this script should at least copy commands needed for the checkinstall, prein-
stall, and postinstall scripts to a path where they can be accessed while the real commands
are being updated. This script is executed before any kernel filesets are loaded.
Please Note: Transition links do not exist on 11.31 and newer releases so there are no
install setup steps to perform; therefore, the install_setup_cmd is never executed for
these releases.
kernel_build_cmd=/usr/sbin/mk_kernel
Defines the script called by the agent for kernel building after kernel filesets have been
loaded.
kernel_path=/stand/vmunix
Defines the path to the system’s bootable kernel. This path is passed to the
kernel_build_cmd via the SW_KERNEL_PATH environment variable.
428 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007
swagentd(1M) swagentd(1M)

mount_cmd=/sbin/mount
Defines the command called by the agent to mount all file systems.
reboot_cmd=/sbin/reboot
Defines the command called by the agent to reboot the system after all filesets have been
loaded, if any of the filesets required reboot.
remove_setup_cmd=/usr/lbin/sw/remove_setup
Defines the script called by the agent to perform release-specific remove preparation. For
an OS update, this script will invoke the tlink command when a fileset is removed.
Please Note: Transition links do not exist on 11.31 and newer releases so there are no
remove preparation steps to perform; therefore, the remove_setup_cmd is never exe-
cuted for these releases.
rpc_binding_info_alt_source=ncadg_ip_udp:[2121]
Defines the protocol sequence(s) and endpoint(s) used when the agent attempts to contact
an alternate source depot specified by the alternate_source option. SD supports
both the udp (ncadg_ip_udp:[2121]) and tcp (ncacn_ip_tcp:[2121]) protocol
sequence/endpoint.
source_depot_audit=true
If both source and target machine are updated to SD revision B.11.00 or later, the system
administrator at the source depot machine can set this option to track which user pulls
which software from a depot on the source machine and when the software is pulled. (A
user running swinstall/swcopy from a target machine cannot set this option; only the
administrator of the source depot machine can set it.)
When swagent.source_depot_audit is set to true , a swaudit.log file is
created on the source depot (for writable directory depots) or in /var/tmp (for tar images,
CD-ROMs, or other nonwritable depots).
Users can invoke the swlist interactive user interface (using swlist -i -d) to view,
print, or save the audit information on a remote or local depot. Users can view audit infor-
mation based on language preference, as long as the system has the corresponding SD mes-
sage catalog files on it. For example, a user can view the source audit information in
Japanese during one invocation of swlist , then view the same information in English at
the next invocation.
system_file_path=/stand/system
Defines the path to the kernel’s template file. This path is passed to the
system_prep_cmd via the SW_SYSTEM_FILE_PATH environment variable.
system_prep_cmd=/usr/lbin/sysadm/system_prep
Defines the kernel build preparation script called by the agent. This script must do any
necessary preparation so that control scripts can correctly configure the kernel about to be
built. This script is called before any kernel filesets have been loaded. s
uncompress_cmd=
Defines the command called by the target agent to uncompress files after transmission.
This command processes files which were stored on the media in a compressed format. If
the compression_type stored with the file is gzip , the internal uncompression (funzip ) is
used instead of the external uncompress_cmd. The default value for HP-UX is
undefined.

Session File
swagentd and swagent do not use a session file.
Environment Variables
The environment variables that affect the swagentd and swagent commands are:
LANG Determines the language in which messages are displayed. If LANG is not specified or
is set to the empty string, a default value of C is used. See the lang(5) man page by
typing man 5 sd for more information.
Note: The language in which the SD agent and daemon log messages are displayed is set
by the system configuration variable script, /etc/rc.config.d/LANG. For exam-
ple, /etc/rc.config.d/LANG, must be set to LANG=ja_JP.SJIS or

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 429

 swagentd(1M) swagentd(1M)

LANG=ja_JP.eucJP to make the agent and daemon log messages display in

Japanese.
LC_ALL Determines the locale to be used to override any values for locale categories specified by
the settings of LANG or any environment variables beginning with LC_ .
LC_CTYPE Determines the interpretation of sequences of bytes of text data as characters (e.g.,
single-versus multibyte characters in values for vendor-defined attributes).
LC_MESSAGES
Determines the language in which messages should be written.
LC_TIME Determines the format of dates (create_date and mod_date) when displayed by swlist .
Used by all utilities when displaying dates and times in stdout , stderr , and log-
ging .
TZ Determines the time zone for use when displaying dates and times.

Signals
The daemon ignores SIGHUP, SIGINT and SIGQUIT. It immediately exits gracefully after receiving
SIGTERM and SIGUSR2. After receiving SIGUSR1, it waits for completion of a copy or remove from a
depot session before exiting, so that it can register or unregister depots. Requests to start new sessions are
refused during this wait.
The agent ignores SIGHUP, SIGINT, and SIGQUIT. It immediately exits gracefully after receiving
SIGTERM, SIGUSR1, or SIGUSR2. Killing the agent may leave corrupt software on the system, and thus
should only be done if absolutely necessary. Note that when an SD command is killed, the agent does not
terminate until completing the task in progress.

Locking
The swagentd ensures that only one copy of itself is running on the system.
Each copy of swagent that is invoked uses appropriate access control for the operation it is performing
and the object it is operating on.

RETURN VALUES
When the -n option is not specified, the swagentd returns:
0 When the daemon is successfully initialized and is now running in the background.
non-zero When initialization failed and the daemon terminated.
When the -n option is specified, the swagentd returns:
0 When the daemon successfully initialized and then successfully shutdown.
non-zero When initialization failed or the daemon unsuccessfully terminated.
DIAGNOSTICS
s The swagentd and swagent commands log events to their specific logfiles.
The swagent (target) log files cannot be relocated. They always exist relative to the root or depot target
path (e.g. /var/adm/sw/swagent.log for the root / and /var/spool/sw/swagent.log for
the depot /var/spool/sw).
You can view the target log files using the swjob or sd command.
Daemon Log
The daemon logs all events to /var/adm/sw/swagentd.log. (The user can specify a different
logfile by modifying the logfile option.)
Agent Log
When operating on (alternate) root file systems, the swagent logs messages to the file
var/adm/sw/swagent.log beneath the root directory (e.g. / or an alternate root directory).
Source Depot Audit Log
If both source and target machine are updated to HP-UX version 10.30 or later, the system adminis-
trator at the source depot machine can track which user pulls which software from a depot on the
source machine and when the software is pulled. Refer to the swagent.source_depot_audit
option for more information.

430 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

swagentd(1M) swagentd(1M)

When operating on software depots, the swagent logs messages to the file swagent.log beneath the
depot directory (e.g. /var/spool/sw). When accessing a read-only software depot (for example, as a
source), the swagent logs messages to the file /tmp/swagent.log.

EXAMPLES
To start the daemon:
/usr/sbin/swagentd
To restart the daemon:
/usr/sbin/swagentd -r
To stop the daemon:
/usr/sbin/swagentd -k
FILES
/usr/lib/sw/sys.defaults
Contains the master list of current SD options (with their default values).
/var/adm/sw/
The directory which contains all configurable and non-configurable data for SD. This directory is also
the default location of logfiles.
/var/adm/sw/defaults
Contains the active system-wide default values for some or all SD options.
/var/adm/sw/host_object
The file which stores the list of depots registered at the local host.

AUTHOR
swagentd was developed by the Hewlett-Packard Company. swagent was developed by the Hewlett-
Packard Company and Mark H. Colburn (see pax(1)).

SEE ALSO
install-sd(1M). swacl(1M), swask(1M), swconfig(1M), swcopy(1M), swinstall(1M), swjob(1M), swlist(1M),
swmodify(1M), swpackage(1M), swreg(1M), swremove(1M), swverify(1M), sd(4), swpackage(4), sd(5).
Software Distributor Administration Guide, available at http://docs.hp.com.
SD customer web site at http://docs.hp.com/en/SD/.

HP-UX 11i Version 3: February 2007 −6− Hewlett-Packard Company 431

 swapinfo(1M) swapinfo(1M)

NAME
swapinfo - system paging space information

SYNOPSIS
/usr/sbin/swapinfo [-mtadfnrMqws ]
DESCRIPTION
swapinfo prints information about device and file system paging space. swapinfo also prints infor-
mation about primary paging device for next boot.
(Note: the term ‘swap’ refers to an obsolete implementation of virtual memory; HP-UX actually imple-
ments virtual memory by way of paging rather than swapping. This command and others retain names
derived from ‘swap’ for historical reasons.)
By default, swapinfo prints to standard output a two line header as shown here, followed by one line per
paging area:
Kb Kb Kb PCT START/ Kb
TYPE AVAIL USED FREE USED LIMIT RESERVE PRI NAME
The fields are:
TYPE One of:
dev Paging space residing on a mass storage device, either taking up the entire device
or, if the device contains a file system, taking up the space between the end of the
file system and the end of the device. This space is exclusively reserved for paging,
and even if it is not being used for paging, it cannot be used for any other purpose.
Device paging areas typically provide the fastest paging.
fs Dynamic paging space available from a file system. When this space is needed, the
system creates files in the file system and uses them as paging space. File system
paging is typically slower than device paging, but allows the space to be used for
other things (user files) when not needed for paging.
localfs File system paging space (see fs above) on a file system residing on a local disk.
network File system paging space (see fs above) on a file system residing on another
machine. This file system would have been mounted on the local machine via NFS.
reserve Paging space on reserve. This is the amount of paging space that could be needed
by processes that are currently running, but that has not yet been allocated from
one of the above paging areas. See "Paging Allocation" below.
memory Memory paging area (also known as pseudo-swap). This is the amount of system
memory that can be used to hold pages in the event that all of the above paging
areas are used up. See "Paging Allocation" below. This line appears only if
s memory paging is enabled.
Kb AVAIL The total available space from the paging area, in blocks of 1024 bytes (rounded to nearest
whole block if necessary), including any paging space already in use.
For file system paging areas the value is not necessarily constant. It is the current space allo-
cated for paging (even if not currently used), plus the free blocks available on the file system to
ordinary users, minus RESERVE (but never less than zero). AVAIL is never more than LIMIT
if LIMIT is non-zero. Since paging space is allocated in large chunks, AVAIL is rounded down
to the nearest full allocation chunk.
For the memory paging area this value is also not necessarily constant, because it reflects allo-
cation of memory by the kernel as well as by processes that might need to be paged.
Kb USED The current number of 1-Kbyte blocks used for paging in the paging area. For the memory
paging area, this count also includes memory used for other purposes and thus unavailable for
paging.
Kb FREE The amount of space that can be used for future paging. Usually this is the difference between
Kb AVAIL and Kb USED. There could be a difference if some portion of a device paging area
is unusable, perhaps because the size of the paging area is not a multiple of the allocation
chunk size, or because the tunable parameter swchunk is not set high enough.

432 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

swapinfo(1M) swapinfo(1M)

PCT USED The percentage of capacity in use, based on Kb USED divided by Kb AVAIL; 100% if Kb AVAIL
is zero.
START/LIMIT
For device paging areas, START is the block address on the mass storage device of the start of
the paging area. The value is normally 0 for devices dedicated to paging, or the end of the file
system for devices containing both a file system and paging space.
For file system paging areas, LIMIT is the maximum number of 1-Kbyte blocks that will be
used for paging, the same as the limit value given to swapon . A file system LIMIT value of
none means there is no fixed limit; all space is available except that used for files, less the
blocks represented by minfree (see tunefs(1M)) plus RESERVE.
RESERVE For device paging areas, this value is always ‘‘—’’. For file system paging areas, this value is
the number of 1-Kbyte blocks reserved for file system use by ordinary users, the same as the
reserve value given to swapon .
PRI The same as the priority value given to swapon . This value indicates the order in which
space is taken from the devices and file systems used for paging. Space is taken from areas
with lower priority values first. priority can have a value between 0 and 10. See "Paging Allo-
cation" below.
NAME For device paging areas, the block special file name whose major and minor numbers match
the device’s ID. The swapinfo command searches the /dev tree to find device names. If
no matching block special file is found, swapinfo prints the device ID (major and minor
values), for example, 28,0x15000 .
For file system swap areas, NAME is the name of a directory on the file system in which the
paging files are stored.
When used with -s option, swapinfo also prints to standard output a three line header as shown here,
followed by one line for the primary paging area configured for next boot:
Kb Kb
TYPE START LENGTH NAME
The fields are:
TYPE swapon(1M) can configure primary paging area for next boot on a storage device only.
dev The paging space configured for next boot resides on a mass storage device, either
taking up the entire device or, if the device contains a file system, taking up the
space between the end of the file system and the end of the device.
Kb START For device paging areas, START is the block address on the mass storage device of the start of
the paging area. The value is normally 0 for devices dedicated to paging, or the end of the file
system for devices containing both a file system and paging space. This is same as the value
given to swapon(1M) when configuring primary paging area for next boot.
Kb LENGTH
s
LENGTH is the maximum number of blocks that will be used for paging. This is same as the
value given to swapon(1M) when configuring primary paging area for next boot.
NAME The block special file name whose major and minor numbers match the device’s ID. The
swapinfo command searches the /dev tree to find device names. If no matching block
special file is found, swapinfo prints the device ID (major and minor values), for example,
28,0x15000 .

Paging Allocation
Paging areas are enabled at boot time (for device paging areas configured into the kernel) or by the
swapon command (see swapon(1M)), often invoked by /sbin/init.d/swap_start during system
initialization based on the contents of /etc/fstab . When a paging area is enabled, some portion of that
area is allocated for paging space. For device paging areas, the entire device is allocated, less any leftover
fraction of an allocation chunk. (The size of an allocation chunk is controlled by the tunable parameter
swchunk , and is typically 2 MB.) For file system paging areas, the minimum value given to swapon
(rounded up to the nearest allocation chunk) is allocated.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 433

 swapinfo(1M) swapinfo(1M)

When a process is created, or requests additional space, space is reserved for it by increasing the space
shown on the reserve line above. When paging activity actually occurs, space is used in one of the pag-
ing areas (the one with the lowest priority number that has free space available, already allocated), and
that space will be shown as used in that area.
The sum of the space used in all of the paging areas, plus the amount of space reserved, can never exceed
the total amount allocated in all of the paging areas. If a request for more memory occurs which would
cause this to happen, the system tries several options:
1. The system tries to increase the total space available by allocating more space in file system paging
areas.
2. If all file system paging areas are completely allocated and the request is still not satisfied, the system
will try to use memory paging as described on the memory line above. (Memory paging is controlled
by the tunable parameter swapmem_on , which defaults to 1 (on). If this parameter is turned off, the
memory line will not appear.)
3. If memory paging also cannot satisfy the request, because it is full or turned off, the request is denied.
Several implications of this procedure are noteworthy for understanding the output of swapinfo :
• Paging space will not be allocated in a file system paging area (except for the minimum specified when
the area is first enabled) until all device paging space has been reserved, even if the file system paging
area has a lower priority value.
• When paging space is allocated to a file system paging area, that space becomes unavailable for user
files, even if there is no paging activity to it.
• Requests for more paging space will fail when they cannot be satisfied by reserving device, file system,
or memory paging, even if some of the reserved paging space is not yet in use. Thus it is possible for
requests for more paging space to be denied when some, or even all, of the paging areas show zero
usage — space in those areas is completely reserved.
• System available memory is shared between the paging subsystem and kernel memory allocators.
Thus, the system may show memory paging usage before all available disk paging space is completely
reserved or fully allocated.

Logical Volume Manager (LVM)

The swapinfo command displays swap logical volume if the system was installed with LVM. To modify
swap logical volume, refer to the LVM commands and manpages for lvlnboot and lvrmboot . For
example, to remove a swap logical volume, run the following LVM command:
lvrmboot -s
Options
swapinfo recognizes the following options:
s -s In addition to printing information about device and file system paging space that are currently
in use, swapinfo will also print information about primary paging area configured for next
boot using swapon(1M).
If the primary paging area for next boot has not been configured using swapon(1M), swapinfo
-s will not be able to display any information. In this case swapinfo -s will display the
error message - "Primary swap for next boot was not set using swapctl()"
-m Display the AVAIL, USED, FREE, START, LIMIT, and RESERVE values in Mbytes instead of
Kbytes, rounding off to the nearest whole Mbyte (multiples of 10242). The output header format
changes from Kb to Mb accordingly.
-t Add a totals line with a TYPE of total . This line totals only the paging information displayed
above it, not all paging areas; this line might be misleading if a subset of -dfrM is specified.
-a Show all device paging areas, including those configured into the kernel but currently disabled.
(These are normally omitted.) The word disabled appears after the NAME, and the Kb
AVAIL, Kb USED, and Kb FREE values are 0. The -a option is ignored unless the -d option is
present or is true by default.
-d Print information about device paging areas only. This modifies the output header appropri-
ately.

434 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

swapinfo(1M) swapinfo(1M)

-f Print information about file system paging areas only. This modifies the output header appropri-
ately.
-n Categorize file system paging area information into localfs areas and network areas,
instead of calling them both fs areas.
-r Print information about reserved paging space only.
-M Print information about memory paging space only.
The -d, -f, -n, -r and -M options can be combined. The default is -dfnrM .
-q Quiet mode. Print only a total "Kb AVAIL" value (with the -m option, Mb AVAIL); that is, the
total paging space available on the system (device, file system, reserve, or memory paging space
only if -d, -f, -r, or -M is specified), for possible use by programs that want a quick total. If
-q is specified, the -t and -a options are ignored.
-w Print a warning about each device paging area that contains wasted space; that is, any device
paging area whose allocated size is less than its total size. This option is effective only if -d is
also specified or true by default.

RETURN VALUE
swapinfo returns 0 if it completes successfully (including if any warnings are issued), or 1 if it reports
any errors.

DIAGNOSTICS
swapinfo prints messages to standard error if it has any problems.
EXAMPLES
List all file system paging areas with a totals line:
swapinfo -ft
WARNINGS
swapinfo needs kernel access for some information. If the user does not have appropriate privileges for
kernel access, swapinfo will print a warning and assume that the defaults for that information have not
been changed.
Users of swapinfo must not rely on the exact field widths and spacing of its output, as these will vary
depending on the system, the release of HP-UX, and the data to be displayed.
The information in this manual page about paging allocation and other implementation details may change
without warning; users should not rely on the accuracy of this information.

AUTHOR
swapinfo was developed by HP.
SEE ALSO
s
lvlnboot(1M), lvrmboot(1M), swapon(1M), swapon(2), swapctl(2), fstab(4).

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 435

 swapon(1M) swapon(1M)

NAME
swapon - enable device or file system for paging

SYNOPSIS
Form 1: Enable all defined swap areas
/usr/sbin/swapon -a [-u] [-t type]...
Form 2: Enable paging on specified block devices (for the current boot)
/usr/sbin/swapon [-e -f] [-p priority] [-u] device ...
Form 3: Define the primary paging device (for subsequent boots)
/usr/sbin/swapon [-e -f] -s [-S start] [-L length] [-u] device
Form 4: Unconfigure a previously set primary paging device (for subsequent boots)
/usr/sbin/swapon -R device
Form 5: Enable file system swap (preferred form)
/usr/sbin/swapon [-m min] [-l limit] [-r reserve ] [-p priority] directory ...
Form 6: Enable file system swap (obsolescent form)
/usr/sbin/swapon directory [min limit reserve priority]
DESCRIPTION
The swapon command enables devices or file systems on which paging is to take place. swapon com-
mand also configures primary paging device for next boot. (NOTE: the term ‘swap’ refers to an obsolete
implementation of virtual memory; HP-UX actually implements virtual memory by way of paging rather
than swapping. This command and others retain names derived from ‘swap’ for historical reasons.)
By enabling a device for paging, the device can be accessed directly (without going through the file system)
during paging activity. When a file system is enabled for paging, the device(s) on which the file system
resides are accessed indirectly through the file system. There are advantages and disadvantages to both
type of paging. Keep the following tradeoffs in mind when enabling devices or file systems for paging.
Paging directly to a device is significantly faster than doing so through the file system. However, the
space on the device that is allocated to paging cannot be used for anything else, even if it is not being
actively used for paging.
Paging through a file system, while slower, provides a more efficient use of the space on the device. Space
that is not being used for paging in this case can be used by the file system. Paging across a network to a
remote machine is always file system paging.
The system begins by paging on only a single device so that only one disk is required at bootstrap time.
Calls to swapon normally occur in the system startup script /sbin/init.d/swap_start making all
paging space available so that the paging activity is interleaved across several disks.
s Normally, the -a option is given (see Form 1 of SYNOPSIS), causing all devices marked as swap and all
file systems marked as swapfs in the file /etc/fstab to be made available to the paging system. By
using the fields in /etc/fstab (special_file_name or directory; see fstab(4)), the system determines
which block device or file system to use. The special_file_name specified for each swap entry must specify
a block special file. The directory specified for each swapfs entry must specify a directory within the file
system to be enabled.
In Form 2, the -p option enables specific block devices to be used for paging for the current boot. The dev-
ice arguments must specify block special files. If more than one device is given, any options specified will be
applied to all devices.
In Form 3, the -s option configures the block device to be used as the primary paging area for subsequent
boots.
In either Form 2 or Form 3, if a file system exists on the specified block device and neither an -e nor -f
option is specified, swapon fails and an error message is given. This prevents a file system from being
inadvertently destroyed. To request paging in the space between the end of the file system and the end of
the device, use -e. To force paging to a device containing a file system (destroying the file system), the -f
option can be used. Use -f with extreme caution!
In either Form 2 or Form 3, an attempt to enable paging to a device will fail and a warning message will be
issued if swapon determines that the device is being used by the savecrash command to retrieve

436 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

swapon(1M) swapon(1M)

system dump information (see savecrash(1M)). The -u option can be used to forcibly enable paging to dev-
ices being used by the savecrash command; however, this may overwrite system dump information con-
tained on the device.
In Form 4, the -R option unconfigures the block device that was previously defined as the primary paging
area for subsequent boots (see -s option).
The last two forms of swapon provide methods for enabling file systems for paging. Form 5 is the pre-
ferred method. Form 6 is obsolescent and provided only for backward compatibility. The directory name in
these forms specifies a directory on the file system that is to be enabled for paging. A directory named
/paging is created at the root of the specified file system (unless the file system’s name ends with /pag-
ing ). All paging files are created within this directory. The optional arguments to the sixth form have the
same meaning as the arguments to the options in Form 5. Note that, in Form 6, if any of the optional argu-
ments are specified, all must be specified. In Form 5, if more than one directory is given, any options
specified will be applied to all directories.
After a file system has been enabled for paging, the optional arguments can be modified by subsequent
swapon commands.
Options
swapon recognizes the following options and arguments:
-a Cause all devices marked as swap and all file systems marked as swapfs in the file
/etc/fstab to be made available to the paging system. The options field in
/etc/fstab entries is read by swapon , and must contain elements formatted as
follows:
min= min See the -m option for the value of min.
lim= limit See the -l option for the value of limit. (File system paging areas
only.)
res= reserve See the -r option for the value of reserve . (File system paging areas
only.)
pri= priority See the -p option for the value of priority. (File system paging areas
only.)
end See the -e option for the meaning of this option. (Device paging
areas only.)
See fstab(4) for an example entry.
-e Use space after the end of the file system on the block device for paging. An error
message is returned if no file system is found on the device. This option cannot be
used with the -f option. Do not confuse this with paging to a file system. This option
is for use with a disk that has both a file system and dedicated paging space on it.
-f Force the device to be enabled, which will destroy the file system on it. Use with s
extreme caution. Normally, if a file system exists on the device to be enabled,
swapon fails and displays an error message. This option cannot be used with the -e
option.
-l limit limit specifies the maximum space the paging system is allowed to take from the disk,
provided space is available that is not reserved for exclusive use by the file system.
The value of limit is rounded up so that it is a multiple of the paging allocation chunk
size, which is set with the kernel tunable parameter swchunk (see swchunk(5),
kctune(1M), and swapinfo(1M)). See WARNINGS. The default value for limit is 0,
indicating there is no limit to the amount of file system space the paging system can
use.
limit can be specified in decimal (no prefix), octal (0 prefix), or hexadecimal (0x
prefix). It may be specified in units of kilobytes (k suffix), megabytes (M suffix), or file
system blocks (no suffix). (A kilobyte is 1024 bytes; a megabyte is 1024 kilobytes; the
size of a file system block is determined by the administrator when the file system is
created.)
-L length When configuring the primary paging device for next boot, length specifies the max-
imum number of blocks that will be used for paging. The default for length is to the
end-of-device. -L length can only be specified when defining primary swap space for

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 437

 swapon(1M) swapon(1M)

subsequent boots; therefore, -L must be used in conjunction with the -s option.

-m min min indicates the space the paging system will initially take from the file system. The
value of min is rounded up so that it is a multiple of the paging allocation chunk size,
which is set with the kernel tunable parameter swchunk (see swchunk(5),
kctune(1M), and swapinfo(1M)). The default value for min is 0, indicating no paging
space is to be allocated initially. min can be specified in the same forms as limit,
above.
-p priority priority indicates the order in which space is taken from the file systems and devices
used for paging. Space is taken from the systems with lower priority numbers first.
Under most circumstances, space is taken from device paging areas before file system
paging areas, regardless of priority. See "Paging Allocation" in swapinfo(1M) for more
information. priority can have a value from 0 to 10 and has a default value of 1.
-r reserve reserve specifies the space, in addition to the space currently occupied by the file sys-
tem, that is reserved for file system use only, making it unavailable to the paging sys-
tem. This reserved space is in addition to the minimum free space specified by the
administrator when the file system was created. See WARNINGS. The default value
for reserve is 0 indicating that no file system space is reserved for file system use only.
reserve can be specified in the same forms as limit, above.
-R Unconfigure the primary paging device that was previously set (with the -s option) as
the primary paging area for subsequent boots.
-s Configure the primary paging device for the next and subsequent boots. See also the
-L and -S options.
-S start When configuring the primary paging device for subsequent boots, start specifies the
block address on the device where the paging area will begin. The default value for
start is 0 indicating that the device is dedicated to paging. A starting block can only
be specified when defining primary swap space for subsequent boots; therefore, -S
must be used in conjunction with the -s option.
-t type Restrict the type of the paging area. If the -t option is omitted, all of the paging
areas defined in /etc/fstab are made available. type can have one of the following
values:
dev Device paging areas.
fs File system paging areas.
local Paging areas defined on the local system.
remote Paging areas defined on remote systems.
-u Unlock block device files which are being used by the savecrash command. Nor-
mally, swapon will not enable paging on a device if it is being used by savecrash
s command to retrieve system dump information. The list of devices in use is main-
tained in the file /var/adm/crash/.savecrash.LCK. This option forces the
device to be enabled, which may overwrite any system dump information contained on
the device. This option should be used with extreme caution.

RETURN VALUE
swapon returns one of the following values:
0 Successful completion.
>0 An error condition occurred.
EXAMPLES
The first two examples enable paging to the file system containing the /paging directory. The maximum
number of file system blocks available to the paging system is set to 5000, the number of file system blocks
reserved for file system use only is set to 10000, and the priority is set to 2. The number of file system
blocks initially taken by the paging system defaults to 0 in the first example, and is set to 0 in the second
example. On a file system with the default 8kB block size, these examples allocate approximately 40MB of
file system paging.
/usr/sbin/swapon -l 5000 -r 10000 -p 2 /paging
/usr/sbin/swapon /paging 0 5000 10000 2
438 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007
swapon(1M) swapon(1M)

This example enables paging to two block devices and sets the priority of both devices to 0.
/usr/sbin/swapon -p 0 /dev/dsk/c10t0d0 /dev/dsk/c13t0d0
This example enables paging to a block device, using the space after the end of the file system for paging
and letting the priority default to 1.
/usr/sbin/swapon -e /dev/dsk/c4t0d0
This example enables paging to a block device, forcing paging even if a file system exists on the device.
/usr/sbin/swapon -f /dev/dsk/c12t0d0
This example defines the primary paging device for the next boot, using the space after the end of the file
system to the end of the device for paging.
/usr/sbin/swapon -s -e /dev/disk/disk10
This example defines the primary paging device for the next boot, using 8192Kb of the device for paging,
starting 1024Kb from the start of the device.
/usr/sbin/swapon -s -S 1024 -L 8192 /dev/disk/disk10
WARNINGS
On systems running VxVM 3.5, the swap volumes to be configured for system crash dumps should be
created with the usage type as swap during the creation of the swap volume. Not doing so will cause
dump corruption. You could use the -U option of vxassist (1M) to do the same.
Once file system blocks have been allocated for paging space, the file system cannot be unmounted unless
the system is rebooted.
If any paging area becomes unavailable while the system is running, for example if a network failure occurs
while paging to a remote system, the system will immediately halt.
The file system block size used by the -l, -m, and -r options varies between file systems, and is defined by
the system administrator at the time the file system is created. The dumpfs command can be used to
determine the block size for a particular file system (see dumpfs(1M)).
When using the -l and -r options, the reserve space specified by the -r option takes precedence over the
-l option. Thus, if:
D = Total disk space available to ordinary users
R = Reserve space specified by the -r option
limit = Paging space limit specified by the -l option
L = Space currently available to the paging system
F = Space currently occupied by the file system
the following relationships hold:
F + R + limit < D In normal operation
L=0 If F + R >= D
s
0 <= L <= limit If F + R + limit >= D

FILES
/dev/dsk/c card ttarget ddevice Normal paging devices
/etc/fstab File system table
/var/adm/crash/.savecrash.LCK
List of devices being used by savecrash command

AUTHOR
swapon was developed by HP and the University of California, Berkeley.
SEE ALSO
kctune(1M), savecrash(1M), swapinfo(1M), vxassist(1M), swapctl(2), swapon(2), fstab(4), swchunk(5).

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 439

 swask(1M) swask(1M)

NAME
swask - ask for user response

SYNOPSIS
swask [-v] [-c catalog ] [-C session_file ] [-f software_file ] [-J jobid ] [-Q date ]
[-s source ] [-S session_file ] [-t target_file ] [-x option=value ] [-X options_file ]
[ software_selections ] [@ target_selections]

Remarks
• This command supports operation on remote systems. See Remote Operation below.
• For an overview of all SD commands, see the sd(5) man page by typing man 5 sd on the com-
mand line.

DESCRIPTION
The swask command runs interactive software request scripts for the software objects selected to one or
more targets specified by target_selections. These scripts store the responses in a response file (named
response ) for later use by the swinstall and swconfig commands. The swinstall and
swconfig commands can also run the interactive request scripts directly, using the ask option.
If the -s option is specified, software is selected from the distribution source. If the -s option is not
specified, software installed on the target systems is selected. For each selected software that has a request
script, executing that script generates a response file. By specifying the -c catalog option, swask stores a
copy of the response file to that catalog for later use by swinstall or swconfig .

Remote Operation
You can enable SD to manage software on remote systems. To let the root user from a central SD con-
troller (also called the central management server or IR "manager node" ) perform operations on a remote
target (also called the host or agent):
1) Set up the root, host, and template Access Control Lists (ACLs) on the remote machines to permit root
access from the controller system. To do this, run the following command on each remote system:
/usr/lib/sw/mx/setaccess controller
NOTES:
• controller is the name of the central management server.
• If remote system is 11.00, make sure SD patch PHCO_22526 or a superseding patch is installed on
remote system before running setaccess .
• If remote system is older than 11.00 or for some other reason does not have setaccess in place,
copy setaccess script from an 11.11 or higher system to the remote system.
2) swinstall , swcopy , and swremove have enhanced GUI interfaces for remote operations. Enable
s the enhanced GUIs by creating the .sdkey file on the controller. Use this command:
touch /var/adm/sw/.sdkey
See sd(5), swinstall(1M), swcopy(1M), swjob(1M), swlist(1M), or swremove (1M) for more information
on interactive operations.
NOTE: You can also set up remote access by using swacl directly on the remote machines to grant root or
non-root access to users from the controller system.

Options
The swask command supports the following options:
-v Turns on verbose output to stdout.
-c catalog Specifies the pathname of an exported catalog which stores the response files created
by the request script. swask creates the catalog if it does not already exist.
If the -c catalog option is omitted and the source is local, swask copies the response
files into the source depot, <distribution.path> /catalog.
-C session_file
Saves the current options and operands to session_file. You can enter a relative or
absolute path with the file name. The default directory for session files is

440 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

swask(1M) swask(1M)

$HOME/.sw/sessions/. You can recall a session file with the -S option.

-f software_file
Reads the list of software_selections from software_file instead of (or in addition to) the
command line.
-s source Specifies the source depot (or tape) from which software is selected for the ask opera-
tion. (SD can read both tar and cpio tape depots.)
-S session_file
Executes swask based on the options and operands saved from a previous session, as
defined in session_file. You can save session information from a command-line session
with the -C session_file option.
-t targetfile Specifies a default set of targets for swask .
-x option=value
Sets the session option to value and overrides the default value (or a value in an alter-
nate option_file specified with the -X option). Multiple -x options can be specified.
-X option_file Reads the session options and behaviors from option_file.
Operands
swask supports two types of operands: software selections followed by target selections. These operands
are separated by the "at" (@) character. This syntax implies that the command operates on "software selec-
tions at targets".

Software Selections
The selections operands consist of software_selections.
swask supports the following syntax for each software_selection:
bundle[.product[.subproduct][.fileset]][,version ]
product[.subproduct][.fileset][,version ]
• The = (equals) relational operator lets you specify selections with the following shell wildcard and
pattern-matching notations:
[ ], *, ?
• Bundles and subproducts are recursive. Bundles can contain other bundles and subproducts can
contain other subproducts.
• The \* software specification selects all products. Use this specification with caution.
The version component has the form:
[,r <op> revision][,a <op> arch][,v <op> vendor]
[,c <op> category ][,q= qualifier][,l= location]
[,fr <op> revision][,fa <op> arch] s
• location applies only to installed software and refers to software installed to a location other than
the default product directory.
• fr and fa apply only to filesets.
• r , a , v , c , and l apply only to bundles and products. They are applied to the leftmost bundle
or product in a software specification.
• The <op> (relational operator) component can be of the form:
=, ==, >=, <=, <, >, or !=
which performs individual comparisons on dot-separated fields. For example, r>=B.10.00
chooses all revisions greater than or equal to B.10.00 . The system compares each dot-separated
field to find matches.
• The = (equals) relational operator lets you specify selections with the shell wildcard and pattern-
matching notations:
[ ], *, ?, !
For example, the expression r=1[01].* returns any revision in version 10 or version 11.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 441

 swask(1M) swask(1M)

• All version components are repeatable within a single specification (e.g. r>=AA.12 , r<AA.20 ).
If multiple components are used, the selection must match all components.
• Fully qualified software specs include the r= , a= , and v= version components even if they contain
empty strings. For installed software, l= , is also included.
• No space or tab characters are allowed in a software selection.
• The software instance_id can take the place of the version component. It has the form:
[instance_id]
within the context of an exported catalog, where instance_id is an integer that distinguishes ver-
sions of products and bundles with the same tag.

Target Selections
swask supports the following syntax for each target_selection.
[host ][:][/directory ]
The colon (:) is required if both a host and directory are specified.

EXTERNAL INFLUENCES
Default Options
In addition to the standard options, several SD behaviors and policy options can be changed by editing the
default values found in:
/var/adm/sw/defaults the system-wide default values.
$HOME/.swdefaults the user-specific default values.
Values must be specified in the defaults file using this syntax:
[command_name.]option=value
The optional command_name prefix denotes one of the SD commands. Using the prefix limits the change
in the default value to that command. If you leave the prefix off, the change applies to all commands.
You can also override default values from the command line with the -x or -X options:
command -x option =value
command -X option_file
The following section lists all of the keywords supported by the swask commands. If a default value
exists, it is listed after the "=".
admin_directory=/var/adm/sw (for normal mode)
admin_directory=/var/home/LOGNAME/sw (for nonprivileged mode)
The location for SD logfiles and the default parent directory for the installed software cata-
s log. The default value is /var/adm/sw for normal SD operations. When SD operates in
nonprivileged mode (that is, when the run_as_superuser default option is set to
true ):
• The default value is forced to /var/home/LOGNAME/sw.
• The path element LOGNAME is replaced with the name of the invoking user, which SD
reads from the system password file.
• If you set the value of this option to HOME/ path, SD replaces HOME with the invoking
user’s home directory (from the system password file) and resolves path relative to that
directory. For example, HOME/my_admin resolves to the my_admin directory in
your home directory.
• If you set the value of the installed_software_catalog default option to a
relative path, that path is resolved relative to the value of this option.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the installed_software_catalog and run_as_superuser options.

442 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

swask(1M) swask(1M)

ask=true
Executes the request script, if one is associated with the selected software, and stores the
user response in a file named response .
If ask=as_needed, the swask command first determines if a response file already
exists in the catalog and executes the request script only when a response file is absent.
autoselect_dependencies=true
Controls the automatic selection of prerequisite and corequisite software that is not expli-
citly selected by the user. When set to true , requisite software will be automatically
selected for configuration. When set to false , requisite software which is not explicitly
selected will not be automatically selected for configuration.
autoselect_patches=true
Automatically selects the latest patches (based on superseding and ancestor attributes) for
a software object that a user selects. The patch_filter option can be used in conjunc-
tion with autoselect_patches to limit which patches will be selected. Requires
patches that are in an enhanced SD format. Patches not in enhanced format will not
respond to autoselect_patches.
enforce_scripts=true
Controls the handling of errors generated by scripts. If true, swask stops and an error
message appears. The message gives the script location and says execution cannot proceed
until the problem is fixed. If false , all script errors are treated as warnings, and swask
attempts to continue operation. A message appears giving the script location and saying
that execution will proceed.
installed_software_catalog=products
Defines the directory path where the Installed Products Database (IPD) is stored. This
information describes installed software. When set to an absolute path, this option defines
the location of the IPD. When this option contains a relative path, the SD controller
appends the value to the value specified by the admin_directory option to determine
the path to the IPD. For alternate roots, this path is resolved relative to the location of the
alternate root. This option does not affect where software is installed, only the IPD loca-
tion.
This option permits the simultaneous installation and removal of multiple software applica-
tions by multiple users or multiple processes, with each application or group of applications
using a different IPD.
Caution: use a specific installed_software_catalog to manage a specific applica-
tion. SD does not support multiple descriptions of the same application in multiple IPDs.
See also the admin_directory and run_as_superuser options, which control SD’s
nonprivileged mode. (This mode is intended only for managing applications that are spe-
cially designed and packaged. This mode cannot be used to manage the HP-UX operating
system or patches to it. For a full explanation of nonprivileged SD, see the Software Distri- s
butor Administration Guide, available at the http://docs.hp.com web site.)
log_msgid=0
Controls the log level for the events logged to the command log file, the target agent log
file, and the source agent log file by prepending identification numbers to log file messages:
0 No such identifiers are prepended (default).
1 Applies to ERROR messages only.
2 Applies to ERROR and WARNING messages.
3 Applies to ERROR, WARNING, and NOTE messages.
4 Applies to ERROR, WARNING, NOTE, and certain other log file messages.
logdetail=false
Controls the amount of detail written to the logfile. When set to true , this option adds
detailed task information (such as options specified, progress statements, and additional
summary information) to the logfile. This information is in addition to log information con-
trolled by the loglevel option.
See loglevel below and the sd(5) manual page, by typing man 5 sd , for more infor-
mation.

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 443

 swask(1M) swask(1M)

logfile=/var/adm/sw/swask.log
Defines the default log file for swask .
loglevel=1
Controls the log level for the events logged to the command logfile and the target agent
logfile. A value of
0 provides no information to the logfile.
1 enables verbose logging of key events to the log files.
2 enables very verbose logging, including per-file messages, to the log files.
patch_filter=*.*
Used in conjunction with the autoselect_patches or patch_match_target
options to filter the available patches to meet the criteria specified by the filter. A key use
is to allow filtering by the "category" attribute. Requires patches that are in an enhanced
SD patch format.
run_as_superuser=true
This option controls SD’s nonprivileged mode. This option is ignored (treated as true) when
the invoking user is super-user.
When set to the default value of true, SD operations are performed normally, with permis-
sions for operations either granted to a local super-user or set by SD ACLs. (See swacl(1M)
for details on ACLs.)
When set to false and the invoking user is local and is not super-user, nonprivileged mode
is invoked:
• Permissions for operations are based on the user’s file system permissions.
• SD ACLs are ignored.
• Files created by SD have the uid and gid of the invoking user, and the mode of created
files is set according to the invoking user’s umask.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the admin_directory and installed_software_catalog options.
verbose=1
Controls the verbosity of the output (stdout):
0 disables output to stdout. (Error and warning messages are always written to stderr).
1 enables verbose messaging to stdout.
Session Files
s Each invocation of swask defines a task session. The invocation options, source information, software
selections, and target hosts are saved before the task actually commences. This lets you re-execute the
command even if the session ends before proper completion.
Each session is saved to the file $HOME/.sw/sessions/swask.last. This file is overwritten by
each invocation of swask .
To save session information in a different location, execute swask with the -C session__file option.
A session file uses the same syntax as the defaults files. You can specify an absolute path for a session file.
If you do not specify a directory, the default location for a session file is $HOME/.sw/sessions/.
To re-execute a session, specify the session file as the argument for the -S session__file option.
When you re-execute a session file, the values in the session file take precedence over values in the system
defaults file. Likewise, any command line options or parameters that you specify when you invoke swask
take precedence over the values in the session file.

Software and Target Lists

You can use files containing software and target selections as input to the swask command. See the -f
and -t options for more information.

444 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

swask(1M) swask(1M)

Environment Variables
The environment variables that affect the swask command are:
LANG Determines the language in which messages are displayed. If LANG is not specified or
is set to the empty string, a default value of C is used. See lang(5) for more informa-
tion.
NOTE: The language in which the SD agent and daemon log messages are displayed is
set by the system configuration variable script, /etc/rc.config.d/LANG. For
example, /etc/rc.config.d/LANG, must be set to LANG=ja_JP.SJIS or
LANG=ja_JP.eucJP to make the agent and daemon log messages display in
Japanese.
LC_ALL Determines the locale to be used to override any values for locale categories specified by
the settings of LANG or any environment variables beginning with LC_ .
LC_CTYPE Determines the interpretation of sequences of bytes of text data as characters (e.g.,
single-versus multibyte characters in values for vendor-defined attributes).
LC_MESSAGES
Determines the language in which messages should be written.
LC_TIME Determines the format of dates (create_date and mod_date) when displayed by swlist .
Used by all utilities when displaying dates and times in stdout , stderr , and log-
ging .
TZ Determines the time zone for use when displaying dates and times.
Environment variables that affect scripts:
SW_CATALOG
Holds the path to the Installed Products Database (IPD), relative to the path in the
SW_ROOT_DIRECTORY environment variable. Note that you can specify a path for the
IPD using the installed_software_catalog default option.
SW_CONTROL_DIRECTORY
Defines the current directory of the script being executed, either a temporary catalog direc-
tory, or a directory within in the Installed Products Database (IPD). This variable tells
scripts where other control scripts for the software are located (e.g. subscripts).
SW_CONTROL_TAG
Holds the tag name of the control_file being executed. When packaging software, you can
define a physical name and path for a control file in a depot. This lets you define the
control_file with a name other than its tag and lets you use multiple control file definitions
to point to the same file. A control_file can query the SW_CONTROL_TAG variable to
determine which tag is being executed.
SW_LOCATION
Defines the location of the product, which may have been changed from the default product s
directory. When combined with the SW_ROOT_DIRECTORY, this variable tells scripts
where the product files are located.
SW_PATH
A PATH variable which defines a minimum set of commands available for use in a control
script (e.g. /sbin:/usr/bin).
SW_ROOT_DIRECTORY
Defines the root directory in which the session is operating, either "/" or an alternate root
directory. This variable tells control scripts the root directory in which the products are
installed. A script must use this directory as a prefix to SW_LOCATION to locate the
product’s installed files. The configure script is only run when SW_ROOT_DIRECTORY is
/.
SW_SESSION_OPTIONS
Contains the pathname of a file containing the value of every option for a particular com-
mand, including software and target selections. This lets scripts retrieve any command
options and values other than the ones provided explicitly by other environment variables.
For example, when the file pointed to by SW_SESSIONS_OPTIONS is made available to
a request script, the targets option contains a list of software_collection_specs for all targets
specified for the command. When the file pointed to by SW_SESSIONS_OPTIONS is

HP-UX 11i Version 3: February 2007 −6− Hewlett-Packard Company 445

 swask(1M) swask(1M)

made available to other scripts, the targets option contains the single
software_collection_spec for the targets on which the script is being executed.
SW_SOFTWARE_SPEC
This variable contains the fully qualified software specification of the current product or
fileset. The software specification allows the product or fileset to be uniquely identified.

RETURN VALUES
swask returns one of these codes:
0 Command successful on all targets
1 Command failed on all targets
2 Command failed on some targets
DIAGNOSTICS
The swask command writes to stdout, stderr, and to the swask logfile.

Standard Output
An interactive swask session does not write to stdout. A non-interactive swask session writes messages
for significant events. These include:
• a begin and end session message,
• selection, analysis, and execution task messages for each target_selection.

Standard Error
An interactive swask session does not write to stderr. A non-interactive swask session writes messages
for all WARNING and ERROR conditions to stderr.

Logging
Both interactive and non-interactive swask sessions log summary events at the host where the command
was invoked. They log detailed events to the swask.log logfile associated with each target_selection.
Command Log
The swask command logs all stdout and stderr messages to the the logfile
/var/adm/sw/swask.log. Similar messages are logged by an interactive swask session. You
can specify a different logfile by modifying the logfile option.

swagentd Disabled
If the swagentd daemon has been disabled on the host, it can be enabled by the host’s system administra-
tor by setting the SW_ENABLE_SWAGENTD entry in /etc/rc.config.d/swconfig to 1 and exe-
cuting /usr/sbin/swagentd -r .

EXAMPLES
Run all request scripts from the default depot (/var/spool/sw) depot and write the response file
s (named response ) back to the same depot:
swask -s /var/spool/sw \*
Run the request script for Product1 from depot /tmp/sample.depot.1 on remote host swposix ,
create the catalog /tmp/test1.depot on the local controller machine, and place the response file
(named response ) in the catalog:
swask -s swposix:/tmp/sample.depot.1 -c /tmp/test1.depot Product1
Run request scripts from remote depot /tmp/sample.depot.1 on host swposix only when a
response file is absent, create the catalog /tmp/test1.depot on the local controller machine, and
place the response file (named response ) in the catalog:
swask -s swposix:/tmp/sample.depot.1 -c /tmp/test1.depot
-x ask=as_needed \*
FILES
$HOME/.swdefaults
Contains the user-specific default values for some or all SD options. If this file does not exist, SD
looks for user-specific defaults in $HOME/.sw/defaults.
$HOME/.sw/sessions/
Contains session files automatically saved by the SD commands or explicitly saved by the user.

446 Hewlett-Packard Company −7− HP-UX 11i Version 3: February 2007

swask(1M) swask(1M)

/usr/lib/sw/sys.defaults
Contains the master list of current SD options, with their default values, for documentation pur-
poses only.
/var/adm/sw/
The directory which contains all of the configurable (and non-configurable) data for SD. This direc-
tory is also the default location of log files.
/var/adm/sw/defaults
Contains the active system-wide default values for some or all SD options.
/var/adm/sw/products/
The Installed Products Database (IPD), a catalog of all products installed on a system.
/var/adm/sw/swask.log
Contains all stdout and stderr messages generated by swask .

AUTHOR
swask was developed by the Hewlett-Packard Company.
SEE ALSO
swconfig(1M), swinstall(1M), sd(5).
Software Distributor Administration Guide, available at http://docs.hp.com.
SD customer web site at http://docs.hp.com/en/SD/.

HP-UX 11i Version 3: February 2007 −8− Hewlett-Packard Company 447

 swconfig(1M) swconfig(1M)

NAME
swconfig - configure, unconfigure, or reconfigure installed software

SYNOPSIS
swconfig [-p] [-u] [-v] [-c catalog ] [-C session_file ] [-f software_file ] [-J jobid ] [-Q date ]
[-S session_file ] [-t target_file ] [-x option=value ] [-X option_file ]
[software_selections] [@ target_selections]

Remarks
• This command supports operation on remote systems. See Remote Operation below.
• swconfig can perform limited interactive operations. See Interactive Operation below.
• For an overview of all SD commands, see the sd(5) man page by typing man 5 sd on the com-
mand line.

DESCRIPTION
The swconfig command configures, unconfigures, or reconfigures installed software products for execu-
tion on the specified targets. The swconfig command transitions software between INSTALLED and
CONFIGURED states. Although software is automatically configured as part of the swinstall com-
mand and unconfigured as part of the swremove command, swconfig lets you configure or
unconfigure software independently when the need arises.
Configuration primarily involves the execution of vendor-supplied configure scripts. These scripts perform
configuration tasks which enable the use of the software on the target hosts. A vendor can also supply
unconfigure scripts to "undo" the configuration performed by the configure script.
NOTES:
• You should execute swconfig when an initial configuration by swinstall failed, was
deferred, or needs to be changed.
• With swinstall , you can defer configuration by using the defer_configure default option.
• swinstall does not perform configuration on multiple versions of software.
• The swconfig command only operates on software installed to the primary root file system.
• swinstall and swremove do not run configure or unconfigure scripts when you specify an
alternate root directory with those commands.
Other features of swconfig include:
• By default, the swconfig command supports only configuration of compatible software.
• If a fileset specifies a prerequisite on other software, that software must be in a "configured" state
before the software specifying the dependency will be configured.

s • The swconfig command configures multiple versions of a product if you set

allow_multiple_versions=true. The vendor must therefore detect and prevent multiple
configured versions in their configure scripts, if that is necessary.
• Configure scripts are useful for software updates and reinstallation, as well as first-time installa-
tion.

Remote Operation
You can enable Software Distributor (SD) to manage software on remote systems. To let the root user from
a central SD controller (also called the central management server or manager node) perform operations on
a remote target (also called the host or agent):
1) Set up the root, host, and template Access Control Lists (ACLs) on the remote machines to permit root
access from the controller system. To do this, run the following command on each remote system:
/usr/lib/sw/mx/setaccess controller
NOTES:
• controller is the name of the central management server.
• If remote system is 11.00, make sure SD patch PHCO_22526 or a superseding patch is installed on
remote system before running setaccess .

448 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

swconfig(1M) swconfig(1M)

• If remote system is older than 11.00 or for some other reason does not have setaccess in place,
copy setaccess script from an 11.11 or higher system to the remote system.
2) swinstall , swcopy , and swremove have enhanced GUI interfaces for remote operations. Enable
the enhanced GUIs by creating the .sdkey file on the controller. Use this command:
touch /var/adm/sw/.sdkey
See sd(5), swinstall(1M), swcopy(1M), swjob(1M), swlist(1M) or swremove (1M) for more information on
interactive operations.
NOTE: You can also set up remote access by using swacl directly on the remote machines to grant root or
non-root access to users from the controller system.

Interactive Operation
swconfig can perform limited interactive operations when the ask option is set to true . This option
executes an interactive request script. Request scripts can also be executed by swinstall and swask .
See the ask=false default option for more information. See also swinstall(1M) and swask(1M).

Options
swconfig supports the following options:
-c catalog Specifies the pathname of an exported catalog which stores copies of the response file
or files created by a request script (if -x ask=true or -x ask=as_needed).
Response files are also stored in the Installed Products Database.
-C session_file
Save the current options and operands to session_file. You can enter a relative or
absolute path with the file name. The default directory for session files is
$HOME/.sw/sessions/. You can recall a session file with the -S option.
-f software_file
Read the list of software_selections from software_file instead of (or in addition to) the
command line.
-J jobid Executes the previously scheduled job. This is the syntax used by the daemon to start
the job.
-p Previews a configuration task by running the session through the analysis phase only.
-Q date Schedules the job for this date. You can change the date format by editing the
/var/adm/sw/getdate.templ file.
-S session_file
Execute swconfig based on the options and operands saved from a previous ses-
sion, as defined in session_file. You can save session information to a file with the -C
option.
-t target_file Read the list of target_selections from target_file instead of (or in addition to) the com- s
mand line.
-u Causes swconfig to unconfigure the software instead of configuring it.
-v Turns on verbose output to stdout. (The swconfig logfile is not affected by this
option.) Verbose output is enabled by default; see the verbose option below.
-x option=value
Set the session option to value and override the default value (or a value in an alter-
nate option_file specified with the -X option). Multiple -x options can be specified.
-X option_file Read the session options and behaviors from option_file.
Operands
Most SD commands support two types of operands: software selections followed by target selections. These
operands are separated by the "at" (@) character. This syntax implies that the command operates on
"software selections at targets".

Software Selections
The swconfig command supports the following syntax for each software_selection:

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 449

 swconfig(1M) swconfig(1M)

bundle[.product[.subproduct][.fileset]][,version ]
product[.subproduct][.fileset][,version ]
• The = (equals) relational operator lets you specify selections with the following shell wildcard and
pattern-matching notations:
[ ], *, ?
• Bundles and subproducts are recursive. Bundles can contain other bundles and subproducts can
contain other subproducts.
• The \* software specification selects all products. Use this specification with caution.
The version component has the form:
[,r <op> revision][,a <op> arch][,v <op> vendor]
[,c <op> category ][,q= qualifier][,l= location]
[,fr <op> revision][,fa <op> arch]
• location applies only to installed software and refers to software installed to a location other than
the default product directory.
• fr and fa apply only to filesets.
• r , a , v , c , and l apply only to bundles and products. They are applied to the leftmost bundle
or product in a software specification.
• The <op> (relational operator) component can be of the form:
=, ==, >=, <=, <, >, or !=
which performs individual comparisons on dot-separated fields.
For example, r>=B.10.00 chooses all revisions greater than or equal to B.10.00 . The system
compares each dot-separated field to find matches.
• The = (equals) relational operator lets you specify selections with the shell wildcard and pattern-
matching notations:
[ ], *, ?, !
For example, the expression r=1[01].* returns any revision in version 10 or version 11.
• All version components are repeatable within a single specification (e.g. r>=A.12 , r<A.20 ). If
multiple components are used, the selection must match all components.
• Fully qualified software specs include the r= , a= , and v= version components even if they contain
empty strings.
• No space or tab characters are allowed in a software selection.
•
s The software instance_id can take the place of the version component. It has the form:
[instance_id]
within the context of an exported catalog, where instance_id is an integer that distinguishes ver-
sions of products and bundles with the same tag.
The \* software specification selects all products. It is not allowed when removing software from the root
directory /.

Target Selections
swconfig
supports this syntax for each target_selection.
[host ][:][/directory ]
The colon (:) is required if both a host and directory are specified.

450 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

swconfig(1M) swconfig(1M)

EXTERNAL INFLUENCES
Default Options
In addition to the standard options, several SD behaviors and policy options can be changed by editing the
default values found in:
/var/adm/sw/defaults the system-wide default values.
$HOME/.swdefaults the user-specific default values.
Values must be specified in the defaults file using this syntax:
[command_name.]option=value
The optional command_name prefix denotes one of the SD commands. Using the prefix limits the change
in the default value to that command. If you leave the prefix off, the change applies to all commands.
You can also override default values from the command line with the -x or -X options:
command -x option =value
command -X option_file
The following section lists all of the keywords supported by the swlist commands. If a default value
exists, it is listed after the "=".
The policy options that apply to swconfig are:
admin_directory=/var/adm/sw (for normal mode)
admin_directory=/var/home/LOGNAME/sw (for nonprivileged mode)
The location for SD logfiles and the default parent directory for the installed software cata-
log. The default value is /var/adm/sw for normal SD operations. When SD operates in
nonprivileged mode (that is, when the run_as_superuser default option is set to
true ):
• The default value is forced to /var/home/LOGNAME/sw.
• The path element LOGNAME is replaced with the name of the invoking user, which SD
reads from the system password file.
• If you set the value of this option to HOME/ path, SD replaces HOME with the invoking
user’s home directory (from the system password file) and resolves path relative to that
directory. For example, HOME/my_admin resolves to the my_admin directory in
your home directory.
• If you set the value of the installed_software_catalog default option to a
relative path, that path is resolved relative to the value of this option.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site. s
See also the installed_software_catalog and run_as_superuser options.
agent_auto_exit=true
Causes the target agent to automatically exit after Execute phase, or after a failed Analysis
phase. This is forced to false when the controller is using an interactive UI, or when -p
(preview) is used. This enhances network reliability and performance. The default is
true - the target agent will automatically exit when appropriate. If set to false , the
target agent will not exit until the controller ends the session.
agent_timeout_minutes=10000
Causes a target agent to exit if it has been inactive for the specified time. This can be used
to make target agents more quickly detect lost network connections since RPC can take as
long as 130 minutes to detect a lost connection. The recommended value is the longest
period of inactivity expected in your environment. For command line invocation, a value
between 10 minutes and 60 minutes is suitable. A value of 60 minutes or more is recom-
mended when the GUI will be used. The default of 10000 is slightly less than 7 days.
allow_incompatible=false
Requires that the software products which are being configured be "compatible" with the
target selections. (All of the target selections must match the list of supported systems

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 451

 swconfig(1M) swconfig(1M)

defined for each selected product.) If set to true , target compatibility is not enforced.
allow_multiple_versions=false
Prevents the configuration of another, independent version of a product when a version
already is configured at the target.
If set to true , another version of an existing product can be configured in its new location.
Multiple versions can only be installed if a product is locatable. Multiple configured ver-
sions will not work unless the product supports it.
ask=false
When ask=true , executes a request script, which asks for a user response. If
ask=as_needed , the swask command first determines if a response file already exists
in the control directory and executes the request script only when a response file is absent.
If set to ask=true , or ask=as_needed, you can use the -c catalog option to specify
the pathname of an exported catalog to store copies of the response file or files created by
the request script.
See swask(1M) for more information on request scripts.
autoremove_job=false
Controls automatic job removal of completed jobs. If the job is automatically removed, job
information (job status or controller/agent logfiles) cannot be queried with swjob .
autoselect_dependencies=true
Controls the automatic selection of prerequisite, corequisite, and exrequisite software that
is not explicitly selected by the user. This option does not apply to swconfig -u. The
default is: true . The requisite software will be automatically selected for configuration.
Specifying false causes requisite software, which is not explicitly selected, to not be
automatically selected for configuration.
autoselect_dependents=false
Controls the automatic selection of dependent software that is not explicitly selected by the
user. A dependent is the opposite of a requisite. A dependent fileset has established either
a prerequisite or a corequisite on the selected fileset. Specifying true causes dependent
software to be automatically selected for unconfiguration. The default, false causes
dependent software, which is not explicitly selected, to not be automatically selected for
unconfiguration.
compress_index=false
Determines whether SD commands create compressed INDEX and INFO catalog files when
writing to target depots or roots. The default of false does not create compressed files.
When set to true , SD creates compressed and uncompressed INDEX and INFO files. The
compressed files are named INDEX.gz and INFO.gz , and reside in the same directories
as the uncompressed files.
s Compressed files can enhance performance on slower networks, although they may
increase disk space usage due to a larger Installed Products Database and depot catalog.
SD controllers and target agents for HP-UX 11.01 and higher automatically load the
compressed INDEX and INFO files from the source agent when:
• The source agent supports this feature.
• INDEX.gz or INFO.gz exist on the source depot.
• INDEX.gz or INFO.gz are not older than the corresponding uncompressed INDEX or
INFO files.
The uncompressed INDEX or INFO file is accessed by the source agent if any problem
occurs when accessing, transferring, or uncompressing the INDEX.gz or INFO.gz file.
controller_source
Location of a depot for the controller to access to resolve selections. This has no effect on
which sources the target uses. Specify this as host, /path, or host:/path. Useful for reduc-
ing network traffic between controller and target.
enforce_dependencies=true
Requires that all dependencies specified by the software_selections be resolved at the
target_selections.

452 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

swconfig(1M) swconfig(1M)

The swconfig , command will not proceed unless the dependencies have also been
selected or already exist at the target in the correct state (INSTALLED or CONFIGURED).
This prevents unusable software from being configured on the system.
If set to false , dependencies will still be checked, but not enforced. Corequisite depen-
dencies, if not enforced, may keep the selected software from working properly. Prere-
quisite and exrequisite dependencies, if not enforced, may cause the configuration to fail.
enforce_scripts=true
Controls the handling of errors generated by scripts. If true , and the vendor-supplied
script returns an error, the configure or unconfigure operation stops. An error message
appears reporting that the execution phase failed. If false , swconfig attempts to con-
tinue operation. A warning message appears reporting that the execution succeeded.
installed_software_catalog=products
Defines the directory path where the Installed Products Database (IPD) is stored. This
information describes installed software. When set to an absolute path, this option defines
the location of the IPD. When this option contains a relative path, the SD controller
appends the value to the value specified by the admin_directory option to determine
the path to the IPD. For alternate roots, this path is resolved relative to the location of the
alternate root. This option does not affect where software is installed, only the IPD loca-
tion.
This option permits the simultaneous installation and removal of multiple software applica-
tions by multiple users or multiple processes, with each application or group of applications
using a different IPD.
Caution: use a specific installed_software_catalog to manage a specific applica-
tion. SD does not support multiple descriptions of the same application in multiple IPDs.
See also the admin_directory and run_as_superuser options, which control SD’s
nonprivileged mode. (This mode is intended only for managing applications that are spe-
cially designed and packaged. This mode cannot be used to manage the HP-UX operating
system or patches to it. For a full explanation of nonprivileged SD, see the Software Distri-
butor Administration Guide, available at the http://docs.hp.com web site.)
job_title=
This is an ASCII string giving a title to a job. It is displayed along with the job ID to pro-
vide additional identifying information about a job when swjob is invoked.
log_msgid=0
Adds numeric identification numbers at the beginning of SD logfile messages:
0 (default) No identifiers are attached to messages.
1 Adds identifiers to ERROR messages only.
2 Adds identifiers to ERROR and WARNING messages.
3 Adds identifiers to ERROR, WARNING, and NOTE messages.
4 Adds identifiers to ERROR, WARNING, NOTE, and certain other informational mes- s
sages.
logdetail=false
Controls the amount of detail written to the logfile. When set to true , this option adds
detailed task information (such as options specified, progress statements, and additional
summary information) to the logfile. This information is in addition to log information con-
trolled by the loglevel option.
See loglevel below and the sd(5) manual page, by typing man 5sd , for more informa-
tion.
logfile=/var/adm/sw/swconfig.log
This is the default command log file for the swconfig command.
loglevel=1
Controls the log level for the events logged to the command logfile, the target agent logfile,
and the source agent logfile. This information is in addition to the detail controlled by the
logdetail option. (See logdetail above and the sd(5) manual page, by typing man
5 sd , for more information.) A value of
0 provides no information to the logfile.

HP-UX 11i Version 3: February 2007 −6− Hewlett-Packard Company 453

 swconfig(1M) swconfig(1M)

1 enables verbose logging to the logfiles.

2 enables very verbose logging to the logfiles.
mount_all_filesystems=true
By default, the swconfig command attempts to automatically mount all filesystems in
the /etc/fstab file at the beginning of the analysis phase, to ensure that all listed
filesystems are mounted before proceeding. This policy helps to ensure that files are not
loaded into a directory that may be below a future mount point.
If set to false , the mount operation is not attempted, and no check of the current mounts
is performed.
reconfigure=false
Prevents software which is already in the CONFIGURED state from being reconfigured. If
set to true , CONFIGURED software can be reconfigured.
rpc_binding_info=ncacn_ip_tcp:[2121] ncadg_ip_udp:[2121]
Defines the protocol sequence(s) and endpoint(s) on which the daemon listens and on which
the other commands use to contact the daemon. If the connection fails for one protocol
sequence, the next is attempted. SD supports both the tcp (ncacn_ip_tcp:[2121])
and udp (ncadg_ip_udp:[2121]) protocol sequence on most platforms.
rpc_timeout=5
Relative length of the communications timeout. This is a value in the range from 0 to 9 and
is interpreted by the DCE RPC. Higher values mean longer times; you may need a higher
value for a slow or busy network. Lower values will give faster recognition on attempts to
contact hosts that are not up, or are not running the swagentd . Each value is approxi-
mately twice as long as the preceding value. A value of 5 is about 30 seconds for the
ncadg_ip_udp protocol sequence.
run_as_superuser=true
This option controls SD’s nonprivileged mode. This option is ignored (treated as true) when
the invoking user is super-user.
When set to the default value of true, SD operations are performed normally, with permis-
sions for operations either granted to a local super-user or set by SD ACLs. (See swacl(1M)
for details on ACLs.)
When set to false and the invoking user is local and is not super-user, nonprivileged mode
is invoked:
• Permissions for operations are based on the user’s file system permissions.
• SD ACLs are ignored.
• Files created by SD have the uid and gid of the invoking user, and the mode of created
files is set according to the invoking user’s umask.
s SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the admin_directory and installed_software_catalog options.
select_local=true
If no target_selections are specified, select the local host as the target of the command.
software=
Defines the default software_selections. There is no supplied default. If there is more than
one software selection, they must be separated by spaces.
targets=
Defines the default target_selections. There is no supplied default (see select_local
above). If there is more than one target selection, they must be separated by spaces.
verbose=1
Controls the verbosity of the output (stdout). A value of
0 disables output to stdout. (Error and warning messages are always written to stderr).
1 enables verbose messaging to stdout.

454 Hewlett-Packard Company −7− HP-UX 11i Version 3: February 2007

swconfig(1M) swconfig(1M)

write_remote_files=false
Prevents the configuring of files on a target which exists on a remote (NFS) filesystem. All
files on a remote filesystem will be skipped.
If set to true and if the superuser has write permission on the remote filesystem, the
remote files will not be skipped, but will be configured.

Session File
Each invocation of the swconfig command defines a configuration session. The invocation options,
source information, software selections, and target hosts are saved before the installation or copy task actu-
ally commences. This lets you re-execute the command even if the session ends before proper completion.
Each session is automatically saved to the file $HOME/.sw/sessions/swremove.last. This file is
overwritten by each invocation of swconfig .
You can also save session information to a specific file by executing swconfig with the -C session__file
option.
A session file uses the same syntax as the defaults files. If you do not specify a specific path for the session
file, the default location is $HOME/.sw/sessions/.
To re-execute a session file, specify the session file as the argument for the -S session__file option of
swconfig .
Note that when you re-execute a session file, the values in the session file take precedence over values in
the system defaults file. Likewise, any command line options or parameters that you specify when you
invoke swconfig take precedence over the values in the session file.

Environment Variables
The environment variables that affect the swconfig command are:
LANG Determines the language in which messages are displayed. If LANG is not specified or
is set to the empty string, a default value of C is used. See lang(5) for more informa-
tion.
NOTE: The language in which the SD agent and daemon log messages are displayed is
set by the system configuration variable script, /etc/rc.config.d/LANG. For
example, /etc/rc.config.d/LANG, must be set to LANG=ja_JP.SJIS or
LANG=ja_JP.eucJP to make the agent and daemon log messages display in
Japanese.
LC_ALL Determines the locale to be used to override any values for locale categories specified by
the settings of LANG or any environment variables beginning with LC_ .
LC_CTYPE Determines the interpretation of sequences of bytes of text data as characters (e.g.,
single-versus multibyte characters in values for vendor-defined attributes).
LC_MESSAGES
Determines the language in which messages should be written.
s
LC_TIME Determines the format of dates (create_date and mod_date) when displayed by swlist .
Used by all utilities when displaying dates and times in stdout , stderr , and log-
ging .
TZ Determines the time zone for use when displaying dates and times.
Environment variables that affect scripts are:
SW_CATALOG
Holds the path to the Installed Products Database (IPD), relative to the path in the
SW_ROOT_DIRECTORY environment variable. Note that you can specify a path for
the IPD using the installed_software_catalog default option.
SW_CONFIG_AFTER_REBOOT
This variable should be read only by the configure script. If this is set to any value
it indicates the configure script was invoked by the swconfig command during
system startup. This variable is set by the /sbin/init.d/swconfig system
startup script.
SW_CONTROL_DIRECTORY
Defines the current directory of the script being executed, either a temporary catalog

HP-UX 11i Version 3: February 2007 −8− Hewlett-Packard Company 455

 swconfig(1M) swconfig(1M)

directory, or a directory within in the Installed Products Database (IPD). This variable
tells scripts where other control scripts for the software are located (e.g. subscripts).
SW_CONTROL_TAG
Holds the tag name of the control_file being executed. When packaging software, you
can define a physical name and path for a control file in a depot. This lets you define the
control_file with a name other than its tag and lets you use multiple control file
definitions to point to the same file. A control_file can query the SW_CONTROL_TAG
variable to determine which tag is being executed.
SW_LOCATION
Defines the location of the product, which may have been changed from the default pro-
duct directory. When combined with the SW_ROOT_DIRECTORY, this variable tells
scripts where the product files are located.
SW_PATH A PATH variable which defines a minimum set of commands available for use in a con-
trol script (e.g. /sbin:/usr/bin).
SW_ROOT_DIRECTORY
Defines the root directory in which the session is operating, either "/" or an alternate
root directory. This variable tells control scripts the root directory in which the products
are installed. A script must use this directory as a prefix to SW_LOCATION to locate
the product’s installed files. The configure script is only run when
SW_ROOT_DIRECTORY is /.
SW_SESSION_OPTIONS
Contains the pathname of a file containing the value of every option for a particular
command, including software and target selections. This lets scripts retrieve any com-
mand options and values other than the ones provided explicitly by other environment
variables. For example, when the file pointed to by SW_SESSIONS_OPTIONS is
made available to a request script, the targets option contains a list of
software_collection_specs for all targets specified for the command. When the file
pointed to by SW_SESSIONS_OPTIONS is made available to other scripts, the targets
option contains the single software_collection_spec for the targets on which the script is
being executed.
SW_SOFTWARE_SPEC
This variable contains the fully qualified software specification of the current product or
fileset. The software specification allows the product or fileset to be uniquely identified.

Signals
The swconfig command catches the signals SIGQUIT and SIGINT, and SIGUSR1. If these signals are
received, swconfig prints a message, sends a Remote Procedure Call (RPC) to the agents to wrap up,
and then exits.
s The agent ignores SIGHUP, SIGINT, and SIGQUIT. It immediately exits gracefully after receiving
SIGTERM, SIGUSR1, or SIGUSR2. Killing the agent may leave corrupt software on the system, and thus
should only be done if absolutely necessary. Note that when an SD command is killed, the agent does not
terminate until completing the task in progress.
The daemon ignores SIGHUP, SIGINT and SIGQUIT. It immediately exits gracefully after receiving
SIGTERM and SIGUSR2. After receiving SIGUSR1, it waits for completion of a copy or remove from a
depot session before exiting, so that it can register or unregister depots if necessary. Requests to start new
sessions are refused during this wait.
Each agent will complete the configuration task (if the execution phase has already started) before it wraps
up. This avoids leaving software in a corrupt state.

RETURN VALUES
The swconfig command returns:
0 The software_selections were successfully configured.
1 The configure operation failed on all target_selections.
2 The configure operation failed on some target_selections.

456 Hewlett-Packard Company −9− HP-UX 11i Version 3: February 2007

swconfig(1M) swconfig(1M)

DIAGNOSTICS
The swconfig command writes to stdout, stderr, and to specific logfiles.
Standard Output
The swconfig command writes messages for significant events. These include:
• a begin and end session message,
• selection, analysis, and execution task messages for each target_selection.

Standard Error
The swconfig command also writes messages for all WARNING and ERROR conditions to stderr.

Logging
The swconfig command logs summary events at the host where the command was invoked. It logs
detailed events to the swagent logfile associated with each target_selection.
Command Log
The swconfig command logs all stdout and stderr messages to the the logfile
/var/adm/sw/swconfig.log. (The user can specify a different logfile by modifying the log-
file option.)
Target Log
A swagent process performs the actual configure operation at each target_selection. The
swagent logs events to the file /var/adm/sw/swagent.log. You can view the command and
target log files with the swjob or sd command.

swagentd Disabled
If the swagentd daemon has been disabled on the host, it can be enabled by the host’s system administra-
tor by setting the SW_ENABLE_SWAGENTD entry in /etc/rc.config.d/swconfig to 1 and exe-
cuting /usr/sbin/swagentd -r .

EXAMPLES
Configure the C and Pascal products on the local host:
swconfig cc pascal
Configure Product1, use any associated response files generated by a request script, and save response files
under /tmp/resp1 :
swconfig -x ask=true -c /tmp/resp1 Product1
Reconfigure the HP Omniback product:
swconfig -x reconfigure=true Omniback
Configure the version of HP Omniback that was installed at /opt/Omniback_v2.0:
swconfig Omniback,l=/opt/Omniback_v2.0 s
Unconfigure the software_selections listed in the file /tmp/install.products on the hosts listed in
the file /tmp/install.hosts:
swconfig -u -f /tmp/install.products -t /tmp/install.hosts
Configure the C and Pascal products on remote hosts:
swconfig cc pascal @ hostA hostB hostC
LIMITATIONS
The SD-UX version of swconfig does not support the configuration, unconfiguration, or reconfiguration
of installed software on remote targets.

FILES
$HOME/.swdefaults
Contains the user-specific default values for some or all SD software management command
options.
$HOME/.sw/sessions/
Contains session files automatically saved by the SD software management commands, or expli-
citly saved by the user.

HP-UX 11i Version 3: February 2007 − 10 − Hewlett-Packard Company 457

 swconfig(1M) swconfig(1M)

/usr/lib/sw/sys.defaults
Contains the master list of current SD options with their default values.
/var/adm/sw/
The directory which contains all configurable and non-configurable data for SD software manage-
ment commands. This directory is also the default location of logfiles.
/var/adm/sw/defaults
Contains the active system-wide default values for some or all SD software management command
options.
/var/adm/sw/getdate.templ
Contains the set of date/time templates used when scheduling jobs.
/var/adm/sw/products/
The Installed Products Database (IPD), a catalog of all products installed on a system.

AUTHOR
swconfig was developed by the Hewlett-Packard Company.
SEE ALSO
install-sd(1M), swacl(1M), swagentd(1M), swask(1M), swcopy(1M), swinstall(1M), swjob(1M), swlist(1M),
swmodify(1M), swpackage(1M), swreg(1M), swremove(1M), swverify(1M) sd(4), swpackage(4), sd(5).
Software Distributor Administration Guide, available at http://docs.hp.com.
SD customer web site at http://docs.hp.com/en/SD/.

458 Hewlett-Packard Company − 11 − HP-UX 11i Version 3: February 2007

swgettools(1M) swgettools(1M)

NAME
swgettools - Utility for retrieving the SD product from new SD media in preparation for an OS update.

SYNOPSIS
swgettools [-s source][-t temp_directory_path]
DESCRIPTION
The swgettools command updates or reinstalls the latest SD commands (SW-DIST product) to your
system from media or a depot. The new SD commands are needed to install updated releases of HP-UX.

Prerequisites
• The swgettools script needs a temporary directory with at least 2 MB of free space. If there is not
enough space in the temporary directory, swgettools will fail.
By default, swgettools uses the /var/tmp directory. Use the bdf /var/tmp command to
determine if /var/tmp has adequate space.
If you do not have 2 MB free in /var/tmp , use the -t temp_dir_location option to specify a different
temporary directory.
• The SW-GETTOOLS product loaded by swgettools requires enough space to install the following
files:
/var/adm/sw/lbin (1 MB)
/var/adm/sw/sbin (3 MB)
/var/adm/sw/lib (6 MB)
/usr/lbin/sw/bin (5 MB)
These files are automatically removed when you reboot.
• Your system needs at least 32 MB of RAM to successfully update to HP-UX version 10.30 or greater.

Procedure
To update SD, you must first load the swgettools command onto your system. You can then run
swgettools to get the new SW-DIST product, which contains the new SD-UX commands.
• swgettools is shipped in the catalog/SW-GETTOOLS/pfiles directory. Depending on
whether the HP-UX software is on CD, tape, or a remote system in a software depot, use cp , tar , or
rcp to load swgettools onto your system. (HP recommends that you use the default directory,
/var/tmp .)
• Run swgettools . This creates the SW-GETTOOLS product, which updates SW-DIST .
• Use the new version of swinstall to update the rest of the operating system. See swinstall(1M) for
more information.
CAUTION: You MUST use the latest version of swinstall to update your system to the latest ver-
sion of HP-UX. If you use a previous version of swinstall , the update will fail. s
• Reboot the system.
For complete instructions regarding updating HP-UX, see Installing HP-UX 11.0 and Updating HP-UX 10.x
to 11.0.
CAUTION: Ensure that the booted kernel is /stand/vmunix before you install any kernel software.
The swinstall process assumes that the system has booted using the kernel at /stand/vmunix. Ins-
talling kernel software or performing an operating system update with any other kernel might result in loss
of data or other errors.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 459

 swgettools(1M) swgettools(1M)

Options
The swgettools command supports the following options:
-s source Specifies the path for the source media. Possible locations are: a local directory that is
an SD depot, a character-special tape device file connected to a tape drive that has an
SD media tape loaded, a CD-ROM mount point that has an SD media CD-ROM
loaded, or a remote machine and depot combination. The default source type is direc-
tory. The syntax is:
[host][:][/directory ]
The remote host can be specified by its host name, domain name, or Internet address.
The absolute path to the remote depot follows, separated by a colon with no spaces.
The colon is required when both a host and directory are specified. The directory path
must be absolute. For example, to specify a remote machine and depot combination:
swperf:/var/spool/sw
-t temp_directory_path
Specifies a temporary directory to use during the swgettools process. An abso-
lute pathname is required. By default /var/tmp is used. The temporary directory
must exist and must have at least 2 MB of free disk space for swgettools to
succeed. (You can use the bdf temp_directory_path command to determine if the
directory has adequate space.)

RETURN VALUES
The swgettools command returns:
0 Successful completion
1 Usage incorrect
2 Error during execution

EXAMPLES
To install the new SW-DIST product from CD-ROM media at /mnt/cdrom_depot:
cp /mnt/cdrom_depot/catalog/SW-GETTOOLS/pfiles/swgettools /var/tmp
/var/tmp/swgettools -s /mnt/cdrom_depot
To install the new SW-DIST product from tape media at /dev/rmt/0m :
cd /var/tmp
tar -xvf /dev/rmt/0m catalog/SW-GETTOOLS/pfiles/swgettools
cp /var/tmp/catalog/SW-GETTOOLS/pfiles/swgettools /var/tmp/swgettools
rm -rf /var/tmp/catalog
/var/tmp/swgettools -s /dev/rmt/0m
To install the new SW-DIST from a remote depot on swperf at /var/spool/sw:
s rcp swperf:/var/spool/sw/catalog/SW-GETTOOLS/pfiles/swgettools /var/tmp
/var/tmp/swgettools -s swperf:/var/spool/sw
AUTHOR
swgettools was developed by the Hewlett-Packard Company.
FILES
The swgettools command installs the following supporting files into four directories. These files are
removed when the system is rebooted after the installation or update is complete.
/var/adm/sw/lbin ˜ 1 MB
/var/adm/sw/sbin ˜ 3 MB
/var/adm/sw/lib ˜ 6 MB
/usr/lbin/sw/bin ˜ 5 MB

SEE ALSO
swinstall(1M), sd(5).
Managing HP-UX Software with SD-UX, Installing HP-UX 11.0 and Updating HP-UX 10.x to 11.0.

460 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

swinstall(1M) swinstall(1M)

NAME
swinstall, swcopy - install and configure software products; software products for subsequent installation or
distribution; respectively

SYNOPSIS
swinstall [XToolkit Options] [-i] [-p] [-r] [-v] [-c catalog ] [-C session_file ]
[-f software_file] [-J jobid ] [-Q date ] [-s source ] [-S session_file ] [-t target_file ]
[-x option=value ] [-X option_file ] [software_selections] [@ target_selections]
swcopy [XToolkit Options] [-i] [-p] [-v] [-C session_file ] [-f software_file ] [-J jobid ]
[-Q date ] [-s source ] [-S session_file ] [-t target_file ] [-x option=value ] [-X option_file ]
[software_selections] [@ target_selections]

Remarks
• This command supports operation on remote systems. See the Remote Operation section below for
details.
• swinstall and swcopy support an interactive user interface that can be invoked alone or by
the sd command. See Interactive Operation below.
• For an overview of all SD commands, see the sd(5) man page by typing man 5 sd on the com-
mand line.

DESCRIPTION
The swinstall command installs the software_selections from a software source to either the local host
or to one or more target_selections (root filesystems). By default, the software is configured for use on the
target after it is installed. (The software is not configured when installed into an alternate root directory.)
The swcopy command copies or merges software_selections from a software source to one or more
software depot target_selections. These depots can then be accessed as a software source by the swin-
stall command.
Remote Operation
You can enable Software Distributor (SD) to manage software on remote systems. To let the root user from
a central SD controller (also called the central management server or manager node) perform operations on
a remote target (also called the host or agent):
1) Set up the root, host, and template Access Control Lists (ACLs) on the remote machines to permit root
access from the controller system. To do this, run the following command on each remote system:
/usr/lib/sw/mx/setaccess controller
NOTES:
• controller is the name of the central management server.
• If remote system is 11.00, make sure SD patch PHCO_22526 or a superseding patch is installed on s
remote system before running setaccess .
• If remote system is older than 11.00 or for some other reason does not have setaccess in place,
copy setaccess script from an 11.11 or higher system to the remote system.
2) swinstall , swcopy , and swremove have enhanced GUI interfaces for remote operations.
Enable the enhanced GUIs by creating the .sdkey file on the controller. Use this command:
touch /var/adm/sw/.sdkey
NOTE: You can also set up remote access by using swacl directly on the remote machines to grant root or
non-root access to users from the controller system.

Interactive Operation
swinstall and swcopy each support a graphical user interface (GUI). (If your terminal or display can-
not support the GUI, these commands also provide a terminal user interface, in which screen navigation is
done with the keyboard and no mouse.)
To invoke the GUI, enter
swinstall

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 461

 swinstall(1M) swinstall(1M)

or
swcopy
on the command line (without any command-line options).
You can also invoke the GUI by including the -i option with any other command-line options.
The sd command provides an interactive interface for monitoring and scheduling software jobs. You can
also use sd to invoke the swinstall , copy , and swremove GUIs.
If you have enabled SD’s remote operations features, swinstall , swcopy , and swremove provide
enhanced GUIs to support operations on remote targets. See Remote Operation above for details
about enabling remote operations and the enhanced GUIs.
The command-line version of swinstall can also function interactively when the ask option is set to
true . This option executes an interactive request script. Request scripts can also be executed by
swconfig and swask . See swconfig(1M) and swask(1M), and the ask=false default option for more
information.

Updating the Operating System

To perform an operating system update, HP recommends that you use the update-ux command. This
command replaces swgettools to update the operating system to HP-UX 11.11 or higher. update-ux
is not available on 11.00 systems. To perform an update from 11.00 to 11.11 or higher, install update-ux
from the new operating system media. Then use update-ux to update the OS. See update-ux(1M) on an
11i system for more information.

Reinstalling SD
If your copy of SD becomes unusable or if you want to install a newer version of SD, HP recommends that
you use the install-sd command. This command reinstalls SD and also installs any SD patches that
exist in the source depot. install-sd does not exist on HP-UX 11.00 systems. For 11.00, use the
swgettools command to reinstall SD, then install the latest 11.00 SD patch. See install-sd(1M) or
swgettools (1M) for more information.

Installing Kernel Software

In HP-UX, the kernel installation process requires that the system boots using the kernel at
/stand/vmunix. Make sure that your system is booted to the /stand/vmunix kernel before you
install any kernel software or perform an operating system update.

Dependencies Between Software

The swinstall command supports dependencies, which is software that must be present or absent
before or during the installation of another piece of software. Dependencies apply between filesets and
other filesets and products. SD supports three types of dependencies: prerequisites that must be installed
and configured before the dependent fileset is installed and configured (respectively); corequisites that must
be installed and configured before the dependent is usable. exrequisites that prevent a dependent fileset
s from being installed or configured when they are present.
If a software_selection specifies a dependency on other filesets and/or products, swinstall automatically
select that software.
By default, all dependencies must be resolved before swinstall can proceed. You can override this pol-
icy using the enforce_dependencies option.
Note that if you specify a dependency for a fileset and the fileset is superseded by another fileset as part of
a patch, swinstall still recognizes the dependency.

Features and Differences between swinstall and swcopy

The key difference between swinstall and swcopy is that swinstall performs the software ins-
tallation, while swcopy copies software into a depot, making it available as a source for installation by
swinstall .
NOTE: To copy to a tape, see the swpackage(1M) manpage.
Other features (differences) include:
• The swinstall command executes several vendor-supplied scripts during the installation and
configuration of the software_selections. The swcopy command does not execute these scripts.
The swinstall command supports the following scripts:

462 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

swinstall(1M) swinstall(1M)

request a script that asks the user questions and stores responses in a response file.
The response file can then be used by configuration or other scripts.
checkinstall a script executed during the analysis of a target_selection, it checks
that the installation can be attempted. If this check fails, the software pro-
duct is not installed.
preinstall a script executed immediately before the software’s files are installed.
postinstall a script executed immediately after the software’s files are installed.
configure a script executed during the configuration of a target_selection, it configures
the target for the software (and the software for the target). The prein-
stall and postinstall scripts are not intended to be used for
configuration tasks. They are to be used for simple file management needs
such as removing obsolete files from the previous revision (which was just
updated).
unpreinstall a script executed immediately after the software’s actual files are restored if
the software install will fail and the autorecover_product option is set
to true . The script undoes the steps performed by preinstall script.
unpostinstall a script executed immediately before the software’s actual files are restored if
the software install failed and the autorecover_product option is set
to true . The script undoes the steps performed by postinstall script.
• When a depot is created or modified using swcopy , catalog files are built that describe the depot
(comparable to the Installed Products Database (IPD) files that are built by the swinstall
command).
• By default, the swinstall command only allows the selection of compatible software from the
source. This constraint ensures that the architecture of the software matches that of the
target_selections. No compatibility checks are performed by the swcopy command. (A depot can
be a repository of software targeted for a variety of architectures and operating systems.)
• By default, swinstall supports updates to higher revisions of software. If a software_selection
of the same revision is already installed, swinstall will not reinstall it. If a software_selection
has a lower revision than the same software which is already installed, swinstall will not rein-
stall it. (The user can override these behaviors with control options.)
• The swinstall command creates hard links and symbolic links as specified for the software. If
it encounters a symbolic link where it expected a regular file, swinstall follows the symbolic
link and updates the file to which it points.
• The swinstall command does not remove a product’s current files before installing the new
ones. A fileset’s install scripts can do that, if necessary. Files being replaced are overwritten
unless they are in use. If in use, they are unlinked or moved to #<file>. If the
autorecover_product option is set to true ; all files are saved to #<file>, and restored if the install
fails.
s
• The swinstall command supports kernel building scripts and rebooting. Before or after
software that modifies the kernel is installed or updated, swinstall executes system-specific
scripts to prepare for or build the new version of the kernel. The remaining software_selections are
then installed. These scripts are defined in swagent options and include:
install_setup_cmd, system_prep_cmd, kernel_build_cmd, and
install_cleanup_cmd. Please Note: Transition links do not exist on 11.31 and newer
releases so there are no install setup and cleanup steps to perform; therefore, the
install_setup_cmd and install_cleanup_cmd are never executed for these releases.
After software that requires a system reboot is installed or updated, swinstall automatically
reboots the system. The reboot command is defined by the swagent option: reboot_cmd .
When updating the operating system (see update-ux(1M) for more information.), you should install
kernel software first to ensure that a new kernel can be generated before the rest of the operating
system is updated. After all the software_selections are updated or installed, swinstall
reboots using the new kernel, then executes the configure scripts for each software_selection. After
these scripts complete, it reboots the system again to restore it to its normal state.
• No kernel building or system reboots are performed by swcopy .

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 463

 swinstall(1M) swinstall(1M)

• Both the swinstall and swcopy commands perform various checks prior to installing or
copying the software_selections, for example disk space analysis.

Options
swinstall and swcopy support the following options:
XToolKit Options
The swinstall and swcopy commands support a subset of the standard X Toolkit
options to control the appearance of the GUI. The supported options are: -bg ,
-background , -fg, -foreground , -display , -name , -xrm , and -syn-
chronous . See the X(1) manual page by typing man X for a definition of these
options.
-i Runs the command in interactive mode (Graphical User Interface). See the
Interactive Operation and Remote Operation headings above for
details.
-l (Applies only to HP-UX 10.X .) Runs the command in linkinstall mode which makes
software installed under a server’s shared root available to a diskless client’s private
root (HP-UX only).
When run in the linkinstall mode, swinstall :
• Creates NFS mounts to the software to make it accessible from the target. This
may involve delayed mounting for alternate roots.
• Modifies the target’s fstab file.
• Modifies the source’s exports file to add mount permission for the target.
Mounts are created by examining the share_link product attribute. Not all products
support linkinstall . Some products may be visible without creating a new
mount if they reside under an old one.
-p Previews an install task by running the session through the analysis phase only.
-r Causes swinstall to operate on alternate root directories, which must be specified
the @ target_selections option. Configuration scripts are not run on alternate roots.
(This option is not required for alternate root operations but is maintained for back-
ward compatibility. See the Alternate Root Directory and Depot
Directory heading in sd(5) for more information.)
-v Turns on verbose output to stdout. (The swinstall or swcopy logfile is not
affected by this option.) Verbose output is enabled by default; see the verbose
option below.
-c catalog Specifies the pathname of an exported catalog which stores copies of the response file
or files created by a request script (if -x ask=true or -x ask=as_needed).
s The response files are also stored in the Installed Products Database after the ins-
tallation process is complete.
-C session_file
Save the current options and operands to session_file. You can enter a relative or
absolute path with the file name. The default directory for session files is
$HOME/.sw/sessions/. You can recall a session file with the -S option.
-f software_file
Read the list of software_selections from software_file instead of (or in addition to) the
command line.
-J jobid Executes the previously scheduled job. This is the syntax used by the daemon to start
the job.
-Q date Schedules the job for this date. You can change the date format by modifying the
/var/adm/sw/getdate.templ file.
-s source Specifies the source depot (or tape) from which software is installed or copied. (SD
can read both tar and cpio tape depots.) The default source type is directory.
The syntax is:

464 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

swinstall(1M) swinstall(1M)

[host][:][/directory]
A host may be specified by its host name, domain name, or Internet address. A direc-
tory must be specified by an absolute path.
-S session_file
Execute swinstall or swcopy based on the options and operands saved from a
previous session, as defined in session_file. You can save session information from a
command-line session with the -C session_file option.
-t target_file Read the list of target_selections from target_file instead of (or in addition to) the com-
mand line.
-x option=value
Set the session option to value and override the default value (or a value in an alter-
nate option_file specified with the -X option). Multiple -x options can be specified.
-X option_file Read the session options and behaviors from option_file.
Operands
The swinstall and swcopy commands support two types of operands: software selections followed by
target selections. These operands are separated by the "at" (@) character. This syntax implies that the
command operates on "software selections at targets".

Software Selections
The selections operands consist of software_selections.
swinstall and swcopy support the following syntax for each software_selection:
bundle[.product[.subproduct][.fileset]][,version ]
product[.subproduct][.fileset][,version ]
• The = (equals) relational operator lets you specify selections with the following shell wildcard and
pattern-matching notations:
[ ], *, ?
For example, the following expression installs all bundles and products with tags that end with
"man":
swinstall -s sw_server *man
• Bundles and subproducts are recursive. Bundles can contain other bundles and subproducts can
contain other subproducts. For example:
swinstall bun1.bun2.prod.sub1.sub2.fset,r=1.0
or (using expressions):
swinstall bun[12].bun?.prod.sub*,a=HP-UX s
• The \* software specification selects all products. Use this specification with caution.
The version component has the form:
[,r <op> revision][,a <op> arch][,v <op> vendor]
[,c <op> category ][,q= qualifier][,l= location]
[,fr <op> revision][,fa <op> arch]
• location applies only to installed software and refers to software installed to a location other than
the default product directory.
• fr and fa apply only to filesets.
• r , a , v , c , and l apply only to bundles and products. They are applied to the leftmost bundle
or product in a software specification.
• The <op> (relational operator) component can be of the form:
=, ==, >=, <=, <, >, or !=
which performs individual comparisons on dot-separated fields.

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 465

 swinstall(1M) swinstall(1M)

For example, r>=B.10.00 chooses all revisions greater than or equal to B.10.00 . The system
compares each dot-separated field to find matches.
• The = (equals) relational operator lets you specify selections with the shell wildcard and pattern-
matching notations:
[ ], *, ?, !
For example, the expression r=1[01].* returns any revision in version 10 or version 11.
• All version components are repeatable within a single specification (e.g. r>=A.12 , r<A.20 ). If
multiple components are used, the selection must match all components.
• Fully qualified software specs include the r=, a=, and v= version components even
if they contain empty strings. For installed software, l= is also included.
• No space or tab characters are allowed in a software selection.
• The software instance_id can take the place of the version component. It has the form:
[instance_id]
within the context of an exported catalog, where instance_id is an integer that distinguishes ver-
sions of products and bundles with the same tag.
The \* software specification selects all products. It is not allowed when removing software from the root
directory /.
Target Selection
The swinstall and swcopy commands support the following syntax for each target_selection. The
colon (:) is required if both a host and directory are specified.
[host][:][/directory]
A host may be specified by its host name, domain name, or Internet address. A directory must be specified
by an absolute path.
For linkinstall, on HP-UX 10.X systems: if the [directory] part of the selection is a relative path, then the
value of default.shared_root=true is pre-pended for sources and the value of default.private_root=true is
pre-pended for targets. These are normally /export/shared_roots and
/export/private_roots, respectively.
EXTERNAL INFLUENCES
Default Options
In addition to the standard options, several SD behaviors and policy options can be changed by editing the
default values found in:
/var/adm/sw/defaults the system-wide default values.
$HOME/.swdefaults the user-specific default values.
s Values must be specified in the defaults file using this syntax:
[command_name.]option=value
The optional command_name prefix denotes one of the SD commands. Using the prefix limits the change in
the default value to that command. If you leave the prefix off, the change applies to all commands.
You can also override default values from the command line with the -x or -X options:
command -x option =value
command -X option_file
The following section lists all of the keywords supported by the swinstall and swcopy commands. If
a default value exists, it is listed after the =.
admin_directory=/var/adm/sw (for normal mode)
admin_directory=/var/home/LOGNAME/sw (for nonprivileged mode)
The location for SD logfiles and the default parent directory for the installed software cata-
log. The default value is /var/adm/sw for normal SD operations. When SD operates in
nonprivileged mode (that is, when the run_as_superuser default option is set to
true ):

466 Hewlett-Packard Company −6− HP-UX 11i Version 3: February 2007

swinstall(1M) swinstall(1M)

• The default value is forced to /var/home/LOGNAME/sw.

• The path element LOGNAME is replaced with the name of the invoking user, which SD
reads from the system password file.
• If you set the value of this option to HOME/ path, SD replaces HOME with the invoking
user’s home directory (from the system password file) and resolves path relative to that
directory. For example, HOME/my_admin resolves to the my_admin directory in
your home directory.
• If you set the value of the installed_software_catalog default option to a
relative path, that path is resolved relative to the value of this option.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the installed_software_catalog and run_as_superuser options.
agent_auto_exit=true
Causes the target agent to automatically exit after Execute phase, or after a failed Analysis
phase. This is forced to false when the controller is using an interactive UI, or when -p
(preview) is used. This enhances network reliability and performance. The default is
true - the target agent automatically exits when appropriate. If set to false , the target
agent will not exit until the controller ends the session.
agent_timeout_minutes=10000
Causes a target agent to exit if it has been inactive for the specified time. This can be used
to make target agents more quickly detect lost network connections since RPC can take as
long as 130 minutes to detect a lost connection. The recommended value is the longest
period of inactivity expected in your environment. For command line invocation, a value
between 10 minutes and 60 minutes is suitable. A value of 60 minutes or more is recom-
mended when the GUI is used. The default of 10000 is slightly less than 7 days.
allow_downdate=false
(Applies only to swinstall .) Prevents the installation of an older revision of fileset that
already exists at the target(s). (Many software products do not support "downdating".) If
set to true , the older revision can be installed.
allow_incompatible=false
(Applies only to swinstall .) Requires that the software products which are being
installed be "compatible" with the target selections. (All of the target selections must match
the list of supported systems defined for each selected product.) If set to true , target com-
patibility is not enforced.
allow_multiple_versions=false
(Applies only to swinstall .) Prevents the installation of another, independent version of s
a product when a version already is already installed at the target.
If set to true , another version of an existing product can be installed into a new location.
Multiple versions can only be installed if a product is locatable. Multiple configured ver-
sions will not work unless the product supports it.
allow_split_patches=false
Permits the use of single patch filesets without "sibling" filesets. In the default state of
false , installation or copying of a single fileset from a multi-fileset patch automatically
includes any other fileset that are part of the patch, based on the ancestor filesets of the
target fileset. (This behavior applies to filesets selected directly by the user and to filesets
automatically selected by SD to resolve software dependencies.)
When set to true , SD allows a single patch fileset to be installed or copied without includ-
ing the sibling filesets. This allows a target to contain a patch that has been "split" into its
component filesets. WARNING: Splitting a patch can create a situation in which one
fileset in a sibling group would be updated by a patch, while the other filesets would remain
at an earlier release.
ask=false
(Applies only to swinstall .) When ask=true , executes a request script which asks for

HP-UX 11i Version 3: February 2007 −7− Hewlett-Packard Company 467

 swinstall(1M) swinstall(1M)

a user response. If ask=as_needed, the swinstall command first determines if a

response file already exists in the catalog specified in the -c option or source depot and
executes the request script only when a response file is absent.
If set to ask=true , or ask=as_needed, you can use the -c catalog option to specify
the pathname of an exported catalog to store copies of the response file or files created by
the request script.
See swask(1M) for more information on request scripts.
autoreboot=false
(Applies only to swinstall .) Prevents the installation of software requiring a reboot
from the non-interactive interface. If set to true , this software can be installed and the
target system(s) will be automatically rebooted.
An interactive session always asks for confirmation before software requiring a reboot is
installed.
autorecover=false
This option permits automatic recovery of original filesets if an installation error occurs.
The cost is a temporary increase in disk space and slower performance. The default value of
false causes swinstall to remove the original files as a fileset is updated. If an error
occurs during the installation (e.g. network failure), then the original files are lost, and you
must reinstall the fileset.
If set to true , all files are saved as backup copies until the current fileset finishes loading.
If an error occurs during installation, the fileset’s original files are replaced, and swin-
stall continues to the next fileset in the product or the product postinstall script.
When set to true , this option also affects scripts. For example, if a preinstall script fails,
this option causes the corresponding unpreinstall script to execute. See Software Distribu-
tor Administration Guide for complete information.
autorecover_product=false
(Applies only to swinstall .) This option permits automatic recovery of original product
files if an installation error occurs. The cost is a temporary increase in disk space and
slower performance. The default value of false causes swinstall to remove any
existing product files as a product is updated. If an error occurs during installation (e.g.
network failure), then the original files are lost, and you must reinstall the product.
If set to true , all files for a product are saved as backup copies until the entire product
finishes loading. Then the files are removed. If an error occurs during installation, the ori-
ginal product files are replaced, and swinstall exits.
When set to true , this option also affects scripts. For example, if a preinstall script fails,
this option causes the corresponding unpreinstall script to execute. See Software Distribu-
tor Administration Guide for complete information.
s autoremove_job=false
Controls automatic job removal of completed jobs. If the job is automatically removed, job
information (job status or target logfiles) cannot be queried with swjob .
autoselect_dependencies=true
Automatically select dependencies when software is being selected. When set to true , and
any software which has dependencies is selected for install, swinstall or swcopy
makes sure that the dependencies are met. If they are not already met, they are automati-
cally selected for you. If set to false , automatic selections are not made to resolve
requisites. When set to as_needed , autoselected dependencies are operated only if the
dependency is not already met on the target.
autoselect_patches=true
Automatically selects the latest patches (based on superseding and ancestor attributes) for
a software object that a user selects for a swinstall or swcopy operation. When set to
false , the patches corresponding to the selected object, are not automatically selected.
The patch_filter= option can be used in conjunction with autoselect_patches.
autoselect_reference_bundles=true
If true , bundles that are sticky are automatically installed or copied, along with the
software it is made up of. If false , the software can be installed, or copied, without

468 Hewlett-Packard Company −8− HP-UX 11i Version 3: February 2007

swinstall(1M) swinstall(1M)

automatically including sticky bundles that contain it.

codeword=
Provides the "codeword" needed to unlock protected HP CD-ROM software.
Some HP software products are shipped on CD-ROM as "protected" products. That is, they
cannot be installed or copied unless a "codeword" and "customer ID" are provided. The
codeword is found on the CD-ROM certificate which you received from HP. You may use
this default specification on the command line or the SD-UX Interactive User Interface to
enter the codeword.
This default stores the codeword for future reference, and you need to enter the codeword
only once. If you purchase a new HP product and a previous codeword has already been
entered for that CD-ROM, just enter the new codeword as usual and the codewords will be
merged internally.
NOTE: For HP-UX B.10.10 and later systems, SD searches the .codewords file on the
server that is providing protected software to other hosts. It looks for valid
customer_id/codeword pairs. In doing so, SD eliminates the need to enter codewords and
customer_ids on every host that is "pulling" the software.
To properly store the customer_id/codeword for a CD-ROM, run swinstall -p or
swcopy -p on the host serving the CD-ROM. After the codeword has been stored, clients
installing or copying software using that host and CD-ROM as a source will no longer need
a codeword or customer_id.
compress_files=false
If set to true , uncompressed files are compressed before transfer from a source. This
enhances performance on slower networks for swcopy and swinstall , and results in
smaller depots for swcopy and swpackage , unless the uncompress_files option is
also set to true .
compress_index=false
Determines whether SD commands create compressed INDEX and INFO catalog files when
writing to target depots or roots. The default of false does not create compressed files.
When set to true , SD creates compressed and uncompressed INDEX and INFO files. The
compressed files are named INDEX.gz and INFO.gz , and reside in the same directories
as the uncompressed files.
Compressed files can enhance performance on slower networks, although they may
increase disk space usage due to a larger Installed Products Database and depot catalog.
SD controllers and target agents for HP-UX 11.01 and higher automatically load the
compressed INDEX and INFO files from the source agent when:
• The source agent supports this feature.
• INDEX.gz or INFO.gz exist on the source depot.
• INDEX.gz or INFO.gz are not older than the corresponding uncompressed INDEX or
s
INFO files.
The uncompressed INDEX or INFO file is accessed by the source agent if any problem
occurs when accessing, transferring, or uncompressing the INDEX.gz or INFO.gz file.
controller_source=
Specifies the location of a depot for the controller to access to resolve selections. Setting
this option can reduce network traffic between the controller and the target. Use the target
selection syntax to specify the location: [host][:][/directory ]
The controller_source_option supports the same syntax as the -s source option.
This option has no effect on which sources the target uses and is ignored when used with
the Interactive User Interface.
create_target_path=true
Causes the agent to create the target directory if it does not already exist. If set to false ,
a new target directory is not created. This option can prevent the erroneous creation of
new target depots or new alternate root directories.
create_time_filter=0
For cumulative source depots, this option allows consistent software selections over time by

HP-UX 11i Version 3: February 2007 −9− Hewlett-Packard Company 469

 swinstall(1M) swinstall(1M)

swlist , swcopy , and swinstall . The default of zero includes all bundles, products,
subproducts, and filesets in the source depot as candidates for selection (and autoselection
of dependencies and patches), based on the software selections and other options. When set
to a time (specified as seconds from epoch), only those bundles, products, and filesets (and
the subproducts in the product) with a create_time less than or equal to the specified value
are available for selection (or autoselection). To list the create_time of bundles, products
and filesets, use:
swlist -a create_time -a create_date
customer_id=
This number, also printed on the Software Certificate, is used to "unlock" protected
software and restrict its installation to a specific site or owner. It is entered using the -x
customer_id= option or by using the Interactive User Interface. The customer_id can be
used on any HP-UX 10.0X or later system.
defer_configure=false
(Applies only to swinstall .) Causes swinstall to automatically run configure scripts
for the software_selections after they are installed. (Alternate root directories are not
configured.)
When set to true, swinstall does not run configure scripts. If you want to configure the
software later, you must run the swconfig command.
NOTES:
• Multiple versions of a product will not be automatically configured if another version is
already configured. Use the swconfig command to configure multiple versions
separately.
• SD ignores this option when it installs software that causes a system reboot.
distribution_source_directory=/var/spool/sw
Defines the default location of the source depot (when the source_type is directory).
You can also use the host :path syntax. The -s option overrides this default.
distribution_target_directory=/var/spool/sw
(Applies only to swcopy .) Defines the default location of the target depot.
enforce_dependencies=true
Requires that all dependencies specified by the software_selections be resolved either in the
specified source, or at the target_selections themselves.
The swinstall and swcopy commands will not proceed unless the dependencies have
also been selected or already exist at the target in the correct state (INSTALLED or AVAIL-
ABLE). This prevents unusable software from being installed on the system. It also
ensures that depots contain usable sets of software.
s If set to false , dependencies are still checked, but not enforced. Corequisite dependen-
cies, if not enforced, may keep the selected software from working properly. Prerequisite
dependencies, if not enforced, may cause the installation or configuration to fail.
enforce_dsa=true
Prevents the command from proceeding past the analysis phase if the disk space required is
beyond the available free space of the impacted filesystem(s). If set to false , the install
or copy operation uses the filesystem’s minfree space and may fail because it reaches the
filesystem’s absolute limit.
enforce_kernbld_failure=true
(Applies only to swinstall .) Prevents swinstall from proceeding past the kernel
build phase if the kernel build processes fail. If set to false , the install operation contin-
ues (without suspension if in the interactive mode) despite failure or warnings from either
the system preparation process or the kernel build process.
When set to the default value of true , this option generates an error if a command tries to
relocate a non-relocatable fileset. (Relocatable filesets are packaged with the
is_relocatable attribute set to true ). When set to false , the usual error handling
process is overridden, and SD permits the command to relocate the fileset.

470 Hewlett-Packard Company − 10 − HP-UX 11i Version 3: February 2007

swinstall(1M) swinstall(1M)

enforce_scripts=true
Controls the handling of errors generated by scripts. If true , and a script returns an
error, an error message appears reporting that the execution phase failed. If false ,
swinstall attempts to continue operation. A warning message appears saying that the
analysis or execution phase succeeded. The message identifies the specific swinstall
phase (checkinstall, preinstall, postinstall, or configure).
fix_explicit_directories=false
Controls the swinstall response to explicitly packaged software (software packaged
with explicit file specifications). The default value of false causes swinstall to set
permissions (as specified in the product specification file) on new directories but never on
pre-existing directories. When set to true , swinstall also sets the permissions on
pre-existing directories.
installed_software_catalog=products
(Applies only to swinstall .) Defines the directory path where the Installed Products
Database (IPD) is stored. This information describes installed software. When set to an
absolute path, this option defines the location of the IPD. When this option contains a rela-
tive path, the SD controller appends the value to the value specified by the
admin_directory option to determine the path to the IPD. For alternate roots, this
path is resolved relative to the location of the alternate root. This option does not affect
where software is installed, only the IPD location.
This option permits the simultaneous installation and removal of multiple software applica-
tions by multiple users or multiple processes, with each application or group of applications
using a different IPD.
Caution: use a specific installed_software_catalog to manage a specific applica-
tion. SD does not support multiple descriptions of the same application in multiple IPDs.
See also the admin_directory and run_as_superuser options, which control SD’s
nonprivileged mode. (This mode is intended only for managing applications that are spe-
cially designed and packaged. This mode cannot be used to manage the HP-UX operating
system or patches to it. For a full explanation of nonprivileged SD, see the Software Distri-
butor Administration Guide, available at the http://docs.hp.com web site.)
job_title=
This is an ASCII string giving a title to a job. It is displayed along with the job ID to pro-
vide additional identifying information about a job when swjob or sd is invoked. The
default value is to have no title. If a title is specified, it should be enclosed in quotes.
layout_version=1.0
(Applies only to swcopy .) Specifies the POSIX layout_version to which the SD
commands conform when writing distributions and swlist output. Supported values are
"1.0" (default) and "0.8".
SD object and attribute syntax conforms to the layout_version 1.0 specification of the IEEE s
POSIX 1387.2 Software Administration standard. SD commands still accept the keyword
names associated with the older layout version, but you should use
layout_version=0.8 only to create distributions readable by older versions of SD.
See the description of the layout_version option in sd(5) for more information.
logdetail=false
Controls the amount of detail written to the logfile. When set to true , this option adds
detailed task information (such as options specified, progress statements and additional
summary information) to the logfile. This information is in addition to log information con-
trolled by the loglevel option.
See loglevel=1 and the sd(5) manual page by typing man 5 sd for more informa-
tion.
logfile=/var/adm/sw/swremove.log
This is the default command log file for the swinstall command.
loglevel=1
Controls the log level for the events logged to the command logfile, the target agent logfile,
and the source agent logfile. This information is in addition to the detail controlled by the
logdetail option. (See logdetail=false and the sd(5) manual page for more
HP-UX 11i Version 3: February 2007 − 11 − Hewlett-Packard Company 471
 swinstall(1M) swinstall(1M)

information.) A value of:

0 provides no information to the logfile.
1 enables verbose logging to the logfiles.
2 enables very verbose logging, including per-file messages, to the logfiles.
log_msgid=0
Adds numeric identification numbers at the beginning of SD logfile messages:
0 (default) No identifiers are attached to messages.
1 Adds identifiers to ERROR messages only.
2 Adds identifiers to ERROR and WARNING messages.
3 Adds identifiers to ERROR, WARNING, and NOTE messages.
4 Adds identifiers to ERROR, WARNING, NOTE, and certain other informational mes-
sages.
match_target=false
(Applies only to swinstall .) If set to true , software selection is done by locating
filesets on the source that match the target system’s installed filesets. If multiple targets
are specified, the first in the list is used as the basis for selections.
max_targets=25
When set to a positive integer, SD limits the number of concurrent install or copy opera-
tions to the number specified. As each copy or install operation completes, another target
is selected and started until all targets have been completed.
Server and network performance determines the optimal setting; a recommended starting
point is 25 (the default value). If you set this option to a value of less than one, SD
attempts to install or copy to all targets at once.
mount_all_filesystems=true
Attempt to mount all filesystems in the /etc/fstab file at the beginning of the analysis
phase, to ensure that all listed filesystems are mounted before proceeding. This policy
helps to ensure that files are not loaded into a directory that may be below a future mount
point.
If set to false , the mount operation is not attempted, and no check of the current mounts
is performed.
os_name
(Applies only to swinstall .) This option can be used in conjunction with os_release
to specify the desired OS name during an HP-UX update. The os_name option should
only be specified from the command line. Refer to the SD readme file for correct syntax.
You can display the readme file by entering:
swlist -a readme -l product SW-DIST
os_release
s (Applies only to swinstall .) This option can be used in conjunction with os_name to
specify the desired OS release during an HP-UX update. The os_release option should
only be specified from the command line. Refer to the SD readme file for correct syntax.
You can display the readme file by entering:
swlist -a readme -l product SW-DIST
patch_filter=software_specification
This option can be used in conjunction with the autoselect_patches or
patch_match_target options to filter the selected patches to meet the criteria
specified by software_specification. The default value of this option is *.* .
patch_match_target=false
If set to true , this option selects the latest patches (software identified by the
is_patch=true attribute) that correspond to software on the target root or depot.
The patch_filter= option can be used in conjunction with patch_match_target.
patch_save_files=true
(Applies only to swinstall ) Saves the original versions of files modified by patches,
which permits the future rollback of a patch. Patched files are saved to
/var/adm/sw/save. When set to false , patches cannot be rolled back (removed)
unless the base software modified by the patch is removed at the same time.

472 Hewlett-Packard Company − 12 − HP-UX 11i Version 3: February 2007

swinstall(1M) swinstall(1M)

To commit a patch by removing the corresponding saved files, use the swmodify
command’s patch_commit option.
polling_interval=2
Defines the polling interval, in seconds, used by the interactive GUI or TUI of the con-
troller. It specifies how often each target agent is polled to obtain status information about
the task being performed. When operating across wide-area networks, the polling interval
can be increased to reduce network overhead.
preserve_create_time=false
(Applies only to swcopy .) Preserves the original create time when you copy depots, which
produces consistent results when you use the copies. The default of false sets the
create_time of software bundles, products, and filesets equal to the time the object was
created in the depot. When set to true , the create_time of software bundles, products,
and filesets is set to that specified in the source depot. Note that using this option when
copying to a master depot can change the objects that are visible when you use the
create_time_filter option.
recopy=false
(Applies only to swcopy .) Do not copy a fileset that is already available on the target at
the same version. If recopy=true , copy the fileset in any case.
register_new_depot=true
(Applies only to swcopy .) Causes swcopy to register a newly created depot with the
local swagentd . This action allows other SD commands to automatically "see" this depot.
If set to false , a new depot is not automatically registered. It can be registered later
with the swreg command.
register_new_root=true
(Applies only to swinstall .) Causes alternate roots to be registered during swin-
stall . These can be listed with swlist .
reinstall=false
When re-installing an existing revision of a fileset, this option causes that fileset to be
skipped, i.e. not re-installed. If set to true , the fileset is re-installed. See also
recopy=false .
reinstall_files=false
Controls the overwriting of files, which may enhance performance on slow networks or
disks. At the default value of false, SD compares each file in a source fileset to correspond-
ing files on the target system. SD compares the files based on size, timestamp, and (option-
ally) the checksum (see reinstall_files_use_cksum). If the files are identical the
files on the target system are not overwritten.
When set to true, SD does not compare files and overwrites any identical files on the target.
reinstall_files_use_cksum=true
Controls the use of checksum comparisons when the reinstall_files option is set to
s
false. At the default value of true, this option causes SD to compute and compare check-
sums to determine if a new file should overwrite an old file. Use of checksums slows the
comparison but is a more robust check for equivalency than size and time stamp.
If set to false, SD does not compute checksums and compares files only by size and times-
tamp.
remove_obsolete_filesets=false
(Applies only to swcopy .) Controls whether swcopy automatically removes obsolete
filesets from target products in the target depot. If set to true , swcopy removes obsolete
filesets from the target products that were written to during the copy process. Removal
occurs after the copy is complete. Filesets are defined as obsolete if they were not part of
the most recent packaging of the product residing on the source depot.
retry_rpc=1
Defines the number of times a lost source connection is retried during file transfers in
swinstall or swcopy . A lost connection is one that has timed out. When used in con-
junction with the rpc_timeout option, the success of installing over slow or busy net-
works can be increased. If set to zero, any rpc_timeout to the source causes the task
to abort. If set from 1 to 9, the install of each fileset is attempted that number of times.

HP-UX 11i Version 3: February 2007 − 13 − Hewlett-Packard Company 473

 swinstall(1M) swinstall(1M)

The reinstall_files option should also be set to false to avoid installing files within
the fileset that were successfully installed.
This option also applies to the controller contacting the agent. If the agent session fails to
start for any reason, the controller tries to recontact that agent for the number of times
specified in retry_rpc , using the values from the retry_rpc_interval option to
determine how long to wait between each attempt to recontact the agent.
retry_rpc_interval={0}
Specifies in minutes the length of the interval for repeated attempts to make a connection
to a target after an initial failure. Used in conjunction with the retry_rpc option. If
the number of values in this option equals the value of retry_rpc , SD tries reestablish-
ing a source connection for the number of times specified in retry_rpc . If the number of
values in retry_rpc_interval is less than the value in retry_rpc , SD repeats the
final interval value until the number of retries matches retry_rpc .
For example, if a session failed to start and retry_rpc was set to 9 and
retry_rpc_interval was set to {1 2 4 8 15} to allow long waits to handle transient
network failures, the SD controller would attempt to recontact the agent after 1 minute for
the first retry, then 2 minutes for the second retry, 4 for the third, then 8, then 15 for all
additional retries until nine retries were attempted. With these values, a file load failure
could cause the operation to pause for 90 minutes (1+2+4+8+15+15+15+15+15). If
retry_rpc was set to 5 and retry_rpc_interval was set to {1 2 4 8 15}, the con-
troller would try to contact the target five times over a 30-minute period.
rpc_binding_info=ncacn_ip_tcp:[2121] ncadg_ip_udp:[2121]
Defines the protocol sequence(s) and endpoint(s) on which the daemon listens and the other
commands contact the daemon. If the connection fails for one protocol sequence, the next
is attempted. SD supports both the tcp (ncacn_ip_tcp:[2121]) and udp
(ncadg_ip_udp:[2121]) protocol sequence on most platforms. See the sd(5) man
page by typing man 5 sd for more information.
rpc_binding_info_source=
Defines the protocol sequence(s) and endpoint(s) on which commands contact the daemon
for source access only. If the connection fails for one protocol sequence, the next is
attempted. If this is set to no value (default) the values from rpc_binding_info are
used to contact the daemon for source access. See rpc_binding_info (above) for more
information.
rpc_binding_info_target=
Defines the protocol sequence(s) and endpoint(s) on which commands contact the daemon
for target access only. If the connection fails for one protocol sequence, the next is
attempted. If this is set to no value (default) the values from rpc_binding_info are
used to contact the daemon for target access. See rpc_binding_info (above) for more
information.
s rpc_timeout=5.
Relative length of the communications timeout. This is a value in the range from 0 to 9 and
is interpreted by the DCE RPC. Higher values mean longer times; you may need a higher
value for a slow or busy network. Lower values give faster recognition on attempts to con-
tact hosts that are not up or not running swagentd . Each value is approximately twice
as long as the preceding value. A value of 5 is about 30 seconds for the ncadg_ip_udp
protocol sequence. This option may not have any noticeable impact when using the
ncacn_ip_tcp protocol sequence.
run_as_superuser=true
This option controls SD’s nonprivileged mode. This option is ignored (treated as true) when
the invoking user is super-user.
When set to the default value of true, SD operations are performed normally, with permis-
sions for operations either granted to a local super-user or set by SD ACLs. (See swacl(1M)
for details on ACLs.)
When set to false and the invoking user is local and is not super-user, nonprivileged mode
is invoked:
• Permissions for operations are based on the user’s file system permissions.

474 Hewlett-Packard Company − 14 − HP-UX 11i Version 3: February 2007

swinstall(1M) swinstall(1M)

• SD ACLs are ignored.

• Files created by SD have the uid and gid of the invoking user, and the mode of created
files is set according to the invoking user’s umask.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the admin_directory and installed_software_catalog options.
select_local=true
If no target_selections are specified, select the default root directory / (swinstall ), or
the default target_directory (swcopy ), at the local host as the target of the com-
mand.
software=
Defines the default software_selections. There is no supplied default. If there is more than
one software selection, they must be separated by spaces.
software_view=all_bundles
Indicates the software view to be used as the default level for the software listing in the
GUI. It can be set to all_bundles , products , or a bundle category tag (to indicate to
show only bundles of that category).
source=
Specify a source to automatically bypass the GUI and CLI source selection dialog box. This
has the same effect as the -s source command line option. Specify the source using the fol-
lowing syntax.
[path]
source_cdrom=/SD_CDROM
Defines the default location of the source CD-ROM using the syntax [host]:[path].
source_tape=/dev/rmt/0m
Defines the default location of the source tape, usually the character-special file of a local
tape device. You can also use the [host]:[path] syntax, but the host must match the local
host. The -s option overrides this value. (Note that SD can read both tar and cpio
tape depots.)
source_type=directory
Defines the default source type: cdrom , directory , or tape . The source type derived
from the -s option overrides this value. (SD can read both tar and cpio tape depots.)
targets=
Defines the default target_selections. There is no supplied default (see select_local
above). If there is more than one target selection, they must be separated by spaces. s
uncompress_files=false
(Applies only to swcopy .) If set to true , files being transferred from a source are
uncompressed before swcopy store them on the target depot.
use_alternate_source=false
Empowers each target agent to use its own, configured alternate source, instead of the one
specified by the user. If false , each target agent uses the same source (the source
specified by the user and validated by the command). If true , each target agent uses its
own configured value for the source.
verbose=1
Controls the verbosity of the output (stdout). A value of
0 disables output to stdout. (Error and warning messages are always written to stderr).
1 enables verbose messaging to stdout.
write_remote_files=false
Prevents the installation or copying of files to a target which exists on a remote filesystem.
All files destined for a remote filesystem are skipped.
If set to true and if the superuser has write permission on the remote filesystem, the
remote files are installed or copied.

HP-UX 11i Version 3: February 2007 − 15 − Hewlett-Packard Company 475

 swinstall(1M) swinstall(1M)

Session File
Each invocation of the swinstall or swcopy command defines an installation or copy session. The
invocation options, source information, software selections, and target hosts are saved before the installa-
tion or copy task actually commences. This lets you re-execute the command even if the session ends
before proper completion.
Each session is saved to the file $HOME/.sw/sessions/swinstall{swcopy}.last . This file is
overwritten by each invocation of swinstall or swcopy .
You can also save session information from interactive or command-line sessions. From an interactive ses-
sion, you can save session information into a file at any time by selecting the Save Session or Save Session
As option from the File menu. From a command-line session, you can save session information by execut-
ing swinstall or swcopy with the -C session__file option.
A session file uses the same syntax as the defaults files. You can specify an absolute path for a session file.
If you do not specify a directory, the default location for a session file is $HOME/.sw/sessions/.
To re-execute a saved session from an interactive session, use the Recall Session option from the File menu.
To re-execute a session from a command-line, specify the session file as the argument for the -S
session__file option of swinstall or swcopy .
Note that when you re-execute a session file, the values in the session file take precedence over values in
the system defaults file. Likewise, any command line options or parameters that you specify when you
invoke swinstall or swcopy take precedence over the values in the session file.

Software and Target Lists

Most SD commands support software and target selections from separate input files (see the -f and -t
command-line options). Software and targets specified in these files will be selected for operation. swin-
stall and swcopy also support an interactive read and save of target and software groups. Target and
software groups can be saved in files (default location $HOME/.sw/targets/ and
$HOME/.sw/software/) and then selected in subsequent swinstall and swcopy operations.
Additionally, the swinstall and swcopy interactive user interfaces read a default list of hosts on which
to operate. The list is stored in:
/var/adm/sw/defaults.hosts the system-wide default list of hosts
$HOME/.swdefaults.hosts the user-specific default list of hosts
For each interactive command, target hosts containing roots and target hosts containing depots are
specified in separate lists ( hosts , hosts_with_depots, respectively). The list of hosts are enclosed
in {} braces and separated by white space (blank, tab and newline). For example:
swinstall.hosts={hostA hostB hostC hostD hostE hostF}
swcopy.hosts_with_depots={hostS}
The swinstall and swcopy interactive user interfaces read a default list of patch filters that you can
s use as selection criteria for patch software. The list is stored in:
/var/adm/sw/defaults.patchfilters
the system-wide default list of patch filters.
$HOME/.sw/defaults.patchfilters
the user-specific default list of patch filters.
The list of patch filters is enclosed in braces {} and separated by white space (blank, tab, or newline). For
example:
swinstall.patch_filter_choices={
*.*,c=enhancement
*.*,c=critical
}
swcopy.patch_filter_choices={
Product.Fileset,c=halts_system
}
Environment Variables
The environment variables that affect the swinstall command are:
LANG Determines the language in which messages are displayed. If LANG is not specified or
is set to the empty string, a default value of C is used. See the lang(5) man page by

476 Hewlett-Packard Company − 16 − HP-UX 11i Version 3: February 2007

swinstall(1M) swinstall(1M)

typing man 5 sd for more information.

NOTE: The language in which the SD agent and daemon log messages are displayed is
set by the system configuration variable script, /etc/rc.config.d/LANG. For
example, /etc/rc.config.d/LANG, must be set to LANG=ja_JP.SJIS or
LANG=ja_JP.eucJP to make the agent and daemon log messages display in
Japanese.
LC_ALL Determines the locale to be used to override any values for locale categories specified by
the settings of LANG or any environment variables beginning with LC_ .
LC_CTYPE Determines the interpretation of sequences of bytes of text data as characters (e.g.,
single-versus multibyte characters in values for vendor-defined attributes).
LC_MESSAGES
Determines the language in which messages should be written.
LC_TIME Determines the format of dates (create_date and mod_date) when displayed by swlist .
Used by all utilities when displaying dates and times in stdout , stderr , and log-
ging .
TZ Determines the time zone for use when displaying dates and times.
Environment variables that affect scripts:
SW_CATALOG
Holds the path to the Installed Products Database (IPD), relative to the path in the
SW_ROOT_DIRECTORY environment variable. Note that you can specify a path for
the IPD using the installed_software_catalog default option.
SW_CONTROL_DIRECTORY
Defines the current directory of the script being executed, either a temporary catalog
directory, or a directory within in the Installed Products Database (IPD). This variable
tells scripts where other control scripts for the software are located (e.g. subscripts).
SW_CONTROL_TAG
Holds the tag name of the control_file being executed. When packaging software, you
can define a physical name and path for a control file in a depot. This lets you define the
control_file with a name other than its tag and lets you use multiple control file
definitions to point to the same file. A control_file can query the
SW_LOCATION
Defines the location of the product, which may have been changed from the default pro-
duct directory. When combined with the SW_ROOT_DIRECTORY, this variable tells
scripts where the product files are located.
SW_PATH A PATH variable which defines a minimum set of commands available to for use in a
control script (e.g. /sbin:/usr/bin).
SW_ROOT_DIRECTORY
s
Defines the root directory in which the session is operating, either "/" or an alternate
root directory. This variable tells control scripts the root directory in which the pro-
ducts are installed. A script must use this directory as a prefix to SW_LOCATION to
locate the product’s installed files. The configure script is only run when
SW_ROOT_DIRECTORY is /.
SW_SESSION_OPTIONS
Contains the pathname of a file containing the value of every option for a particular
command, including software and target selections. This lets scripts retrieve any com-
mand options and values other than the ones provided explicitly by other environment
variables. For example, when the file pointed to by SW_SESSIONS_OPTIONS is made
available to a request script, the targets option contains a list of
software_collection_specs for all targets specified for the command. When the file
pointed to by SW_SESSIONS_OPTIONS is made available to other scripts, the targets
option contains the single software_collection_spec for the targets on which the script is
being executed.
SW_SOFTWARE_SPEC
This variable contains the fully qualified software specification of the current product or
fileset. The software specification allows the product or fileset to be uniquely identified.

HP-UX 11i Version 3: February 2007 − 17 − Hewlett-Packard Company 477

 swinstall(1M) swinstall(1M)

Additional environment variables that affect scripts for swinstall :

SW_DEFERRED_KERNBLD
This variable is normally unset. If it is set, the actions necessary for preparing the sys-
tem file /stand/system cannot be accomplished from within the postinstall scripts,
but instead must be accomplished by the configurescripts. This occurs whenever
software is installed to a directory other than /, such as for a cluster client system. This
variable should be read only by the configure and postinstall scripts of a kernel fileset.
The swinstall command sets these environment variables for use by the kernel
preparation and build scripts.
SW_INITIAL_INSTALL
This variable is normally unset. If it is set, the swinstall session is being run as the
back end of an initial system software installation ("cold" install).
SW_KERNEL_PATH
The path to the kernel. The default value is /stand/vmunix, defined by the
swagent option or kernel_path .
SW_SESSION_IS_KERNEL
Indicates whether a kernel build is scheduled for the current install/remove session. A
TRUE value indicates that the selected kernel fileset is scheduled for a kernel build and
that changes to /stand/system are required. A null value indicates that a kernel
build is not scheduled and that changes to /stand/system are not required.
The value of this variable is always equal to the value of SW_SESSION_IS_REBOOT.
SW_SESSION_IS_REBOOT
Indicates whether a reboot is scheduled for a fileset selected for removal. Because all
HP-UX kernel filesets are also reboot filesets, the values of this variables is always equal
to the value of SW_SESSION_IS_KERNEL.
SW_SESSION_IS_UPDATE
A value of 1 indicates the SD command was invoked by the update-ux command
during an Operating System update. This variable is set by the update-ux command.
SW_SYSTEM_FILE_PATH
The path to the kernel’s system file. The default value is /stand/system.

Signals
The swinstall and swcopy commands catch the signals SIGQUIT, SIGINT, and SIGUSR1. If these
signals are received, the command prints a message, sends a Remote Procedure Call (RPC) to the agents to
wrap up after completion, and then exits.
The agent ignores SIGHUP, SIGINT, and SIGQUIT. It immediately exits gracefully after receiving
SIGTERM, SIGUSR1, or SIGUSR2. Killing the agent may leave corrupt software on the system, and thus
s should only be done if absolutely necessary. Note that when an SD command is killed, the agent does not
terminate until completing the task in progress.
The daemon ignores SIGHUP, SIGINT and SIGQUIT. It immediately exits gracefully after receiving
SIGTERM and SIGUSR2. After receiving SIGUSR1, it waits for completion of a copy or remove from a
depot session before exiting, so that it can register or unregister depots if necessary. Requests to start new
sessions are refused during this wait.

Locking
SD commands use a common locking mechanism for reading and modifying the Installed Products Data-
base (IPD) and software depots. This mechanism allows multiple readers but only one writer on an IPD or
depot:

Write Locks
swinstall commands that modify the IPD are restricted from simultaneous modification using fcntl(2)
locking on the file <IPD location> /swlock (e.g. /var/adm/sw/products/swlock).
swcopy commands that modify a software depot are restricted from simultaneous modification using
fcntl(2) locking on the file <depot directory> /catalog/swlock (e.g.
/var/spool/sw/catalog/swlock).

478 Hewlett-Packard Company − 18 − HP-UX 11i Version 3: February 2007

swinstall(1M) swinstall(1M)

Read Locks
Both swinstall and swcopy commands set fcntl(2) read locks on source depots using the swlock
file mentioned above. When a read lock is set, it prevents all SD commands from performing modifications
(i.e. from setting write locks).

Terminal Support
For in-depth information about terminal support refer to:
• The Software Distributor Administration Guide manual
• Start the GUI or TUI, select the Help menu, then select the Keyboard... option to access the Key-
board Reference Guide.

RETURN VALUES
An interactive swinstall or swcopy session always returns 0. A non-interactive swinstall or
swcopy session returns:
0 The software_selections were successfully installed/copied.
1 The install/copy operation failed on all target_selections.
2 The install/copy operation failed on some target_selections.

DIAGNOSTICS
The swinstall and swcopy commands write to stdout, stderr, and to specific logfiles.

Standard Output
An interactive swinstall or swcopy session does not write to stdout. A non-interactive swinstall
or swcopy session writes messages for significant events. These include:
• a begin and end session message,
• selection, analysis, and execution task messages for each target_selection.

Standard Error
An interactive swinstall or swcopy session does not write to stderr. A non-interactive swinstall
or swcopy session writes messages for all WARNING and ERROR conditions to stderr.

Logging
Both interactive and non-interactive swinstall and swcopy sessions log summary events at the host
where the command was invoked. They log detailed events to the swagent logfile associated with each
target_selection.
Command Log
The swinstall and swcopy commands log all stdout and stderr messages to the the logfile
/var/adm/sw/swinstall.log (/var/adm/sw/swcopy.log). Similar messages are logged
by an interactive swinstall and swcopy session. The user can specify a different logfile by
modifying the logfile option.
Target Log
s
A swagent process performs the actual install or copy operation at each target_selection. For install
tasks, the swagent logs messages to the file var/adm/sw/swagent.log beneath the root
directory (e.g. / or an alternate root directory). For copy tasks, the swagent logs messages to the
file swagent.log beneath the depot directory (e.g. /var/spool/sw).
You can view the command and target log files with the swjob or sd command.
Source Depot Audit Log
If both source and target machine are updated to SD revision B.11.00 or later, the system administra-
tor at the source depot machine can track which user pulls which software from a depot on the source
machine and when the software is pulled. (Note that a user running swinstall/swcopy from a
target machine cannot set this option; only the administrator of the source depot machine can set it.
See the source_depot_audit option in the swagent(1M) man page.)

swagentd Disabled
If the swagentd daemon has been disabled on the host, it can be enabled by the host’s system administra-
tor by setting the SW_ENABLE_SWAGENTD entry in /etc/rc.config.d/swconfig to 1 and exe-
cuting /usr/sbin/swagentd -r .

HP-UX 11i Version 3: February 2007 − 19 − Hewlett-Packard Company 479

 swinstall(1M) swinstall(1M)

EXAMPLES
swinstall
To invoke an interactive session of swinstall :
swinstall
Select the C and Pascal products from the network source software server (sw_server) and start an interac-
tive session:
swinstall -i -s sw_server cc pascal
Install the C and Pascal products to a set of remote hosts:
swinstall -s sw_server cc pascal @ hostA hostB hostC
Update the HP Omniback product from a CD-ROM mounted at /cd :
swinstall -s /cd/swmedia Omniback
Install an incompatible version of HP Omniback into the directory /exports :
swinstall -x allow_incompatible=true -s/products Omniback,a=arch \
@ /exports
Install all products from the cartridge tape /dev/rmt/0 :
swinstall -s /dev/rmt/0 \*
Reinstall the software_selections listed in the file /tmp/install.products on the hosts listed in the
file tmp/install.hosts:
swinstall -x reinstall=true -f/tmp/install.products \
-t/tmp/install.hosts
Execute swinstall interactively using the session file /tmp/case.selections as a basis:
swinstall -i -S /tmp/case.selections
Install all the software from local depot /tmp/sample.depot.1, using any response files generated by
request scripts:
swinstall -s /tmp/sample.depot.1 -x ask=true \*
Install Product1 from remote depot /tmp/sample.depot.1 on host swposix and use an exist-
ing response file (previously generated by the swask command) located in /tmp/bar.depot:
swinstall -s swposix:/tmp/sample.depot.1 -c /tmp/bar.depot Product1
Install all products in remote depot /tmp/sample.depot.1 on host swposix , use any response files
generated by request scripts, create catalog /tmp/bar.depot and copy all response files to the new
catalog:

s swinstall -s swposix:/tmp/sample.depot.1 -c /tmp/bar.depot \

-x ask=true \*
Install all products in remote depot /tmp/sample.depot.1 on host swposix , use response files,
run request scripts only when a response file is absent, create catalog /tmp/bar.depot and copy all
response files to the new catalog:
swinstall -s swposix:/tmp/sample.depot.1 -c swposix:/tmp/bar.depot \
-x ask=as_needed \*
Install all patches in the depot that correspond to currently installed software and are of the critical
category:
swinstall -s /tmp/sample.depot.1 -x patch_match_target=true \
-x patch_filter=\"*.*, c=critical\"
The following example applies to HP-UX 10.X only.
To linkinstall the product TEST to the clients clientA, clientB from the server:
swinstall -l -r -s :OS_700 TEST @ clientA clientB
The following example applies to HP-UX 10.X only.

480 Hewlett-Packard Company − 20 − HP-UX 11i Version 3: February 2007

swinstall(1M) swinstall(1M)

To linkinstall product TEST2 to your own "/" directory from an application server on "serve":
swinstall -l -s serve TEST2
swcopy
Invoke an interactive session of swcopy :
swcopy
Invoke an interactive session, using default depot at hostX as the source:
swcopy -i -s hostX
Copy all products from the cartridge tape /dev/rmt/0m to the default depot on the local host:
swcopy -s /dev/rmt/0m \*
Load the software_selections listed in the file /tmp/load.products using the default source/depot:
swcopy -f /tmp/load.products
Copy the C and Pascal products to some local and remote depots:
swcopy -s sw_server cc pascal @ /var/spool/sw hostA:/tmp/sw hostB
FILES
$HOME/.swdefaults
Contains the user-specific default values for some or all SD options. If this file does not exist, SD
looks for user-specific defaults in $HOME/.swdefaults.hosts.
$HOME/.sw/defaults.hosts
Contains the user-specific default list of hosts to manage.
$HOME/.sw/defaults.patchfilters
Contains the user-specific default list of patch filters.
$HOME/.sw/sessions/
Contains session files automatically saved by the SD commands or explicitly saved by the user.
/usr/lib/sw/sys.defaults
Contains the master list of current SD options with their default values.
/var/adm/sw/
The directory which contains all of the configurable and non-configurable data for SD. This direc-
tory is also the default location of logfiles.
/var/adm/sw/defaults
Contains the active system-wide default values for some or all SD options.
/var/adm/sw/defaults.hosts
Contains the system-wide default list of hosts to manage.
s
/var/adm/sw/defaults.patchfilters
Contains the system-wide default list of patch filters.
/var/adm/sw/getdate.templ
Contains the set of date/time templates used when scheduling jobs.
/var/adm/sw/products/
The Installed Products Database (IPD), a catalog of all products installed on a system.
/var/adm/sw/queue/
The directory which contains the information about all active and complete install jobs, copy jobs,
and other jobs initiated by the SD commands.
/var/spool/sw/
The default location of a source and target software depot.

AUTHOR
swinstall and swcopy were developed by the Hewlett-Packard Company and Mark H. Colburn (see
pax(1)).

HP-UX 11i Version 3: February 2007 − 21 − Hewlett-Packard Company 481

 swinstall(1M) swinstall(1M)

SEE ALSO
swacl(1M), swagentd(1M), swask(1M), swconfig(1M), swjob(1M), swlist(1M), swmodify(1M), swpackage(1M),
swreg(1M), swremove(1M), swverify(1M), update-ux(1M) on 11i, sd(4), swpackage(4), sd(5).
Software Distributor Administration Guide, available at http://docs.hp.com.
SD customer web site at http://docs.hp.com/en/SD/.

482 Hewlett-Packard Company − 22 − HP-UX 11i Version 3: February 2007

swjob(1M) swjob(1M)

NAME
swjob, sd - display and monitor job information and create and remove jobs; invoke graphical user interface
to display and monitor job information and create and remove jobs; respectively

SYNOPSIS
swjob [-i] [-R] [-u] [-v] [-a attribute ] [-C session_file ] [-f jobid_file ] [-S session_file ]
[-t target_file ] [-x option=value ] [-X option_file ] [jobid(s)] [@ target_selections ]
sd [XToolkit Options] [-x option=value ] [-X option_file ]
Remarks
• The sd command invokes an interactive interface to the same functionality that swjob provides.
See Interactive Operation below for more details.
• This command supports operation on remote systems. See Remote Operation below for details.
• For an overview of all SD commands, see the sd(5) man page by typing man 5 sd on the com-
mand line.

DESCRIPTION
The swjob command displays job information and removes jobs. It supports these features:
• Display the current install jobs, copy jobs, and other SD jobs initiated by the SD commands.
• Specify a specific job to list or remove.
• Display the command logfile for a specific job.
• Display the target logfile for a specific target.

Remote Operation
You can enable Software Distributor (SD) to manage software on remote systems. To let the root user from
a central SD controller (also called the central management server or manager node) perform operations on
a remote target (also called the host or agent):
1) Set up the root, host, and template Access Control Lists (ACLs) on the remote machines to permit root
access from the controller system. To do this, run the following command on each remote system:
/usr/lib/sw/mx/setaccess controller
NOTES:
• controller is the name of the central management server.
• If remote system is 11.00, make sure SD patch PHCO_22526 or a superseding patch is installed on
remote system before running setaccess .
• If remote system is older than 11.00 or for some other reason does not have setaccess in place,
copy setaccess script from an 11.11 or higher system to the remote system.
s
2) swinstall , swcopy , and swremove have enhanced GUI interfaces for remote operations. Enable
the enhanced GUIs by creating the .sdkey file on the controller. Use this command:
touch /var/adm/sw/.sdkey
NOTE: You can also set up remote access by using swacl directly on the remote machines to grant root or
non-root access to users from the controller system.

Interactive Operations
The sd command is an interactive interface for monitoring and scheduling software jobs. It provides the
same functionality as the swjob command. You can also use sd to invoke the swinstall , copy , and
swremove GUIs.
If you have enabled SD’s remote operations features, swinstall , swcopy , and swremove provide
enhanced GUIs to support operations on remote targets. See Remote Operation above for details about
enabling remote operations and the enhanced GUIs.

Options
When no options or operands are specified, swjob lists the jobs that exist on the local host. These jobs
may be pending, active, in the background or completed. The swjob command supports the following
options:

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 483

 swjob(1M) swjob(1M)

XToolKit Options
The sd command supports a subset of the standard XToolkit options to control the
appearance of the system GUI. The supported options are: -bg , -background ,
-fg, -foreground , -display , -name , -xrm , and -synchronous . See the
X(1) man page by typing man X for a definition of these options.
-i Runs the command in interactive mode (invokes the GUI.) (Using this option is an
alias for the sd command.) See the Interactive Operation and Remote Operation
headings above for details.
-R Applies to target lists as a shorthand for @ *::* .
-u Causes swjob to remove the specified job(s).
-v Causes swjob to list all available attributes, one per line. The option applies only to
the default list.
-a attribute Each job has its own set of attributes. These attributes include such things as job
title, schedule date, or results. The -a option selects a specific attribute to display.
You can specify multiple -a options to display multiple attributes. See also sd(4) for
details on these attributes. This option applies only to the default list.
The logfiles summarizing a job or detailing target actions can be displayed using -a
log , if -a log is specified and no other attribute is specified (i.e. no other attribute
may be specified).
-C session_file
Save the current options and operands to session_file. You can enter a relative or
absolute path with the file name. The default directory for session files is
$HOME/.sw/sessions/. You can recall a session file with the -S option.
-f jobid_file Read the list of jobids from jobid_file instead of (or in addition to) the command line.
-t target_file Read the list of target_selections from target_file instead of (or in addition to) the com-
mand line.
-x option=value
Set the session option to value and override the default value (or a value in an alter-
nate option_file specified with the -X option). Multiple -x options can be specified.
-S session_file
Execute swjob based on the options and operands saved from a previous session, as
defined in session_file. You can save session information to a file with the -C option.
-X option_file Read the session options and behaviors from option_file.
Operands
The swjob command supports two types of operands: jobid followed by target selections. These operands
s are separated by the "at" (@) character. This syntax implies that the command operates on "jobid at tar-
gets".
• jobid The swjob command supports the following syntax for each job id:
jobid
• target selections The swjob command supports the following syntax for each target selection:
[host][:][directory ]
EXTERNAL INFLUENCES
Default Options
In addition to the standard options, several SD behaviors and policy options can be changed by editing the
default values found in:
/var/adm/sw/defaults the system-wide default values.
$HOME/.swdefaults the user-specific default values.
Values must be specified in the defaults file using this syntax:
[command_name.]option=value

484 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

swjob(1M) swjob(1M)

The optional command_name prefix denotes one of the SD commands. Using the prefix limits the change
in the default value to that command. If you leave the prefix off, the change applies to all commands.
You can also override default values from the command line with the -x or -X options:
command -x option =value
command -X option_file
The following section lists all of the keywords supported by the swjob command. If a default value exists,
it is listed after the =.
The policy options that apply to swjob are:
admin_directory=/var/adm/sw (for normal mode)
admin_directory=/var/home/LOGNAME/sw (for nonprivileged mode)
The location for SD logfiles and the default parent directory for the installed software cata-
log. The default value is /var/adm/sw for normal SD operations. When SD operates in
nonprivileged mode (that is, when the run_as_superuser default option is set to
true ):
• The default value is forced to /var/home/LOGNAME/sw.
• The path element LOGNAME is replaced with the name of the invoking user, which SD
reads from the system password file.
• If you set the value of this option to HOME/ path, SD replaces HOME with the invoking
user’s home directory (from the system password file) and resolves path relative to that
directory. For example, HOME/my_admin resolves to the my_admin directory in
your home directory.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the run_as_superuser option.
agent_timeout_minutes=10000
Causes a target agent to exit if it has been inactive for the specified time. This can be used
to make target agents more quickly detect lost network connections since RPC can take as
long as 130 minutes to detect a lost connection. The recommended value is the longest
period of inactivity expected in your environment. For command line invocation, a value
between 10 minutes and 60 minutes is suitable. A value of 60 minutes or more is recom-
mended when the GUI will be used. The default of 10000 is slightly less than 7 days.
one_liner={jobid operation state progress results title}
Defines the attributes which will be listed for each job when no -a option is specified.
Each attribute included in the one_liner definition is separated by <tab> or <space>.
Any attributes, except log may be included in the one_liner definition. If a particu-
s
lar attribute does not exist for an object, that attribute is silently ignored.
rpc_binding_info=ncacn_ip_tcp:[2121] ncadg_ip_udp:[2121]
Defines the protocol sequence(s) and endpoint(s) on which the daemon listens and the other
commands contact the daemon. If the connection fails for one protocol sequence, the next
is attempted. SD supports both the tcp (ncacn_ip_tcp:[2121]) and udp
(ncadg_ip_udp:[2121]) protocol sequence on most platforms. See the sd(5) man
page by typing man 5 sd for more information.
rpc_timeout=5
Relative length of the communications timeout. This is a value in the range from 0 to 9 and
is interpreted by the DCE RPC. Higher values mean longer times; you may need a higher
value for a slow or busy network. Lower values will give faster recognition on attempts to
contact hosts that are not up or not running swagentd . Each value is approximately
twice as long as the preceding value. A value of 5 is about 30 seconds for the
ncadg_ip_udp protocol sequence. This option may not have any noticeable impact when
using the ncacn_ip_tcp protocol sequence.
run_as_superuser=true
This option controls SD’s nonprivileged mode. This option is ignored (treated as true) when

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 485

 swjob(1M) swjob(1M)

the invoking user is super-user.

When set to the default value of true, SD operations are performed normally, with permis-
sions for operations either granted to a local super-user or set by SD ACLs. (See swacl(1M)
for details on ACLs.)
When set to false and the invoking user is local and is not super-user, nonprivileged mode
is invoked:
• Permissions for operations are based on the user’s file system permissions.
• SD ACLs are ignored.
• Files created by SD have the uid and gid of the invoking user, and the mode of created
files is set according to the invoking user’s umask.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the admin_directory option.
targets=
Defines the default target_selections. There is no supplied default. If there is more than
one target selection, they must be separated by spaces.
verbose=0
Controls the verbosity of the output (stdout). A value of:
0 disables output to stdout. (Error and warning messages are always written to stderr).
1 enables verbose messaging to stdout.
Session File
Each invocation of the swjob command defines a job display session. The invocation options, source infor-
mation, software selections, and target hosts are saved before the installation or copy task actually com-
mences. This lets you re-execute the command even if the session ends before proper completion.
Each session is automatically saved to the file $HOME/.sw/sessions/swjob.last. This file is
overwritten by each invocation of swjob .
You can also save session information to a specific file by executing swjob with the -C session__file
option.
A session file uses the same syntax as the defaults files. You can specify an absolute path for the session
file. If you do not specify a directory, the default location for a session file is HOME/.sw/sessions/.
To re-execute a session file, specify the session file as the argument for the -S session__file option of
swjob .
s Note that when you re-execute a session file, the values in the session file take precedence over values in
the system defaults file. Likewise, any command line options or parameters that you specify when you
invoke swjob take precedence over the values in the session file.
Environment Variables
SD programs are affected by external environment variables.
SD programs that execute control scripts set environment variables for use by the control scripts. swjob
does not set environmental variables, but it uses them.
Environment variables that affect the SD commands:
LANG Determines the language in which messages are displayed. If LANG is not specified or
is set to the empty string, a default value of C is used. See the lang(5) man page by
typing man 5 lang for more information.
NOTE: The language in which the SD agent and daemon log messages are displayed is
set by the system configuration variable script, /etc/rc.config.d/LANG. For
example, /etc/rc.config.d/LANG, must be set to LANG=ja_JP.SJIS or
LANG=ja_JP.eucJP to make the agent and daemon log messages display in
Japanese.

486 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

swjob(1M) swjob(1M)

LC_ALL Determines the locale to be used to override any values for locale categories specified by
the settings of LANG or any environment variables beginning with LC_ .
LC_CTYPE Determines the interpretation of sequences of bytes of text data as characters (e.g.,
single-versus multibyte characters in values for vendor-defined attributes).
LC_MESSAGES
Determines the language in which messages should be written.
LC_TIME Determines the format of dates (create_date and mod_date) when displayed by swlist .
Used by all utilities when displaying dates and times in stdout , stderr , and log-
ging .
TZ Determines the time zone for use when displaying dates and times.

Signals
The swjob command catches the signals SIGQUIT and SIGINT. If these signals are received, swjob
prints a message, sends a Remote Procedure Call (RPC) to the daemons to wrap up, and then exits.
Each agent will complete the list task before it wraps up.

OPERATION
Different views of the job information are available. The types of listings that can be selected are given
below.
• Default Listing
• Target Listing
• Logfile Listing

Default Listing
If swjob is invoked with no options or operands, it lists all jobs that are on the local host. This listing
contains one line for each job. The line includes the job tag attribute and all other attributes selected via
the one_liner option.
Listing jobs on a remote controller is not supported. If a jobid is given, information for only that job is
displayed.
Status Listing
If a -R or @ target_specification is given, the targets for that job and their status are displayed. By default
the status information includes Type, State, Progress and Results.
Logfile Listing
One of the attributes "log" encompasses a variety of logfile types. The type of logfile returned when the -a
log attribute is given depends on the operands given. The types of logfiles:
No target_selections Show the controller logfile (default).
@ target Show the agent logfile. s
RETURN VALUES
The swjob command returns:
0 The job information was successfully listed or the job was successfully removed.
1 The list /remove operation failed for all jobids.
2 The list /remove operation failed for some jobids.

DIAGNOSTICS
The swjob command writes to stdout, stderr, and to the agent logfile.

Standard Output
All listings are printed to stdout.

Standard Error
The swjob command writes messages for all WARNING and ERROR conditions to stderr.

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 487

 swjob(1M) swjob(1M)

Logging
The swjob command does not log summary events. It logs events about each read task to the swagent
logfile associated with each target_selection.

swagentd Disabled
If the swagentd daemon has been disabled on the host, it can be enabled by the host’s system administra-
tor by setting the SW_ENABLE_SWAGENTD entry in /etc/rc.config.d/swconfig to 1 and exe-
cuting /usr/sbin/swagentd -r .

EXAMPLES
To list all of the jobs that exist on the local host:
swjob
To show the scheduled date for job hostA-0001:
swjob -a schedule hostA-0001
For job hostA-0001 list the targets and their status:
swjob -R hostA-0001
or
swjob hostA-0001 @ *::*
For job hostA-0001 list the controller log:
swjob -a log hostA-0001
For job hostA-0001 list the targetA agent log:
swjob -a log targetA-0001 @ targetA
FILES
$HOME/.swdefaults
Contains the user-specific default values for some or all SD options.
/usr/lib/sw/sys.defaults
Contains the master list of current SD options (with their default values).
/var/adm/sw/
The directory which contains all of the configurable (and non-configurable) data for SD. This directory
is also the default location of logfiles.
/var/adm/sw/defaults
Contains the active system-wide default values for some or all SD options.
/var/adm/sw/queue/
The directory which contains the information about all active and complete install jobs, copy jobs, and
s other jobs initiated by the SD commands.

AUTHOR
swjob was developed by the Hewlett-Packard Company.
SEE ALSO
swacl(1M), swagentd(1M), swask(1M), swconfig(1M), swcopy(1M), swinstall(1M), swlist(1M), swmodify(1M),
swpackage(1M), swreg(1M), swremove(1M), swverify(1M), install-sd(1M), sd(4), swpackage(4), sd(5).
Software Distributor Administration Guide, available at http://docs.hp.com.
SD customer web site at http://docs.hp.com/en/SD/.

488 Hewlett-Packard Company −6− HP-UX 11i Version 3: February 2007

swlist(1M) swlist(1M)

NAME
swlist - display information about software products

SYNOPSIS
swlist [-d|-r] [-i] [-R] [-v] [-a attribute ] [-C session_file ] [-f software_file ] [-l level]
[-s source ] [-S session_file ] [-t target_file ] [-x option=value ] [-X option_file ]
[software_selections] [@ target_selections]

Remarks
• This command supports operation on remote systems. See Operations on Remote Systems below.
• swlist supports an interactive user interface that can be invoked by the swlist -i command.
See Interactive Operation below.
• For an overview of all SD commands, see the sd(5) man page by typing man 5 sd on the com-
mand line.

DESCRIPTION
The swlist command displays information about software products installed at or available from the
specified target_selections. It supports these features:
• Specify bundles, products, subproducts, and/or filesets to list.
• Display the files contained in each fileset.
• Display a table of contents from a software source.
• Specify the attributes to display for each software object.
• Display all attributes for bundles, products, subproducts, filesets and/or files.
• Display the full software_spec to be used with software selections.
• Display the readme file for products.
• Display the depots on a specified host.
• Create a list of products, subproducts, and/or filesets to use as input to the other commands.
• List the categories of available or applied patches.
• List applied patches and their state (applied or committed).

Operations on Remote Systems

swlist supports operations on remote systems. By default, any user can list depots available or software
installed on a remote target.
The swacl(1M) command may be used to change Access Control Lists (ACLs) to prevent a system from
being accessed remotely. For example, entering both of the following commands:
swacl -D any_other -l root
s
swacl -M other:r -l root
replaces the default ACL that protects the root filesystem with one that only allows local users to list
software installed.

Interactive Operation
swlist supports an optional graphical user interface (GUI). (If your terminal or display cannot support
the GUI, the command also provides a terminal user interface, in which screen navigation is done with the
keyboard and no mouse.)
To invoke the GUI, type:
swlist -i or add the -i option with any other command-line options when you invoke the
swlist .
Previewing Product and OS Update Information
To preview information about new software in the depot, you can use swlist to view the readme file for
each product, including OS update information contained in the SD (SW-DIST product) readme . For
example, to display the latest OS update information:

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 489

 swlist(1M) swlist(1M)

swlist -d -a readme -l product SW-DIST @ hostA:/depot11

Options
When no options or operands are specified, swlist lists the software bundles (and products which are not
part of a bundle) that are installed at the local host. swlist supports the following options:
-d List software available from a depot (instead of software installed on a root filesystem).
-i Invoke the swlist interactive user interface. The interactive interface lets you browse
SD software objects. Invoking swlist -i -d lets you browse depot software. See the
Interactive Operation and Remote Operation headings above for additional details.
-r Operates on an alternate root directory, which must be specified in the @ target_selections
option. (This option is not required for alternate root operations but is maintained for back-
ward compatibility. See the Alternate Root Directory and Depot Directory heading in sd(5)
for more information.)
-R Shorthand for -l bundle -l product -l subproduct -l fileset.
-v List all the attributes for an object if no -a options are specified. (Vendor-defined attri-
butes are not included. See the -a option.) The output lists one attribute per line in the
format:
attribute_name attribute_value
(See sd(4) for details on all SD attributes.)
-a attribute
Display a specific attribute, such as revision, description, vendor information, size, vendor-
defined attributes, or others. (See sd(4) for details on all SD attributes.) The output lists
one attribute per line in the format:
attribute_name attribute_value
To display multiple attributes, specify multiple -a options.
To list the full set of attributes for a software object, use the -v option.
Note that the tag attribute (i.e. the identifier) is always displayed for product, subpro-
duct, and fileset objects. The path attribute (i.e. the filename) is always displayed for file
objects.
-c catalog
Write full catalog structure information into the directory specified by the catalog modifier.
You can use this exported catalog structure for distributions and to list installed software
catalog information.
If you use the -c catalog option, the -a attribute and -l level do not apply. All attri-
butes down to the file level and the control scripts are written to the catalog.
s -C session_file
Save the current options and operands to session_file. You can enter a relative or absolute
path with the file name. The default directory for session files is /.sw/sessions/. You
can recall a session file with the -S option. (Note that session management does not apply
to the swlist interactive user interface invoked by the -i option.)
-f software_file
Read the list of software_selections from software_file instead of (or in addition to) the com-
mand line.
-l level List all objects down to the specified level. Both the specified level(s) and the depth of the
specified software_selections control the depth of the swlist output.
-s source
Specify the software source to list. This is an alternate way to list a source depot. Sources
can also be specified as target depots and listed using the -d option.
-S session_file
Execute swlist based on the options and operands saved from a previous session, as
defined in session_file. You can save session information to a file with the -C option.
(Note that session management does not apply to the swlist interactive user interface
invoked by the -i option.)

490 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

swlist(1M) swlist(1M)

-t target_file
Read the list of target_selections from target_file instead of (or in addition to) the command
line.
-x option=value
Set the session option to value and override the default value (or a value in an alternate
option_file specified with the -X option). Multiple -x options can be specified.
-X option_file
Read the session options and behaviors from option_file.

Operands
swlist supports two types of operands: software selections followed by target selections. These operands
are separated by the "at" (@) character. This syntax implies that the command operates on "software selec-
tions at targets".

Software Selections
swlist supports the following syntax for each software_selection:
bundle[.product[.subproduct][.fileset]][,version ]
product[.subproduct][.fileset][,version ]
• The = (equals) relational operator lets you specify selections with the following shell wildcard and
pattern-matching notations:
[ ], *, ?
• Bundles and subproducts are recursive. Bundles can contain other bundles and subproducts can
contain other subproducts.
• The \* software specification selects all products. Use this specification with caution.
The version component has the form:
[,r <op> revision][,a <op> arch][,v <op> vendor]
[,c <op> category ][,l= location][,fr <op> revision]
[,fa <op> arch]
• location applies only to installed software and refers to software installed to a location other than
the default product directory.
• fr and fa apply only to filesets.
• r , a , v , c , and l apply only to bundles and products. They are applied to the leftmost bundle
or product in a software specification.
• The <op> (relational operator) component can be of the form:
=, ==, >=, <=, <, >, or != s
which performs individual comparisons on dot-separated fields.
For example, r>=B.10.00 chooses all revisions greater than or equal to B.10.00 . The system
compares each dot-separated field to find matches.
• The = (equals) relational operator lets you specify selections with the shell wildcard and pattern-
matching notations:
[ ], *, ?, !
For example, the expression r=1[01].* returns any revision in version 10 or version 11.
• All version components are repeatable within a single specification (e.g. r>=A.12 , r<A.20 ). If
multiple components are used, the selection must match all components.
• Fully qualified software specs include the r= , a= , and v= version components even if they contain
empty strings. For installed software, l= is also included.
• No space or tab characters are allowed in a software selection.
• The software instance_id can take the place of the version component. It has the form:
[instance_id]

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 491

 swlist(1M) swlist(1M)

within the context of an exported catalog, where instance_id is an integer that distinguishes ver-
sions of products and bundles with the same tag.

Target Selections
swlist supports this syntax for each target_selection.
[host ][:][/directory ]
The colon (:) is required if both a host and directory are specified.

EXTERNAL INFLUENCES
Default Options
In addition to the standard options, several SD behaviors and policy options can be changed by editing the
default values found in:
/var/adm/sw/defaults the system-wide default values.
$HOME/.swdefaults the user-specific default values.
Values must be specified in the defaults file using this syntax:
[command_name.]option=value
The optional command_name prefix denotes one of the SD commands. Using the prefix limits the change
in the default value to that command. If you leave the prefix off, the change applies to all commands.
You can also override default values from the command line with the -x or -X options:
command -x option =value
command -X option_file
The following section lists all of the keywords supported by the swlist commands. If a default value
exists, it is listed after the "=".
The policy options that apply to swlist are:
admin_directory=/var/adm/sw (for normal mode)
admin_directory=/var/home/LOGNAME/sw (for nonprivileged mode)
The location for SD logfiles and the default parent directory for the installed software cata-
log. The default value is /var/adm/sw for normal SD operations. When SD operates in
nonprivileged mode (that is, when the run_as_superuser default option is set to
true ):
• The default value is forced to /var/home/LOGNAME/sw.
• The path element LOGNAME is replaced with the name of the invoking user, which SD
reads from the system password file.
• If you set the value of this option to HOME/ path, SD replaces HOME with the invoking
s user’s home directory (from the system password file) and resolves path relative to that
directory. For example, HOME/my_admin resolves to the my_admin directory in
your home directory.
• If you set the value of the installed_software_catalog default option to a
relative path, that path is resolved relative to the value of this option.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the installed_software_catalog and run_as_superuser options.
agent_timeout_minutes=10000
Causes a target agent to exit if it has been inactive for the specified time. This can be used
to make target agents more quickly detect lost network connections since RPC can take as
long as 130 minutes to detect a lost connection. The recommended value is the longest
period of inactivity expected in your environment. For command line invocation, a value
between 10 minutes and 60 minutes is suitable. A value of 60 minutes or more is recom-
mended when the GUI will be used. The default of 10000 is slightly less than 7 days.

492 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

swlist(1M) swlist(1M)

codeword=
Provides the "codeword" needed to unlock protected HP CD-ROM software.
Some HP software products are shipped on CD-ROM as "protected" products. That is, they
cannot be installed or copied unless a "codeword" and "customer ID" are provided. The
codeword is found on the CD-ROM certificate which you received from HP. You may use
this default specification on the command line or the SD-UX interactive user interface to
enter the codeword.
This default stores the codeword for future reference; it needs to be entered only once. If a
new HP product is purchased and a previous codeword has already been entered for that
CD-ROM, just enter the new codeword as usual and the codewords will be merged inter-
nally.
NOTE: For HP-UX B.10.10 and later systems, SD searches the .codewords file on the
server that is providing protected software to other hosts. It looks for valid
customer_id/codeword pairs. In doing so, SD eliminates the need to enter codewords and
customer_ids on every host that is "pulling" the software.
To properly store the customer_id/codeword for a CD-ROM, run swinstall -p or
swcopy -p on the host serving the CD-ROM. After the codeword has been stored, clients
installing or copying software using that host and CD-ROM as a source will no longer
require a codeword or customer_id.
create_time_filter=0
For cumulative source depots, this option allows consistent software selections over time by
swlist , swcopy , and swinstall . The default of zero includes all bundles, products,
subproducts, and filesets in the source depot as candidates for selection (and autoselection
of dependencies and patches), based on the software selections and other options. When set
to a time (specified as seconds from epoch), only those bundles, products, and filesets (and
the subproducts in the product) with a create_time less than or equal to the specified value
are available for selection (or autoselection). To list the create_time of bundles, products
and filesets, use:
swlist -a create_time -a create_date
customer_id=
This number, also printed on the Software Certificate, is used to "unlock" protected
software and restrict its installation to a specific site or owner. It is entered using the -x
customer_id= option or by using the interactive user interface. The customer_id can be
used on any HP-UX 10.X or later system.
distribution_target_directory=/var/spool/sw
Defines the default location of the target depot.
installed_software_catalog=products
Defines the directory path where the Installed Products Database (IPD) is stored. This
information describes installed software. When set to an absolute path, this option defines
s
the location of the IPD. When this option contains a relative path, the SD controller
appends the value to the value specified by the admin_directory option to determine
the path to the IPD. For alternate roots, this path is resolved relative to the location of the
alternate root. This option does not affect where software is installed, only the IPD loca-
tion.
This option permits the simultaneous installation and removal of multiple software applica-
tions by multiple users or multiple processes, with each application or group of applications
using a different IPD.
Caution: use a specific installed_software_catalog to manage a specific applica-
tion. SD does not support multiple descriptions of the same application in multiple IPDs.
See also the admin_directory and run_as_superuser options, which control SD’s
nonprivileged mode. (This mode is intended only for managing applications that are spe-
cially designed and packaged. This mode cannot be used to manage the HP-UX operating
system or patches to it. For a full explanation of nonprivileged SD, see the Software Distri-
butor Administration Guide, available at the http://docs.hp.com web site.)
layout_version=1.0
Specifies the POSIX layout_version to which the SD commands conform when

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 493

 swlist(1M) swlist(1M)

writing distributions and swlist output. Supported values are "1.0" (default) and "0.8".
SD object and attribute syntax conforms to the layout_version 1.0 specification of the IEEE
POSIX 1387.2 Software Administration standard. SD commands still accept the keyword
names associated with the older layout version, but you should use
layout_version=0.8 only to create distributions readable by older versions of SD.
See the description of the layout_version option in sd(5) for more information.
level= Specify the level of the object to list.
The supported software levels are:
bundle Show all objects down to the bundle level.
product Show all objects down to the product level. Also use -l bundle -l product
to show bundles.
subproduct Show all objects down to the subproduct level.
fileset Show all objects down to the fileset level. Also use -l fileset -l subpro-
duct to show subproducts.
file Show all objects down to the file level.
control_file Show all objects down to the control_file level.
category Show all categories of available patches.
patch Show all applied patches.
The supported depot and root levels are:
depot Show only the depot level (i.e. depots which exist at the specified target
hosts).
root List all alternate roots.
shroot List all registered shared roots (HP-UX 10.X only).
prroot List all registered private roots (HP-UX 10.X only).
one_liner=revision title
Defines the attributes which will be listed for each object when no -a or -v options are
specified. Each attribute included in the one_liner definition is separated by <tab> or
<space>. Any attributes may be included in the one_liner definition. If a particular
attribute does not exist for an object, that attribute is silently ignored. For example, the
description attribute is valid for products, subproducts, and filesets, but the archi-
tecture attribute is only valid for products.
patch_one_liner=revision title patch_state
Specifies the attributes displayed for each object listed when the -l patch option is
invoked and when no -a or -v option is specified. The default display attributes are
title and patch_state .
rpc_binding_info=ncacn_ip_tcp:[2121] ncadg_ip_udp:[2121]
Defines the protocol sequence(s) and endpoint(s) on which the daemon listens and the other
commands contact the daemon. If the connection fails for one protocol sequence, the next is
s attempted. SD supports both the tcp (ncacn_ip_tcp:[2121]) and udp
(ncadg_ip_udp:[2121]) protocol sequence on most platforms. See the sd.5 man
page by typing man 5 sd for more information.
rpc_timeout=5
Relative length of the communications timeout. This is a value in the range from 0 to 9 and
is interpreted by the DCE RPC. Higher values mean longer times; you may need a higher
value for a slow or busy network. Lower values will give faster recognition on attempts to
contact hosts that are not up or not running swagentd . Each value is approximately
twice as long as the preceding value. A value of 5 is about 30 seconds for the
ncadg_ip_udp protocol sequence. This option may not have any noticeable impact when
using the ncacn_ip_tcp protocol sequence.
run_as_superuser=true
This option controls SD’s nonprivileged mode. This option is ignored (treated as true) when
the invoking user is super-user.
When set to the default value of true, SD operations are performed normally, with permis-
sions for operations either granted to a local super-user or set by SD ACLs. (See swacl(1M)
for details on ACLs.)

494 Hewlett-Packard Company −6− HP-UX 11i Version 3: February 2007

swlist(1M) swlist(1M)

When set to false and the invoking user is local and is not super-user, nonprivileged mode
is invoked:
• Permissions for operations are based on the user’s file system permissions.
• SD ACLs are ignored.
• Files created by SD have the uid and gid of the invoking user, and the mode of created
files is set according to the invoking user’s umask.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the admin_directory and installed_software_catalog options.
show_superseded_patches=false
Displays or hides superseded patches in command line swlist output. In the default
state of false , swlist will not display superseded patches even if you perform a
swlist command on the superseded patch. Setting this option to true permits display
of superseded patches. This option applies to command line swlist only. In an interac-
tive session, swlist -i always shows superseded patches regardless of the value of this
option.
select_local=true
If no target_selections are specified, select the default target_directory of the local
host as the target_selection for the command.
software=
Defines the default software_selections. There is no supplied default. If there is more than
one software selection, they must be separated by spaces.
software_view=all_bundles
Indicates the software view to be used as the default level for the software listing in the
GUI. It can be set to all_bundles , products , or a bundle category tag (to indicate to
show only bundles of that category).
targets=
Defines the default target_selections. There is no supplied default (see select_local
above). If there is more than one target selection, they must be separated by spaces.
verbose=0
Controls how attribute values are displayed. A value of
0 displays only the attribute value.
1 displays both the attribute keyword and value. (See the -v option above.)
Session File
Each invocation of swlist defines a task session. The command automatically saves options, source
s
information, software selections, and target selections before the task actually commences. This lets you
re-execute the command even if the session ends before the task is complete. You can also save session
information from interactive or command-line sessions.
Session information is saved to the file $HOME/.sw/sessions/swlist.last. This file is overwrit-
ten by each invocation of the command. The file uses the same syntax as the defaults files.
From an interactive session, you can save session information into a file at any time by selecting the Save
Session or Save Session As option from the File menu.
From a command-line session, you can save session information by executing the command with the
-Csession__file option. You can specify an absolute path for a session file. If you do not specify a directory,
the default location is $HOME/.sw/sessions/.
To re-execute a saved session from an interactive session, use the Recall Session option from the File menu.
To re-execute a session from a command-line, specify the session file as the argument for the -S option.
When you re-execute a session file, the values in the session file take precedence over values in the system
defaults file. Likewise, any command-line options and parameters take precedence over the values in the
session file.

HP-UX 11i Version 3: February 2007 −7− Hewlett-Packard Company 495

 swlist(1M) swlist(1M)

Environment Variables
The environment variables that affect the swlist command are:
LANG Determines the language in which messages are displayed. If LANG is not specified or
is set to the empty string, a default value of C is used. See lang(5) for more informa-
tion.
NOTE: The language in which the SD agent and daemon log messages are displayed is
set by the system configuration variable script, /etc/rc.config.d/LANG. For
example,
/etc/rc.config.d/LANG, must be set to LANG=ja_JP.SJIS or
LANG=ja_JP.eucJP to make the agent and daemon log messages display in
Japanese.
LC_ALL Determines the locale to be used to override any values for locale categories specified by
the settings of LANG or any environment variables beginning with LC_ .
LC_CTYPE Determines the interpretation of sequences of bytes of text data as characters (e.g.,
single-versus multibyte characters in values for vendor-defined attributes).
LC_MESSAGES
Determines the language in which messages should be written.
LC_TIME Determines the format of dates (create_date and mod_date) when displayed by swlist .
Used by all utilities when displaying dates and times in stdout , stderr , and log-
ging .
TZ Determines the time zone for use when displaying dates and times.

Signals
The swlist command catches the signals SIGQUIT and SIGINT. If these signals are received, swlist
prints a message, sends a Remote Procedure Call (RPC) to the agents to wrap up, and then exits.
Each agent will complete the list task (if the execution phase has already started) before it wraps up.

OPERATION
The output from swlist follows this rule with all options: only the lowest level listed (product, subpro-
duct, fileset or file) will be uncommented. Among other things, this allows the output from swlist to be
used as input to other commands. The one exception is the list that contains files; file-level output is not
accepted by other commands.
The types of listings that can be selected are given below. Some of these listings are not exclusive choices,
but rather ways to view the objects while controlling the amount of output.
• Default Listing
• Software Listing
• Root Listing
s • Depot Listing
• Multiple Targets Listing
• Verbose Listing

Default Listing
If swlist is invoked with no software_selections and no target_selections, a listing of all installed pro-
ducts on the local host is produced. This listing contains one line for each product. The line includes the
product tag attributes and all other attributes selected via the one_liner option.
If target_selections (i.e. target hosts) are specified, this same format listing is produced for the installed
software at each of the specified hosts.

Software Listing
A listing of software objects is controlled by the specified software_selections, and also by the -l option (
swlist.level=). swlist lists the contents of each software object specified in the
software_selections. For example, if you specify product selections, the subproducts and/or filesets con-
tained immediately below each product will be listed. If you specify fileset selections, the files contained in
each fileset will be listed.
The depth of objects listed is controlled with the -l option. This option can expand or restrict the depth in
concert with the specified software selections. By default, the contents of a specified software selection are

496 Hewlett-Packard Company −8− HP-UX 11i Version 3: February 2007

swlist(1M) swlist(1M)

always listed (as described above). The -l option can defeat this listing by specifying a level equivalent to
the level of objects in the software_selections. For example, if you want to list specific product selections
but not their contents, use -l product . If you want to list specific fileset selections but not their con-
tained files, use -l fileset . The software_selection options only apply if the level is bundle, product,
subproduct, fileset, file, or patch.

Depot Listing
Another class of objects that swlist can display are software depots. For example, the user can list all
registered depots on a given host. A combination of the -l depot option and target_selections operands
can produce a variety of depot listings.

Multiple Targets Listing

Multiple target_selections (i.e. root filesystems, alternate roots, or depots) are listed sequentially: list all
the requested objects and attributes from the first target_selection, followed by the second target_selection,
etc.

Verbose Listing
The -v option causes a verbose listing to be generated. A verbose listing includes all attributes defined for
an object. The swlist command prints the keyword and value for each attribute. The attributes are
listed one per line. The user can post-process (filter) the output with grep(1), awk(1), and/or sed(1) to get
the fields of interest.
The depot’s attributes are displayed if swlist is called with the -v and -l depot options, and a
specific depot target_selection.
Attributes for a particular software level (product/subproduct/fileset/file) are displayed
based on the depth of the specified software_selections. For example, swlist -v product1.fileset1 will give all
fileset attributes for fileset1. If the -v option is used with the -l option , the different listing are:
• To display attributes for all products, use swlist -v -l product
• To display attributes for all products and subproducts, use swlist -v -l subproduct
• To display attributes for all products and filesets, use swlist -v -l fileset
• To display attributes for all products, filesets, and files, use swlist -v -l file

RETURN VALUE
The swlist command returns:
0 The software_selections and/or target_selections were successfully listed.
1 The list operation failed on all target_selections.
2 The list operation failed on some target_selections.

DIAGNOSTICS
The swlist command writes to stdout, stderr, and to the agent logfile. s
Standard Output
All listings are printed to stdout.

Standard Error
The swlist command writes messages for all WARNING and ERROR conditions to stderr.

Logging
The swlist command does not log summary events. It logs events about each read task to the
swagent logfile associated with each target_selection.
You can use the swlist interactive interface (swlist -i -d ) to view the swaudit.log file.

swagentd Disabled
If the swagentd daemon has been disabled on the host, it can be enabled by the host’s system administra-
tor by setting the SW_ENABLE_SWAGENTD entry in /etc/rc.config.d/swconfig to 1 and exe-
cuting /usr/sbin/swagentd -r .

EXAMPLES
Run the swlist interactive interface:

HP-UX 11i Version 3: February 2007 −9− Hewlett-Packard Company 497

 swlist(1M) swlist(1M)

swlist -i @ host1
Use interactive swlist to view a depot:
swlist -i -d @ /tmp/depot
List all of the products installed on the local host:
swlist
Generate a comprehensive listing that includes all filesets for the product NETWORKING:
swlist -v -l fileset NETWORKING
List all the attributes for the ARPA-RUN fileset:
swlist -v NETWORKING.ARPA.ARPA-RUN
List the C product installed on several remote hosts:
swlist cc @ hostA hostB hostC
List the FRAME product relocated to directory /opt on host1:
swlist FRAME,1=/opt @ host1
List all the versions of the FRAME product installed on the toolserver host:
swlist FRAME @ toolserver
List all products in a shared root (HP-UX 10.X only):
swlist -r @ /export/shared_roots/OS_700
List products in a client’s private root (HP-UX 10.X only):
swlist -r @ /export/private_roots/client
List the contents of the local tape, /dev/rmt/0m :
swlist -d @ /dev/rmt/0m
or, alternatively:
swlist -s /dev/rmt/0m
List the tag and revision attributes for all products on the local tape /dev/rmt/0m :
swlist -d -a revision @ /dev/rmt/0m
or, alternatively:
swlist -a revision -s /dev/rmt/0m @
Display the README file for the FRAME product:
s swlist -a readme FRAME
List the products stored in a remote depot:
swlist -d @ hostA:/depot
List all depots on a host:
swlist -l depot @ hostA
List the categories defined in the depot mounted at /CD .
swlist -d -l category @ /CD
Output:
critical_patch 1.0 Patches to fix system hangs or data corruption
S747_upgrade 2.0 Patches needed to upgrade to an S747
security_patch 2.0 Patches affecting system security
List a particular attribute of a category object identified by the tag critical_patch.
swlist -a description -l category critical_patch
Use the swlist -l option and patch level to display the values of a fileset’s applied_patches attribute.

498 Hewlett-Packard Company − 10 − HP-UX 11i Version 3: February 2007

swlist(1M) swlist(1M)

swlist -l patch BogusProduct

Output:
BogusProduct 1.0 This is a Bogus Product
BogusProduct.FakeFS Fake fileset
PHZX-0004.FakeFS Patch for defect X superseded
PHZX-3452.FakeFS Patch for defect Y applied
Another example showing just the patch:
swlist -l patch PHZX-0004
Output:
PHZX-0004 1.0 Patch product
PHZX-0004.FakeFS Patch for defect X superseded
FILES
$HOME/.swdefaults
Contains the user-specific default values for some or all SD options.
$HOME/.sw/sessions/
Contains session files automatically saved by the SD commands, or explicitly saved by the user.
/usr/lib/sw/sys.defaults
Contains the master list of current SD options (with their default values).
/var/adm/sw/
The directory which contains all of the configurable (and non-configurable) data for SD. This directory
is also the default location of logfiles.
/var/adm/sw/defaults
Contains the active system-wide default values for some or all SD options.
/var/adm/sw/host_object
The file which stores the list of depots registered at the local host.
/var/adm/sw/products/
The Installed Products Database (IPD), a catalog of all products installed on a system.
/var/spool/sw/
The default location of a source and target software depot.

AUTHOR
swlist was developed by the Hewlett-Packard Company and Mark H. Colburn (see pax(1)).
SEE ALSO
swacl(1M), swagentd(1M), swask(1M), swconfig(1M), swcopy(1M), swinstall(1M), swjob(1M), swmodify(1M),
swpackage(1M), swreg(1M), swremove(1M), swverify(1M), install-sd(1M), sd(4), swpackage(4), sd(5).
s
Software Distributor Administration Guide, available at http://docs.hp.com.
SD customer web site at http://docs.hp.com/en/SD/.

HP-UX 11i Version 3: February 2007 − 11 − Hewlett-Packard Company 499

 swmodify(1M) swmodify(1M)

NAME
swmodify - modify software products in a target root or depot

SYNOPSIS
swmodify [-d|-r] [-p] [-u] [-v] [-V] [-a attribute=[value]] [-c catalog ] [-C session_file ]
[-f software_file ] [-P pathname_file ] [-s product_specification_file| [-S session_file ]
[-x option=value ] [-X option_file ] [software_selections] [@ target_selection]

Remarks
For an overview of all SD commands, see the sd(5) man page by typing man 5 sd on the command line.

DESCRIPTION
The swmodify command modifies the definitions of software objects installed into a primary or alternate
root, or available from a software depot. It supports the following features:
• adding new objects - The user can add new bundles, products, subproducts, filesets, control files,
and files to existing objects (which will contain them).
• deleting existing objects - The user can delete existing bundles, products, subproducts, filesets, con-
trol files, and files from the objects which contain them.
• modifying attribute values - The user can add an attribute, delete an attribute, or change the exist-
ing value of an attribute for any existing object. When adding a new object, the user can at the
same time define attributes for it.
• committing software patches - The user can remove saved backup files, committing the software
patch.
With the exception of control files, swmodify does not manipulate the actual files that make up a product
(fileset). The command manipulates the catalog information which describes the files. However, swmo-
dify can replace the contents of control files.
Common uses of swmodify include:
• adding file definitions to the existing list of file definitions in a fileset. Example: If a fileset’s con-
trol scripts add new files to the installed file system, the scripts can call swmodify to "make a
record" of those new files.
• changing the values of existing attributes. Example: If a product provides a more complex
configuration process (beyond the SD configure script), that script can set the fileset’s state to
CONFIGURED upon successful execution.
• defining new objects. Example: to "import" the definition of an existing application that was not
installed by SD, construct a simple PSF describing the product. Then invoke swmodify to load
the definition of the existing application into the IPD.

s Options
swmodify supports the following options:
-d Perform modifications on a depot (not on a primary or alternate root). The given
target_selection must be a depot.
-p Preview a modify session without modifying anything within the target_selection.
-r Performs modifications on an alternate root directory, which must be specified in the @
target_selections option. (This option is not required for alternate root operations but is
maintained for backward compatibility. See the Alternate Root Directory and Depot Direc-
tory heading in sd(5) for more information.)
-u If no -a attribute=value options are specified, then delete the given software_selections from
within the given target_selection. This action deletes the definitions of the software objects
from the depot catalog or installed products database.
If -a attribute options are specified, then delete these attribute definitions from the given
software_selections (from within the given target_selection).
-v Turn on verbose output to stdout.
-V List the data model revisions that this command supports.

500 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

swmodify(1M) swmodify(1M)

-a attribute[=value]
Add, modify, or delete the value of the given attribute. If the -u option is specified, then
delete the attribute from the given software_selections (or delete the value from the set of
values currently defined for the attribute). Otherwise add/modify the attribute for each
software_selection by setting it to the given value.
Multiple -a options can be specified. Each attribute modification will be applied to every
software_selection.
The -s and -a options are mutually exclusive; the -s option cannot be specified when
the -a option is specified.
-c catalog
Specifies the pathname of the catalog which will be added, modified, or used as input by
swmodify .
The -c and -a options are mutually exclusive, the -c option cannot be specified when
the -a option is specified.
-C session_file
Save the current options and operands to session_file. You can enter a relative or absolute
path with the file name. The default directory for session files is
$HOME/.sw/sessions/. You can recall a session file with the -S option.
-f software_file
Read the list of software_selections from software_file instead of (or in addition to) the com-
mand line.
-P pathname_file
Specify a file containing the pathnames of files being added to or deleted from the IPD
instead of having to specify them individually on the command line.
-s product_specification_file
The source Product Specification File (PSF) describes the product, subproduct, fileset,
and/or file definitions which will be added, modified, or used as input by swmodify .
The -s and -u options are mutually exclusive, the -s option cannot be specified when
the -u option is specified.
-S session_file
Execute swmodify based on the options and operands saved from a previous session, as
defined in session_file. You can save session information to a file with the -C option.
-x option=value
Set the session option to value and override the default value (or a value in an alternate
options_file specified with the -X option). Multiple -x options can be specified.
-X option_file
Read the session options and behaviors from options_file. s
Operands
The swmodify command supports two types of operands: software selections followed by target selec-
tions. These operands are separated by the "at" (@) character. This syntax implies that the command
operates on "software selections at targets".

Software Selections
If a product_specification_file is specified, swmodify will select the software_selections from the full set
defined within the PSF. The software selected from a PSF is then applied to the target_selection, with the
selected software objects either added to it or modified within it. If a PSF is not specified, swmodify will
select the software_selections from the software defined in the given (or default) target_selection.
The swmodify command supports the following syntax for each software_selection:
bundle[.product[.subproduct][.fileset]][,version ]
product[.subproduct][.fileset][,version ]
• The = (equals) relational operator lets you specify selections with the following shell wildcard and
pattern-matching notations:

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 501

 swmodify(1M) swmodify(1M)

[ ], *, ?
• Bundles and subproducts are recursive. Bundles can contain other bundles and subproducts can
contain other subproducts.
• The \* software specification selects all products. Use this specification with caution.
The version component has the form:
[,r <op> revision][,a <op> arch][,v <op> vendor]
[,c <op> category ][,q= qualifier][,l= location]
[,fr <op> revision][,fa <op> arch]
• location applies only to installed software and refers to software installed to a location other than
the default product directory.
• fr and fa apply only to filesets.
• r , a , v , c , and l apply only to bundles and products. They are applied to the leftmost bundle
or product in a software specification.
• The <op> (relational operator) component can be of the form:
=, ==, >=, <=, <, >, or !=
which performs individual comparisons on dot-separated fields.
For example, r>=B.10.00 chooses all revisions greater than or equal to B.10.00 . The system
compares each dot-separated field to find matches.
• The = (equals) relational operator lets you specify selections with the shell wildcard and pattern-
matching notations:
[ ], *, ?, !
For example, the expression r=1[01].* returns any revision in version 10 or version 11.
• All version components are repeatable within a single specification (e.g. r>=A.12 , r<A.20 ). If
multiple components are used, the selection must match all components.
• Fully qualified software specs include the r= , a= , and v= version components even if they contain
empty strings. For installed software, l= is also included.
• No space or tab characters are allowed in a software selection.
• The software instance_id can take the place of the version component. It has the form:
[instance_id]
within the context of an exported catalog, where instance_id is an integer that distinguishes ver-
sions of products and bundles with the same tag.

s Target Selection
The swmodify command supports the specification of a single, local target_selection, using the syntax:
[ @ /directory ]
When operating on the primary root, no target_selection needs to be specified. (The target / is assumed.)
When operating on a software depot, the target_selection specifies the path to that depot. If the -d option
is specified and no target_selection is specified, the default distribution_target_directory is
assumed (see below).

EXTERNAL INFLUENCES
Default Options
In addition to the standard options, several SD behaviors and policy options can be changed by editing the
default values found in:
/var/adm/sw/defaults the system-wide default values.
$HOME/.swdefaults the user-specific default values.
Values must be specified in the defaults file using this syntax:
[command_name.]option=value

502 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

swmodify(1M) swmodify(1M)

The optional command_name prefix denotes one of the SD commands. Using the prefix limits the change
in the default value to that command. If you leave the prefix off, the change applies to all commands.
You can also override default values from the command line with the -x or -X options:
command -x option =value
command -X option_file
The following keywords are supported by swmodify . If a default value exists, it is listed after the =. The
commands that this option applies to are also specified. The policy options that apply to swmodify are:
admin_directory=/var/adm/sw (for normal mode)
admin_directory=/var/home/LOGNAME/sw (for nonprivileged mode)
The location for SD logfiles and the default parent directory for the installed software cata-
log. The default value is /var/adm/sw for normal SD operations. When SD operates in
nonprivileged mode (that is, when the run_as_superuser default option is set to
true ):
• The default value is forced to /var/home/LOGNAME/sw.
• The path element LOGNAME is replaced with the name of the invoking user, which SD
reads from the system password file.
• If you set the value of this option to HOME/ path, SD replaces HOME with the invoking
user’s home directory (from the system password file) and resolves path relative to that
directory. For example, HOME/my_admin resolves to the my_admin directory in
your home directory.
• If you set the value of the installed_software_catalog default option to a
relative path, that path is resolved relative to the value of this option.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the installed_software_catalog and run_as_superuser options.
allow_large_files=false
Determines whether modification of files with a size greater than or equal to 2 gigabytes is
allowed. In the default state of false , this option tells swmodify to not allow files with
a size greater than or equal to 2 gigabytes to be modified.
When set to true , this option tells swmodify to permit files with a size greater than or
equal to 2 gigabytes to be modified. If the files are in a depot, then the depot can only be
used by the December 2005 OEUR (HP-UX 11i v2) version of SD and newer versions of SD
on HP-UX 11i v1, HP-UX 11i v2, and future releases.
This version of SD supports a large file up to 2 terabytes (2048 gigabytes) s
compress_index=false
Determines whether SD commands create compressed INDEX and INFO catalog files when
writing to target depots or roots. The default of false does not create compressed files.
When set to true , SD creates compressed and uncompressed INDEX and INFO files. The
compressed files are named INDEX.gz and INFO.gz , and reside in the same directories
as the uncompressed files.
Compressed files can enhance performance on slower networks, although they may
increase disk space usage due to a larger Installed Products Database and depot catalog.
SD controllers and target agents for HP-UX 11.01 and higher automatically load the
compressed INDEX and INFO files from the source agent when:
• The source agent supports this feature.
• INDEX.gz or INFO.gz exist on the source depot.
• INDEX.gz or INFO.gz are not older than the corresponding uncompressed INDEX or
INFO files.
The uncompressed INDEX or INFO file is accessed by the source agent if any problem
occurs when accessing, transferring, or uncompressing the INDEX.gz or INFO.gz file.

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 503

 swmodify(1M) swmodify(1M)

control_files=
When adding or deleting control file objects, this option lists the tags of those control files.
There is no supplied default. If there is more than one tag, they must be separated by
white space and surrounded by quotes.
distribution_target_directory=/var/spool/sw
Defines the default distribution directory of the target depot. The target_selection operand
overrides this default.
files= When adding or deleting file objects, this option lists the pathnames of those file objects.
There is no supplied default. If there is more than one pathname, they must be separated
by white space.
installed_software_catalog=products
Defines the directory path where the Installed Products Database (IPD) is stored. This
information describes installed software. When set to an absolute path, this option defines
the location of the IPD. When this option contains a relative path, the SD controller
appends the value to the value specified by the admin_directory option to determine
the path to the IPD. For alternate roots, this path is resolved relative to the location of the
alternate root. This option does not affect where software is installed, only the IPD loca-
tion.
This option permits the simultaneous installation and removal of multiple software applica-
tions by multiple users or multiple processes, with each application or group of applications
using a different IPD.
Caution: use a specific installed_software_catalog to manage a specific applica-
tion. SD does not support multiple descriptions of the same application in multiple IPDs.
See also the admin_directory and run_as_superuser options, which control SD’s
nonprivileged mode. (This mode is intended only for managing applications that are spe-
cially designed and packaged. This mode cannot be used to manage the HP-UX operating
system or patches to it. For a full explanation of nonprivileged SD, see the Software Distri-
butor Administration Guide, available at the http://docs.hp.com web site.)
layout_version=1.0
Specifies the POSIX layout_version to which the SD commands conform when writ-
ing distributions and swlist output. Supported values are "1.0" (default) and "0.8".
SD object and attribute syntax conforms to the layout_version 1.0 specification of the IEEE
POSIX 1387.2 Software Administration standard. SD commands still accept the keyword
names associated with the older layout version, but you should use
layout_version=0.8 only to create distributions readable by older versions of SD.
See the description of the layout_version option in sd(5) for more information.
log_msgid=0
s Adds numeric identification numbers at the beginning of SD logfile messages:
0 (default) No identifiers are attached to messages.
1 Adds identifiers to ERROR messages only.
2 Adds identifiers to ERROR and WARNING messages.
3 Adds identifiers to ERROR, WARNING, and NOTE messages.
4 Adds identifiers to ERROR, WARNING, NOTE, and certain other informational mes-
sages.
logdetail=false
The logdetail option controls the amount of detail written to the log file. When set to
true , this option adds detailed task information (such as options specified, progress state-
ments, and additional summary information) to the log file. This information is in addition
to log information controlled by the loglevel option.
logfile=/var/adm/sw/sw<modify>.log
Defines the default log file for swmodify .
loglevel=1 (for direct invocation)
loglevel=0 (for invocation by a control script)
Controls the log level for the events logged to the swmodify logfile, the target agent
logfile, and the source agent logfile. This information is in addition to the detail controlled
by the logdetail option. See logdetail for more information.

504 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

swmodify(1M) swmodify(1M)

A value of:
0 provides no information to the log files.
1 enables verbose logging to the log files.
2 enables very verbose logging to the log files.
To enable logging by swmodify commands invoked by control files, add the following line
to the system defaults file:
swmodify.loglevel=1
patch_commit=false
Commits a patch by removing files saved for patch rollback. When set to true , you cannot
roll back (remove) a patch unless you remove the associated base software that the patch
modified.
run_as_superuser=true
This option controls SD’s nonprivileged mode. This option is ignored (treated as true) when
the invoking user is super-user.
When set to the default value of true, SD operations are performed normally, with permis-
sions for operations either granted to a local super-user or set by SD ACLs. (See swacl(1M)
for details on ACLs.)
When set to false and the invoking user is local and is not super-user, nonprivileged mode
is invoked:
• Permissions for operations are based on the user’s file system permissions.
• SD ACLs are ignored.
• Files created by SD have the uid and gid of the invoking user, and the mode of created
files is set according to the invoking user’s umask.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the admin_directory and installed_software_catalog options.
software=
Defines the default software_selections. There is no supplied default. If there is more than
one software selection, they must be separated by spaces. Software is usually specified in a
software input file, as operands on the command line, or in the GUI.
source_file=
Defines the default location of the source product specification file (PSF). The host:path
syntax is not allowed, only a valid path can be specified. The -s option overrides this
value. s
targets=
Defines the default target_selections. There is no supplied default (see select_local
above). If there is more than one target selection, they must be separated by spaces. Tar-
gets are usually specified in a target input file, as operands on the command line, or in the
GUI.
verbose=1
Controls the verbosity of a non-interactive command’s output:
0 disables output to stdout. (Error and warning messages are always written to stderr).
1 enables verbose messaging to stdout.
2 for swmodify , enables very verbose messaging to stdout.
Session File
Each invocation of the swmodify command defines a modify session. The invocation options, source
information, software selections, and target hosts are saved before the installation or copy task actually
commences. This lets you re-execute the command even if the session ends before proper completion.
Each session is automatically saved to the file $HOME/.sw/sessions/swmodify.last. This file is
overwritten by each invocation of swmodify .

HP-UX 11i Version 3: February 2007 −6− Hewlett-Packard Company 505

 swmodify(1M) swmodify(1M)

You can also save session information to a specific file by executing swmodify with the -C session__file
option.
A session file uses the same syntax as the defaults files. You can specify an absolute path for the session
file. If you do not specify a directory, the default location for a session file is $HOME/.sw/sessions/.
To re-execute a session file, specify the session file as the argument for the -S session__file option of
swmodify . See the swpackage(4) by typing man 4 swpackage for PSF syntax.
Note that when you re-execute a session file, the values in the session file take precedence over values in
the system defaults file. Likewise, any command line options or parameters that you specify when you
invoke swmodify take precedence over the values in the session file.

Environment Variables
The environment variable that affects swmodify is:
LANG Determines the language in which messages are displayed. If LANG is not specified or
is set to the empty string, a default value of C is used. See the lang(5) man page by
typing man 5 lang for more information.
NOTE: The language in which the SD agent and daemon log messages are displayed is
set by the system configuration variable script, /etc/rc.config.d/LANG. For
example, /etc/rc.config.d/LANG, must be set to LANG=ja_JP.SJIS or
LANG=ja_JP.eucJP to make the agent and daemon log messages display in
Japanese.
LC_ALL Determines the locale to be used to override any values for locale categories specified by
the settings of LANG or any environment variables beginning with LC_ .
LC_CTYPE Determines the interpretation of sequences of bytes of text data as characters (e.g.,
single-versus multibyte characters in values for vendor-defined attributes).
LC_MESSAGES
Determines the language in which messages should be written.
LC_TIME Determines the format of dates (create_date and mod_date) when displayed by swlist .
Used by all utilities when displaying dates and times in stdout , stderr , and log-
ging .
TZ Determines the time zone for use when displaying dates and times.

Signals
The swmodify command ignores SIGHUP, SIGTERM, SIGUSR1, and SIGUSR2. The swmodify com-
mand catches SIGINT and SIGQUIT. If these signals are received, swmodify prints a message and
then exits. During the actual database modifications, swmodify blocks these signals (to prevent any data
base corruption). All other signals result in their default action being performed.

s RETURN VALUES
The swmodify command returns:
0 The add, modify, or delete operation(s) were successfully performed on the given
software_selections.
1 An error occurred during the session (e.g. bad syntax in the PSF, invalid software_selection, etc.)
Review stderr or the logfile for details.

DIAGNOSTICS
The swmodify command writes to stdout, stderr, and to specific logfiles.
Standard Output
In verbose mode, the swmodify command writes messages for significant events. These include:
• a begin and end session message,
• selection, analysis, and execution task messages.

Standard Error
The swmodify command also writes messages for all WARNING and ERROR conditions to stderr.

506 Hewlett-Packard Company −7− HP-UX 11i Version 3: February 2007

swmodify(1M) swmodify(1M)

Logfile
The swmodify command logs events to the command logfile and to the swmodify logfile associated
with each target_selection.
Command Log
The swmodify command logs all messages to the the logfile /var/adm/sw/swmodify.log.
(The user can specify a different logfile by modifying the logfile option.)
Target Log
When modifying installed software, swmodify logs messages to the file
var/adm/sw/swagent.log beneath the root directory (e.g. / or an alternate root directory).
When modifying available software (within a depot), swmodify logs messages to the file
swagent.log beneath the depot directory (e.g. /var/spool/sw).
EXAMPLES
Add additional files to an existing fileset:
swmodify -xfiles=’/tmp/a /tmp/b /tmp/c’ PRODUCT.FILESET
Replace the definitions of existing files in an existing fileset (e.g. to update current values for the files’
attributes):
chown root /tmp/a /tmp/b
swmodify -x files=’/tmp/a /tmp/b’ PRODUCT.FILESET
Delete control files from a fileset in an existing depot:
swmodify -d -u -x control_files=’checkinstall subscript’ \
PRODUCT.FILESET @ /var/spool/sw
Create a new fileset definition where the description is contained in the PSF file
new_fileset_definition:
swmodify -s new_fileset_definition
Delete an obsolete fileset definition:
swmodify -u PRODUCT.FILESET
Commit a patch (remove files saved for patch rollback):
swmodify -x patch_commit=true PATCH
Create some new bundle definitions for products in an existing depot:
swmodify -d -s new_bundle_definitions \* @ /mfg/master_depot
Modify the values of some fileset’s attributes:
swmodify -a state=installed PRODUCT.FILESET
Modify the attributes of a depot: s
swmodify -a title=’Manufacturing’s master depot’ \
-a description=</tmp/mfg.description @ /mfg/master_depot
WARNINGS
If the target_selection is a software depot and you delete file definitions from the given software_selections,
the files’ contents are not deleted from the depot.

FILES
$HOME/.swdefaults
Contains the user-specific default values for some or all SD options.
$HOME/.sw/sessions/
Contains session files automatically saved by the SD commands, or explicitly saved by the user.
/usr/lib/sw/sys.defaults
Contains the master list of current SD options (with their default values).
/var/adm/sw/
The directory which contains all of the configurable (and non-configurable) data for SD. This directory
is also the default location of logfiles.

HP-UX 11i Version 3: February 2007 −8− Hewlett-Packard Company 507

 swmodify(1M) swmodify(1M)

/var/adm/sw/defaults
Contains the active system-wide default values for some or all SD options.
/var/adm/sw/products/
The Installed Products Database (IPD), a catalog of all products installed on a system.
/var/spool/sw/
The default location of a target software depot.

AUTHOR
swmodify was developed by the Hewlett-Packard Company.
SEE ALSO
swacl(1M), swagentd(1M), swask(1M), swconfig(1M), swcopy(1M), swinstall(1M), swjob(1M), swlist(1M),
swpackage(1M), swreg(1M), swremove(1M), swverify(1M), install-sd(1M), sd(4), swpackage(4), sd(5).
Software Distributor Administration Guide, available at http://docs.hp.com.
SD customer web site at http://docs.hp.com/en/SD/.

508 Hewlett-Packard Company −9− HP-UX 11i Version 3: February 2007

swpackage(1M) swpackage(1M)

NAME
swpackage - package software products into a target depot or tape

SYNOPSIS
swpackage [-p] [-v] [-V] [-C session_file ] [-d directory|device ] [-f software_file ]
[-s product_specification_file|directory ] [-S session_file ] [-x option=value ] [-X option_file ]
[software_selections] [@ target_selection]

Remarks
• For a description of the Product Specification File (PSF) used as input to the swpackage command,
see the swpackage(4) man page by typing man 4 swpackage on the command line.
• For an overview of all SD commands, see the sd(5) man page by typing man 5 sd on the command
line.
• For descriptions of all SD objects, attributes and data formats, see the sd(4) man page by typing man 4
sd on the command line.
DESCRIPTION
The swpackage command is not distributed; it only operates on the local host. It packages software pro-
ducts into:
• a distribution directory (which can be accessed directly or copied onto a CD-ROM),
• a distribution tape, such as DDS, nine-track or cartridge tapes.
A software product is organized into a three-level hierarchy: products, subproducts, and filesets. The
actual files that make up a product are packaged into filesets. Subproducts can be used to partition or sub-
set the filesets into logical groupings. (Subproducts are optional.) A product, subproduct, and fileset also
have attributes associated with them.
Both directory and tape distributions use the same format. The swpackage command:
• Organizes the software to be packaged into products, subproducts, and filesets,
• Provides flexible mechanisms to package source files into filesets,
• Modifies existing products in a distribution directory,
• Copies products in a distribution directory to a distribution tape.
Both the swpackage and swcopy commands create or modify a target depot. The differences between
these commands are:
• The swcopy command copies products from an existing depot to another depot. The swpackage
command creates products based on the user’s specification, and packages these products into a depot.
• swpackage can be used to re-package software_selections from an existing distribution directory to a
distribution tape. s
• The swcopy command can copy from a local or remote source to a set of local or remote targets. The
swpackage command packages source files from the local filesystem into a product, for insertion into
a local distribution directory or tape.
• After creating a target depot, swcopy registers that directory with the local swagentd so that it can
be found by swlist , swinstall , etc. With swpackage , the depot is not registered; the user must
explicitly invoke the swreg command.

Layout Version
By default, SD object and attribute syntax conforms to the layout_version 1.0 specification of the IEEE
POSIX 1387.2 Software Administration standard. SD commands still accept the keyword names associated
with the older layout version 0.8, but you should use the older version only to create distributions readable
by older versions of SD.
Which layout_version the SD commands write is controlled by the layout_version option or by
specifying the layout_version attribute in the PSF file.
See sd(4), the description of the layout_version option in the following section and in sd(5) for more
information. See sd(4) for more information on PSF files.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 509

 swpackage(1M) swpackage(1M)

Options
swpackage supports the following options:
-p Previews a package session without actually creating or modifying the distribution tape.
-v Turns on verbose output to stdout. Verbose output is enabled by default, see the ver-
bose option below.
-V List the data model revision that swpackage supports. By default, swpackage always
packages using the latest data model revision.
-C session_file
Save the current options and operands to session_file. You can enter a relative or absolute
path with the file name. The default directory for session files is
$HOME/.sw/sessions/. You can recall a session file with the -S option.
-d directory|device
(Obsolete but allowed for backward compatibility. Use the @ target_selection operand
instead.)
If creating a distribution directory, this option defines the pathname of the directory. If
creating a distribution tape, this option defines the device file on which to write the distri-
bution. When creating a distribution tape, the tape device (file) must exist, and the -x
media_type=tape option must be specified (see below).
You can also specify that the swpackage output be "piped" to an external command
using:
swpackage -d "| <command> " -x media_type=tape -s <source>
The | symbol and command must be quoted because it is interpreted by swpackage and
not the shell.
-f software_file
Read the list of software_selections from software_file instead of (or in addition to) the com-
mand line.
-s product_specification_file|directory
The source PSF describes the product, subproduct, fileset, and file definitions used to build
a software product from a set of source files.
The source can also be an existing directory depot (which already contains products).
-S session_file
Execute swpackage based on the options and operands saved from a previous session, as
defined in session_file. You can save session information to a file with the -C option.
-x option=value
Set the session option to value and override the default value (or a value in an alternate
s options_file specified with the -X option). Multiple -x options can be specified.
-X option_file
Read the session options and behaviors from options_file.

Software Selections
If specified, the software selections cause swpackage to only (re)package those software selections from
the full set defined in the source product_specification_file. If no software_selections are specified, then
swpackage will (re)package all the products defined in the source product_specification_file.
The swpackage command supports the following syntax for each software_selection:
bundle[.product[.subproduct][.fileset]][,version]
product[.subproduct][.fileset][,version ]
• The = (equals) relational operator lets you specify selections with the following shell wildcard and
pattern-matching notations:
[ ], *, ?
• Bundles and subproducts are recursive. Bundles can contain other bundles and subproducts can
contain other subproducts.

510 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

swpackage(1M) swpackage(1M)

• The \* software specification selects all products. Use this specification with caution.
The version component has the form:
[,r <op> revision][,a <op> arch][,v <op> vendor]
[,c <op> category ][,q= qualifier][,l= location]
[,fr <op> revision][,fa <op> arch]
• location applies only to installed software and refers to software installed to a location other than
the default product directory.
• fr and fa apply only to filesets.
• r , a , v , c , and l apply only to bundles and products. They are applied to the leftmost bundle
or product in a software specification.
• The <op> (relational operator) component can be of the form:
=, ==, >=, <=, <, >, or !=
which performs individual comparisons on dot-separated fields.
For example, r>=B.10.00 chooses all revisions greater than or equal to B.10.00 . The system
compares each dot-separated field to find matches.
• The = (equals) relational operator lets you specify selections with the shell wildcard and pattern-
matching notations:
[ ], *, ?, !
For example, the expression r=1[01].* returns any revision in version 10 or version 11.
• All version components are repeatable within a single specification (e.g. r>=A.12 , r<A.20 ). If
multiple components are used, the selection must match all components.
• Fully qualified software specs include the r= , a= , and v= version components even if they contain
empty strings. For installed software, l= is also included.
• No space or tab characters are allowed in a software selection.
• The software instance_id can take the place of the version component. It has the form:
[instance_id]
within the context of an exported catalog, where instance_id is an integer that distinguishes ver-
sions of products and bundles with the same tag.

Target Selections
The swpackage command supports the following syntax for a target_selection:
@ /path
If creating a distribution directory, this option defines the path to the directory. If creating a distribution s
tape, this option defines the path to the device file on which to write the distribution. When creating a dis-
tribution tape, the tape device (file) must exist, and the -x media_type=tape option must be
specified (see below).

EXTERNAL INFLUENCES
Default Options
In addition to the standard options, several SD behaviors and policy options can be changed by editing the
default values found in:
/var/adm/sw/defaults the system-wide default values.
$HOME/.swdefaults the user-specific default values.
Values must be specified in the defaults file using this syntax:
[command_name.]option=value
The optional command_name prefix denotes one of the SD commands.
You can also override default values from the command line with the -x or -X options:
command -x option =value

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 511

 swpackage(1M) swpackage(1M)

command -X option_file
The following section lists all of the keywords supported by swpackage and swcopy . If a default value
exists, it is listed after the =. The commands that this option applies to are also specified.
admin_directory=/var/adm/sw (for normal mode)
admin_directory=/var/home/LOGNAME/sw (for nonprivileged mode)
The location for SD logfiles and the default parent directory for the installed software cata-
log. The default value is /var/adm/sw for normal SD operations. When SD operates in
nonprivileged mode (that is, when the run_as_superuser default option is set to
true ):
• The default value is forced to /var/home/LOGNAME/sw.
• The path element LOGNAME is replaced with the name of the invoking user, which SD
reads from the system password file.
• If you set the value of this option to HOME/ path, SD replaces HOME with the invoking
user’s home directory (from the system password file) and resolves path relative to that
directory. For example, HOME/my_admin resolves to the my_admin directory in
your home directory.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the run_as_superuser option.
allow_large_files=false
Determines whether packaging of files with a size greater than or equal to 2 gigabytes is
allowed. In the default state of false , this option tells swpackage to not allow files
with a size greater than or equal to 2 gigabytes to be packaged.
When set to true , this option tells swpackage to permit files with a size greater than or
equal to 2 gigabytes to be packaged. The depot can only be used by the December 2005
OEUR (HP-UX 11i v2) version of SD and newer versions of SD on HP-UX 11i v1, HP-UX
11i v2, and future releases.
This version of SD supports a large file up to 2 terabytes (2048 gigabytes)
allow_large_serial_depot=false
Determines whether a serial depot can be created larger than 2 gigabytes. In the default
state of false , this option tells swpackage to limit the size of the depot to 2 gigabytes.
When set to true , this option tells swpackage to permit the creation of a serial depot
greater than 2 gigabytes. The depot is only usable by SD in the HP-UX 11i v1 (11.11)
December 2004 OEUR, HP-UX 11i v2 (11.23) March 2005 OEUR and newer releases.
s allow_partial_bundles=true
Determines whether to process partial bundles without WARNINGs and NOTEs. In the
default state of true , this option tells swpackage to package what is available in the
PSF. Missing or ambiguous bundle contents are ignored and no WARNINGs and NOTEs
are issued.
When set to false , this option tells swpackage to expect all the bundle contents to be
present and unique in the PSF. Objects that are ambiguous or missing generates a NOTE
and every bundle with missing or ambiguous content generates a WARNING. (Note that
swpackage succeeds even if NOTEs and WARNINGS occur.)
compress_cmd=/usr/contrib/bin/gzip
Defines the command called to compress files before installing, copying or packaging. If the
compression_type option is set to other than gzip or compress , this path must be
changed.
compress_files=false
If set to true , uncompressed files are compressed before transfer from a source. This
enhances performance on slower networks for swcopy and swinstall , and results in
smaller depots for swcopy and swpackage , unless the uncompress_files option is
also set to true .

512 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

swpackage(1M) swpackage(1M)

compress_index=false
Determines whether SD commands create compressed INDEX and INFO catalog files when
writing to target depots or roots. The default of false does not create compressed files.
When set to true , SD creates compressed and uncompressed INDEX and INFO files. The
compressed files are named INDEX.gz and INFO.gz , and reside in the same directories
as the uncompressed files.
Compressed files can enhance performance on slower networks, although they may
increase disk space usage due to a larger Installed Products Database and depot catalog.
SD controllers and target agents for HP-UX 11.01 and higher automatically load the
compressed INDEX and INFO files from the source agent when:
• The source agent supports this feature.
• INDEX.gz or INFO.gz exist on the source depot.
• INDEX.gz or INFO.gz are not older than the corresponding uncompressed INDEX or
INFO files.
The uncompressed INDEX or INFO file is accessed by the source agent if any problem
occurs when accessing, transferring, or uncompressing the INDEX.gz or INFO.gz file.
compression_type=gzip
Defines the default compression type used by the agent when it compresses files during or
after transmission. If uncompress_files is set to false, the compression_type
is recorded for each file compressed so that the correct uncompression can later be applied
during a swinstall , or a swcopy with uncompress_files set to true. The
compress_cmd specified must produce files with the compression_type specified.
The uncompress_cmd must be able to process files of the compression_type
specified unless the format is gzip , which is uncompressed by the internal uncompressor
(funzip ).
create_target_acls=true
If creating a target depot, swpackage will create Access Control Lists (ACLs) for the
depot (if it is new) and all products being packaged into it. If set to false , and if the user
is the superuser, swpackage will not create ACLs. (The swpackage command never
creates ACLs when software is packaged on to a distribution tape.)
distribution_source_directory=/var/spool/sw
Defines the default location of the source depot (when the source_type is directory).
You can also use the host :path syntax. The -s option overrides this default.
distribution_target_directory=/var/spool/sw
Defines the default distribution directory of the target depot. The target_selection operand
overrides this default.
distribution_target_serial=/dev/rmt/0m
Defines the default location of the target tape device file. The target_selection operand s
overrides this default.
enforce_dsa=true
Prevents a command from proceeding past the analysis phase if the disk space required is
beyond the available free space of the impacted file systems. If set to false , then the
install, copy, or package operation will use the file systems’ minfree space and may fail
because it reaches the file system’s absolute limit.
follow_symlinks=false
Do not follow symbolic links in the package source files, but include the symbolic links in
the packaged products. A value of true for this keyword causes swpackage to follow
symbolic links in the package source files and include the files they reference in the pack-
aged products.
include_file_revisions=false
Do not include each source file’s revision attribute in the products being packaged. Because
this operation is time consuming, by default the revision attributes are not included. If set
to true , swpackage will execute what(1) and possibly ident(1) (in that order) to try to
determine a file’s revision attribute.

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 513

 swpackage(1M) swpackage(1M)

layout_version=1.0
Specifies the POSIX layout_version to which the SD commands conform when writ-
ing distributions and swlist output. Supported values are "1.0" (default) and "0.8".
SD object and attribute syntax conforms to the layout_version 1.0 specification of the IEEE
POSIX 1387.2 Software Administration standard. SD commands still accept the keyword
names associated with the older layout version, but you should use
layout_version=0.8 only to create distributions readable by older versions of SD.
See the description of the layout_version option in sd(5) for more information.
log_msgid=0
Adds numeric identification numbers at the beginning of SD logfile messages:
0 (default) No identifiers are attached to messages.
1 Adds identifiers to ERROR messages only.
2 Adds identifiers to ERROR and WARNING messages.
3 Adds identifiers to ERROR, WARNING, and NOTE messages.
4 Adds identifiers to ERROR, WARNING, NOTE, and certain other informational mes-
sages.
logdetail=false
The logdetail option controls the amount of detail written to the log file. When set to
true , this option adds detailed task information (such as options specified, progress state-
ments, and additional summary information) to the log file. This information is in addition
to log information controlled by the loglevel option.
logfile=/var/adm/sw/sw<package>.log
Defines the default log file for the swpackage command.
loglevel=1
Controls the log level for the events logged to the command logfile, the target agent logfile,
and the source agent logfile. This information is in addition to the detail controlled by the
logdetail option. See logdetail for more information.
A value of:
0 provides no information to the log files.
1 enables verbose logging to the log files.
2 enables very verbose logging to the log files.
media_capacity=1330
If creating a distribution tape or multiple-directory media such as a CD-ROM, this keyword
specifies the capacity of the tape in one million byte units (not Mbytes). This option is
required if the media is not a DDS tape or a disk file. Without this option, swpackage
sets the size to the default of 1,330 Mbytes for tape or to the amount of free space on the
disk up to minfree for a disk file. SD uses the same format across multiple directory
media as it does for multiple serial media, including calculations of the correct size based
s partitioning of filesets and setting of the media_sequence_number attributes.
media_type=directory
Defines the type of distribution to create. The recognized types are directory and
tape .
package_in_place=false
If set to true , swpackage does not put the files that make up a product in the target
depot. Instead, swpackage inserts references to the original source files, saving disk
space.
reinstall_files=false
Controls the overwriting of files, which may enhance performance on slow networks or
disks. At the default value of false, SD compares each file in a source fileset to correspond-
ing files on the target system. SD compares the files based on size, timestamp, and (option-
ally) the checksum (see reinstall_files_use_cksum). If the files are identical the
files on the target system are not overwritten.
When set to true, SD does not compare files and overwrites any identical files on the target.
reinstall_files_use_cksum=false
Controls the use of checksum comparisons when the reinstall_files option is set to
false. At the default value of true, this option causes SD to compute and compare

514 Hewlett-Packard Company −6− HP-UX 11i Version 3: February 2007

swpackage(1M) swpackage(1M)

checksums to determine if a new file should overwrite an old file. Use of checksums slows
the comparison but is a more robust check for equivalency than size and time stamp.
If set to false, SD does not compute checksums and compares files only by size and times-
tamp.
run_as_superuser=true
This option controls SD’s nonprivileged mode. This option is ignored (treated as true) when
the invoking user is super-user.
When set to the default value of true, SD operations are performed normally, with permis-
sions for operations either granted to a local super-user or set by SD ACLs. (See swacl(1M)
for details on ACLs.)
When set to false and the invoking user is local and is not super-user, nonprivileged mode
is invoked:
• Permissions for operations are based on the user’s file system permissions.
• SD ACLs are ignored.
• Files created by SD have the uid and gid of the invoking user, and the mode of created
files is set according to the invoking user’s umask.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the admin_directory option.
software=
Defines the default software_selections. There is no supplied default. If there is more than
one software selection, they must be separated by spaces. Software is usually specified in a
software input file, as operands on the command line, or in the GUI.
source_file=psf
Defines the default location of the source product specification file (PSF). The host:path
syntax is not allowed, only a valid path can be specified. The -s option overrides this
value.
source_type=directory
Defines the default source type: cdrom , file , directory , or tape . The source type
derived from the -s option overrides this value.
targets=
Defines the default target_selections. There is no supplied default. If there is more than
one target selection, they must be separated by spaces. Targets are usually specified in a
target input file, as operands on the command line, or in the GUI. s
uncompress_cmd=
Defines the command to uncompress files when installing, copying, or packaging. This
command processes files which were stored on the media in a compressed format. If the
compression_type of the file is gzip then the internal uncompression (funzip ) is
used instead of the external uncompress_cmd.
verbose=
Controls the verbosity of a non-interactive command’s output:
0 disables output to stdout. (Error and warning messages are always written to stderr).
1 enables verbose messaging to stdout.
2 for swpackage and swmodify , enables very verbose messaging to stdout.
The -v option overrides this default if it is set to 0. Applies to all commands.
write_remote_files=false
Prevents file operations on remote (NFS) file systems. All files destined for packaging on
targets on a remote (NFS) file systems are skipped.
If set to true and if the superuser has write permission on the remote file system, the
remote files are not skipped.

HP-UX 11i Version 3: February 2007 −7− Hewlett-Packard Company 515

 swpackage(1M) swpackage(1M)

Session File
Each invocation of the swpackage command defines a packaging session. The invocation options, source
information, software selections, and target hosts are saved before the installation or copy task actually
commences. This lets you re-execute the command even if the session ends before proper completion.
Each session is saved to the file $HOME/.sw/sessions/swpackage.last. This file is overwritten
by each invocation of swpackage .
You can also save session information to a specific file by executing swpackage with the -C session__file
option.
A session file uses the same syntax as the defaults files. You can specify an absolute path for the session
file. If you do not specify a directory, the default location for a session file is $HOME/.sw/sessions/.
To re-execute a session file, specify the session file as the argument for the -S session__file option of
swpackage .
Note that when you re-execute a session file, the values in the session file take precedence over values in
the system defaults file. Likewise, any command line options or parameters that you specify when you
invoke swpackage take precedence over the values in the session file.

Environment Variables
The environment variable that affects swpackage is:
LANG Determines the language in which messages are displayed. If LANG is not specified or
is set to the empty string, a default value of C is used. See the lang(5) man page by
typing man 5 lang for more information.
NOTE: The language in which the SD agent and daemon log messages are displayed is
set by the system configuration variable script, /etc/rc.config.d/LANG. For
example, /etc/rc.config.d/LANG, must be set to LANG=ja_JP.SJIS or
LANG=ja_JP.eucJP to make the agent and daemon log messages display in
Japanese.
LC_ALL Determines the locale to be used to override any values for locale categories specified by
the settings of LANG or any environment variables beginning with LC_ .
LC_CTYPE Determines the interpretation of sequences of bytes of text data as characters (e.g.,
single-versus multibyte characters in values for vendor-defined attributes).
LC_MESSAGES
Determines the language in which messages should be written.
LC_TIME Determines the format of dates (create_date and mod_date) when displayed by swlist .
Used by all utilities when displaying dates and times in stdout , stderr , and log-
ging .
TZ Determines the time zone for use when displaying dates and times.
s
Signals
The swpackage command catches the signals SIGQUIT and SIGINT. If these signals are received, the
command prints a message, sends a Remote Procedure Call (RPC) to the agents to wrap up, and then exits.
The agent ignores SIGHUP, SIGINT, and SIGQUIT. It immediately exits gracefully after receiving
SIGTERM, SIGUSR1, or SIGUSR2. Killing the agent may leave corrupt software on the system, and thus
should only be done if absolutely necessary. Note that when an SD command is killed, the agent does not
terminate until completing the task in progress.
The daemon ignores SIGHUP, SIGINT and SIGQUIT. It immediately exits gracefully after receiving
SIGTERM and SIGUSR2. After receiving SIGUSR1, it waits for completion of a copy or remove from a
depot session before exiting, so that it can register or unregister depots if necessary. Requests to start new
sessions are refused during this wait.

Locking
SD commands use a common locking mechanism for reading and modifying both root directories and
software depots. This mechanism allows multiple readers but only one writer on a root or depot.
The SD commands which modify software in an (alternate) root directory are restricted from simultaneous
modification using fcntl(2) locking on the file

516 Hewlett-Packard Company −8− HP-UX 11i Version 3: February 2007

swpackage(1M) swpackage(1M)

var/adm/sw/products/swlock
relative to the root directory (e.g. /var/adm/sw/products/swlock).
The SD commands which modify software in a depot are restricted from simultaneous modification using
fcntl(2) locking on the file
catalog/swlock
relative to the depot directory (e.g. /var/spool/sw/catalog/swlock).
All commands set fcntl(2) read locks on roots and depots using the swlock file mentioned above. When a
read lock is set, it prevents other SD commands from performing modifications (i.e. from setting write
locks).

PRODUCT SPECIFICATION FILE

This section summarizes the product_specification_file (PSF) which drives the swpackage session. See
swpackage(4) for a detailed description of PSF syntax and semantics.
A PSF is structured as follows:
[depot specification]
[vendor specification]
[category specification]
[bundle specification]
[product specification]
[control script specification]
[subproduct specification]
[fileset specification]
[control script specification]
[file specification]
[fileset specification]
...
[product specification]
...
If errors encountered while parsing the PSF result in no valid product definitions, swpackage ter-
minates. All errors are logged to both stderr and the logfile. In summary, the swpackage user can:
• Specify one or more products;
• For each product, specify one or more filesets.
• For each fileset, specify one or more files.
• (optional) Specify attributes for the target depot/tape;
• (optional) Specify one or more bundles, defining the bundle contents;
• (optional) Specify vendor information for products and bundles;
• (optional) Specify category information for products, bundles and patches.
• (optional) For each product, specify one or more subproducts, defining the subproduct contents;
• (optional) For each product or fileset, specify one or more control scripts. s
RETURN VALUES
The swpackage command returns:
0 The products specified in the product_specification_file were successfully packaged into the tar-
get depot/tape.
1 An error occurred during the swpackage session (e.g. bad syntax in the
product_specification_file.) Review stderr or the log file for details.

DIAGNOSTICS
The swpackage command writes to stdout, stderr, and to the logfile.

Standard Output
The swpackage command writes messages for significant events. These include:
• a begin and end session message,
• selection, analysis, packaging, and tape creation messages.

HP-UX 11i Version 3: February 2007 −9− Hewlett-Packard Company 517

 swpackage(1M) swpackage(1M)

Standard Error
The swpackage command writes messages for all WARNING and ERROR conditions to stderr.

Logfile
The swpackage command logs detailed events to the log file /var/adm/sw/swpackage.log. The
user can specify a different logfile by modifying the logfile option.

EXAMPLES
Package the products defined in the PSF products into the default target depot:
swpackage -s products
Preview the same operation (do not create the target depot), and generate very verbose output:
swpackage -p -vv -s products
Package the products into the target depot no_files, insert references to the source files instead of copying
them into the depot:
swpackage -s products -x package_in_place=true @ no_files
Re-package a specific fileset:
swpackage -s products -x package_in_place=true product.fileset @ no_files
Re-package the entire contents of the depot /var/spool/sw onto the tape at /dev/rmt/0m :
swpackage -s /var/spool/sw -x media_type=tape @ /dev/rmt/0m
FILES
/dev/rmt/0m
The default location of a source and target tape. (Note that SD can read both tar and cpio tape
depots.)
$HOME/.swdefaults
Contains the user-specific default values for some or all SD options.
$HOME/.sw/sessions/
Contains session files automatically saved by the SD commands, or explicitly saved by the user.
/usr/lib/sw/sys.defaults
Contains the master list of current SD options with their default values.
/var/adm/sw/
The directory which contains all of the configurable and non-configurable data for SD. This directory
is also the default location of logfiles.
/var/adm/sw/defaults
Contains the active system-wide default values for some or all SD options.
s /var/spool/sw/
The default location of a source and target software depot.

AUTHOR
swpackage was developed by the Hewlett-Packard Company and Mark H. Colburn (see pax(1)).
SEE ALSO
sd(4), swpackage(4), sd(5).
Software Distributor Administration Guide, available at http://docs.hp.com.
SD customer web site at http://docs.hp.com/en/SD/.

518 Hewlett-Packard Company − 10 − HP-UX 11i Version 3: February 2007

swreg(1M) swreg(1M)

NAME
swreg - register or unregister depots and roots

SYNOPSIS
swreg -l level [-u] [-v] [-C session_file] [-f object_file] [-S session_file] [-t target_file]
[-x option=value] [-X option_file] [objects_to_(un)register] [@ target_selections]

Remarks
• This command supports operations on remote systems. See Remote Operation below.
• For an overview of all SD commands, see the sd(5) man page by typing man 5 sd on the com-
mand line.

DESCRIPTION
The swreg command controls the visibility of depots and roots to users who are performing software
management tasks. It must be used to register depots created by swpackage .
By default, the swcopy command registers newly created depots. By default, the swinstall com-
mand registers newly created alternate roots (the root, /, is not automatically registered). The
swremove command unregisters a depot, or root, when or if the depot is empty. The user invokes
swreg to explicitly (un)register a depot when the automatic behaviors of swcopy , swinstall ,
swpackage , and swremove do not suffice. For example:
• Making a CD-ROM or other removable media available as a registered depot.
• Registering a depot created directly by swpackage .
• Unregistering a depot without removing it with swremove .

Remote Operation
You can enable SD to manage software on remote systems. To let the root user from a central SD con-
troller (also called the central management server or manager node) perform operations on a remote target
(also called the host or agent):
1) Set up the root, host, and template Access Control Lists (ACLs) on the remote machines to permit root
access from the controller system. To do this, run the following command on each remote system:
/usr/lib/sw/mx/setaccess controller
NOTES:
• controller is the name of the central management server.
• If remote system is 11.00, make sure SD patch PHCO_22526 or a superseding patch is installed on
remote system before running setaccess .
• If remote system is older than 11.00 or for some other reason does not have setaccess in place,
copy setaccess script from an 11.11 or higher system to the remote system. s
2) swinstall , swcopy , and swremove have enhanced GUI interfaces for remote operations. Enable
the enhanced GUIs by creating the .sdkey file on the controller. Use this command:
touch /var/adm/sw/.sdkey
See sd(5), swinstall(1M), swcopy(1M), swjob(1M), swlist(1M), or swremove (1M) for more information
on interactive operations.
NOTE: You can also set up remote access by using swacl directly on the remote machines to grant root or
non-root access to users from the controller system.

Options
The swreg command supports the following options:
-l level Specify the level of the object to register or unregister. Exactly one level must be
specified. The supported levels are:
depot The object to be registered is a depot.
root The object to be registered is a root.
shroot The object to register is a shared root (HP-UX 10.X only).
prroot The object to register is a private root (HP-UX 10.X only).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 519

 swreg(1M) swreg(1M)

-u Causes swreg to unregister the specified objects instead of registering them.

-v Turns on verbose output to stdout. (The swreg logfile is not affected by this option.)
Verbose output is enabled by default, see the verbose option below.
-C session_file
Save the current options and operands to session_file. You can enter a relative or
absolute path with the file name. The default directory for session files is
$HOME/.sw/sessions/. You can recall a session file with the -S option.
-f object_file Read the list of depot or root objects to register or unregister from object_file instead
of (or in addition to) the command line.
-S session_file
Execute swreg based on the options and operands saved from a previous session, as
defined in session_file. You can save session information to a file with the -C option.
-t target_file Read the list of target hosts on which to register the depot or root objects from
target_file instead of (or in addition to) the command line.
-x option=value
Set the session option to value and override the default value (or a value in an alter-
nate option_file specified with the -X option). Multiple -x options can be specified.
-X option_file Read the session options and behaviors from option_file.
Operands
The swreg command supports the following syntax for each object_to_register:
path
Each operand specifies an object to be registered or unregistered.
The swreg command supports the following syntax for each target_selection:
[host]

EXTERNAL INFLUENCES
Default Options
In addition to the standard options, several SD behaviors and policy options can be changed by editing the
default values found in:
/var/adm/sw/defaults the system-wide default values.
$HOME/.swdefaults the user-specific default values.
Values must be specified in the defaults file using this syntax:
[command_name.]option=value
s The optional command_name prefix denotes one of the SD commands. Using the prefix limits the change
in the default value to that command. If you leave the prefix off, the change applies to all commands.
You can also override default values from the command line with the -x or -X options:
command -x option =value
command -X option_file
The following list describes keywords supported by the swreg command. If a default value exists, it is
listed after the =.
admin_directory=/var/adm/sw (for normal mode)
admin_directory=/var/home/LOGNAME/sw (for nonprivileged mode)
The location for SD logfiles and the default parent directory for the installed software cata-
log. The default value is /var/adm/sw for normal SD operations. When SD operates in
nonprivileged mode (that is, when the run_as_superuser default option is set to
true ):
• The default value is forced to /var/home/LOGNAME/sw.
• The path element LOGNAME is replaced with the name of the invoking user, which SD
reads from the system password file.

520 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

swreg(1M) swreg(1M)

• If you set the value of this option to HOME/ path, SD replaces HOME with the invoking
user’s home directory (from the system password file) and resolves path relative to that
directory. For example, HOME/my_admin resolves to the my_admin directory in
your home directory.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the run_as_superuser option.
distribution_target_directory=/var/spool/sw
Defines the location of the depot object to register if no objects are specified and the -l
option is specified.
level= Defines the default level of objects to register or unregister. The valid levels are:
depot Depots which exist at the specified target hosts.
root All alternate roots.
shroot All registered shared roots (HP-UX 10.X only).
prroot All registered private roots (HP-UX 10.X only).
log_msgid=0
Adds numeric identification numbers at the beginning of SD logfile messages:
0 (default) No identifiers are attached to messages.
1 Adds identifiers to ERROR messages only.
2 Adds identifiers to ERROR and WARNING messages.
3 Adds identifiers to ERROR, WARNING, and NOTE messages.
4 Adds identifiers to ERROR, WARNING, NOTE, and certain other informational mes-
sages.
logfile=/var/adm/sw/swreg.log
Specifies the default command log file for the swreg command.
logdetail=false[true]
The logdetail option controls the amount of detail written to the log file. When set to
true , this option adds detailed task information (such as options specified, progress state-
ments, and additional summary information) to the log file. This information is in addition
to log information controlled by the loglevel option. See the sd(5) man page for addi-
tional information by typing man 5 sd .
loglevel=1
Controls the log level for the events logged to the command logfile, the target agent logfile,
and the source agent logfile. This information is in addition to the detail controlled by the
logdetail option. (See also logdetail .) A value of
0 provides no information to the logfile.
1 enables verbose logging to the logfiles. s
2 enables very verbose logging to the logfiles.
objects_to_register=
Defines the default objects to register or unregister. There is no supplied default (see
distribution_target_directory above). If there is more than one object, they
must be separated by spaces.
rpc_binding_info=ncacn_ip_tcp:[2121] ncadg_ip_udp:[2121]
Defines the protocol sequence(s) and endpoint(s) on which the daemon listens and which the
other commands use to contact the daemon. If the connection fails for one protocol
sequence, the next is attempted. SD supports both the tcp (ncacn_ip_tcp:[2121])
and udp (ncadg_ip_udp:[2121]) protocol sequence on most platforms.
See the sd(5) man page by typing man 5 sd for details on specifying this option.
rpc_timeout=5
Relative length of the communications timeout. This is a value in the range from 0 to 9 and
is interpreted by the DCE RPC. Higher values mean longer times; you may need a higher
value for a slow or busy network. Lower values will give faster recognition on attempts to
contact hosts that are not up or are not running swagentd . Each value is approximately
twice as long as the preceding value. A value of 5 is about 30 seconds for the

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 521

 swreg(1M) swreg(1M)

ncadg_ip_udp protocol sequence. This option may not have any noticeable impact when
using the ncacn_ip_tcp protocol sequence.
run_as_superuser=true
This option controls SD’s nonprivileged mode. This option is ignored (treated as true) when
the invoking user is super-user.
When set to the default value of true, SD operations are performed normally, with permis-
sions for operations either granted to a local super-user or set by SD ACLs. (See swacl(1M)
for details on ACLs.)
When set to false and the invoking user is local and is not super-user, nonprivileged mode
is invoked:
• Permissions for operations are based on the user’s file system permissions.
• SD ACLs are ignored.
• Files created by SD have the uid and gid of the invoking user, and the mode of created
files is set according to the invoking user’s umask.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the admin_directory option.
select_local=true
If no target_selections are specified, select the default
distribution_target_directory of the local host as the target_selection for the
command.
targets=
Defines the default target hosts on which to register or unregister the specified root or
depot objects. There is no supplied default (see select_local above). If there is more
than one target selection, they must be separated by spaces.
verbose=1
Controls the verbosity of the swreg output (stdout). A value of
0 disables output to stdout. (Error and warning messages are always written to stderr).
1 enables verbose messaging to stdout.
Session File
Each invocation of the swreg command defines a registration session. The invocation options, source
information, software selections, and target hosts are saved before the installation or copy task actually
commences. This lets you re-execute the command even if the session ends before proper completion.
s Each session is saved to the file $HOME/.sw/sessions/swreg.last. This file is overwritten by
each invocation of swreg .
You can also save session information to a specific file by executing swreg with the -C session__file
option.
A session file uses the same syntax as the defaults files. You can specify an absolute path for the session
file. If you do not specify a directory, the default location for a session file is $HOME/.sw/sessions/.
To re-execute a session file, specify the session file as the argument for the -S session__file option of
swreg .
Note that when you re-execute a session file, the values in the session file take precedence over values in
the system defaults file. Likewise, any command line options or parameters that you specify when you
invoke swreg take precedence over the values in the session file.

Environment Variables
SD programs are affected by external environment variables.
SD programs that execute control scripts set environment variables for use by the control scripts.
In addition, swinstall sets environment variables for use when updating the HP-UX operating system
and modifying the HP-UX configuration.

522 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

swreg(1M) swreg(1M)

The environment variables that affect the swreg command are:

LANG Determines the language in which messages are displayed. If LANG is not specified or
is set to the empty string, a default value of C is used. See the lang(5) man pages by
typing man 5 lang for more information.
NOTE: The language in which the SD agent and daemon log messages are displayed is
set by the system configuration variable script, /etc/rc.config.d/LANG. For
example, /etc/rc.config.d/LANG, must be set to LANG=ja_JP.SJIS or
LANG=ja_JP.eucJP to make the agent and daemon log messages display in
Japanese.
LC_ALL Determines the locale to be used to override any values for locale categories specified by
the settings of LANG or any environment variables beginning with LC_ .
LC_CTYPE Determines the interpretation of sequences of bytes of text data as characters (e.g.,
single-versus multibyte characters in values for vendor-defined attributes).
LC_MESSAGES
Determines the language in which messages should be written.
LC_TIME Determines the format of dates (create_date and mod_date) when displayed by swlist .
Used by all utilities when displaying dates and times in stdout , stderr , and log-
ging .
TZ Determines the time zone for use when displaying dates and times.

Signals
The swreg command catches the signals SIGQUIT and SIGINT. If these signals are received, swreg
prints a message, sends a Remote Procedure Call (RPC) to the daemons to wrap up, and then exits.

RETURN VALUES
The swreg command returns:
0 The objects_to_register were successfully (un)registered.
1 The register or unregister operation failed on all target_selections.
2 The register or unregister operation failed on some target_selections.

DIAGNOSTICS
The swreg command writes to stdout, stderr, and to the daemon logfile.

Standard Output
The swreg command writes messages for significant events. These include:
• a begin and end session message,
• selection and execution task messages for each target_selection.

Standard Error
s
The swreg command writes messages for all WARNING and ERROR conditions to stderr.

Logging
The swreg command logs summary events at the host where the command was invoked. It logs events
about each (un)register operation to the swagentd logfile associated with each target_selection.

swagentd Disabled
If the swagentd daemon has been disabled on the host, it can be enabled by the host’s system administra-
tor by setting the SW_ENABLE_SWAGENTD entry in /etc/rc.config.d/swconfig to 1 and exe-
cuting /usr/sbin/swagentd -r .

EXAMPLES
Create a new depot with swpackage , then register it with swreg :
swpackage -s psf -d /var/spool/sw
swreg -l depot /var/spool/sw
Unregister the default depot at several hosts:

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 523

 swreg(1M) swreg(1M)

swreg -u -l depot /var/spool/sw @ hostA hostB hostC

Unregister a specific depot at the local host:
swreg -u -l depot /cdrom
FILES
$HOME/.swdefaults
Contains the user-specific default values for some or all SD options.
/usr/lib/sw/sys.defaults
Contains the master list of current SD options with their default values.
/var/adm/sw/
The directory which contains all of the configurable and non-configurable data for SD. This direc-
tory is also the default location of logfiles.
/var/adm/sw/defaults
Contains the active system-wide default values for some or all SD options.
/var/adm/sw/host_object
The file which stores the list of depots registered at the local host.

AUTHOR
swreg was developed by the Hewlett-Packard Company.
SEE ALSO
swacl(1M), swagentd(1M), swask(1M), swconfig(1M), swcopy(1M), swinstall(1M), swjob(1M), swlist(1M),
swmodify(1M), swpackage(1M), swremove(1M), swverify(1M), install-sd(1M), sd(4), swpackage(4), sd(5),
Software Distributor Administration Guide, available at http://docs.hp.com.
SD customer web site at http://docs.hp.com/en/SD/.

524 Hewlett-Packard Company −6− HP-UX 11i Version 3: February 2007

swremove(1M) swremove(1M)

NAME
swremove - unconfigure and remove software products

SYNOPSIS
swremove [XToolkit Options] [-d|-r] [-i] [-p] [-v] [-C session_file] [-f software_file]
[-J jobid] [-Q date] [-S session_file] [-t target_file] [-x option=value] [-X option_file]
[software_selections] [@ target_selections]

Remarks
• swremove supports an interactive user interface (GUI) that can be invoked alone or by the sd
command. See Interactive Operation below.
• This command supports operations on remote systems. See Remote Operation below.
• For an overview of all SD commands, see the sd(5) man page by typing man 5 sd on the com-
mand line.

DESCRIPTION
The swremove command removes software_selections from target_selections (e.g. root file systems).
When removing installed software, swremove also unconfigures the software before it is removed. The
software is not unconfigured when removed from an alternate root directory since it was not configured
during installation. When removing available software (within a depot), swremove also does not perform
the unconfiguration task.
NOTE : Selecting a bundle for removal does not always remove all filesets in that bundle. If a particular
fileset is required by another bundle, that fileset will not be removed. For example, if the bundles Pas-
cal and FORTRAN both use the fileset Debugger.Run and you try to remove FORTRAN , the fileset
Debugger.Run will not be removed because it is also used by the bundle Pascal . This prevents the remo-
val of one bundle from inadvertently causing the removal of filesets needed by another bundle.

Remote Operation
You can enable Software Distributor (SD) to manage software on remote systems. To let the root user from
a central SD controller (also called the central management server or manager node) perform operations on
a remote target (also called the host or agent):
1) Set up the root, host, and template Access Control Lists (ACLs) on the remote machines to permit root
access from the controller system. To do this, run the following command on each remote system:
/usr/lib/sw/mx/setaccess controller
NOTES:
• controller is the name of the central management server.
• If remote system is 11.00, make sure SD patch PHCO_22526 or a superseding patch is installed on
remote system before running setaccess .
• If remote system is older than 11.00 or for some other reason does not have setaccess in place,
s
copy setaccess script from an 11.11 or higher system to the remote system.
2) swinstall , swcopy , and swremove have enhanced GUI interfaces for remote operations. Enable
the enhanced GUIs by creating the .sdkey file on the controller. Use this command:
touch /var/adm/sw/.sdkey
NOTE: You can also set up remote access by using the swacl directly on the remote machines to grant
root or non-root access to users from the controller system.

Interactive Operation
swremove supports a graphical user interface (GUI) or a terminal user interface (in which screen naviga-
tion is done with the keyboard and no mouse) if your terminal or display cannot support the GUI.
To invoke the GUI, type
swremove on the command line (without command-line arguments) or include -i with any other
command-line options when you invoke swremove from the command line.
The sd command provides an interactive interface for monitoring software jobs. You can also use it to
invoke the swinstall , swcopy , or swremove GUIs.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 525

 swremove(1M) swremove(1M)

If you have enabled SD’s central management features, swinstall , swcopy , and swremove provide
enhanced GUIs to support operations on remote machines. See Remote Operations above.

Removing Patches or Patch Rollback Files

To remove patch software, rollback files corresponding to the patch must be available for rollback. You
must remove the base software modified by the patch. (Removing the base software also removes the
patches associated with that software.)
To commit (make permanent) a patch, use the swmodify command’s patch_commit option to remove
the files saved for patch rollback, or use the swinstall command’s save_patch_files option to not save
them initially. See swmodify(1M) and swinstall(1M) for more information.

Control Scripts
When removing installed software, the swremove command executes several vendor-supplied scripts (if
they exist) during the removal of the software_selections. The swremove command supports the follow-
ing scripts:
checkremove
a script executed during the analysis of each target_selection, it checks to make sure the removal
can be attempted. If this check fails, the software product will not be removed.
preremove
a script executed immediately before the software files are removed.
postremove
a script executed immediately after the software files are removed.
unconfigure
a script executed during the unconfiguration of each target_selection, it unconfigures the host for
the software (and the software for the host). The preremove and postremove scripts are
not intended for unconfiguration tasks. They are to be used for simple file management needs
such as restoring files moved during install. The unconfigure script allows the swremove
command to unconfigure the hosts on which it has been running before removing the software
specified.

Options
The swremove supports the following options:
XToolKit Options
The swremove command supports a subset of the standard X Toolkit options to con-
trol the appearance of the GUI. The supported options are: -bg , -background ,
-fg, -foreground , -display , -name , -xrm , and -synchronous . See the
X(1) manual page for a definition of these options.
-d Operate on a depot rather than installed software.
s -r Operates on an alternate root directory, which must be specified in the @
target_selections option. Note that unconfigure scripts are not run when removing
software from an alternate root directory. (This option is not required for alternate
root operations but is maintained for backward compatibility. See the Alternate Root
Directory and Depot Directory heading in sd(5) for more information.)
-i Runs the command in interactive mode (Graphical User Interface). See the Interac-
tive Operation and Remote Operation headings above for additional details.
-p Previews a remove task by running the session through the analysis phase only.
-v Turns on verbose output to stdout. (The swremove log file is not affected by this
option.) Verbose output is controlled by the default verbose=x .
-C session_file
Save the current options and operands to session_file. You can enter a relative or
absolute path with the file name. The default directory for session files is
$HOME/.sw/sessions/. You can recall a session file with the -S option.
-f software_file
Read the list of software_selections from software_file instead of (or in addition to) the
command line.

526 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

swremove(1M) swremove(1M)

-J jobid Executes a previously scheduled job. This is the syntax used by the daemon to start
the job.
-Q date Schedules a job for the specified date. You can change the date format by modifying
the file /var/adm/sw/getdate.templ.
-S session_file
Execute swremove based on the options and operands saved from a previous ses-
sion, as defined in session_file. You can save session information to a file with the -C
option.
-t target_file Read the list of target_selections from target_file instead of (or in addition to) the com-
mand line.
-x option=value
Set the session option to value and override the default value (or a value in an alter-
nate option_file specified with the -X option). Multiple -x options can be specified.
-X option_file Read the session options and behaviors from option_file.
Operands
swremove supports two types of operands: software selections followed by target selections. These
operands are separated by the "at" (@) character. This syntax implies that the command operates on
"software selections at targets".

Software Selections
The selections operands consist of software_selections.
swremove supports the following syntax for each software_selection:
bundle[.product[.subproduct][.fileset]][,version ]
product[.subproduct][.fileset][,version ]
• The = (equals) relational operator lets you specify selections with the following shell wildcard and
pattern-matching notations:
[ ], *, ?
For example, the following expression removes all bundles and products with tags that end with
"man":
swremove sw_server *man
• Bundles and subproducts are recursive. Bundles can contain other bundles and subproducts can
contain other subproducts. For example:
swremove bun1.bun2.prod.sub1.sub2.fset,r=1.0
or (using expressions): s
swremove bun[12].bun?.prod.sub*,a=HP-UX
• The \* software specification selects all products. Use this specification with caution.
The version component has the form:
[,r <op> revision][,a <op> arch][,v <op> vendor]
[,c <op> category ][,q= qualifier][,l= location]
[,fr <op> revision][,fa <op> arch]
• location applies only to installed software and refers to software installed to a location other than
the default product directory.
• fr and fa apply only to filesets.
• r , a , v , c , and l apply only to bundles and products. They are applied to the leftmost bundle
or product in a software specification.
• The <op> (relational operator) component can be of the form:
=, ==, >=, <=, <, >, or !=
which performs individual comparisons on dot-separated fields.

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 527

 swremove(1M) swremove(1M)

For example, r>=B.10.00 chooses all revisions greater than or equal to B.10.00 . The system
compares each dot-separated field to find matches. Shell patterns are not allowed with these
operators.
• The = (equals) relational operator lets you specify selections with the shell wildcard and pattern-
matching notations:
[ ], *, ?, !
For example, the expression r=1[01].* returns any revision in version 10 or version 11.
• All version components are repeatable within a single specification (e.g. r>=A.12 , r<A.20 ). If
multiple components are used, the selection must match all components.
• Fully qualified software specs include the r= , a= , and v= version components even if they contain
empty strings.
• No space or tab characters are allowed in a software selection.
• The software instance_id can take the place of the version component. It has the form:
[instance_id]
within the context of an exported catalog, where instance_id is an integer that distinguishes ver-
sions of products and bundles with the same tag.
Target Selections
swremove supports the following syntax for each target_selection:
[host ][:][/directory ]
The colon (:) is required if both a host and directory are specified.
EXTERNAL INFLUENCES
Default Options
In addition to the standard options, you can change swremove behavior and policy options by editing the
default values found in:
/var/adm/sw/defaults the system-wide default values.
$HOME/.swdefaults the user-specific default values.
Values must be specified in the defaults file using this syntax:
[command_name.]option=value
The optional command_name prefix denotes one of the SD commands. Using the prefix limits the change
in the default value to that command. If you leave the prefix off, the change applies to all commands.
You can also override default values from the command line with the -x or -X options:
command -x option =value
s command -X option_file
The following section lists all of the keywords supported by swremove . If a default value exists, it is
listed after the "=".
The policy options that apply to swremove are:
admin_directory=/var/adm/sw (for normal mode)
admin_directory=/var/home/LOGNAME/sw (for nonprivileged mode)
The location for SD logfiles and the default parent directory for the installed software cata-
log. The default value is /var/adm/sw for normal SD operations. When SD operates in
nonprivileged mode (that is, when the run_as_superuser default option is set to
true ):
• The default value is forced to /var/home/LOGNAME/sw.
• The path element LOGNAME is replaced with the name of the invoking user, which SD
reads from the system password file.
• If you set the value of this option to HOME/ path, SD replaces HOME with the invoking
user’s home directory (from the system password file) and resolves path relative to that
directory. For example, HOME/my_admin resolves to the my_admin directory in
your home directory.

528 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

swremove(1M) swremove(1M)

• If you set the value of the installed_software_catalog default option to a

relative path, that path is resolved relative to the value of this option.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the installed_software_catalog and run_as_superuser options.
agent_auto_exit=true
Causes the target agent to automatically exit after Execute phase, or after a failed Analysis
phase. This is forced to false when the controller is using an interactive user interface,
or when -p (preview) is used. This enhances network reliability and performance. The
default value of true causes the target agent to automatically exit when appropriate.
When set to false , the target agent will not exit until the controller ends the session.
agent_timeout_minutes=10000
Causes a target agent to exit if it has been inactive for the specified time. This can be used
to make target agents more quickly detect lost network connections since RPC can take as
long as 130 minutes to detect a lost connection. The recommended value is the longest
period of inactivity expected in your environment. For command line invocation, a value
between 10 minutes and 60 minutes is suitable. A value of 60 minutes or more is recom-
mended when the GUI will be used. The default of 10000 is slightly less than 7 days.
allow_split_patches=false
Permits the use of single patch filesets without "sibling" filesets. In the default state of
false , removal of a single fileset from a multi-fileset patch automatically includes any
other fileset that are part of the patch, based on the ancestor filesets of the target fileset.
(This behavior applies to filesets selected directly by the user and to filesets automatically
selected by SD to resolve software dependencies.)
When set to true , SD allows a single patch fileset to be removed without including the
sibling filesets. This allows a target to contain a patch that has been "split" into its com-
ponent filesets. WARNING: Splitting a patch can create a situation in which one fileset in a
sibling group would be removed by a patch, while the other filesets would not.
auto_kernel_build=true
Normally set to true. Specifies whether the removal of a kernel fileset should rebuild the
kernel or not. If the kernel rebuild succeeds, the system automatically reboots. If set to
false, the system continues to run the current kernel.
If the auto_kernel_build option is set to true , the autoreboot option must also
be set to true . If the auto_kernel_build option is set to false , the value of the
autoreboot option does not matter.
autoreboot=false
Prevents the removal of software requiring a reboot from the non-interactive interface. If
s
set to true , then this software can be removed and the target system(s) will be automati-
cally rebooted.
An interactive session always asks for confirmation before software requiring a reboot is
removed.
If the auto_kernel_build option is set to true , the autoreboot option must also
be set to true . If the auto_kernel_build option is set to false , the value of the
autoreboot option does not matter.
autoremove_job=false
Controls automatic job removal. If the job is automatically removed, job information (job
status or controller/agent log files) cannot be queried with swjob .
autoselect_dependents=false
Automatically selects all software that depends on the specified software. When set to
true , and any software that other software depends on is selected for removal,
swremove automatically selects that other software. If set to false , automatic selec-
tions are not made to resolve requisites.

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 529

 swremove(1M) swremove(1M)

autoselect_reference_bundles=true
If true , bundles that have the is_sticky attribute set to true will be automatically
removed when the last of its contents is removed. If false , the sticky bundles will not be
automatically removed.
compress_index=false
Determines whether SD commands create compressed INDEX and INFO catalog files when
writing to target depots or roots. The default of false does not create compressed files.
When set to true , SD creates compressed and uncompressed INDEX and INFO files. The
compressed files are named INDEX.gz and INFO.gz , and reside in the same directories
as the uncompressed files.
Compressed files can enhance performance on slower networks, although they may
increase disk space usage due to a larger Installed Products Database and depot catalog.
SD controllers and target agents for HP-UX 11.01 and higher automatically load the
compressed INDEX and INFO files from the source agent when:
• The source agent supports this feature.
• INDEX.gz or INFO.gz exist on the source depot.
• INDEX.gz or INFO.gz are not older than the corresponding uncompressed INDEX or
INFO files.
The uncompressed INDEX or INFO file is accessed by the source agent if any problem
occurs when accessing, transferring, or uncompressing the INDEX.gz or INFO.gz file.
controller_source=
Specifies the location of a depot for the controller to access to resolve selections. Setting
this option can reduce network traffic between the controller and the target. Use the target
selection syntax to specify the location:
[host][:][path]
This option has no effect on which sources the target uses and is ignored when used with
the Interactive User Interface.
distribution_target_directory=/var/spool/sw
Defines the default location of the target depot.
enforce_dependencies=true
Requires that all dependencies specified by the software_selections be resolved at the
target_selections. For swremove , if a selected fileset has dependents (i.e. other software
depends on the fileset) and they are not selected, do not remove the selected filesets. If set
to false , dependencies will still be checked, but not enforced.
enforce_scripts=true
Controls the handling of errors generated by scripts. If true , and a script returns an
s error, the swremove operation halts. An error message appears reporting that the exe-
cution phase failed. If false , all script errors are treated as warnings, and swremove
attempts to continue operation. A warning message appears reporting that the execution
succeeded. The message wording identifies whether the failure occurred in the
configure/unconfigure, checkremove, preremove, or postremove phases.
force_single_target=false
This option applies only to the Interactive User Interface when no SD-OV license is in effect
on a system that is a diskless server. It causes swremove to run in a single target mode,
even though a diskless server normally causes swremove to run in multi-target mode.
installed_software_catalog=products
Defines the directory path where the Installed Products Database (IPD) is stored. This
information describes installed software. When set to an absolute path, this option defines
the location of the IPD. When this option contains a relative path, the SD controller
appends the value to the value specified by the admin_directory option to determine
the path to the IPD. For alternate roots, this path is resolved relative to the location of the
alternate root. This option does not affect where software is installed, only the IPD loca-
tion.
This option permits the simultaneous installation and removal of multiple software applica-
tions by multiple users or multiple processes, with each application or group of applications

530 Hewlett-Packard Company −6− HP-UX 11i Version 3: February 2007

swremove(1M) swremove(1M)

using a different IPD.

Caution: use a specific installed_software_catalog to manage a specific applica-
tion. SD does not support multiple descriptions of the same application in multiple IPDs.
See also the admin_directory and run_as_superuser options, which control SD’s
nonprivileged mode. (This mode is intended only for managing applications that are spe-
cially designed and packaged. This mode cannot be used to manage the HP-UX operating
system or patches to it. For a full explanation of nonprivileged SD, see the Software Distri-
butor Administration Guide, available at the http://docs.hp.com web site.)
job_title=
Specifies an ASCII string giving a title to a job. It is displayed along with the job ID to pro-
vide additional identifying information about a job when swjob is invoked.
log_msgid=0
Adds numeric identification numbers at the beginning of SD logfile messages:
0 (default) No identifiers are attached to messages.
1 Adds identifiers to ERROR messages only.
2 Adds identifiers to ERROR and WARNING messages.
3 Adds identifiers to ERROR, WARNING, and NOTE messages.
4 Adds identifiers to ERROR, WARNING, NOTE, and certain other informational mes-
sages.
logdetail=false
Controls the amount of detail written to the log file. When set to true , this option adds
detailed task information (such as options specified, progress statements, and additional
summary information) to the log file. This information is in addition to log information con-
trolled by the loglevel option.
See the loglevel option and the sd(5) manual page for more information.
logfile=/var/adm/sw/swremove.log
This is the default command log file for the swremove command.
loglevel=1
Controls the log level for the events logged to the command logfile, the target agent logfile,
and the source agent logfile. This information is in addition to the detail controlled by the
logdetail option.
0 provides no information to the logfile.
1 enables verbose logging to the log files.
2 enables very verbose logging to the log files.
See the logdetail option and the sd(5) manual page for more information.
mount_all_filesystems=true
By default, the swremove command attempts to automatically mount all filesystems in
the /etc/fstab file at the beginning of the analysis phase, to ensure that all listed
s
filesystems are mounted before proceeding. This policy helps to ensure that files which
may be on mounted filesystems are available to be removed.
If set to false , the mount operation is not attempted, and no check of the current mounts
is performed.
polling_interval=2
Defines the polling interval used by the Interactive UI of the controller. It specifies how
often each target agent will be polled to obtain status information about the task being per-
formed. When operating across wide-area networks, the polling interval can be increased
to reduce network overhead.
remove_empty_depot=true
Controls whether a depot is removed once the last product/bundle has been removed. If the
depot is removed, the depot’s swagent.log and directory structure are not removed by
default. If the swagent.log and directory should be removed, the
remove_empty_depot_directory option must also be set to true. Useful to set
to false if you want to retain existing depot ACLs for subsequent depot reuse.
remove_empty_depot_directory=false
Controls whether a depot’s swagent.log file and directory are also removed when the

HP-UX 11i Version 3: February 2007 −7− Hewlett-Packard Company 531

 swremove(1M) swremove(1M)

depot itself is removed. The swagent.log and directory will be removed if this option is
set to true, the remove_empty_depot option is set to true and the last
product/bundle has been removed from the depot.
rpc_binding_info=ncacn_ip_tcp:[2121] ncadg_ip_udp:[2121]
Defines the protocol sequence(s) and endpoint(s) on which the daemon listens and the other
commands contact the daemon. If the connection fails for one protocol sequence, the next
is attempted. SD supports both the tcp (ncacn_ip_tcp:[2121]) and udp
(ncadg_ip_udp:[2121]) protocol sequence on most platforms.
See the sd(5) manual page (type man 5 sd ) for more information.
rpc_timeout=5
Relative length of the communications timeout. This is a value in the range from 0 to 9 and
is interpreted by the DCE RPC. Higher values mean longer times; you may need a higher
value for a slow or busy network. Lower values give faster recognition on attempts to con-
tact hosts that are not up or not running swagentd . Each value is approximately twice
as long as the preceding value. A value of 5 is about 30 seconds for the ncadg_ip_udp
protocol sequence. This option may not have any noticeable impact when using the
ncacn_ip_tcp protocol sequence.
run_as_superuser=true
This option controls SD’s nonprivileged mode. This option is ignored (treated as true) when
the invoking user is super-user.
When set to the default value of true, SD operations are performed normally, with permis-
sions for operations either granted to a local super-user or set by SD ACLs. (See swacl(1M)
for details on ACLs.)
When set to false and the invoking user is local and is not super-user, nonprivileged mode
is invoked:
• Permissions for operations are based on the user’s file system permissions.
• SD ACLs are ignored.
• Files created by SD have the uid and gid of the invoking user, and the mode of created
files is set according to the invoking user’s umask.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the admin_directory and installed_software_catalog options.
software=
Defines the default software_selections. There is no supplied default. If there is more than
s one software selection, they must be separated by spaces.
software_view=products
Indicates the software view to be used by the Interactive UI of the controller. It can be set
to products , all_bundles , or a bundle category tag to indicate to show only bundles
of that category.
targets=
Defines the default target_selections. There is no supplied default (see select_local
above). If there is more than one target selection, they must be separated by spaces.
target_shared_root=
This option applies to HP-UX 10.X only.
Defines the default location of the alternate root directory.
verbose=1
Controls the verbosity of the output (stdout). A value of:
0 disables output to stdout. (Error and warning messages are always written to stderr).
1 enables verbose messaging to stdout.
write_remote_files=false
Prevents the removal of files from a remote (NFS) file system. When set to false , files on

532 Hewlett-Packard Company −8− HP-UX 11i Version 3: February 2007

swremove(1M) swremove(1M)

a remote file system are not removed.

If set to true and if the superuser has write permission on the remote file system, the
remote files are removed.

Session File
Each invocation of swremove defines a task session. The command automatically saves options, source
information, software selections, and target selections before the task actually commences. This lets you
re-execute the command even if the session ends before the task is complete. You can also save session
information from interactive or command-line sessions.
Session information is saved to the file $HOME/.sw/sessions/swremove.last. This file is
overwritten by each invocation of the command. The file uses the same syntax as the defaults files.
From an interactive session, you can save session information into a file at any time by selecting the Save
Session or Save Session As option from the File menu.
From a command-line session, you can save session information by executing the command with the -C
session__file option. You can specify an absolute path for a session file. If you do not specify a directory,
the default location is $HOME/.sw/sessions/.
To re-execute a saved session from an interactive session, use the Recall Session option from the File menu.
To re-execute a session from a command-line, specify the session file as the argument for the -S option.
When you re-execute a session file, the values in the session file take precedence over values in the system
defaults file. Likewise, any command-line options and parameters take precedence over the values in the
session file.

Software and Target Lists

The swremove command supports software and target selection from separate input files.
You can specify software and target selection lists with the -f and -t options. Software and targets
specified in these files are selected for operation instead of (or in addition to) files listed in the command
line. (See the -f and -t options for more information.)
Additionally, the swremove interactive user interface reads a default list of hosts on which to operate.
The list is stored in:
/var/adm/sw/defaults.hosts the system-wide default list of hosts
$HOME/.swdefaults.hosts the user-specific default list of hosts
For each interactive command, target hosts containing roots or depots are specified in separate lists
(hosts and hosts_with_depots respectively.) The list of hosts are enclosed in { } braces and
separated by white space (blank, tab and newline). For example:
swremove.hosts={hostA hostB hostC hostD hostE hostF}
swremove.hosts_with_depots={hostS} s
Environment Variables
The environment variables that affect the swremove command are:
LANG Determines the language in which messages are displayed. If LANG is not specified or
is set to the empty string, a default value of C is used. See the lang(5) man page by
typing man 5 sd for more information.
NOTE: The language in which the SD agent and daemon log messages are displayed is
set by the system configuration variable script, /etc/rc.config.d/LANG. For
example, /etc/rc.config.d/LANG, must be set to LANG=ja_JP.SJIS or
LANG=ja_JP.eucJP to make the agent and daemon log messages display in
Japanese.
LC_ALL Determines the locale to be used to override any values for locale categories specified by
the settings of LANG or any environment variables beginning with LC_ .
LC_CTYPE Determines the interpretation of sequences of bytes of text data as characters (e.g.,
single-versus multibyte characters in values for vendor-defined attributes).
LC_MESSAGES
Determines the language in which messages should be written.

HP-UX 11i Version 3: February 2007 −9− Hewlett-Packard Company 533

 swremove(1M) swremove(1M)

LC_TIME Determines the format of dates (create_date and mod_date) when displayed by swlist .
Used by all utilities when displaying dates and times in stdout , stderr , and log-
ging .
TZ Determines the time zone for use when displaying dates and times.
Environment variables that affect scripts are:
SW_CATALOG
Holds the path to the Installed Products Database (IPD), relative to the path in the
SW_ROOT_DIRECTORY environment variable. Note that you can specify a path for
the IPD using the installed_software_catalog default option.
SW_CONTROL_DIRECTORY
Defines the current directory of the script being executed, either a temporary catalog
directory, or a directory within in the Installed Products Database (IPD). This variable
tells scripts where other control scripts for the software are located (e.g. subscripts).
SW_CONTROL_TAG
Holds the tag name of the control_file being executed. When packaging software, you
can define a physical name and path for a control file in a depot. This lets you define the
control_file with a name other than its tag and lets you use multiple control file
definitions to point to the same file. A control_file can query the SW_CONTROL_TAG
variable to determine which tag is being executed.
SW_LOCATION
Defines the location of the product, which may have been changed from the default pro-
duct directory. When combined with the SW_ROOT_DIRECTORY, this variable tells
scripts where the product files are located.
SW_PATH A PATH variable which defines a minimum set of commands available for use in a con-
trol script (e.g. /sbin:/usr/bin).
SW_ROOT_DIRECTORY
Defines the root directory in which the session is operating, either "/" or an alternate
root directory. This variable tells control scripts the root directory in which the products
are installed. A script must use this directory as a prefix to SW_LOCATION to locate
the product’s installed files. The configure script is only run when
SW_ROOT_DIRECTORY is /.
SW_SESSION_OPTIONS
Contains the pathname of a file containing the value of every option for a particular
command, including software and target selections. This lets scripts retrieve any com-
mand options and values other than the ones provided explicitly by other environment
variables. For example, when the file pointed to by SW_SESSIONS_OPTIONS is
made available to a request script, the targets option contains a list of
s software_collection_specs for all targets specified for the command. When the file
pointed to by SW_SESSIONS_OPTIONS is made available to other scripts, the targets
option contains the single software_collection_spec for the targets on which the script is
being executed.
SW_SOFTWARE_SPEC
This variable contains the fully qualified software specification of the current product or
fileset. The software specification allows the product or fileset to be uniquely identified.
Additional environment variables that affect scripts for swremove are:
PRE_UNIX95
This variable and the UNIX95 variable are exported with a value that forces "classic"
behavior of swremove instead of UNIX95 behavior. For HP-UX 10.30 and later ver-
sions, this variable is set to "1".
SW_SESSION_IS_KERNEL
Indicates whether a kernel build is scheduled for the current install/remove session. A
TRUE value indicates that the selected kernel fileset is scheduled for a kernel build and
that changes to /stand/system are required. A null value indicates that a kernel
build is not scheduled and that changes to /stand/system are not required.

534 Hewlett-Packard Company − 10 − HP-UX 11i Version 3: February 2007

swremove(1M) swremove(1M)

The value of this variable is always equal to the value of SW_SESSION_IS_REBOOT.

SW_SESSION_IS_REBOOT
Indicates whether a reboot is scheduled for a fileset selected for removal. Because all
HP-UX kernel filesets are also reboot filesets, the value of this variables is always equal
to the value of SW_SESSION_IS_KERNEL.
SW_SESSION_IS_UPDATE
A value of 1 indicates the SD command was invoked during an Operating System
update. This variable is set by the update-ux command.
UNIX95 This variable, along with the PRE_U95 variable, is exported with a value that forces
"classic" behavior of swremove instead of UNIX95 behavior. For the 10.30 or later
release of HP-UX, this variable is cleared.

Signals
The swremove command catches the signals SIGQUIT, SIGINT, and SIGUSR1. If these signals are
received, the command prints a message, sends a Remote Procedure Call (RPC) to the agents to wrap up
after completion, and then exits.
The agent ignores SIGHUP, SIGINT, and SIGQUIT. It immediately exits gracefully after receiving
SIGTERM, SIGUSR1, or SIGUSR2. Killing the agent may leave corrupt software on the system, and thus
should only be done if absolutely necessary. Note that when an SD command is killed, the agent does not
terminate until completing the task in progress.
The daemon ignores SIGHUP, SIGINT and SIGQUIT. It immediately exits gracefully after receiving
SIGTERM and SIGUSR2. After receiving SIGUSR1, it waits for completion of a copy or remove from a
depot session before exiting, so that it can register or unregister depots if necessary. Requests to start new
sessions are refused during this wait.
Each agent will complete the removal task (if the execution phase has already started) before it wraps up.
This avoids leaving software in a corrupt state.

Terminal Support
For in-depth information about terminal support refer to:
• The Software Distributor Administration Guide.
• Start the GUI or TUI, select the Help menu, then select the Keyboard... option to access the Key-
board Reference Guide.

RETURN VALUES
An interactive swremove session always returns 0. A non-interactive swremove session returns:
0 The software_selections were successfully removed.
1 The remove operation failed on all target_selections.
2 The remove operation failed on some target_selections.
s
DIAGNOSTICS
The swremove command writes to stdout, stderr, and to specific log files.

Standard Output
An interactive swremove session does not write to stdout. A non-interactive swremove session writes
messages for significant events. These include:
• a begin and end session message,
• selection, analysis, and execution task messages for each target_selection.

Standard Error
An interactive swremove session does not write to stderr. A non-interactive swremove session writes
messages for all WARNING and ERROR conditions to stderr.

Logging
Both interactive and non-interactive swremove sessions log summary events at the host where the com-
mand was invoked. They log detailed events to the swagent logfile associated with each target_selection.
Command Log
A non-interactive swremove session logs all stdout and stderr messages to the the logfile
HP-UX 11i Version 3: February 2007 − 11 − Hewlett-Packard Company 535
 swremove(1M) swremove(1M)

/var/adm/sw/swremove.log. Similar messages are logged by an interactive swremove ses-

sion. The user can specify a different logfile by modifying the logfile option.
Target Log
A swagent process performs the actual remove operation at each target_selection. When removing
installed software, the swagent logs messages to the file var/adm/sw/swagent.log beneath
the root directory (e.g. / or an alternate root directory). When removing available software (within
a depot), the swagent logs messages to the file swagent.log beneath the depot directory (e.g.
/var/spool/sw ).
You can view command and target log files using the sd or swjob command.

swagentd Disabled
If the swagentd daemon has been disabled on the host, it can be enabled by the host’s system administra-
tor by setting the SW_ENABLE_SWAGENTD entry in /etc/rc.config.d/swconfig to 1 and exe-
cuting /usr/sbin/swagentd -r .

EXAMPLES
Preview the remove of the C and Pascal products installed at the local host:
swremove -p cc pascal
Remove the C and Pascal products from several remote hosts:
swremove cc pascal @ hostA hostB hostC
Remove a particular version of HP Omniback:
swremove Omniback,l/opt/Omniback_v2.0
Remove the entire contents of a local depot:
swremove -d \* @ /var/spool/sw
FILES
$HOME/.swdefaults
Contains the user-specific default values for some or all SD options. If this file does not exist, SD
looks for user-specific defaults in $HOME/.sw/defaults.
$HOME/.sw/defaults.hosts
Contains the user-specific default list of hosts to manage.
$HOME/.sw/sessions/
Contains session files automatically saved by the SD commands, or explicitly saved by the user.
/usr/lib/sw/sys.defaults
Contains the master list of current SD options with their default values.
/var/adm/sw/
s The directory which contains all of the configurable and non-configurable data for SD. This direc-
tory is also the default location of log files.
/var/adm/sw/defaults
Contains the active system-wide default values for some or all SD options.
/var/adm/sw/defaults.hosts
Contains the system-wide default list of hosts to manage.
/var/adm/sw/getdate.templ
Contains the set of date/time templates used when scheduling jobs.
/var/adm/sw/products/
The Installed Products Database (IPD), a catalog of all products installed on a system.
/var/spool/sw/
The default location of a target software depot.

AUTHOR
swremove was developed by the Hewlett-Packard Company.

536 Hewlett-Packard Company − 12 − HP-UX 11i Version 3: February 2007

swremove(1M) swremove(1M)

SEE ALSO
swacl(1M), swagentd(1M), swask(1M), swconfig(1M), swcopy(1M), swinstall(1M), swjob(1M), swlist(1M),
swmodify(1M), swpackage(1M), swreg(1M), swverify(1M), install-sd(1M), sd(4), swpackage(4), sd(5).
Software Distributor Administration Guide, available at http://docs.hp.com.
SD customer web site at http://docs.hp.com/en/SD/.

HP-UX 11i Version 3: February 2007 − 13 − Hewlett-Packard Company 537

 swverify(1M) swverify(1M)

NAME
swverify - verify software products

SYNOPSIS
swverify [-d|-r] [-F] [-v] [-C session_file] [-f software_file] [-J jobid] [-Q date]
[-S session_file] [-t target_file] [-x option=value] [-X option_file]
[software_selections] [@ target_selections]

Remarks
• This command supports operations on remote systems. See Remote Operation below.
• For an overview of all SD commands, see the sd(5) man page by typing man 5 sd on the com-
mand line.

DESCRIPTION
The swverify command verifies the software_selections at one or more target_selections (e.g., root
filesystems). When verifying installed software, swverify checks software states, dependency relation-
ships, file existence and integrity, in addition to executing vendor-supplied verification scripts.
The swverify command also verifies software_selections at one or more target depots. For target
depots, swverify performs all of the checks listed above, but does not execute verification scripts.
NOTE: swverify does not support operations on a tape depot.
The swverify command also supports these features:
• Verifies whether installed or configured software is compatible with the hosts on which that
software is installed.
• Verifies that all dependencies (prerequisites, corequisites, exrequisites) are being met (for installed
software) or can be met (for available software).
• Executes vendor-specific verify scripts that check if the software products is correctly
configured.
• Executes vendor-specific fix scripts that correct and report specific problems.
• Reports missing files, check all file attributes (ignoring volatile files). These attributes include per-
missions, file types, size, checksum, mtime, link source and major/minor attributes.

Remote Operation
You can enable SD to manage software on remote systems. To let the root user from a central SD con-
troller (also called the central management server or manager node) perform operations on a remote target
(also called the host or agent):
1) Set up the root, host, and template Access Control Lists (ACLs) on the remote machines to permit root
access from the controller system. To do this, run the following command on each remote system:
s /usr/lib/sw/mx/setaccess controller
NOTES:
• controller is the name of the central management server.
• If remote system is 11.00, make sure SD patch PHCO_22526 or a superseding patch is installed on
remote system before running setaccess .
• If remote system is older than 11.00 or for some other reason does not have setaccess in place,
copy setaccess script from an 11.11 or higher system to the remote system.
2) swinstall , swcopy , and swremove have enhanced GUI interfaces for remote operations. Enable
the enhanced GUIs by creating the .sdkey file on the controller. Use this command:
touch /var/adm/sw/.sdkey
See sd(5), swinstall(1M), swcopy(1M), swjob(1M), swlist(1M), or swremove (1M) for more information
on interactive operations.
NOTE: You can also set up remote access by using swacl directly on the remote machines to grant root or
non-root access to users from the controller system.

538 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

swverify(1M) swverify(1M)

Options
swverify supports the following options:
-d Operate on a depot rather than installed software.
-F Runs vendor-specific fix scripts to correct and report problems on installed
software. The fix script can create missing directories, correct file modifications
(mode, owner, group, major, and minor), and recreate symbolic links.
-r Operates on an alternate root directory, which must be specified in the @
target_selections option. Verify scripts are not run when verifying software in an
alternate root directory. (This option is not required for alternate root operations but
is maintained for backward compatibility. See the Alternate Root Directory and Depot
Directory heading in sd(5) for more information.)
-v Turns on verbose output to stdout. (The swverify logfile is not affected by this
option.) Verbose output is enabled by default; see the verbose option below.
-C session_file
Save the current options and operands to session_file. You can enter a relative or
absolute path with the file name. The default directory for session files is
$HOME/.sw/sessions/. You can recall a session file with the -S option.
-f software_file
Read the list of software_selections from software_file instead of (or in addition to) the
command line.
-J jobid Executes the previously scheduled job. This is the syntax used by the daemon to start
the job.
-Q date Schedules the job for this date. You can change the date format by editing the
/var/adm/sw/getdate.templ file.
-S session_file
Execute swverify based on the options and operands saved from a previous ses-
sion, as defined in session_file. You can save session information to a file with the -C
option.
-t target_file Read the list of target_selections from target_file instead of (or in addition to) the com-
mand line.
-x option=value
Set the session option to value and override the default value (or a value in an alter-
nate options_file specified with the -X option). Multiple -x options can be specified.
-X option_file Read the session options and behaviors from options_file.
Operands
Most SD commands support two types of operands: software selections followed by target selections. These s
operands are separated by the "at" (@) character. This syntax implies that the command operates on
"software selections at targets".

Software Selections
The swverify command supports the following syntax for each software_selection:
bundle[.product[.subproduct][.fileset]][,version ]
product[.subproduct][.fileset][,version ]
• The = (equals) relational operator lets you specify selections with the following shell wildcard and
pattern-matching notations:
[ ], *, ?
• Bundles and subproducts are recursive. Bundles can contain other bundles and subproducts can
contain other subproducts.
• The \* software specification selects all products. Use this specification with caution.
The version component has the form:

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 539

 swverify(1M) swverify(1M)

[,r <op> revision][,a <op> arch][,v <op> vendor]

[,c <op> category ][,q= qualifier][,l= location]
[,fr <op> revision][,fa <op> arch]
• location applies only to installed software and refers to software installed to a location other than
the default product directory.
• fr and fa apply only to filesets.
• r , a , v , c , and l apply only to bundles and products. They are applied to the leftmost bundle
or product in a software specification.
• The <op> (relational operator) component can be of the form:
=, ==, >=, <=, <, >, or !=
which performs individual comparisons on dot-separated fields.
For example, r>=B.10.00 chooses all revisions greater than or equal to B.10.00 . The system
compares each dot-separated field to find matches.
• The = (equals) relational operator lets you specify selections with the shell wildcard and pattern-
matching notations:
[ ], *, ?, !
For example, the expression r=1[01].* returns any revision in version 10 or version 11.
• All version components are repeatable within a single specification (e.g. r>=A.12 , r<A.20 ). If
multiple components are used, the selection must match all components.
• Fully qualified software specs include the r= , a= , and v= version components even if they contain
empty strings. For installed software, l= is also included.
• No space or tab characters are allowed in a software selection.
• The software instance_id can take the place of the version component. It has the form:
[instance_id]
within the context of an exported catalog, where instance_id is an integer that distinguishes ver-
sions of products and bundles with the same tag.

Target Selections
The swverify command supports the following syntax for each target_selection. The colon (:) is
required if both a host and directory are specified.
[host][:][/directory ]
EXTERNAL INFLUENCES
s Default Options
In addition to the standard options, several SD behaviors and policy options can be changed by editing the
default values found in:
/var/adm/sw/defaults the system-wide default values.
$HOME/.swdefaults the user-specific default values.
Values must be specified in the defaults file using this syntax:
[command_name.]option=value
The optional command_name prefix denotes one of the SD commands. Using the prefix limits the change
in the default value to that command. If you leave the prefix off, the change applies to all commands.
You can also override default values from the command line with the -x or -X options:
command -x option =value
command -X option_file
The following section lists all of the keywords supported by the swverify command. If a default value
exists, it is listed after the =. The commands that this option applies to are also specified.
admin_directory=/var/adm/sw (for normal mode)

540 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

swverify(1M) swverify(1M)

admin_directory=/var/home/LOGNAME/sw (for nonprivileged mode)

The location for SD logfiles and the default parent directory for the installed software cata-
log. The default value is /var/adm/sw for normal SD operations. When SD operates in
nonprivileged mode (that is, when the run_as_superuser default option is set to
true ):
• The default value is forced to /var/home/LOGNAME/sw.
• The path element LOGNAME is replaced with the name of the invoking user, which SD
reads from the system password file.
• If you set the value of this option to HOME/ path, SD replaces HOME with the invoking
user’s home directory (from the system password file) and resolves path relative to that
directory. For example, HOME/my_admin resolves to the my_admin directory in
your home directory.
• If you set the value of the installed_software_catalog default option to a
relative path, that path is resolved relative to the value of this option.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the installed_software_catalog and run_as_superuser options.
agent_auto_exit=true
Causes the target agent to automatically exit after Execute phase, or after a failed Analysis
phase. This is forced to false when the controller is using an interactive UI, or when
-p (preview) is used. This enhances network reliability and performance. The default
value of true causes the target agent to automatically exit when appropriate. When set
to false , the target agent will not exit until the controller ends the session.
agent_timeout_minutes=10000
Causes a target agent to exit if it has been inactive for the specified time. This can be used
to make target agents more quickly detect lost network connections since RPC can take as
long as 130 minutes to detect a lost connection. The recommended value is the longest
period of inactivity expected in your environment. For command line invocation, a value
between 10 minutes and 60 minutes is suitable. A value of 60 minutes or more is recom-
mended when the GUI will be used. The default of 10000 is slightly less than 7 days.
allow_incompatible=false
Requires that the software products which are being installed be "compatible" with the tar-
get selections. (All of the target selections must match the list of supported systems
defined for each selected product.) If set to true , target compatibility is not enforced.
allow_multiple_versions=false
Prevents the installation or configuration of another, independent version of a product s
when a version already is installed or configured at the target.
If set to true , another version of an existing product can be installed into a new location,
or can be configured in its new location. Multiple versions can only be installed if a product
is locatable. Multiple configured versions will not work unless the product supports it.
autoremove_job=false
Controls automatic job removal of completed jobs. If the job is automatically removed, job
information (job status or target log files) cannot be queried with swjob .
autoselect_dependencies=true
Controls the automatic selection of prerequisite, corequisite, and exrequisite software that
is not explicitly selected by the user. When set to true , the requisite software is automati-
cally selected for configuration. When set to false , requisite software which is not expli-
citly selected is not automatically selected for configuration.
check_contents=true
Causes swverify to verify the time stamp, size, and checksum attributes of files. If set
to false , these attributes are not verified.
check_contents_uncompressed=false
(This option is ignored if check_contents is set to false .) Controls whether or not

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 541

 swverify(1M) swverify(1M)

swverify validates the size and checksum for compressed files. In the default state of
false , swverify checks only the mtime, size and cksum attributes of the compressed
file. If set to true , swverify uncompresses the file in memory and verifies the size and
cksum attributes of the uncompressed contents.
Only files compressed with SD’s internal compressor can be uncompressed during a
swverify operation. See the compress_files option of the swpackage(1M) com-
mand for more information.
check_contents_use_cksum=true
(This option is ignored if check_contents is set to false .) Controls whether or not
swverify computes a checksum on the contents of the file. In the default state of true ,
swverify checks all file attributes including the checksum. If set to false , swver-
ify checks only the file timestamp and size.
check_permissions=true
Causes swverify to verify the mode, owner, UID, group, and GID attributes of installed
files. If set to false , these attributes are not verified.
check_requisites=true
Causes swverify to verify that the prerequisite, corequisite, and exrequisite dependen-
cies of the software selections are being met. If set to false , these checks are not per-
formed.
check_scripts=true
Causes swverify to run the fileset/product verify scripts for installed software. If set to
false , these scripts are not executed.
check_volatile=false
Causes swverify to not verify those files marked as volatile (i.e., can be changed). If set
to true , volatile files are also checked (for installed software).
controller_source=
Specifies the location of a depot for the controller to access to resolve selections. Setting
this option can reduce network traffic between the controller and the target. Use the target
selection syntax to specify the location:
[host][:][path]
This option has no effect on which sources the target uses.
distribution_target_directory=/var/spool/sw
Defines the default distribution directory of the target depot. The target_selection operand
overrides this default.
enforce_dependencies=true
Requires that all dependencies specified by the software_selections be resolved either in the
s specified source, or at the target_selections themselves.
If set to false , dependencies will still be checked, but not enforced. Corequisite depen-
dencies, if not enforced, may keep the selected software from working properly. Prere-
quisite or exrequisite dependencies, if not enforced, may cause the installation or
configuration to fail.
enforce_locatable=true
(Currently, swverify recognizes this option, but the option has no associated behavior.
See swinstall(1M) or sd(5) for more information.) Controls the handling of errors when
relocating a non-locatable fileset. If true , an error is generated when an attempt is made
to locate a non-locatable fileset. If false , an attempt is made to locate the fileset in any
case.
fix=false
If true , runs vendor-specific scripts to correct and report problems on installed software.
Fix scripts can create missing directories, correct file modifications, (mode, owner, group,
major, minor), and recreate symbolic links. If false , fix scripts are not run.
installed_software_catalog=products
Defines the directory path where the Installed Products Database (IPD) is stored. This
information describes installed software. When set to an absolute path, this option defines
the location of the IPD. When this option contains a relative path, the SD controller

542 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

swverify(1M) swverify(1M)

appends the value to the value specified by the admin_directory option to determine
the path to the IPD. For alternate roots, this path is resolved relative to the location of the
alternate root. This option does not affect where software is installed, only the IPD loca-
tion.
This option permits the simultaneous installation and removal of multiple software applica-
tions by multiple users or multiple processes, with each application or group of applications
using a different IPD.
Caution: use a specific installed_software_catalog to manage a specific applica-
tion. SD does not support multiple descriptions of the same application in multiple IPDs.
See also the admin_directory and run_as_superuser options, which control SD’s
nonprivileged mode. (This mode is intended only for managing applications that are spe-
cially designed and packaged. This mode cannot be used to manage the HP-UX operating
system or patches to it. For a full explanation of nonprivileged SD, see the Software Distri-
butor Administration Guide, available at the http://docs.hp.com web site.)
job_title=
This is an ASCII string giving a title to a job. It is displayed along with the job ID to pro-
vide additional identifying information about a job when swjob is invoked.
logdetail=false[true]
Controls the amount of detail written to the logfile. When set to true , this option adds
detailed task information (such as options specified, progress statements, and additional
summary information) to the logfile. This information is in addition to log information con-
trolled by the loglevel option.
logfile=/var/adm/sw/sw<command>.log
Defines the default log file for each SD command. (The agent log files are always located
relative to the target depot or target root, e.g. /var/spool/sw/swagent.log and
/var/adm/sw/swagent.log.)
loglevel=1
Controls the log level for the events logged to the command logfile, the target agent logfile,
and the source agent logfile. This information is in addition to the detail controlled by the
logdetail option. See logdetail , above, and the sd(5) manual page (by typing man
5 sd) for more information. A value of:
0 provides no information to the logfile.
1 enables verbose logging to the logfiles.
2 enables very verbose logging to the logfiles.
log_msgid=0
Adds numeric identification numbers at the beginning of SD logfile messages:
0 (default) No identifiers are attached to messages.
1 Adds identifiers to ERROR messages only.
2 Adds identifiers to ERROR and WARNING messages. s
3 Adds identifiers to ERROR, WARNING, and NOTE messages.
4 Adds identifiers to ERROR, WARNING, NOTE, and certain other informational mes-
sages.
mount_all_filesystems=true
By default, the SD commands attempt to mount all filesystems in the /etc/fstab file at
the beginning of the analysis phase, to ensure that all listed filesystems are mounted before
proceeding. This policy helps to ensure that files are not loaded into a directory that may
be below a future mount point, and that the expected files are available for a remove or ver-
ify operation.
If set to false , the mount operation is not attempted, and no check of the current mounts
is performed.
rpc_binding_info=ncacn_ip_tcp:[2121] ncadg_ip_udp:[2121]
Defines the protocol sequence(s) and endpoint(s) on which the daemon listens and which the
other commands use to contact the daemon. If the connection fails for one protocol
sequence, the next is attempted. SD supports both the tcp (ncacn_ip_tcp:[2121])
and udp (ncadg_ip_udp:[2121]) protocol sequence on most platforms. See the sd(5)
man page by typing man 5 sd for more information.

HP-UX 11i Version 3: February 2007 −6− Hewlett-Packard Company 543

 swverify(1M) swverify(1M)

rpc_timeout=5
Relative length of the communications timeout. This is a value in the range from 0 to 9 and
is interpreted by the DCE RPC. Higher values mean longer times; you may need a higher
value for a slow or busy network. Lower values will give faster recognition on attempts to
contact hosts that are not up, or are not running swagentd . Each value is approximately
twice as long as the preceding value. A value of 5 is about 30 seconds for the
ncadg_ip_udp protocol sequence. This option may not have any noticeable impact when
using the ncacn_ip_tcp protocol sequence.
run_as_superuser=true
This option controls SD’s nonprivileged mode. This option is ignored (treated as true) when
the invoking user is super-user.
When set to the default value of true, SD operations are performed normally, with permis-
sions for operations either granted to a local super-user or set by SD ACLs. (See swacl(1M)
for details on ACLs.)
When set to false and the invoking user is local and is not super-user, nonprivileged mode
is invoked:
• Permissions for operations are based on the user’s file system permissions.
• SD ACLs are ignored.
• Files created by SD have the uid and gid of the invoking user, and the mode of created
files is set according to the invoking user’s umask.
SD’s nonprivileged mode is intended only for managing applications that are specially
designed and packaged. This mode cannot be used to manage the HP-UX operating system
or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor
Administration Guide, available at the http://docs.hp.com web site.
See also the admin_directory and installed_software_catalog options.
select_local=true
If no target_selections are specified, select the default target_directory of the local
host as the target_selection for the command.
software=
Defines the default software_selections. There is no supplied default. If there is more than
one software selection, they must be separated by spaces. Software is usually specified in a
software input file, as operands on the command line, or in the GUI.
targets=
Defines the default target_selections. There is no supplied default (see select_local
above). If there is more than one target selection, they must be separated by spaces. Tar-
gets can be specified in a target input file or as operands on the command line.
s verbose=1
Controls the verbosity of a non-interactive command’s output:
0 disables output to stdout. (Error and warning messages are always written to stderr).
1 enables verbose messaging to stdout.
2 for swpackage and swmodify , enables very verbose messaging to stdout.
The -v option overrides this default if it is set to 0.

Session File
Each invocation of the swverify command defines a verify session. The invocation options, source infor-
mation, software selections, and target hosts are saved before the installation or copy task actually com-
mences. This lets you re-execute the command even if the session ends before proper completion.
Each session is saved to the file $HOME/.sw/sessions/swverify.last. This file is overwritten by
each invocation of swverify .
You can also save session information to a specific file by executing swverify with the -C session__file
option.
A session file uses the same syntax as the defaults files. You can specify an absolute path for the session
file. If you do not specify a directory, the default location for a session file is $HOME/.sw/sessions/.

544 Hewlett-Packard Company −7− HP-UX 11i Version 3: February 2007

swverify(1M) swverify(1M)

To re-execute a session file, specify the session file as the argument for the -S session__file option of
swverify .
Note that when you re-execute a session file, the values in the session file take precedence over values in
the system defaults file. Likewise, any command line options or parameters that you specify when you
invoke swverify take precedence over the values in the session file.

Environment Variables
SD programs that execute control scripts set environment variables for use by the control scripts.
The environment variables that affect the swverify command are:
LANG Determines the language in which messages are displayed. If LANG is not specified or
is set to the empty string, a default value of C is used. See the lang(5) man page by
typing man 5 sd for more information.
NOTE: The language in which the SD agent and daemon log messages are displayed is
set by the system configuration variable script, /etc/rc.config.d/LANG. For
example, /etc/rc.config.d/LANG, must be set to LANG=ja_JP.SJIS or
LANG=ja_JP.eucJP to make the agent and daemon log messages display in
Japanese.
LC_ALL Determines the locale to be used to override any values for locale categories specified by
the settings of LANG or any environment variables beginning with LC_ .
LC_CTYPE Determines the interpretation of sequences of bytes of text data as characters (e.g.,
single-versus multibyte characters in values for vendor-defined attributes).
LC_MESSAGES
Determines the language in which messages should be written.
LC_TIME Determines the format of dates (create_date and mod_date) when displayed by swlist .
Used by all utilities when displaying dates and times in stdout , stderr , and log-
ging .
TZ Determines the time zone for use when displaying dates and times.
Environment variables that affect scripts:
SW_CATALOG
Holds the path to the Installed Products Database (IPD), relative to the path in the
SW_ROOT_DIRECTORY environment variable. Note that you can specify a path for
the IPD using the installed_software_catalog default option.
SW_CONTROL_DIRECTORY
Defines the current directory of the script being executed, either a temporary catalog
directory, or a directory within in the Installed Products Database (IPD). This variable
tells scripts where other control scripts for the software are located (e.g., subscripts).
SW_CONTROL_TAG
s
Holds the tag name of the control_file being executed. When packaging software, you
can define a physical name and path for a control file in a depot. This lets you define the
control_file with a name other than its tag and lets you use multiple control file
definitions to point to the same file. A control_file can query the SW_CONTROL_TAG
variable to determine which tag is being executed.
SW_LOCATION
Defines the location of the product, which may have been changed from the default pro-
duct directory. When combined with the SW_ROOT_DIRECTORY, this variable tells
scripts where the product files are located.
SW_PATH A PATH variable which defines a minimum set of commands available to for use in a
control script (e.g. /sbin:/usr/bin).
SW_ROOT_DIRECTORY
Defines the root directory in which the session is operating, either / or an alternate root
directory. This variable tells control scripts the root directory in which the products are
installed. A script must use this directory as a prefix to SW_LOCATION to locate the
product’s installed files. The configure script is only run when SW_ROOT_DIRECTORY
is /.

HP-UX 11i Version 3: February 2007 −8− Hewlett-Packard Company 545

 swverify(1M) swverify(1M)

SW_SESSION_OPTIONS
Contains the pathname of a file containing the value of every option for a particular
command, including software and target selections. This lets scripts retrieve any com-
mand options and values other than the ones provided explicitly by other environment
variables. For example, when the file pointed to by SW_SESSIONS_OPTIONS is
made available to a request script, the targets option contains a list of
software_collection_specs for all targets specified for the command. When the file
pointed to by SW_SESSIONS_OPTIONS is made available to other scripts, the targets
option contains the single software_collection_spec for the targets on which the script is
being executed.
SW_SOFTWARE_SPEC
This variable contains the fully qualified software specification of the current product or
fileset. The software specification allows the product or fileset to be uniquely identified.

Signals
The swverify command catches the signals SIGQUIT, SIGINT, and SIGUSR1. If these signals are
received, the command prints a message, sends a Remote Procedure Call (RPC) to the agents to wrap up
after completion, and then exits.
The agent ignores SIGHUP, SIGINT, and SIGQUIT. It immediately exits gracefully after receiving
SIGTERM, SIGUSR1, or SIGUSR2. Killing the agent may leave corrupt software on the system, and thus
should only be done if absolutely necessary. Note that when an SD command is killed, the agent does not
terminate until completing the task in progress.
The daemon ignores SIGHUP, SIGINT and SIGQUIT. It immediately exits gracefully after receiving
SIGTERM and SIGUSR2. After receiving SIGUSR1, it waits for completion of a copy or remove from a
depot session before exiting, so that it can register or unregister depots if necessary. Requests to start new
sessions are refused during this wait.

RETURN VALUES
The swverify command returns:
0 The software_selections were successfully verified.
1 The verify operation failed on all target_selections.
2 The verify operation failed on some target_selections.

DIAGNOSTICS
The swverify command writes to stdout, stderr, and to specific logfiles.
Standard Output
The swverify command writes messages for significant events. These include:
• a begin and end session message,
• selection, analysis, and execution task messages for each target_selection.
s
Standard Error
The swverify command also writes messages for all WARNING and ERROR conditions to stderr.

Logging
The swverify command logs summary events at the host where the command was invoked. It logs
detailed events to the swagent logfile associated with each target_selection.
Command Log
The swverify command logs all stdout and stderr messages to the the logfile
/var/adm/sw/swverify.log. (The user can specify a different logfile by modifying the log-
file option.)
Target Log
A swagent process performs the actual verify operation at each target_selection. When verifying
installed software, the swagent logs messages to the file var/adm/sw/swagent.log beneath
the root directory (e.g. / or an alternate root directory). When verifying available software (within a
depot), the swagent logs messages to the file swagent.log beneath the depot directory (e.g.
/var/spool/sw ).
Command and target log files can be viewed using the swjob command.

546 Hewlett-Packard Company −9− HP-UX 11i Version 3: February 2007

swverify(1M) swverify(1M)

swagentd Disabled
If the swagentd daemon has been disabled on the host, it can be enabled by the host’s system administra-
tor by setting the SW_ENABLE_SWAGENTD entry in /etc/rc.config.d/swconfig to 1 and exe-
cuting /usr/sbin/swagentd -r .

EXAMPLES
Verify the C and Pascal products installed at the local host:
swverify cc pascal
Verify a particular version of HP Omniback:
swverify Omniback,1=/opt/Omniback_v2.0
Verify the entire contents of a local depot:
swverify -d \* @ /var/spool/sw
Verify the entire contents of a system:
swverify \*
Verify the C and Pascal products on remote hosts:
swverify cc pascal @ hostA hostB hostC
FILES
$HOME/.swdefaults
Contains the user-specific default values for some or all SD options.
$HOME/.sw/sessions/
Contains session files automatically saved by the SD commands, or explicitly saved by the user.
/usr/lib/sw/sys.defaults
Contains the master list of current SD options with their default values.
/var/adm/sw/
The directory which contains all the configurable and non-configurable data for SD. This directory is
also the default location of logfiles.
/var/adm/sw/defaults
Contains the active system-wide default values for some or all SD options.
/var/adm/sw/getdate.templ
Contains the set of date/time templates used when scheduling jobs.
/var/adm/sw/products/
The Installed Products Database (IPD), a catalog of all products installed on a system.
/var/spool/sw/
The default location of a target software depot. s
AUTHOR
swverify was developed by the Hewlett-Packard Company.
SEE ALSO
install-sd(1M), swacl(1M), swagentd(1M), swask(1M), swconfig(1M), swcopy(1M), swinstall(1M), swjob(1M),
swlist(1M), swmodify(1M), swpackage(1M), swreg(1M), swremove(1M), sd(4), swpackage(4), sd(5).
Software Distributor Administration Guide, available at http://docs.hp.com.
SD customer web site at http://docs.hp.com/en/SD/.

HP-UX 11i Version 3: February 2007 − 10 − Hewlett-Packard Company 547

 sync(1M) sync(1M)

NAME
sync - synchronize file systems

SYNOPSIS
sync [-l]
DESCRIPTION
sync executes the sync() system call (see sync(2)). If the system is to be stopped, the sync command
must be called to ensure file system integrity.
sync flushes all previously unwritten system buffers including modified super blocks, modified inodes, and
delayed block I/O out to disk. This ensures that all file modifications are properly saved before performing
a critical operation such as a system shutdown. For additional protection from power failures or possible
system crashes, use syncer to execute sync automatically at periodic intervals (see syncer(1M)).

AUTHOR
sync was developed by AT&T and HP.
SEE ALSO
syncer(1M), sync(2).

STANDARDS CONFORMANCE
sync : SVID2, SVID3

548 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

syncer(1M) syncer(1M)

NAME
syncer - periodically sync for file system integrity

SYNOPSIS
/usr/sbin/syncer [ seconds ] [-s] [-d directory ... ]
DESCRIPTION
syncer is a program that periodically executes sync() at an interval determined by the input argument
seconds (see sync(2)). If seconds is not specified, the default interval is every 30 seconds. This ensures that
the file system is fairly up-to-date in case of a crash. This command should not be executed directly, but
should be executed at system boot time via startup script /sbin/init.d/syncer.
syncer also updates the /etc/mnttab file if it does not match current kernel mount information.
Options
syncer recognizes the following options:
-s Cause syncer to not update the /etc/mnttab file. Use of this option is provided for
special cases of backward compatilibity only, and is strongly discouraged. This option may
be removed in a future release.
-d Open directories for cache benefit. All directories must be specified by their full path name.
If the -d option is not used, no directories are opened.

AUTHOR
syncer was developed by the University of California, Berkeley and HP.
SEE ALSO
init(1M), sync(1M), sync(2).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 549

 sysdef(1M) sysdef(1M)
(TO BE OBSOLETED)

NAME
sysdef - display system definition

SYNOPSIS
/usr/sbin/sysdef [kernel [master] ]
DESCRIPTION
Note: sysdef will not be supported in future releases of HP-UX (refer to WARNINGS section below). So
users are advised to use the kctune(1M) utility which provides additional information on kernel tunable
parameters.
The command sysdef analyzes the currently running system and reports on its tunable configuration
parameters. kernel and master are not used, but can be specified for standards compliance.
For each configuration parameter, the following information is printed:
NAME The name and description of the parameter.
VALUE The current value of the parameter.
BOOT The value of the parameter at boot time, if different from the current value.
MIN The minimum allowed value of the parameter, if any.
MAX The maximum allowed value of the parameter, if any.
UNITS Where appropriate, the units by which the parameter is measured.
FLAGS Flags that further describe the parameter. The following flag is defined:
M Parameter can be modified without rebooting.
WARNINGS
Users of sysdef must not rely on the exact field widths and spacing of its output, as these will vary
depending on the system, the release of HP-UX, and the data to be displayed.
sysdef is provided for compatibility purposes only and is no longer maintained since being marked for
obsolescence in a future HP-UX release. The output from sysdef is known to be incorrect when report-
ing values for some tunable parameters such as msgmap , sema , and shmem .

SEE ALSO
kctune(1M).

550 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

syslogd(1M) syslogd(1M)

NAME
syslogd - log system messages

SYNOPSIS
/usr/sbin/syslogd [-a] [-d] [-D] [-f configfile] [-m markinterval] [-N] [-p logfile] [-r] [-s]
[-v]

DESCRIPTION
The syslogd command reads and logs messages into a set of files described by the configuration file
/etc/syslog.conf.
Options
syslogd recognizes the following options:
-a Allows all messages except consecutive duplicate messages without reordering
them.
-d Turn on debugging.
-D Prevent the kernel from directly printing its messages on the system console. In
this case, syslogd is responsible for routing all kernel messages to their
proper destination.
-f configfile Use configfile instead of /etc/syslog.conf.
-m markinterval Wait markinterval minutes between mark messages, instead of 20 minutes.
-N Don’t listen to socket.
-p logfile Use logfile instead of /dev/log .
-r Don’t suppress duplicate messages.
-s While logging the messages coming from remote system, IP address will be
logged instead of the hostname.
-v Add priority and facility encoded code at the second field of the message line.
Refer to syslog(3C) manpage for these priority and facility encoding codes.
syslogd creates the file /var/run/syslog.pid, if possible, containing a single line with its process
ID. This can be used to kill or reconfigure syslogd .
To kill syslogd , send it a terminate signal:
kill ‘cat /var/run/syslog.pid‘
To make syslogd , re-read its configuration file, send it a HANGUP signal:
kill -HUP ‘cat /var/run/syslog.pid‘
syslogd collects messages from the UNIX domain socket /dev/log.un , an Internet domain socket s
specified in /etc/services, the named pipe /dev/log , and from the kernel log device /dev/klog .
By default, local programs calling syslog() send log messages to the UNIX domain socket (see
syslog(3C)). If UNIX domain sockets are not configured on the system, they write to the named pipe
instead. If INET domain sockets are not configured, syslogd does not receive messages forwarded from
other hosts, nor does it forward messages (see below).
Each message is one line. A message can contain a priority code and facility code as the second field of the
line. Priorities and Facilities are defined in the header file <syslog.h> .
When syslogd is invoked using /sbin/init.d/syslogd script, user can update the required
options in /etc/rc.config.d/syslogd file. By default /etc/rc.config.d/syslogd contains
-D option. Before starting the syslogd command, the /sbin/init.d/syslogd script recreates
/var/adm/syslog/syslog.log after putting the contents into the file
/var/adm/syslog/OLDsyslog.log. By default, OLDsyslog.log is overwritten by the contents
of syslog.log . If you want to retain the contents of the previous OLDsyslog.log file, configure
PREV_OLDSYSLOG_LINES in /etc/rc.config.d/syslogd. You can set the parameter to the
number of lines (in thousands) to be retained from the previous OLDsyslog.log file. For example, to
retain 20,000 lines from the previous OLDsyslog.log file along with the contents of the previous
syslog.log in the present OLDsyslog.log, put PREV_OLDSYSLOG_LINES=20 in
/etc/rc.config.d/syslogd. By default PREV_OLDSYSLOG_LINES is set to 0.
HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 551
 syslogd(1M) syslogd(1M)

syslogd configures itself when it starts up and whenever it receives a hangup signal. Lines in the
configuration file consist of a selector to determine the message priorities to which the line applies and an
action. The action field is separated from the selector by one or more tabs.
Selectors are semicolon separated lists of priority specifiers. Each priority has a facility indicating the sub-
system that generated the message, a dot, and a level indicating the severity of the message. Symbolic
names can be used. An asterisk selects all facilities. All messages of the specified level or higher (greater
severity) are selected. More than one facility can be selected, using commas to separate them. For exam-
ple:
*.emerg;mail,daemon.crit
selects all facilities at the emerg level and the mail and daemon facilities at the crit level.
The known facilities and levels recognized by syslogd are those listed in syslog(3C) converted to lower-
case without the leading LOG_ . The additional facility mark has a message at priority LOG_INFO sent to
it every 20 minutes (this can be changed with the -m flag). The mark facility is not enabled by a facility
field containing an asterisk. The level none can be used to disable a particular facility. For example,
*.debug;mail.none
selects all messages except mail messages.
The second part of each line describes where the message is to be logged if this line is selected. There are
four forms:
• A file name (beginning with a leading slash). The file is opened in append mode. If the file does
not exist, it is created.
• A host name preceded by an @ character. Selected messages are forwarded to the syslogd on
the named host.
• A comma-separated list of users. Selected messages are written to those users’ terminals if they
are logged in.
• An asterisk. Selected messages are written to the terminals of all logged-in users.
Blank lines and lines beginning with a # character are ignored.
For example, the configuration file:
kern,mark.debug /dev/console
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root,eric,kridle
*.emerg *
*.emerg @admin
s logs all kernel messages and 20 minute marks onto the system console, all mail system messages to
/var/adm/syslog/mail.log, and all messages at info and above, except mail messages, to the file
/var/adm/syslog/syslog.log. Messages at alert and above are logged to the console and to the
users root , eric , and kridle if they are logged in. emerg messages are written to all logged-in users’
terminals, and forwarded to the host admin .
Only a superuser can invoke syslogd .

Notes
syslogd logs messages into a set of files. Once the size of a log file reaches 2 GB, syslogd stops log-
ging to that file. You can configure the maximum size of syslogd log files by setting the variable
LOG_SIZE in /etc/default/syslogd. The values of LOG_SIZE can be any positive integer
greater than 2, representing the maximum size of the file in GB. When LOG_SIZE=NOLIMIT, syslogd
uses the limit imposed by the file system on file size.
syslogd logs messages in a locale-independent fashion as a stream of bytes and will replace each newline
character in the message with a blank space except for the last newline character. Applications using the
services of syslogd can log messages in different locales. However, be careful when configuring sys-
logd so that messages from different locales do not get logged to the same log file.

552 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

syslogd(1M) syslogd(1M)

WARNINGS
A configuration file selector selects all messages at the specified level or higher. The configuration lines:
user.debug /tmp/logfile
user.info /tmp/logfile
cause the logfile to get two copies of all user messages at level info and above.
Kernel panic messages are not sent to syslogd .
All HP-UX kernel messages are treated as if they had the crit priority level.
If syslogd is invoked with the -D option and syslogd terminates abnormally, kernel messages will not
appear on the system console. In that case, reinvoke syslogd without the -D option to enable the kernel
to send its messages to the system console.
syslogd does not support logging to named pipes. Therefore, if a named pipe is specified in the
configuration file, the behavior of syslogd is undefined, and syslogd may lose messages if blocked or
terminated on a SIGPIPE .
syslogd does not support long user and group names on the current release, HP-UX 11i V3.
syslogd logs messages in a locale-independent fashion.
• syslogd assumes that ASCII control characters do not form intermediate bytes of the characters
of a multibyte locale.
• syslogd truncates the last character when the maximum length of the message LINE_MAX is
reached, even though it is a valid multibyte character.

AUTHOR
syslogd was developed by the University of California, Berkeley.
FILES
/dev/klog The kernel log device
/dev/log The named pipe on which syslogd reads log messages
/dev/log.un The UNIX domain socket on which syslogd reads log messages
/etc/syslog.conf Configuration file
/etc/default/syslogd Configuration file for maximum log size
/var/run/syslog.pid Process ID

SEE ALSO
logger(1), syslog(3C).

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 553

 talkd(1M) talkd(1M)

NAME
talkd - remote user communication server

SYNOPSIS
talkd
DESCRIPTION
Talkd is the server that notifies a user that someone wants to initiate a conversation. It acts as a reposi-
tory of invitations, responding to requests by clients wishing to initiate a conversation.
To initiate a conversation, the client (the talk command) sends a message of type LOOK_UP to the server
(see /usr/include/protocols/talkd.h). This causes the server to search its invitation table to
check if an invitation currently exists for the caller to talk to the callee specified in the message. If the
lookup fails, the caller then sends a message of type ANNOUNCE, which causes the server to display an
announcement on the callee’s terminal requesting contact.
When the callee responds, the local server uses the recorded invitation to respond with the appropriate ren-
dezvous address and the caller and callee client programs establish a stream connection through which the
conversation takes place.
To activate the talk service, the following entry must be added to the /etc/inetd.conf file:
ntalk dgram udp wait root /usr/lbin/ntalkd ntalkd
SEE ALSO
talk(1), write(1).

554 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

tcpd(1M) tcpd(1M)

NAME
tcpd - access control facility for internet services

DESCRIPTION
The tcpd program can be set up to monitor the incoming requests for telnet , finger , ftp , exec ,
rsh , rlogin , tftp , talk , and other services that have a one-to-one mapping onto executable files.
The program supports both 4.3BSD-style sockets and System V.4-style TLI. The functionality may be lim-
ited when the protocol underneath TLI is not an internet protocol.
The operation is as follows: Whenever a request for service is received, the inetd daemon runs the tcpd
program instead of the desired server. tcpd logs the request and checks its access control files for match-
ing (daemon, client) pair entries to either grant or deny access to the requested service. If access to the
requested service is granted, then tcpd runs the appropriate server program and exits. Configuration
parameters, such as logging behaviour, username lookup and reverse lookup failure behaviour can be
defined in the configuration file /etc/tcpd.conf. See tcpd.conf(4) for more details.
Features of tcpd are: pattern-based access control, client username lookups with the RFC 931 protocol,
protection against hosts that pretend to have someone else’s host name, and protection against hosts that
pretend to have someone else’s network address.

Logging
Connections monitored by tcpd are reported through the syslog(3C) facility. Each record contains a time
stamp, the client host name and the name of the requested service. The information can be used to detect
unwanted activities, especially when logfile information from several hosts is merged.
In order to find out where your information is logged, examine the syslog configuration file,
/etc/syslog.conf.
Access Control
tcpd supports a simple form of access control that is based on pattern matching. The access-control
software provides hooks for the execution of shell commands when a pattern fires. For details, see
hosts_access (5)).

Host Name Verification

The authentication scheme of some protocols (rlogin , rsh ) relies on host names. Some implementa-
tions trust the host name that they get from any random name server; other implementations are more
careful but use a flawed algorithm.
tcpd verifies the client host name returned by the "address to name" lookup on the client’s address. It
compares the client’s address with the address returned by the "resultant name to address" lookup. If any
discrepancy is detected, tcpd concludes that it is dealing with a host, which pretends to have someone
else’s host name.
If the configuration parameter on_reverselookup_fail in /etc/tcpd.conf is set to deny , then
tcpd will drop the connection in case of a host name/address mismatch. Otherwise, the hostname can be
matched with the PARANOID wildcard, after which suitable action can be taken.
t
Host Address Spooking
tcpd disables source-routing socket options on every connection that it deals with. This will take care of
most attacks from hosts that pretend to have an address belonging to someone else’s network. UDP ser-
vices benefit from this protection.
NOTE: This functionality is not applicable to IPv6 connections.

RFC 931
When RFC 931 lookup is enabled (in /etc/tcpd.conf) tcpd will attempt to establish the name of the
client user. This will succeed only if the client host runs an RFC 931-compliant daemon. Client user name
lookups will not work for datagram-oriented connections, and may cause noticeable delays in the case of
connections from PCs. The configuration file, /etc/tcpd.conf provides an option to set the time-out
value, within which tcpd should get the remote user name. See the tcpd.conf(4) for more information.

EXAMPLES
There are two ways to configure the system to monitor access to selected services via tcpd . The examples
below use the ftp and telnet daemon to demonstrate the two possible configurations.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 555

 tcpd(1M) tcpd(1M)

Example 1
Move the original daemon to the /usr/lbin/wrapper directory and install tcpd in place of the origi-
nal daemon. No changes are required to the inetd configuration file, /etc/inetd.conf.

# mkdir /usr/lbin/wrapper
# mv /usr/lbin/ftpd /usr/lbin/wrapper
# cp /usr/lbin/tcpd /usr/lbin/ftpd
Example 2
Edit the inetd configuration file as follows:
telnet stream tcp nowait root /usr/lbin/telnetd telnetd
becomes:
telnet stream tcp nowait root /usr/lbin/tcpd /usr/lbin/telnetd
Only the last component (telnetd ) of the pathname will be used for access control and logging.
Send a kill -HUP to the inetd process to make the changes effective.
If the above entry is specified without the absolute path of telnetd then tcpd looks for the telnetd
binary in /usr/lbin/wrapper directory.
NOTE: To apply the access control mechanism to IPv6 connections of a service, enable IPv6 connections for
that service in the /etc/inetd.conf file. Refer to the manpage inetd.conf(4) for more details.

WARNINGS
Some UDP (and RPC) daemons linger around for a while after they have finished their work, in case
another request comes in. In the inetd configuration file these services are registered with the wait
option. Only the request that started such a daemon will be logged.
The program does not work with RPC services over TCP. These services are registered as rpc/tcp in the
inetd configuration file. The only non-trivial service that is affected by this limitation is rexd , which is
used by the on command. On most systems, rexd is less secure than a wildcard in
/etc/hosts.equiv.
RPC broadcast requests (for example: rwall , rup , rusers ) always appear to come from the responding
host. What really happens is that the client broadcasts the request to all portmap daemons on its net-
work; each portmap daemon forwards the request to a local daemon. From daemon’s (like rwall ) point
of view, the request is coming from the local host.

AUTHOR
Wietse Venema ([email protected])
Department of Mathematics and Computing Science,
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
t FILES
The default locations of the host access control tables are:
/etc/hosts.allow (daemon,client) pairs that are granted access.
/etc/hosts.deny (daemon,client) pairs that are denied access.

SEE ALSO
inetd(1M), internet services daemon.
syslogd(1M), format of the syslogd control file.
inetd.conf(4), format of the inetd control file.
hosts_access (5), format of the tcpd access control tables.

556 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

telnetd(1M) telnetd(1M)

NAME
telnetd - TELNET protocol server

SYNOPSIS
/usr/lbin/telnetd [-A ] [-a authmode] [-b [bannerfile] ] [-e] [-f] [-n] [-s] [-t] [-y] [-z]
[-TCP_DELAY ]

DESCRIPTION
The telnetd daemon executes a server that supports the DARPA standard TELNET virtual terminal
protocol. The Internet daemon (inetd ) executes telnetd when it receives a service request at the port
listed in the services database for telnet using the tcp protocol (see inetd(1M) and services (4)).
telnetd operates by allocating a Telnet pseudo-terminal device (see tels(7)) for a client, then creating a
login process, which has the slave side of the Telnet pseudo-terminal as stdin , stdout , and stderr .
telnetd manipulates the master side of the Telnet pseudo-terminal, implementing the TELNET protocol,
and passing characters between the client and login process.
NOTE: telnetd no longer uses pty(7) devices; instead it uses special devices created for TELNET
sessions only. For more information, see tels(7).
When a TELNET session is started up, telnetd sends TELNET options to the client side, indicating a
willingness to do remote echo of characters, to suppress go ahead, and to receive terminal speed terminal
type, and authentication (if kerberos is enabled) information from the remote client. If the remote client is
ready, the remote terminal type is propagated in the environment of the created login process. The
pseudo-terminal allocated to the client is configured as a normal terminal for login, with the exception of
echoing characters (see tty(7)).
telnetd is willing to do: echo, binary, suppress go ahead, and timing mark.
telnetd is willing to have the remote client do: binary, flow control, terminal speed, terminal type,
suppress go ahead and authentication (if kerberos is enabled).
The flow control option permits applications running on a remote host to toggle the flow control on the local
host. To toggle flow control for a telnet session programmatically, the application program must first
call the tcgetattr function to get the current termios settings. For example,
tcgetattr(filedes, &termios_p)
Then, the c_iflag of the termios structure must have IXON set(reset) to enable(disable) flow control.
Finally, the tcsetattr function call can implement the change. For example,
tcsetattr(filedes, TCSANOW, &termios_p)
To toggle the flow control interactively, the user can issue a stty command using the input options
-ixon to disable, or ixon to enable flow control. See the stty(1) manpage.
The terminal speed option permits applications running on a remote host to obtain the terminal speed of
the local host session using either ioctl or stty.
The telnet server also supports the TAC User ID (also known as the TAC Access Control System, or
TACACS User ID) option using which, users telneting to two or more consenting hosts may avoid going
t
through a second login sequence. See the -t option below.
To start telnetd from the Internet daemon, the configuration file /etc/inetd.conf must contain an
entry as follows:
telnet stream tcp nowait root /usr/lbin/telnetd telnetd
The above configuration applies only for the IPv4 environment. For telnetd to work in the IPv6
environment, the configuration file /etc/inetd.conf must contain a tcp6 entry as follows:
telnet stream tcp6 nowait root /usr/lbin/telnetd telnetd
NOTE: The tcp entry has changed to tcp6 to work in the IPv6 environment.
telnet uses the same files as rlogin to verify participating systems and authorized users,
hosts.equiv and .rhosts . (See hosts.equiv(4) and the HP-UX System Administrator’s Guide for
configuration details.)

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 557

 telnetd(1M) telnetd(1M)

Options
telnetd has the following options.
-b [bannerfile] Specify a file containing a custom banner. This option overrides the standard tel-
netd login banner. For example, to use /etc/issue as the login banner, have
inetd start telnetd with the following lines in /etc/inetd.conf (\ provides
line continuation):
telnet stream tcp nowait root /usr/lbin/telnetd \
telnetd -b/etc/issue
To work in the IPv6 environment, the entry in /etc/inetd.conf would be:
telnet stream tcp6 nowait root /usr/lbin/telnetd \
telnetd -b/etc/issue
NOTE: tcp has changed to tcp6 for IPv6.
If bannerfile is not specified, telnetd does not print a login banner.
-e Invoke login with all the environment variables passed to telnetd.
-n Set the time-out value for the initial option negotiation in the /etc/inetd.conf
file as:
telnet stream tcp nowait root /usr/lbin/telnetd \
telnetd -n240
This option informs telnetd how long it should wait before timing out and exiting if
it does not receive either a positive or negative reply for any of the initial option nego-
tiations. The time-out value is measured in seconds. This option is set with integer
values. The values range between 1 and 21474836. The default value is 120 seconds.
There should not be any space between the -n option and the time-out value. For
example, -n240 .
To work in the IPv6 environment, the entry in /etc/inetd.conf would be:
telnet stream tcp6 nowait root /usr/lbin/telnetd \
telnetd -n240
NOTE: tcp has changed to tcp6 for IPv6.
-s This option allows users to set the BUFFERSIZE value. This option, when set,
informs telnetd the number of user bytes to concatenate before sending to TCP.
This option is set with integer values. There is no specified default.
-t Enable the TAC User ID option. The system administrator can enable the TAC User
ID option on servers designated as participating hosts by having inetd start tel-
netd with the -t option in /etc/inetd.conf:
telnet stream tcp nowait root /usr/lbin/telnetd telnetd -t
t To enable the TAC User ID option for IPv6, users must have inetd start telnetd
with the -t option in /etc/inetd.conf as shown below:
telnet stream tcp6 nowait root /usr/lbin/telnetd telnetd
-t
NOTE: tcp has changed to tcp6 for IPv6.
In order to make the TAC User ID option work as specified, the system administrator
must assign to all authorized users of the option the same login name and unique user
ID (UUID) on every participating system to which they are allowed TAC User ID
access. These same UUIDs should not be assigned to non-authorized users.
Users cannot use the feature on systems where their local and remote UUIDs differ,
but they can always use the normal telnet login sequence. Also, there may be a
potential security breach where a user with one UUID may be able to gain entry to
participating systems and accounts where that UUID is assigned to someone else,
unless the above restrictions are followed.
A typical configuration may consist of one or more secure front-end systems and a net-
work of participating hosts. Users who have successfully logged onto the front-end

558 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

telnetd(1M) telnetd(1M)

system may telnet directly to any participating system without being prompted for
another login.
-y Set the behavior for stty 0 to instruct telnetd to close the connection on the
shell command stty 0 or whenever the telnet client communicates with tel-
netd to arrive upon 0 baud rate for TELOPT_TERMSPEED.
-z This option allows users to set the BUFFERTIMEOUT value. This option, when set,
informs telnetd how long it should wait before timing out and flushing the con-
catenated user data to TCP. Note that the TIMEOUT value is measured in clock ticks
(10 ms) and not in seconds. This option is set with integer values. There is no
specified default.
-TCP_DELAY This option allows the users to disable the TCP_NODELAY socket option. When
telnetd is invoked with this option, small writes over telnetd may concatenate
at the tcp level so that larger tcp packets are sent to the client at less frequent inter-
vals.
NOTE: Using the -TCP_DELAY option with the -z and -s options is not recom-
mended.
To configure telnetd to use the -TCP_DELAY option, the entry in /etc/inetd.conf would be:
telnet stream tcp nowait root /usr/lbin/telnetd telnetd -TCP_DELAY
To work in the IPv6 environment using the -TCP_DELAY option, the entry in /etc/inetd.conf
would be:
telnet stream tcp6 nowait root /usr/lbin/telnetd telnetd -TCP_DELAY
NOTE: tcp has changed to tcp6 for IPv6.
To configure telnetd to have a BUFFERSIZE of 100 bytes and a BUFFERTIMEOUT of 100 ticks, the
entry in /etc/inetd.conf would be:
telnet stream tcp nowait root /usr/lbin/telnetd telnetd -s100 -z100
To work in the IPv6 environment, the entry in /etc/inetd.conf would be:
telnet stream tcp6 nowait root /usr/lbin/telnetd telnetd -s100 -z100
NOTE: tcp has changed to tcp6 for IPv6.

Kerberos-specific Options
In Kerberos mode, inetd can start telnetd with the following lines in /etc/inetd.conf:
telnet stream tcp nowait root /usr/lbin/telnetd telnetd -A
or
telnet stream tcp nowait root /usr/lbin/telnetd telnetd -a valid
The -A option is used to ensure that non-secure systems are denied access to the server. It overrides any
value specified with the -a option except when authmode is debug . See the sis(5) manpage. t
The -a authmode option specifies what mode is to be used for Kerberos authentication. See the sis(5)
manpage. Values for authmode are:
debug Activates authentication debugging.
valid Default value. Only allows connections when the remote user can provide valid Kerberos
authentication information and is authorized to access the specified account.
none Authentication information is not required. If no or insufficient Kerberos authentication
information is provided, the login program provides the necessary user verification. See
the login(1) manpage.
The -f option instructs telnetd to use the normal authentication mode whenever the telnet client com-
municates NULL type in the authentication option negotiation.
By default, the telnet server provides remote execution facilities with authentication based on Kerberos
V5. See the sis(5) manpage.

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 559

 telnetd(1M) telnetd(1M)

DIAGNOSTICS
If any error is encountered by telnetd in establishing the connection, an error message is returned
through the connection, after which the connection is closed and the server exits. Any errors generated by
the login process or its descendents are passed through as ordinary data.
The following diagnostic messages are displayed by telnetd :
unable to allocate Telnet device
The server was unable to obtain a Telnet pseudo-terminal for use with the login process. Either
all Telnet pseudo-terminals were in use or the telm driver has not been properly set up (see
tels(7)).
Next step: Check the Telnet pseudo driver configuration of the host where telnetd is execut-
ing.
fork: No more processes
telnetd was unable to fork a process to handle the incoming connection.
Next step: Wait a period of time and try again. If this message persists, the server’s host may
have runaway processes that are using all the entries in the process table.
/usr/bin/login: ...
The login program could not be started via exec * () for the reason indicated (see exec(2)).

WARNINGS
The terminal type name received from the remote client is converted to lowercase.
telnetd never sends TELNET go ahead commands.
AUTHOR
telnetd was developed by the University of California, Berkeley.
SEE ALSO
login(1), rlogin(1), stty(1), telnet(1), inetd(1M), inetsvcs_sec(1M), exec(2), ioctl(2), hosts(4), hosts.equiv(4),
inetd.conf(4), inetd.sec(4), services(4), sis(5), pty(7), tels(7), tty(7).
DOD MIL_STD 1782.
RFC 854 for the TELNET protocol specification.

560 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

tftpd(1M) tftpd(1M)

NAME
tftpd - trivial file transfer protocol server

SYNOPSIS
/usr/lbin/tftpd [-l ] [-R retran-seconds] [-r blksize |timeout |tsize ] [-s]
[-T total-seconds] [-L port] [-U port] [path ...]

DESCRIPTION
tftpd is a server that supports the Internet Trivial File Transfer Protocol (RFC783). The TFTP server
operates at the port indicated in the tftp service description (see services (4)). The server is normally
started by inetd using the /etc/inetd.conf file (see inetd(1M) and inetd.conf(4)).

Options
tftpd supports the following options:
-l This option writes the debugging information into the syslog file.
-R This option specifies the per-packet retransmission timeout, in seconds. The default value
is 5 seconds.
-r blksize |timeout |tsize
This option disables the client side options: blksize (blocksize),
timeout (retransmission timeout), and tsize (transfer file size) individually. By
default, these options are enabled. For example, to disable timeout negotiation between a
client and the server, start the server with the following command:
tftpd -r timeout
-s This option enables tftpd to work in the Service Guard environment. This option is
required for some tftp clients. These clients reject the tftp reply received from a
different IP address than the one requested when the server’s interface is configured with
an alias IP address.
-T This option specifies the total retransmission timeout, in seconds. The default value is 25
seconds.
-L port This option specifies the lower limit of the port range for data transfer.
-U port This option specifies the upper limit of the port range for data transfer.
NOTE: The NDD tunables should be considered before defining the -L and -U options. If
the -L option is defined without using the -U option, the upper limit is set to 65535. If the
-U option is defined without using the -L option, the lower limit is set to 1024.
The path parameter has the following effects:
• tftpd operates in either of two modes or their combination. The first mode requires a defined
home directory for the pseudo-user tftp , and looks for files relative to that path. The second mode
requires one or more paths be specified on the command line, and allows access only to files whose
paths match or begin with one of the command line specifications. The first mode is backward-
compatible with previous releases of HP-UX and supports somewhat tighter security. The second
t
mode is compatible with other vendors’ implementations of tftpd and allows greater flexibility in
accessing files.
• If no path is specified on the command line, tftpd requires an entry in the /etc/passwd data-
base (see passwd(4)) for an account (pseudo-user) named tftp . The password field should be *, the
group membership should be guest , and the login shell should be /usr/bin/false. For exam-
ple (assuming the guest group ID is 101):
tftp:*:510:101:tftp server:/home/tftpdir:/usr/bin/false
tftpd uses a call to chroot() to change its root directory to be the same as the home directory of
the pseudo-user tftp . This restricts access by tftp clients to only those files found below the
tftp home directory (see chroot(2)). Furthermore, tftp clients can only read files in that directory
if they are readable by the pseudo-user tftp , and tftp clients can only write files in that directory
if they exist and are writable by the pseudo-user tftp .
• If any path is specified on the command line, tftpd does not require that a pseudo-user named
tftp exist in /etc/passwd . The specified paths control access to files by tftp clients. Each
path is treated as being relative to / (not the tftp home directory), and can be either a directory or

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 561

 tftpd(1M) tftpd(1M)

a file. tftpd disallows a client access to any file that does not match entirely or in its initial com-
ponents one of the restriction paths. It also disallows access to any file path containing ‘‘.. ’’. How-
ever, an accessed file can be a symbolic link that points outside the set of restricted paths.
• If any path is specified on the command line and the tftp home directory is defined and is not /,
tftpd first looks for a file relative to (under) the home directory. If the file is not found there, then
tftpd looks for the file relative to / with path restrictions applied. Thus if two files with the same
name can be found in both locations, tftpd accesses the one under tftp ’s home directory.
Note that inetd allows continuation of command lines in inetd.conf by ending continued lines with a
backlash.
Defining the tftp pseudo-user is strongly recommended even when paths are specified, because client
access is further restricted to files that can be read and/or written by this pseudo-user. It is safe to set the
tftp pseudo-user’s home directory to / in this case.
DIAGNOSTICS
The following diagnostics are logged to the syslogd facility at the err log level (see syslogd(1M)).
No security mechanism exists
The pseudo-user tftp was not found in the password database (/etc/passwd ), and tftpd
was invoked without any path arguments.
Add or correct the entry for the pseudo-user tftp in the password database /etc/passwd .
Or, add an access list (path arguments) to the tftpd arguments in the inetd configuration file
/etc/inetd.conf. Reconfigure inetd with the command inetd -c.
Unknown option option ignored
An invalid option was specified in the tftpd arguments in the inetd configuration file
/etc/inetd.conf.
Remove or correct the option. Restart inetd with the command inetd -c .
Invalid total timeout value
The value given for the -T option was not a number or was a negative number.
Correct the value given for the -T option. Reconfigure inetd with the command inetd -c .
Invalid retransmission timeout value
The value given for the -R option was not a number or was a negative number.
Correct the value given for the -R option. Reconfigure inetd with the command inetd -c .
system call :
The named system call failed. See the corresponding manual entry for a description of the sys-
tem call. The reason for the failure is explained in the error message appended to the system
call.

WARNINGS
When invoked with no path arguments, tftpd cannot follow symbolic links that refer to paths outside of
t the home directory of the pseudo-user tftp , because it performs a chroot() .

AUTHOR
tftpd was developed by the University of California, Berkeley, and Hewlett-Packard.
SEE ALSO
tftp(1), inetd(1M), syslogd(1M), chroot(2), inetd.conf(4), passwd(4).

STANDARDS CONFORMANCE
tftpd : RFC783, RFC2347, RFC2348, RFC2349.

562 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

tic(1M) tic(1M)

NAME
tic - terminfo compiler

SYNOPSIS
tic [-v [n]] [-c] file ...
DESCRIPTION
tic translates terminfo files from source format into the compiled format. Results are placed in the direc-
tory /usr/share/lib/terminfo.
-vn Specifies that (verbose) output be written to standard error trace information showing tic’s pro-
gress. The optional integer n is a number from 1 to 10, inclusive, indicating the desired level of
detail of information. If n is omitted, the default level is 1. If n is specified and greater than 1,
the level of detail is increased.
-c Specifies to check only file for errors. Errors in use=links are not detected.
tic compiles all terminfo descriptions in the given files. When a use= field is discovered, tic searches
first the current file, then the master file which is ./terminfo.src.
If the environment variable TERMINFO is set, the results are placed in the location specified by TER-
MINFO instead of in /usr/share/lib/terminfo.
Limitations: total compiled entries cannot exceed 4096 bytes. The name field cannot exceed 128 bytes.

FILES
/usr/share/lib/terminfo/?/* compiled terminal capability data base

SEE ALSO
untic(1M), terminfo(4), captoinfo(1M).

BUGS
Instead of searching ./terminfo.src, tic should check for an existing compiled entry.

STANDARDS CONFORMANCE
tic : SVID2, SVID3

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 563

 tsm.lpadmin(1M) tsm.lpadmin(1M)

NAME
tsm.lpadmin - add or remove a printer for use with tsm

SYNOPSIS
/usr/tsm/bin/tsm.lpadmin -p printer -m model
/usr/tsm/bin/tsm.lpadmin -x printer
DESCRIPTION
tsm.lpadmin is used to add (or remove) a printer to the LP spooling system when the printer is con-
nected to the system through a terminal running the Terminal Session Manager (see tsm(1)).
tsm.lpadmin is a shell script that uses lpadmin in the normal way but also creates a named pipe to
which LP output is directed (see lpadmin(1)). This named pipe is opened by TSM and data flowing from it
is sent to the printer through the terminal.

Options
tsm.lpadmin recognizes the following options:
-p printer Names a printer to be created with an associated pipe. If -p is used, -m must also be
specified.
-m model Selects a model interface program for printer. model is one of the model interface
names supplied with the LP software (see the Models topic in the lpadmin(1)) manual
entry. If -m is used, -p must also be specified.
-x printer Removes printer from the LP system. No other options are allowed with -x .

Restrictions
To use tsm.lpadmin you must be user lp or root .

AUTHOR
tsm.lpadmin was developed by HP.
FILES
/var/spool/lp/tsm.pipes/*
SEE ALSO
lpadmin(1M), tsm(1).

564 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

tunefs(1M) tunefs(1M)

NAME
tunefs - tune up an existing HFS file system

SYNOPSIS
/usr/sbin/tunefs [-A] [-v] [-a maxcontig ] [-d rotdelay ] [-e maxbpg ] [-m minfree ]
[-r advanced read-ahead ] special-device

DESCRIPTION
The tunefs command is used to alter dynamic parameters that affect HFS file system layout policies.
Parameters to be altered are specified by the options and arguments provided on the command line as
described below.
tunefs affects how the file system blocks are laid out on the disk. The default rotdelay value set by the
newfs and mkfs commands (see newfs(1M) and mkfs(1M)) is 0 milliseconds, causing file system blocks to
be written and read consecutively. In general, this should be the optimal tuning, making the use of
tunefs -d unnecessary.
Options
tunefs recognizes the following options and command-line arguments:
-a maxcontig Set the maximum number of contiguous blocks that will be laid out before forcing a
rotational delay to maxcontig (see -d below). The default value is 1, because most
device drivers require one interrupt per disk transfer. For device drivers that can
chain several buffers together in a single transfer, set maxcontig to the maximum
chain length.
-d rotdelay rotdelay is the expected time (in milliseconds) to service a transfer completion inter-
rupt and initiate a new transfer on the same disk. It is used to determine how much
rotational spacing to place between successive blocks in a file.
-e maxbpg maxbpg specifies the maximum number of blocks any single file can allocate out of a
cylinder group before it is forced to begin allocating blocks from another cylinder
group. Typically this value is set to about one fourth of the total blocks in a cylinder
group. The intent is to prevent any single file from using up all the blocks in a single
cylinder group, thus degrading access times for all files subsequently allocated in that
cylinder group. The effect of this limit is to cause large files to do long seeks more fre-
quently than if they were allowed to allocate all the blocks in a cylinder group before
seeking elsewhere. For file systems with exclusively large files, this parameter should
be set higher.
-m minfree minfree specifies the percentage of space that is not available to normal users; i.e., the
minimum free space threshold. The default value used is 10%. This value can be set
to zero. If set to zero, throughput performance drops to as little as one-third of the
efficiency expected when the threshold is set at 10%. Note that if minfree is raised
above the current usage level, users cannot allocate files until enough files have been
deleted to meet the new threshold requirement.
-r advanced read-ahead t
Advanced read-ahead specifies whether the file system should use an advanced predic-
tive read-ahead algorithm. The implementation requires more system resources in
exchange for an advanced access pattern recognition. Patterns include forward
sequential, backward sequential, forward strided, and backward strided. This value
can be set to zero (disable) or one (enable). By default, a file system will have
advanced read-ahead enabled when created.
-v (visual) Display current values contained in the primary super-block to standard out-
put.
-A (all) Modify redundant super-blocks as well as the primary super-block as stipulated
by the configuration options and arguments.
special-device is the name of the file system to be tuned. It is either a block or character special file
if the file system is not mounted, or a block special file if the file system is mounted.

WARNINGS
Root file system tuning is normally done during initial system software installation. Tuning the root file
system after installation has little useful effect because so many files have already been written.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 565

 tunefs(1M) tunefs(1M)

AUTHOR
tunefs was developed by the University of California, Berkeley.
SEE ALSO
dumpfs(1M), mkfs(1M), newfs(1M).

566 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

udpublickey(1M) udpublickey(1M)

NAME
udpublickey - update the publickey database file and the NIS map

SYNOPSIS
udpublickey
Remarks
The Network Information Service (NIS) was formerly known as Yellow Pages (yp). Although the name has
changed, the functionality of the service remains the same.

DESCRIPTION
udpublickey is executed from the updaters(1M) makefile when either newkey or rpc.ypupdated
updates the /etc/publickey database file.
udpublickey receives the following information from newkey or rpc.ypupdated:
Requestor’s name (a string)
Type of update
Number of bytes in key
Key
Number of bytes in data
Data
After receiving this information, udpublickey attempts to update the publickey database file,
/etc/publickey.
If the update is successful, udpublickey makes the NIS map, publickey.byname.
If the update is completely successful, udpublickey exits with a zero (0) status; otherwise udpub-
lickey exits with a valid NIS error.
This command should not be run interactively.
AUTHOR
udpublickey was developed by Sun Microsystems, Inc.
FILES
/etc/publickey
SEE ALSO
newkey(1M), rpc.ypupdated(1M), updaters(1M), publickey(4).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 567

 ugweb(1M) ugweb(1M)

NAME
ugweb - starts the HP-UX User and Group Account Configuration tool

SYNOPSIS
ugweb [ -F ] [ -b ]
ugweb -t
DESCRIPTION
The HP-UX User and Group Account Configuration tool (ugweb ) is used to manage user accounts and
group accounts on the local system. This tool can also be used to manage user accounts on a NIS system.
The HP-UX User and Group Account Configuration tool provides both Web-based and terminal user inter-
face. The Web-based interface is launched through the HP System Management Homepage.
Superuser privileges are required to access the HP-UX User and Group Account Configuration tool. A user
who does not have superuser privileges has read-only access to the Local Users, NIS Users and Groups
areas in the HP-UX User and Group Account Configuration tool and cannot modify local user accounts,
group accounts and NIS User accounts.
An attempt will be made to connect to a Mozilla/Netscape Web browser running on the X server defined by
the DISPLAY environment variable. If a running Mozilla/Netscape client is found, it will be used; other-
wise, a new Mozilla/Netscape session will be initiated. This will only happen if the Mozilla/Netscape pro-
cess is running in the same system as that referenced by the DISPLAY variable, unless the -F option is
used.
Note: By default, the HP-UX User and Group Account Configuration tool (ugweb ) invokes the Mozilla
Web browser. If you want to support any other browser (Netscape), set the BROWSER environment vari-
able as shown below:
export BROWSER=/opt/netscape/netscape
The terminal user interface is invoked if any of the following conditions are true:
• The command /usr/sbin/ugweb is invoked with the -t option.
• The DISPLAY environment variable is not set.
The Web-based interface is launched if all the following conditions are true:
• The command /usr/sbin/ugweb is invoked with the -F option.
• The DISPLAY environment variable is set.
• The command /opt/hpsmh/lbin/samweb is available on the system.
If the Web-based interface cannot be launched, ugweb invokes the terminal user interface.

Options
ugweb recognizes the following options:
-F Forces a client browser to be used in less secure ways.
The -F option forces the client browser to be used or started, even when the X-traffic
u between the X-server and the Mozilla browser is not secure.
Use this option only when you are sure the network traffic between the host where Mozilla is
running and the host in the DISPLAY variable is secure.
If ugweb cannot start the Web browser, the terminal interface is started.
When the HP-UX User and Group Account Configuration Web interface is invoked by SAM,
the -F option is used.
-b If a privileged user (root) executes the ugweb command with the -b option, a temporary
login bypass key is generated. The bypass key enables the user to access the Web interface
without having to provide login information again.
When the HP-UX User and Group Account Configuration interface is started by SAM, the -b
option is used.
-t Launches the terminal interface for managing local users, NIS users and groups regardless of
the current setting of the DISPLAY environment variable.

568 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

ugweb(1M) ugweb(1M)

Note: You can also start the HP-UX User and Group Account Configuration tool using one of the following
methods:
• Run /usr/sbin/sam and select the User and Group Account Configuration (Web-based Inter-
face) to launch the Web-based tool.
• Start the HP-UX User and Group Account Configuration tool Web interface by typing the URL
http:// hostname :2301/ug/ug.cgi in the address bar of your browser, where hostname is
the name of the server.
• Launch the HP-UX Systems Insight Manager on the server and select the User and Group Account
Configuration tool from the Configure -> HP-UX Configuration menu.
Online Help
After the HP-UX User and Group Account Configuration tool is started, the online help provides details on
how to use the tool.

RETURN VALUES
Upon completion, ugweb returns one of the following values:
0 Successful
1 An error occurred

AUTHOR
ugweb was developed by Hewlett-Packard.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 569

 unshare(1M) unshare(1M)

NAME
unshare - make local resource unavailable for mounting by remote systems

SYNOPSIS
/usr/sbin/unshare [-F FSType] [pathname  resourcename]
DESCRIPTION
The unshare command makes a shared local resource unavailable as file system type FSType.
If the option -F FSType is omitted, then the first file system type listed in /etc/dfs/fstypes file will
be used as the default.
Specific_options, as well as the semantics of resourcename, are specific to particular distributed file sys-
tems. For example, see share_nfs(1M) for details on options for shared NFS file systems.
If pathname or resourcename is not found in the shared information, an error message will be sent to stan-
dard error.

Options
unshare recognizes the following options:
-F FStype Specify the file system type.
FILES
/etc/dfs/fstypes file that registers distributed file system packages
/etc/dfs/sharetab system record of shared file systems
AUTHOR
unshare was developed by Sun Microsystems, Inc.
SEE ALSO
share(1M), shareall(1M), fstypes(4), sharetab(4).

570 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

unshare_nfs(1M) unshare_nfs(1M)

NAME
unshare_nfs - make local NFS file systems unavailable for mounting by remote systems

SYNOPSIS
/sbin/fs/nfs/unshare [-F nfs ] pathname
DESCRIPTION
The unshare command makes local file systems unavailable for mounting by remote systems. The
shared file system must correspond to a line with NFS as the FSType in the /etc/dfs/sharetab file.

Options
The following options are supported:
-F This option may be omitted if NFS is the first file system type listed in the file
/etc/dfs/fstypes.
EXAMPLES
If the file system being unshared is a symbolic link to a valid pathname, the canonical path (the path which
the symbolic link follows) will be unshared.
For example, if /export/foo is a symbolic link to /export/bar (/export/foo ->
/export/bar ), the following unshare command will result in /export/bar as the unshared path-
name (and not /export/foo ):
example# unshare -F nfs /export/foo
FILES
/etc/dfs/fstypes file that registers distributed file system packages
/etc/dfs/sharetab system record of shared file systems

AUTHOR
unshare_nfs was developed by Sun Microsystems, Inc.
SEE ALSO
share(1M), fstypes(4), sharetab(4).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 571

 untic(1M) untic(1M)

NAME
untic - terminfo de-compiler

SYNOPSIS
untic [term] [-f file]
DESCRIPTION
untic translates a terminfo file from the compiled format into the source format. If the environment
variable TERMINFO is set to a path name, untic checks for a compiled terminfo description of the termi-
nal under the path specified by TERMINFO before checking /usr/share/lib/terminfo. Otherwise,
only /usr/share/lib/terminfo is checked.
Normally untic uses the terminal type obtained from the TERM environment variable. With the term
(terminal type) argument, however, the user can specify the terminal type used.
With the file argument the user can specify the file used for translation. This option bypasses the use of the
TERM and TERMINFO environment variables.
untic sends the de-compiled terminfo description result to standard output.
AUTHOR
untic was developed by HP.
FILES
/usr/share/lib/terminfo/?/* compiled terminal capability data base

SEE ALSO
tic(1M), terminfo(4).

572 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

update-ux(1M) update-ux(1M)

NAME
update-ux - updates the HP-UX operating system from new HP-UX media

SYNOPSIS
update-ux [-i] [-p] [-v] -s source_location [-? ] [-x option=value] [-f software_file]
[sw_selections]...

DESCRIPTION
The update-ux command updates the HP-UX operating system to a newer version.
Use update-ux when updating the operating system (OS), and installing or changing operating environ-
ments (OEs). update-ux works only with source depots containing the OS and OEs such as HP-UX 11i
OE DVDs. When using other non-OE media as the source (such as AR), use swinstall(1M) instead.
update-ux will always attempt to update the OS. In order to update a system successfully, an Operat-
ing Environment must exist in the source. A bundle name does not need to be specified on the command
line. By default, update-ux will install the software from the source that matches and updates the software
that is installed on the system. However, if a system does not contain a previous version of an OE, one
must be specified on the command line or in the interactive Terminal User Interface (TUI).
If the current OS is 11.11 or 11.22 , first install update-ux onto the existing system. For example:
swinstall -s source_location Update-UX
where source_location is the path to a depot containing the 11i Update-UX product.
Options
update-ux supports these options:
-i Perform the OE update in the interactive terminal user interface (TUI). For
more information, see the swm(1M) manpage.
-p Previews an update task by running the session through the analysis phase only.
-v Turns on verbose output to stdout. (The swm logfile is not affected by this
option).
-s source_location Specify the source location. Possible locations are a local directory, a mounted
DVD containing an SD depot, or a remote machine and depot combination. If
source_location is a DVD, update-ux expects to install from one DVD. If
source_location is a remote machine and depot combination, the remote machine
should be specified first, followed by the absolute path to the remote depot,
separated by a colon with no spaces; for example: swperf:/var/spool/sw.
-? Print the usage statement.
-x option =value Set swm(1M) options.
-f software_file Read the list of sw_selections from software_file instead of (or in addition to) the
command line.
sw_selections Software selections support the same syntax as the SD commands plus the syn-
tax outlined in Software Selections below (see swinstall(1M) for details on SD’s
supported syntax). u
Software Selections
In addition to the SD syntax, the following syntax is supported for sw_selections:
bundle[,version ]
product[.subproduct][.fileset][,version ]
!selection
[bundle]/[%match]
pattern-matching-expression
Where version can be:
[,r <op> revision][,a <op> arch][,v <op> vendor]
[,c <op> category ][,q= qualifier][,l= location]
[,fr <op> revision][,fa <op> arch]
HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 573
 update-ux(1M) update-ux(1M)

Where op can be:

=, ==, >=, <=, <, >, or !=
The = (equals) relational operator lets you specify selections with the shell wildcard and pattern-matching-
expressions:
[ ], *, ?
The syntax !selection causes that selection to be deselected even if it was listed on the command line as
part of other selections.
RETURN VALUE
The update-ux command returns a value when it is not successful:
1 Error during execution; update aborted.
DIAGNOSTICS
Standard Output:
An update-ux session writes messages for significant events, including:
• Begin-session and end-session messages.
• Major task messages.
Logging:
Errors are recorded in: /var/adm/sw/update-ux.log and /var/adm/swm/swm.log.

EXAMPLES
To update from the OE depot on an HP-UX 11i OE DVD mounted at /dvd , enter:
/usr/sbin/update-ux -s /dvd HPUX11i-OE
The example above updates the HP-UX 11i Operating Environment (OE).
To install all bundles and products in sw_server that match and update software that is installed on the sys-
tem:
/usr/sbin/update-ux -s sw_server:/depot/oes
Which is equivalent to:
/usr/sbin/update-ux -s sw_server:/depot/OEs /%match
The syntax /%match selects all software in the source that matches what is already installed on the
system.
To select only software in HPUX11i-OE that matches the software on the target system:
/usr/sbin/update-ux -s sw_server:/depot/OE HPUX11i-OE/%match
The syntax bundle/%match selects only software in the specified bundle that matches what is
already installed on the system.
To update to HPUX11i-OE and include the HP-UX Bastille Security Configuration bundle:
/usr/sbin/update-ux -s /dvdrom HPUX11i-OE Sec30DMZ
u To interactively select software for an update, use the -i option:
/usr/sbin/update-ux -s sw_server:/depot/OEs -i
To update the operating environment (OE), explicitly to the MCOE:
/usr/sbin/update-ux -s sw_server:/depot/oes HPUX11i-OE
To update all the software that is part of the OE except Mozilla:
/usr/sbin/update-ux -s /var/spool/sw !MOZILLA
To select all of HPUX11i-OE except for Perl, which is part of HPUX11i-OE, you could specify the following:
/usr/sbin/update-ux -s /depot/OE HPUX11i-OE !Perl
The only exception to this is if the selection is in the Operating Environment’s required contents list,
in which case it cannot be deselected without deselecting all of the Operating Environment. Note that
deselections have precedence over selections. Thus the order is not important. The example above
would be the same as the following command:

574 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

update-ux(1M) update-ux(1M)

/usr/sbin/update-ux -s /depot/OE !Perl HPUX11i-OE

AUTHOR
update-ux was developed by HP.
FILES
/usr/sbin/update-ux The update-ux command.
/var/adm/swm/swm.log The swm log file.
/var/adm/sw/update-ux.log The update-ux log file.
SEE ALSO
swm(1M), swinstall(1M).
These manuals are available on the HP-UX 11i Instant Information CD and at http://docs.hp.com/:
• HP-UX 11i Installation and Update Guide
• Software Distributor Administration Guide
• Managing Systems and Workgroups
• Managing Superdome Complexes

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 575

 updaters(1M) updaters(1M)

NAME
updaters - configuration file for NIS updating

SYNOPSIS
updaters
Remarks
The Network Information Service (NIS) was formerly known as Yellow Pages (YP). The functionality of the
two remains the same; only the name has changed.

DESCRIPTION
updaters is a makefile used for updating the Network Information Service (NIS) databases. Databases
can be updated only if the network is secure, that is, only if there is a NIS publickey database (
publickey.byname). The default updaters script will update only the publickey.byname map.
An entry in the file is a make target for a particular NIS database. For example, if you wanted to add
passwd.byname to this script, you would create a make target named passwd.byname with the com-
mand to update that database. See udpublickey(1M).
The information necessary to make the update is passed to the update command through standard input.
The information passed is described below. All items are followed by a NEW LINE except for Actual bytes
of key and Actual bytes of data.
Network name of client wishing to make the update (a string)
Kind of update (an integer)
Number of bytes in key (an integer)
Actual bytes of key
Number of bytes in data (an integer)
Actual bytes of data
After receiving this information through standard input, the command to update the particular database
should decide whether the user is allowed to make the requested change.
If not, the command should exit with the status YPERR_ACCESS .
If the user is allowed to make the change, the command should make the change and exit with a status of
zero.
If there are any errors that may prevent the updater from making the change, it should exit with the
status that matches a valid NIS error code described in <rpcsvc/ypclnt.h>.

AUTHOR
updaters was developed by Sun Microsystems, Inc.
SEE ALSO
make(1), newkey(1M), rpc.ypupdated(1M), udpublickey(1M), publickey(4).

576 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

ups_mond(1M) ups_mond(1M)

NAME
ups_mond - HP PowerTrust Uninterruptible Power System monitor daemon

SYNOPSIS
/usr/lbin/ups_mond [-f configfile ] [-s ] [-t ]
DESCRIPTION
When it detects a loss of AC power for a period of time exceeding a configured limit, ups_mond ensures
file system integrity by shutting down HP-UX. To do this, ups_mond uses the device special files specified
in its configuration file (/etc/ups_conf by default) to monitor the state of each HP PowerTrust Unin-
terruptible Power System (UPS) attached to the system.
Use the -f option to specify a configuration file other than /etc/ups_conf. See ups_conf(4) for a
description of the configuration file format.
By default, ups_mond is locked into memory (see plock(2)). That is, ups_mond is not swappable.
Although extreme caution is required, you can make ups_mond swappable if all swap disks are powered
by an uninterruptible power system (assured to have power when the primary power source fails). To
make ups_mond swappable, use the -s option.
When ups_mond is forced to shutdown the system, it executes the /sbin/shutdown command with
real-time priority (default behavior). ups_mond can be configured to execute /sbin/shutdown com-
mand with a timeshare (non-real-time) priority by using the -t option.
ups_mond is started by init (see init(1M)) by means of an entry in the file /etc/inittab (see init-
tab(4)). The inittab entry uses the respawn option to automatically restart ups_mond if
ups_mond is terminated by the kill command (see kill(1)). This entry should follow the entry:
sqnc::wait:/sbin/rc </dev/console >/dev/console 2>&1
# system initialization
so that ups_mond is started after the system logging daemon (syslogd ). It should also be run with
real-time priority to assure its execution (see rtprio(1)).
ups_mond logs messages, and when appropriate invokes /sbin/shutdown using the -h option, or
/usr/sbin/reboot. For each configured UPS, ups_mond can be instructed (in /etc/ups_conf)
to log messages only, without taking shutdown or reboot action. See MSG_ONLY in ups_conf(4). By
default ups_mond performs the shutdown and reboot actions.
Note that when the shutdown is performed, UPSs that have lost AC line voltage will be turned off once the
shutdown_timeout_mins time has expired (see ups_conf(4)). By default the system will power on when the
AC line voltage is restored. The kill_after_shutdown line can be added to ups_conf to tell the UPS not to
come back up when AC line voltage is restored (see ups_conf(4)).
ups_mond uses the syslog message logging facility to log these occurrences (see syslog(3C)). Messages
are written to the console if ups_mond is unable to send them to syslogd . Critical messages (see
DIAGNOSTICS section) are also sent to the console.

RETURN VALUE
ups_mond returns the following values:
zero (0) Successful Completion u
non-zero Error encountered. See ERRORS below.

EXAMPLES
The entry in /etc/inittab should be similar to this:
ups::respawn:rtprio 0 /usr/lbin/ups_mond -f /etc/ups_conf
DIAGNOSTICS
Messages resulting from normal operation:
UPS Monitor daemon starting; using configuration file <configfilename >.
UPS <tty special file name > OK: AC Power back on.
AC Power to all recognized, system critical UPS’s OK! System will
not shutdown.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 577

 ups_mond(1M) ups_mond(1M)

Messages resulting in exit of daemon:

usage: ups_mond [-f configfile].
cannot exec /usr/lbin/ups_mond -f <configfilename > -e ups_monchild due to
<error >.
permission denied; must be superuser.
exiting; unable to lock process in memory: <errno >.
aborted, configfile <configfilename > open received error: <errno >.
aborted, configfile <configfilename > fseek error: <errno >.
aborted, malloc error: <errno >.
terminated by signal <decimal value of signal >.
Messages for which shutdown might be run (depends on UPS configuration):
UPS <tty special file name > AC POWER FAILURE - running on UPS battery.
If power is not returned within previously configured time period,
your system will automatically go to graceful shutdown.
If power is not returned within previously configured time period,
your system will automatically go to graceful shutdown. System will
not come back up after shutdown.
Messages for which reboot might be run (depends on UPS configuration):
UPS <tty special file name > battery low.
UPS <tty special file name > no output - either switch setting wrong on UPS
or bad UPS.
UPS <tty special file name > failed - requires repair.
UPS <tty special file name > current overload; UPS turned itself off - either
UPS bad or too many devices connected.
UPS <tty special file name > ambient temperature too high; UPS turned itself
off - reduce heat in area.
UPS <tty special file name > output voltage too high; UPS turned itself off -
requires repair.
UPS <tty special file name > output voltage too low; UPS turned itself off -
requires repair.
cannot exec shutdown due to <errno >.
The above messages are followed by the following message:
reboot -halt invoked due to UPS error cited in previous syslog mes-
sage.
u Messages that are only logged (no shutdown /reboot action is taken):
warning - no upstty: UPS’s found in configfile <configfilename >; daemon
running for no purpose.
warning - shutdown delay or shutdown timeout parameter in configfile
<configfilename > missing or not greater than zero; using default.
UPS <tty special file name > in bypass-mode; no AC Power-loss protection.
UPS <tty special file name > interrupted, but read of ups status failed -
possible UPS hardware problem.
upstty <tty special file name > failed open: <errno >; ignoring that tty and
continuing.
UPS <tty special file name > ioctl(TCGETA) failed: <errno >; ignoring that UPS.
UPS <tty special file name > ioctl(TCSETAF) failed <errno >; ignoring that UPS.

578 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

ups_mond(1M) ups_mond(1M)

UPS <tty special file name > line too noisy; ignoring that UPS.
UPS <tty special file name > could not enable; loss of power would not be
detectable.
UPS <tty special file name > read failed: <errno >; Uninterruptible Power Sup-
ply has not been connected correctly; loss of power would not be
detectable.
UPS <tty special file name > write failed: <errno >; ignoring that UPS.
UPS <tty special file name > read of status received ILLEGAL CMD or NOISY
LINE.
UPS <tty special file name > read of status received <number > bytes of unex-
pected data (octal: <octal returned >): <string returned >.
UPS <tty special file name > read of status failed: <errno >.
UPS <tty special file name > write failed: <errno >.
UPS <tty special file name > OK; turned-off Failure Alarm.
UPS <tty special file name > OK; turned-off Inverter Failure Alarm.
UPS <tty special file name > OK; turned-off No Battery Alarm.
UPS <tty special file name > OK; turned-off Battery Charger Fault Alarm.
UPS <tty special file name > OK; turned-off Current Overload Alarm.
UPS <tty special file name > OK; turned-off High Ambient Temperature Alarm.
UPS <tty special file name > OK; turned-off Battery Failure Alarm.
UPS <tty special file name > OK; turned-off High Battery Voltage Alarm.
UPS <tty special file name > OK; turned-off Low Battery Voltage Alarm.
UPS <tty special file name > OK; turned-off High Output Voltage Alarm.
UPS <tty special file name > OK; turned-off Low Output Voltage Alarm.
UPS <tty special file name > OK; turned-off UPS Communication Lost Alarm.
UPS <tty special file name > Inverter Failure requires repair.
UPS <tty special file name > No Battery - ensure UPS battery installed.
UPS <tty special file name > Battery Charger Fault- requires repair.
UPS <tty special file name > Current Overload - either UPS bad or too many
devices connected.
UPS <tty special file name > High Ambient Temperature-reduce area tempera-
ture.
UPS <tty special file name > Battery Failure- requires repair.
UPS <tty special file name > High Battery Voltage - requires repair. u
UPS <tty special file name > Low Battery Voltage - requires repair.
UPS <tty special file name > Communication Lost - At least one or more com-
ponents of the UPS subsystem has lost communications.
UPS <tty special file name > UNKNOWN status/alarm <hex number > - may require
repair.
write to UPS <tty special file name > of command <cmd string > Failed: <errno >.
read from UPS <tty special file name > after sending command <cmd string> to
it failed; <errno >.
UPS <tty special file name > could not execute command <cmd string >; returned
(octal: <octal returned >): <string returned > - possible bad signal cable.
Messages relating to Timer Controlled Power On and Off:

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 579

 ups_mond(1M) ups_mond(1M)

Timer Controlled On/Off information invalid; ignored.

mknod error: <errno > for Timed On/Off fifo file /var/tmp/timed_off;
continuing without.
open error: <errno > for Timed On/Off fifo file /var/tmp/timed_off;
continuing without.
Timer Controlled On value exceeds UPS <tty special file name > maximum. The
maximum value of <maximum supported decimal value > will be used for this
UPS.
ERRORS
ups_mond returns the following error values:
EINVAL ups_mond encountered an incorrect parameter.
EPERM Insufficient privileges. ups_mond must be started by a superuser.
EINTR ups_mond was interrupted (terminated) by signal () or kill (). See signal(2) and
kill(1).
one (1) For all other error conditions.

FILES
/dev/tty*
/etc/ups_conf
/var/tmp/timed_off
/var/adm/syslog/syslog.log
SEE ALSO
kill(1), init(1M), plock(2), signal(2), syslog(3C), inittab(4), ups_conf(4).

580 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

useradd(1M) useradd(1M)

NAME
useradd - add a new user login to the system

SYNOPSIS
useradd [-u uid [-o] ] [-g group] [-G group[,group]...] [-d dir] [-s shell] [-c comment ]
[-m [-i] [-k skel_dir] ] [-f inactive] [-e expire] [-r update_homedir_ownership]
[-p encrypted_password] [-t template] [-P -S alternate_password_file] login
useradd -D [-g group] [-b base_dir] [-f inactive] [-e expire] [-r update_homedir_ownership]
[-k skel_dir] [-s shell] [-c comment ] [-O allow_dup_uids] [-t template]

DESCRIPTION
The useradd command creates a user login on the system by adding the appropriate entry to the
/etc/passwd file and any security files, modifying the /etc/group file as necessary, creating a home
directory, and copying the appropriate default files into the home directory depending on the command line
options. The new login remains locked until the passwd (see passwd(1)) command is invoked.

New Behavior
The login will not be added to the primary group entry in the /etc/group file, even if the primary group
is specified in the command line. However, the login is added to the corresponding supplemental group in
the /etc/group file.

Options
The useradd command supports the following options:
-u uid Specify the UID for the new user. uid must be a non-negative decimal integer less
than MAXUID as defined in the <param.h> header file. uid defaults to the next
available unique number above the maximum currently assigned number. UIDs from
0-99 are reserved.
-o Allow the UID to be non-unique (that is, a duplicate).
-g group Specify the integer group ID or character string name of an existing group. This
defines the primary group membership of the new login. The default for this option
can be reset by invoking the useradd -D -g group command.
-G group Specify the integer group ID or character string name of an existing group. This
defines the supplemental group memberships of the new login. Multiple groups may
be specified as a comma separated list. Duplicates within group with the -g and -G
options are ignored.
-d dir Specify the home directory of the new login. It defaults to base_dir/login, where
login is the new login and base_dir is the base directory for new login home direc-
tories.
To specify directory creation, you must use the -m option.
-s shell Specify the full pathname of the new login shell. The default is an empty field, which
causes the system to use /sbin/sh as the login shell. The value of shell must be a
valid executable file.
-c comment Specify the comment field present in the /etc/passwd entry for this login. This
u
can be any text string. A short description of the new login is suggested for this field.
-m Create the home directory for the new login if it does not exist. If the home directory
exists, the directory must have read and execute permission by group, where group is
the primary group of the new login. This condition can be overridden using the -i
option. The -m option must be used to create a home directory.
-i Inherit an existing home directory, regardless of its current access permissions. Typi-
cally use this option to inherit orphaned directories, that is, directories that are not
owned by any active user of the system. Note that using the -i option will impact
shared home directories; hence use the -i option with caution. The permissions will
be same as that of a newly created home directory.
-k skel_dir Specify the skeleton directory that contains information that can be copied to the new
login’s home directory. This skeleton directory must exist. The system provides a
skeleton directory, /etc/skel , that can be used for this purpose.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 581

 useradd(1M) useradd(1M)

-f inactive Specify the maximum number of days of continuous inactivity of the login before the
account is locked. For the valid values of inactive refer to description of inactivity field
in shadow(4).
-e expire Specify the date on which this account is no longer valid. After the expire date occurs,
no user will be able to access this account. This option is used to create temporary
logins. expire, which is a date, may be typed in any format, except a Julian date. For
example, a date may be entered in either of the following formats:
July 13, 1993
7/13/93
A value of ’’ (two single quotes) or "" (two double quotes) results in no expiration
date.
-p encrypted_password
Specify the initial encrypted password for the user. Before using the -p option,
obtain the encrypted password by using crypt() (see crypt(3C)).
-P Specify that the changes are being made to the alternate password file of NIS
specified by the -S option. The following options edit the password file and should not
be used with the -P option:
-m, -i, -r, -k, -D.
-S alternate_password_file
Specify the path of the alternate password file of NIS. The -P option is used with the
-S option.
-D Manage the defaults for various options. When useradd is invoked with this option
only, the default values for group, base_dir, skel_dir, shell, inactive, expire, comment ,
update_homedir_ownership, create_homedir, and allow_dup_uids are displayed.
Invoking useradd with this option and other allowed options sets the default values
for those options listed in SYNOPSIS.
-t template Specify the template to be used when loading the defaults for options not specified for
useradd command. Any file of the form /etc/default/useradd, can be
specified as a template file. When used with -D , the specified attributes are updated
to the template file.
-b base_dir Specify the default base directory for the system. If -d dir is not specified, base_dir is
concatenated with the new login name (login) to define the path of the new home
directory.
-O allow_dup_uids
Specify whether duplicate UIDs should be allowed by default. The value for
allow_dup_uids is either yes or no :
yes Allow usage of duplicate UIDs by default.
no Disallow usage of duplicate UIDs by default.
-r update_homedir_ownership
u By default, useradd will not recursively update the ownership of the home directory
for the new user if the directory exists and is not a shared home directory. This
behavior of useradd can be changed using the -r [yes |no ] option. When used
with the -D option, the -r option will set the default behavior. The
update_homedir_ownership argument is either yes or no :
yes useradd will recursively update the ownership of the home directory and the
files/directories below it to the new user, if the directory already exists and is
not a shared home directory.
no useradd will not update the ownership of the home directory and the
files/directories below it.
The useradd login command defines the new login name, specified as a string of printable characters.
login can not contain a colon (:) or a newline (\n ).
The -e and -f options are supported only if Shadow Passwords are in use. For details refer to
pwconv(1M).

582 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

useradd(1M) useradd(1M)

NIS
The useradd command is aware of NIS user and group entries. Only local users and groups may be
modified with the useradd command. Attempts to modify an NIS user or group will result in an error.
NIS users and groups must be administered from the NIS server. NIS users are checked when verifying
uniqueness of the new UID or new user name, which may result in the following error messages:
login x not unique
(return value 9), or the error
UID # is not unique (when -o is not used)
(return value 4) even though the user or UID is not present in the local /etc/passwd file. The error
Cannot modify /etc/group file, /etc/passwd was modified
(return value 10) is returned if an NIS group is specified with either the -g option or the -G option (see
group(4)).

NFS
Errors may occur with the -m or -k options if the indicated directory is within an NFS mounted file system
that does not allow root privileges across the NFS mount, and the directory or files within the directory do
not have sufficient permissions.

RETURN VALUE
useradd exits with one of the following values:
0 Successful completion.
2 Invalid command syntax.
3 Invalid argument supplied to an option.
4 uid is not unique (when -o is not used).
6 The group specified with the -g option does not exist.
9 login is not unique.
10 Cannot modify the /etc/group file. The login was added to the /etc/passwd file, but not
to the /etc/group file.
12 Unable to create the home directory (while using the -m option) or unable to complete the copy
of skel_dir to the new home directory.
13 Unable to open /etc/ptmp file or /etc/default file, or /etc/passwd file is non-
existent.
14 /etc/passwd, or /etc/ptmp , or /etc/default file busy. Another command may be
modifying the /etc/passwd file.
16 Cannot add the entry into the /etc/passwd file.
18 Out of memory.
19 Invalid template file.
u
54 Exceeding permissible limit of maximum members in a group. The /etc/group file is not
modified.

EXAMPLES
Add the user otto to the system with all of the default attributes.
useradd otto
Add the user otto to the system with a UID of 222 and a primary group of staff .
useradd -u 222 -g staff otto
List the defaults for the primary group, base directory, inactivity timeout, and skeleton directory.
useradd -D
Change the default primary group to staff .

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 583

 useradd(1M) useradd(1M)

useradd -D -g staff
WARNINGS
A directory can be shared between the users belonging to the same group. If the home directory is in the
unshared mode and a new user is allocated to that directory then it will be put into the shared mode by set-
ting the permissions of that directory to 775 (includes the write permissions to the group as well). Also,
the directory which will be shared should have read and execute permissions for the group. Otherwise,
useradd will report an error.
Because many users may try to write the /etc/passwd file simultaneously, a password locking mechan-
ism was devised. If this password locking fails after subsequent retrying, useradd terminates.
A group entry in the /etc/group file can have maximum of LINE_MAX bytes. See limits(5) for the
value of LINE_MAX . If a user is added to a group that has reached LINE_MAX limit, another entry of the
same group is created to which the new user is added. A warning message is also issued.

FILES
/etc/shadow Shadow Password file
/etc/passwd System Password file
/etc/skel Skeleton directory
/etc/group System group file
/etc/ptmp Lock file used when updating password file

SEE ALSO
passwd(1), users(1), groupadd(1M), groupdel(1M), groupmod(1M), logins(1M), pwconv(1M), userdel(1M),
usermod(1M), crypt(3C), group(4), shadow(4), limits(5).

STANDARDS CONFORMANCE
useradd : SVID3

584 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

userdbck(1M) userdbck(1M)

NAME
userdbck - verify or fix information in the user database, /var/adm/userdb

SYNOPSIS
/usr/sbin/userdbck [-a] [-u] [-r] [-f] [file]
DESCRIPTION
userdbck verifies the information in the user database (/var/adm/userdb), reports inconsistencies,
and fixes problems.
If no options and no arguments are specified, userdbck reports all data corruption problems in all files in
/var/adm/userdb.
If the -r option is also specified, each reported problem is repaired.
If a file argument (hex 00-ff) is specified, only that file in the /var/adm/userdb directory is verified.
Options
The following options are recognized:
-a Verify attributes. Information in /etc/security.dsc is used to report any attribute that is
not valid, not allowed in the user database, has an invalid value, or is allowed only for a local
user and the user is not in /etc/passwd .
-f Normally when the user database is disabled (see userdb(4)), userdbck immediately exits
without verifying or repairing the database. The -f option overrides this and forces userdbck
to verify or repair the database.
-u Verify user names. User names found in the database are reported if they do not exist in any of
the repositories defined in /etc/nsswitch.conf. This option could take a long time on a
system with many users.
-r Repair all data corruption problems that are found. If this option is not specified, problems are
reported but not repaired.

Notes
Only users who have read and write access to /var/adm/userdb can run userdbck .

RETURN VALUE
userdbck exits with one of the following values:
0 success: no inconsistencies were found
1 inconsistencies were found and fixed
2 invalid usage
3 database is disabled; see userdb(4)
4 inconsistencies were found but not fixed, because the -r option was not specified
5 a problem was found that could not be fixed

EXAMPLES
In the following example, all problems in the user database are reported but not repaired.
/usr/sbin/userdbck u
In the following example, all problems in file /var/adm/userdb/7f are reported and repaired.
/usr/sbin/userdbck -r 7f
FILES
/var/adm/userdb user database
/etc/default/security security defaults configuration file
/etc/security.dsc security attributes description file

SEE ALSO
userdbget(1M), userdbset(1M), userdb_read(3), security(4), userdb(4).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 585

 userdbget(1M) userdbget(1M)

NAME
userdbget - display information residing in the user database, /var/adm/userdb

SYNOPSIS
/usr/sbin/userdbget [-i] -u name [attr]...
/usr/sbin/userdbget [-i] -a [attr]...
DESCRIPTION
userdbget displays the per-user information residing in the user database as a sequence of
attribute =value pairs. Each pair is printed on a separate line and is preceded by the username. A per-user
value in the user database, /var/adm/userdb, overrides any system-wide default configured in
/etc/default/security. See userdb(4) and security(4) for more details about the user database and
system-wide defaults, respectively.
If no attr arguments are specified on the command line, userdbget displays all configurable attributes of
users in the user database. If one or more attr arguments are specified, userdbget displays only those
attributes.

Options
The following options are recognized:
-a Display attributes of all users in the user database.
-i Display internal attributes, in addition to the configurable ones. Internal attributes are not user
configurable and are normally modified only by programs that enforce system security. The file
/etc/security.dsc indicates which attributes are configurable and which are internal.
-u name Display attributes for only the specified user name.
Notes
Only users who have read and write access to /var/adm/userdb can run userdbget .

RETURN VALUE
userdbget exits with one of the following values:
0 success
1 invalid user
2 invalid usage
3 insufficient permission to access the user database
4 file system error
5 invalid attribute; /etc/security.dsc does not allow a per-user value
6 an attribute value is not within the range specified in /etc/security.dsc
7 block overflow
8 entry overflow
9 database lock failure
10 database is disabled; see userdb(4)
11 invalid user name
12 not a local user
u EXAMPLES
In the following example, all attributes for user joe are printed. The audit flag for user joe is enabled.
The display last login feature is disabled.
/usr/sbin/userdbget -u joe
joe AUDIT_FLAG=1
joe DISPLAY_LAST_LOGIN=0
In the next example, only specific attributes are printed. The audit flag for user joe is enabled. No value
is printed for MIN_PASSWORD_LENGTH, because that attribute is not defined for user joe ; the minimum
password length for user joe is the system-wide default defined in /etc/default/security (see
security(4)).
/usr/sbin/userdbget -u joe AUDIT_FLAG MIN_PASSWORD_LENGTH
joe AUDIT_FLAG=1
In the last example, userdbget prints all configurable attributes of all users in the user database.

586 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

userdbget(1M) userdbget(1M)

/usr/sbin/userdbget -a
joe AUDIT_FLAG=1
joe DISPLAY_LAST_LOGIN=0
jane ALLOW_NULL_PASSWORD=0
mike AUDIT_FLAG=0
FILES
/var/adm/userdb user database
/etc/default/security security defaults configuration file
/etc/security.dsc security attributes description file

SEE ALSO
userdbck(1M), userdbset(1M), userdb_read(3), security(4), userdb(4).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 587

 userdbset(1M) userdbset(1M)

NAME
userdbset - modify information in the user database, /var/adm/userdb

SYNOPSIS
/usr/sbin/userdbset -u name attr =value [attr=value]...
/usr/sbin/userdbset -d -u name [-i]
/usr/sbin/userdbset -d -u name attr [attr]...
/usr/sbin/userdbset -d -a attr [attr]...
/usr/sbin/userdbset [-u name] -f filename

DESCRIPTION
userdbset modifies the per-user information residing in the user database, /var/adm/userdb. A
per-user value in the user database overrides any system-wide default configured in
/etc/default/security. See userdb(4) and security(4) for more details about the user database and
system-wide defaults, respectively.
If one or more attr =value arguments are specified on the command line, userdbget initializes or
modifies each attribute specified by attr to the specified value for the specified user name.
Options
The following options are recognized:
-a Modify specified attributes for all users.
-d Delete attributes; the /etc/default/security (see security(4)) system-wide
default will then apply. If one or more attr arguments are specified, only those attri-
butes are deleted. Otherwise, if no attr arguments are specified, all configurable attri-
butes are deleted for the specified user name.
-f filename Import the contents of filename into the user database. Each line in the data file,
filename, must be in the following format: username attr=value. The output of
userdbget is in this format and can be used as the input file. See the -f example in
the EXAMPLES section.
-i Remove internal attributes in addition to the configurable ones. Internal attributes are
not user configurable and are normally modified only by programs that enforce system
security. The file /etc/security.dsc indicates which attributes are configurable
and which are internal.
-u name Initialize, modify or delete specified attributes for the specified user name.

Notes
Only users who have read and write access to /var/adm/userdb can run userdbset .
userdbset validates attributes and attribute values based on information in /etc/security.dsc.
The validation of an attribute fails if:
• Any specified attr is not listed in /etc/security.dsc.
•
u •
/etc/security.dsc does not allow a per-user value for the attr.
name is not a valid user.
• /etc/security.dsc allows the attr only for local users, and name is not in /etc/passwd .
• The value of an attr is not within the range specified in /etc/security.dsc.
RETURN VALUE
userdbset exits with one of the following values:
0 success
1 invalid user
2 invalid usage
3 insufficient permission to access the user database
4 file system error
5 invalid attribute; /etc/security.dsc does not allow a per-user value
6 an attribute value is not within the range specified in /etc/security.dsc
7 block overflow
8 entry overflow

588 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

userdbset(1M) userdbset(1M)

9 database lock failure

10 database is disabled; see userdb(4)
11 invalid user name
12 not a local user

EXAMPLES
In the following example, the first command deletes all of the configurable attributes for user joe , while
retaining the internal attributes. At this point, the system-wide defaults in /etc/default/security
apply. The second command sets joe ’s minimum password length to 7 and UMASK to 0022 (the leading
zero denotes an octal value).
/usr/sbin/userdbset -d -u joe
/usr/sbin/userdbset -u joe MIN_PASSWORD_LENGTH=7 UMASK=0022
The next command deletes the minimum password length, which causes the system-wide default to be
used.
/usr/sbin/userdbset -d -u amy MIN_PASSWORD_LENGTH
The following example deletes the user-specific audit flag for all users. The system-wide default will then
apply for all users.
/usr/sbin/userdbset -d -a AUDIT_FLAG
The following example saves the configurable attributes for all users (-a option) into a file,
saved_attributes.txt, using the userdbget command. If needed, the attributes can then be
restored at a later point by importing the file with userdbset . The second command imports the
configurable attributes into the user database.
/usr/sbin/userdbget -a > saved_attributes.txt
/usr/sbin/userdbset -f saved_attributes.txt
FILES
/var/adm/userdb user database
/etc/default/security security defaults configuration file
/etc/security.dsc security attributes description file

SEE ALSO
userdbck(1M), userdbget(1M), userdb_read(3), security(4), userdb(4).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 589

 userdel(1M) userdel(1M)

NAME
userdel - delete a user login from the system

SYNOPSIS
userdel [-r] [-F] [-P -S alternate_password_file] login
DESCRIPTION
The userdel command deletes a user login from the system by modifying the appropriate login related
files.
The userdel command requires the login argument. login is the name to be deleted, specified as a string
of printable characters. It may not contain a colon (:) or a newline (\n ).

Options
userdel recognizes the following options:
-r The home directory of login is removed from the system. This directory must exist. Fol-
lowing the successful execution of this command, none of the files and directories under the
home directory will be available.
If a user is deleted and the home directory is shared by others, then this directory is not
deleted even with the -r option.
-F Force the changes, even if the login is currently in use.
-P Specify that the changes are being made to the alternate password file of NIS specified by
the -S option. The -r and -F options should not be used with this option.
-S alternate_password_file
Specify the path of the alternate password file of NIS. The -P option is used with the -S
option.
In the event where a directory is shared by users of the same group and the owner of that directory is
deleted, then the ownership of that directory is propagated to the next user who is sharing that directory.
The new owner is determined by looking at the order in which the users sharing this directory are added to
the /etc/passwd file. If there is only one user remaining then the directory is brought back to unshared
mode by resetting the permissions to 755 from 775 .

NIS
This command is aware of NIS user and group entries. Only local users and groups may be deleted or
modified with this command. Attempts to delete or modify NIS users or groups will result in an error. NIS
users and groups must be administered from the NIS server. The userdel command may fail with the
error
login x does not exist
(return value 6) if the user specified is an NIS user (see passwd(4)). The error
Cannot modify /etc/group file, /etc/passwd was modified
(return value 10) is returned if a local user belongs to an NIS group (see group(4)).
u NFS
Errors may occur with the -r option if the affected directory is within an NFS mounted file system that
does not allow root privileges across the NFS mount, and the directory or files within the directory do not
have sufficient permissions.

RETURN VALUE
userdel exits with one of the following values:
0 Successful completion.
2 Invalid command syntax.
3 Invalid argument supplied to an option.
6 The login to be removed does not exist.
8 The login to be removed is in use.

590 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

userdel(1M) userdel(1M)

10 Cannot modify the /etc/group file, but the login was removed from the /etc/passwd file.
12 Unable to remove or modify the home directory.
13 Unable to open /etc/ptmp file or /etc/passwd file is non-existent.
14 /etc/passwd file or /etc/ptmp file busy. Another command may be modifying the
/etc/passwd file.
17 Cannot delete entry from /etc/passwd file.
18 Out of memory.
19 Invalid template file.
EXAMPLES
Remove the user otto from the system:
userdel otto
Remove the user bob from the system and delete bob ’s home directory from the system:
userdel -r bob
WARNINGS
Because many users may try to write the /etc/passwd file simultaneously, a password locking mechan-
ism was devised. If this locking fails after subsequent retrying, userdel terminates.

FILES
/etc/shadow Shadow Password file
/etc/passwd System Password file
/etc/group System group file
/etc/ptmp Lock file used when updating password file

SEE ALSO
passwd(1), users(1), groupadd(1M), groupdel(1M), groupmod(1M), logins(1M), useradd(1M), usermod(1M),
group(4), passwd(4), shadow(4).

STANDARDS CONFORMANCE
userdel : SVID3

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 591

 usermod(1M) usermod(1M)

NAME
usermod - modify a user login on the system

SYNOPSIS
usermod [-u uid [-o] ] [-g group] [-G group[,group]...] [-d dir [-m [-i] ] ] [-s shell]
[-c comment ] [-f inactive] [-l new_logname] [-e expire]
[-p encrypted_password] [-F] [-P -S alternate_password_file] login

DESCRIPTION
The usermod command modifies a user login on the system by changing the appropriate login related
files.
The usermod command requires the login argument. login is the login name, specified as a string of
printable characters. It may not contain a colon (:) or a newline (\n ).

New Behavior
If the primary group of a user is modified, then the user name is not added to the primary group entry in
/etc/group file. However, if -G option is specified the user is added to the corresponding supplemental
group.

Options
The usermod command supports the following options:
-u uid Specify the UID for the user. uid must be a non-negative decimal integer less than
MAXUID as it is defined in the <param.h> header file.
-o Allow the UID to be non-unique (that is, a duplicate).
-g group Specify the integer group ID or character string name of an existing group. This
redefines the primary group membership of the login.
-G group Specify the integer group ID or character string name of an existing group. This
redefines the supplemental group memberships of the login. Duplicates within
group with the -g and -G options are ignored.
-d dir Specify the new home directory of the login. It defaults to base_dir/login, where
login is the login and base_dir is the base directory for new login home directories.
-m Move the user’s home directory to the directory specified with the -d option. The
operation cannot be performed if the user’s home directory is the root directory or
if the user’s home directory is specified in the /etc/default/usermod
configuration file. See usermod(4). If the home directory exists, the directory
must have read and execute permission by group, where group is the primary
group of the login. This condition can be overridden using the -i option.
-i Inherit an existing home directory, regardless of its current access permissions.
Typically use this option to inherit orphaned directories, that is, directories that
are not owned by any active user of the system. Note that using the -i option will
impact shared home directories; hence use the -i option with caution. The per-
missions will be same as that of newly created home directory.
u -s shell Specify the full pathname of the login shell. The value of shell must be a valid exe-
cutable file.
-c comment Specify the comment field present in the /etc/passwd entry of this login. This
can be any text string. A short description of the login is suggested for this field.
-f inactive Specify the maximum number of days of continuous inactivity of the login before
the account is locked. For the valid values of inactive refer to description of inac-
tivity field in shadow(4).
-l new_logname Specify the new login name for the user. It consists of a string of printable charac-
ters that does not contain a colon (:) or a newline (\n ).
-e expire Specify the date on which this login can no longer be used. After the expire date
occurs, no user will be able to access this login. This option is used to create tem-
porary logins. expire, which is a date, may be typed in any desired format, except
a Julian date. For example, a date may be entered as either of the following:

592 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

usermod(1M) usermod(1M)

July 13, 1993

7/13/93
A value of ’’ (two single quotes) or "" (two double quotes) results in no expira-
tion date.
-p encrypted_password
Specify the encrypted password for the user. Before using the -p option, obtain
the encrypted password by using crypt() (see crypt(3C)).
-F Force the changes, even if the login is currently in use.
-P Indicate that modifications are to be made to the alternate password file of NIS
specified by the -S option. The following options edit the password file and should
not be used with the -P option:
-m, -i, -r, -k, -F.
-S alternate_password_file
Specify the path of the alternate password file of NIS. The -P option is used with
the -S option.
The -e and -f options are supported only if Shadow Passwords are in use. For details refer to
pwconv(1M).
In the event where a directory is shared by users of the same group and the owner of that directory is
modified, then the ownership of that directory is propagated to the next user who is sharing that directory.
The new owner is determined by looking at the order in which the users sharing this directory are added to
the /etc/passwd file. If there is only one user remaining then the directory is brought back to unshared
mode by resetting the permissions to 755 from 775 .
If a directory is shared by users, then one cannot change the primary group of any of these users unless the
home directory of that user is also changed.

NIS
The usermod command is aware of NIS user and group entries. Only local users and groups may be
modified with this command. Attempts to modify an NIS user or group will result in an error. NIS users
and groups must be administered from the NIS server. NIS users are checked when verifying the unique-
ness of the new UID or new user name, which may result in the following error messages:
login x does not exist
(return value 6) if the user specified is an NIS user (see passwd(4)). Also, the error
Cannot modify /etc/group file, /etc/passwd was modified
(return value 10) is returned if an NIS group is specified with either the -g option or the -G option (see
group(4)).

NFS
Errors may occur with the -m option if either the source or the target directory is within an NFS mounted
file system that does not allow root privileges across the NFS mount, and the directory or files within the
directory do not have sufficient permissions.
u
RETURN VALUE
usermod exits with one of the following values:
0 Successful completion.
2 Invalid command syntax.
3 Invalid argument supplied to an option.
4 uid is not unique (when -o is not used).
6 The login to be modified or the group specified with the -g option does not exist.
8 The login to be modified is in use.
9 new_logname is not unique.
10 Cannot modify the /etc/group file. The other parts of the update request will be performed.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 593

 usermod(1M) usermod(1M)

11 There is insufficient space to move the home directory (with the -m option). The other parts of
the update request will be performed.
12 Unable to complete the move of the home directory to the new home directory.
13 Unable to open /etc/ptmp file, or /etc/passwd file is non-existent.
14 /etc/passwd file or /etc/ptmp file busy. Another command may be modifying the
/etc/passwd file.
15 Cannot modify the entry in the /etc/passwd file.
18 Out of memory.
19 Invalid template file.
54 Exceeding permissible limit of maximum members in a group. The /etc/group file is not
modified.

EXAMPLES
Change otto ’s primary group to staff .
usermod -g staff otto
Change otto ’s user ID to 333 and change the login name to bob .
usermod -u 333 -l bob otto
WARNINGS
A directory can be shared between the users belonging to the same group. If the home directory is in
unshared mode and a new user is allocated to that directory, then it will be put into shared mode by setting
the permissions of that directory to 775 (includes the write permissions to the group as well). Also, the
directory which will be shared should have read and execute permissions for the group. Otherwise,
usermod will report an error.
Because many users may try to write the /etc/passwd file simultaneously, a password locking mechan-
ism was devised. If this password locking fails after subsequent retrying, usermod terminates.
While modifying the user login, the username is not added to the primary group entry in the
/etc/group file. If a supplemental group is specified, the user is added to the supplemental group. If
the size of a group entry in /etc/group file exceeds LINE_MAX limit, a new entry of the same group is
created and a warning message is issued. See limits(5) for the value of LINE_MAX .
FILES
/etc/shadow Shadow password file
/etc/passwd System password file
/etc/group System group file
/etc/ptmp Lock file used when updating password file

SEE ALSO
passwd(1), users(1), groupadd(1M), groupdel(1M), groupmod(1M), logins(1M), pwconv(1M), useradd(1M),
userdel(1M), group(4), shadow(4), limits(5), usermod(4).
u STANDARDS CONFORMANCE
usermod : SVID3

594 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

userstat(1M) userstat(1M)

NAME
userstat - check status of local user accounts

SYNOPSIS
/usr/sbin/userstat [-q] -u name [parm]...
/usr/sbin/userstat [-q] -a [parm]...
DESCRIPTION
userstat checks the status of local user accounts and reports abnormal conditions, such as account locks.
If any parm arguments are specified, abnormal status is displayed only for those parameters, otherwise
abnormal status is displayed for all parameters. The Parameters section describes the various parameter
values that can be used for parm.
Each account with an abnormal status is displayed on a single line. Each line contains the username fol-
lowed by one or more parameters, indicating what abnormal conditions exist for the account. The Parame-
ters section describes the various parameters that can be displayed.

Options
The following options are recognized:
-a Display the status of all users listed in /etc/passwd .
-q (Quiet) Do not print anything to standard output. This can be used when interested only in
the userstat return value.
-u name Check the status of only the specified user name. The user must be a local user listed in
/etc/passwd .
Parameters
The parameters that could be displayed to indicate abnormal account status, or that could be used with the
-p option, include the following:
admlock admlock is displayed if an administrator lock is present on the account. This lock indicates
that the encrypted password in /etc/passwd or /etc/shadow begins with *. An
administrator lock can be set, for example, with passwd -l .
expacct expacct=days is displayed if the account is locked because the account expiration date has
been reached. days is the number of days that the account has been expired. See the
description of the expiration field in shadow(4).
exppw exppw =days is displayed if the account’s password has expired. days is the number of days
that the password has been expired. days is displayed only if its value can be determined.
inactive inactive=days is displayed if the account is locked because there have been no logins to
the account for a time interval that exceeds the maximum allowed. days is the number of
days that the account has been inactive. See the description of the
INACTIVITY_MAXDAYS attribute in security(4).
maxtries maxtries=num is displayed if the account is locked because the number of consecutive
authentication failures exceeded the maximum allowed. num is the number of consecutive
authentication failures. See the description of the AUTH_MAXTRIES attribute in security(4).
u
nullpw nullpw is displayed if the account is locked because the account has a null password and is
not allowed to have a null password. See the description of the ALLOW_NULL_PASSWORD
attribute in security(4).
tod tod =times is displayed if the account has a time-of-day login restriction. times defines the
time periods that the user may login. See the description of the LOGIN_TIMES attribute in
security(4).

Security Restrictions
Users invoking this command must have the hpux.security.check authorization. See
authadm(1M).
userstat is not supported for trusted systems.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 595

 userstat(1M) userstat(1M)

RETURN VALUE
userstat exits with one of the following values:
0 did not find abnormal status
1 found abnormal status
2 invalid usage or user not found
EXAMPLES
The following example reports all abnormal status for all local accounts.
/usr/sbin/userstat -a
joe nullpw
mary admlock maxtries=5
The following example shows that the account for user joe is not locked due to too many consecutive
authentication failures.
/usr/sbin/userstat -q -u joe maxtries ; echo $?
0
FILES
/etc/passwd standard password file
/etc/shadow shadow password file
/var/adm/userdb user database

SEE ALSO
authadm(1M), passwd(4), security(4), shadow(4), userdb(4).

596 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

utmpd(1M) utmpd(1M)

NAME
utmpd - user accounting database daemon

SYNOPSIS
/usr/sbin/utmpd
DESCRIPTION
utmpd , user accounting database daemon, manages the user accounting database which is the database of
currently logged-in users. This was previously maintained by /etc/utmp and /etc/utmpx files on
HP-UX.
Upon startup, utmpd writes its pid to the file /etc/useracct/utmpd_pid. Applications can add,
update, or query entries into the database using the getuts() APIs. See the getuts(3C) manual page for
more information.
utmpd(1M) takes care of synchronizing the legacy /etc/utmpx file and its own in-memory database.
The synchronization is bi-directional from the utmpd ’s database to the /etc/utmpx and from the
/etc/utmpx file to utmpd ’s database. However, this synchronization does not happen in real time.
There is a time lag which could span from a few seconds on a lightly loaded system to a few minutes on a
heavily loaded system.

Signal Processing
SIGTERM Perform graceful shutdown.
This causes the daemon to write its in-memory user accounting database to the
/etc/utmps file and exit.
DIAGNOSTICS
utmpd logs error messages to the system log using syslog(3C).
WARNINGS
If utmpd is shutdown using SIGTERM , synchronization between /etc/utmpx file and the
/etc/utmps file does not take place. utmpd should not be shutdown by the user unless it is for debug-
ging purpose. On restart, utmpd(1M) rebuilds its database from the /etc/utmps file.

AUTHOR
utmpd was developed by Hewlett-Packard Company.
FILES
/etc/utmps
/etc/useracct/utmpd_read
/etc/useracct/utmpd_write
/etc/useracct/utmpd_pid
/sbin/init.d/utmpd
/etc/rc.config.d/utmpd
SEE ALSO
rlogind(1), telnetd(1), who(1), init(1M), bwtmps(3C), getuts(3C), getutx(3C), btmps(4), utmp(4), utmpx(4),
wtmps(4).
u

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 597

 uucheck(1M) uucheck(1M)
(TO BE OBSOLETED)

NAME
uucheck - check the uucp directories and permissions file

SYNOPSIS
/usr/lbin/uucp/uucheck [-v] [-x debug_level ]
DESCRIPTION
The uucp commands, including uucheck , are targeted for removal from HP-UX; see the WARNINGS
below.
uucheck checks for the presence of the files and directories required by uucp (see uucp(1)). uucheck
is executed from the UUCP makefile before the installation occurs. uucheck also checks for various obvi-
ous errors in the /etc/uucp/Permissions file.

Options
uucheck recognizes the following options and command-line arguments:
-v (verbose) Print a detailed explanation of how uucp programs will interpret the
Permissions file.
-x debug_level
Debug. debug_level is a single digit; the higher the number, the more detail returned.
Note that uucheck can only be used by the super-user or uucp .

WARNINGS
Use of uucp commands, including uucheck , is discouraged because they are targeted for removal from
HP-UX. Use ftp(1) or rcp(1) instead.

FILES
/etc/uucp/Systems
/etc/uucp/Permissions
/etc/uucp/Devices
/etc/uucp/Maxuuxqts
/etc/uucp/Maxuuscheds
/var/spool/uucp/*
/var/spool/locks/LCK*
/var/spool/uucppublic/*
SEE ALSO
uucp(1), uustat(1), uux(1), uucico(1M), uusched(1M).
Tim O’Reilly and Grace Todino,
Managing UUCP and Usenet, O’Reilly & Associates, Inc. USA.
Grace Todino and Dale Dougherty,
Using UUCP and Usenet, O’Reilly & Associates, Inc. USA.

598 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

uucico(1M) TO BE OBSOLETED uucico(1M)

NAME
uucico - transfer files for the uucp system

SYNOPSIS
/usr/lbin/uucp/uucico -r1 -s system [-x debug_level] [-d spool_directory]
/usr/lbin/uucp/uucico [-x debug_level] [-d spool_directory]
Remarks
The uucp commands, including uucico , are targeted for removal from HP-UX; see the WARNINGS sec-
tion below.

DESCRIPTION
uucico scans the /var/spool/uucp directories for work files. If such files exist, a connection to a
remote system is attempted using the line protocol for the remote system specified in file
/etc/uucp/Systems. uucico then executes all requests for work and logs the results.
Options
uucico recognizes the following options:
-r1 Start uucico in the MASTER mode. The default is SLAVE mode.
-s system Do work only for the system specified by system . If there is no work for system on the
local spool directory, initiate a connection to system to determine if system has work
for the local system. This option must be used if -r1 is specified.
-d spool_directory
Search directory spool_directory instead of the default spool directories (usually
/var/spool/uucp/*).
-x debug_level Use debugging option. debug_level is an integer in the range 1 through 9. More
debugging information is given for larger values of debug_level.
uucico is usually started by a local program such as cron , uucp , or uuxqt (see cron(1M), uucp(1), and
uuxqt(1M)). Only when debugging should a user initiate uucico directly.
When started by a local program, uucico is considered the MASTER and attempts a connection to a
remote system. If uucico is started by a remote system, it is considered to be in SLAVE mode.
For the uucico connection to a remote system to be successful, there must be an entry in the
/etc/passwd file on the remote system of the form:
uucp::5:5::/var/spool/uucppublic:/usr/lbin/uucp/uucico
WARNINGS
Use of uucp commands, including uucico , is discouraged because they are targeted for removal from
HP-UX. Use ftp(1) or rcp(1) instead.

FILES
/etc/uucp/Systems
/etc/uucp/Permissions
/etc/uucp/Devices u
/etc/uucp/Maxuuxqts
/etc/uucp/Maxuuscheds
/var/spool/uucp/*
/var/spool/locks/LCK*
/var/spool/uucppublic/*
SEE ALSO
uucp(1), uustat(1), uux(1), cron(1M), uusched(1M).
Managing UUCP and Usenet, O’Reilly & Associates, Inc. USA.
Using UUCP and Usenet, O’Reilly & Associates, Inc. USA.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 599

 uuclean(1M) uuclean(1M)
(TO BE OBSOLETED)

NAME
uuclean - uucp spool directory clean-up

SYNOPSIS
/usr/lbin/uucp/uuclean [ options ]
DESCRIPTION
The uucp commands, including uuclean , are targeted for removal from HP-UX; see the WARNINGS
below.
uuclean scans the spool directories for files with the specified prefix and deletes all those that are older
than the specified number of hours.

Options
uuclean recognizes the following options:
-ddirectory Clean directory instead of the spool directory. If directory is not a valid spool direc-
tory, it cannot contain ‘‘work files’’; i.e., files whose names start with C. . These files
have special meaning to uuclean pertaining to uucp job statistics.
-ppre Scan for files with pre as the file prefix. Up to 10 -p arguments can be specified. A
-p without any pre following will cause all files older than the specified time to be
deleted.
-ntime Files whose age is more than time hours are deleted if the prefix test is satisfied
(default time is 72 hours).
-wfile The default action for uuclean is to remove files that are older than a specified time
(see -n option). The -w option is used to find files older than time hours; however,
the files are not deleted. If the argument file is present the warning is placed in file;
otherwise, the warnings go to the standard output.
-ssys Only files destined for system sys are examined. Up to 10 -s arguments can be
specified.
-mfile The -m option sends mail to the owner of the file when it is deleted. If a file is
specified, an entry is placed in file.
This program is typically started by cron (see cron(1M)).

WARNINGS
Use of uucp commands, including uuclean , is discouraged because they are targeted for removal from
HP-UX. Use ftp(1) or rcp(1) instead.

FILES
/var/spool/uucp/* spool directory
SEE ALSO
uucp(1), uux(1), cron(1M), uucleanup(1M).

u Tim O’Reilly and Grace Todino,

Managing UUCP and Usenet, O’Reilly & Associates, Inc. USA.
Grace Todino and Dale Dougherty,
Using UUCP and Usenet, O’Reilly & Associates, Inc. USA.

600 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

uucleanup(1M) uucleanup(1M)
(TO BE OBSOLETED)

NAME
uucleanup - uucp spool directory clean-up

SYNOPSIS
/usr/lbin/uucp/uucleanup [-C time ] [-D time ] [-W time ] [-X time ] [-m string ] [-o time ]
[-s system ] [-x debug_level ]

DESCRIPTION
The uucp commands, including uucleanup , are targeted for removal from HP-UX; see the WARNINGS
below.
uucleanup scans the spool directories for old files and takes appropriate action to remove them.
Depending on the options selected, uucleanup performs the following:
• Informs the requestor of send and/or receive requests for systems that cannot be reached.
• Returns mail that cannot be delivered to the sender.
• Removes all other files.
In addition, uucleanup warns users of requestors who have been waiting for a given number of days
(the default is 1 day). Note that unless time is specifically set, the default time values for the following
options are used.

Options
uucleanup recognizes the following options:
-Ctime Any C. files greater or equal to time days old are removed with appropriate informa-
tion to the requestor. The default time is 7 days.
-Dtime Any D. files greater or equal to time days old are removed. An attempt is made to
deliver mail messages and execute news when appropriate. The default time is 7
days.
-Wtime Any C. files equal to time cause a message to be mailed to the requestor warning
about the delay in contacting the remote. The message includes the JOBID, and in the
case of mail, the mail message. The administrator can include a message line telling
who to call to correct the problem (see the -m option). The default time is 1 day.
-Xtime Any X. files greater than or equal to time days old are removed. The D. files are
probably not present (if they were, the X. could be executed). But, if D. files are
present, they are taken care of by D. processing. The default time is 2 days.
-mstring This string is included in the warning message generated by the -W option. The
default string is See your local administrator to locate the
problem.
-otime Other files whose age is more than time days are deleted. The default time is 2 days.
-ssystem Clean-up the spool directory for system only. The default is to clean-up all spool direc-
tories.
-xdebug_level The debug level is a single digit between 0 and 9. The higher the numbers, the more
detailed the debugging information returned.
u
This program is typically started by the script uudemon.cleanu, which should be started by cron (see
cron(1M)).

WARNINGS
Use of uucp commands, including uucleanup , is discouraged because they are targeted for removal
from HP-UX. Use ftp(1) or rcp(1) instead.

FILES
/var/spool/uucp/* spool directory
SEE ALSO
cron(1M), uucp(1), uux(1), uuclean(1M).
Tim O’Reilly and Grace Todino,
Managing UUCP and Usenet, O’Reilly & Associates, Inc. USA.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 601

 uucleanup(1M) uucleanup(1M)
(TO BE OBSOLETED)

Grace Todino and Dale Dougherty,

Using UUCP and Usenet, O’Reilly & Associates, Inc. USA.

602 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

uucpd(1M) uucpd(1M)
(TO BE OBSOLETED)

NAME
uucpd - UUCP over TCP/IP server daemon

SYNOPSIS
/usr/sbin/uucpd
DESCRIPTION
The uucp commands, including uucpd , are targeted for removal from HP-UX; see the WARNINGS
below.
uucpd is the server for supporting UUCP connections over TCP/IP networks.
uucpd is invoked by inetd(1M) when a UUCP connection is established (that is, a connection to the port
indicated in the "uucp" service specification; see services (4)), and executes the following protocol:
1) The server prompts with "login:", the uucico process at the other end must supply a username.
2) Unless the username refers to an account without a password, the server then prompts with
"Password:", the uucico process at the other end must supply the password for that account.
If the username is not valid or is valid but refers to an account that does not have
/usr/lbin/uucp/uucico as its login shell, or if the password is not the correct password for that
account, the connection is dropped. Otherwise, uucico(1M) is run. Entries are made in
/var/adm/wtmps traceable with who(1) and last(1).
PROTOCOL RESTRICTION
Only ’g’ protocol for uucico is supported.

DIAGNOSTICS
All diagnostic messages are returned on the connection, after which the connection is closed.
user read
An error occurred while reading the username.
passwd read
An error occurred while reading the password.
login incorrect
The username or the password is invalid or the user’s login shell for this account is not
/usr/lbin/uucp/uucico.
WARNINGS
Use of uucp commands, including uucpd , is discouraged because they are targeted for removal from
HP-UX. Use ftp(1) or rcp(1) instead.
On Trusted Systems uucpd prohibits uucico to start if any of the following are true :
• the login account is locked (several causes).
• current time doesn’t match existing time-of-day restrictions for this account.
Under such conditions uucpd will return the message login incorrect to the connection. The con-
nection is then dropped. u
HP-UX 11i Version 3 is the last release to support trusted systems functionality.

AUTHOR
uucpd was developed by the University of California, Berkeley and HP.
FILES
/etc/inetd.conf configuration file for inetd
/var/adm/inetd.sec optional security file for inetd
/etc/services service name data base
/var/adm/wtmps login data base

SEE ALSO
inetd(1M), uucico(1M), updatebwdb(3C), services(4).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 603

 uugetty(1M) uugetty(1M)
(TO BE OBSOLETED)

NAME
uugetty - set terminal type, modes, speed and line discipline

SYNOPSIS
/usr/lbin/uucp/uugetty [-h] [-t timeout ] [-r] line [ speed [ type [ linedisc ] ] ]
/usr/lbin/uucp/uugetty -c file
DESCRIPTION
The uucp commands, including uugetty , are targeted for removal from HP-UX; see the WARNINGS
below.
uugetty sets terminal type, modes, speed and line discipline. It is similar to getty , except that
uugetty supports using the line in both directions (see getty(1M)). This allows users to log in, but, if the
line is free, uucico , cu, and ct can dial out (see uucico(1), cu(1), and ct(1)). When devices are used with
uucico , cu, and ct, lock files are created. Therefore, when the call to open() returns (see open(2)) (or
the first character is read when the -r option is used), the status of the lock files indicates whether the
line is used by uucico , cu , ct, or someone trying to log in. See getty(1M) for more information.
Note that with the -r option, several carriage-return characters might be required before the login mes-
sage is output. When uucico is trying to log in, it can be instructed to enter numerous carriage-return
characters with the following login script:
\r\d\r\d\r\d\r in:-in: ...
where ... represents whatever would normally be used for the login sequence.
An entry for an intelligent modem or direct line that has a uugetty on each end must use the -r option
(this causes uugetty to wait to read a character before it enters the login message, thus preventing two
instances of uugetty from looping). If there is a uugetty on one end of a direct line, there must be a
uugetty on the other end as well.
EXAMPLES
The following line is an /etc/inittab entry using uugetty on an intelligent modem or direct line:
30:2:respawn:/usr/lbin/uucp/uugetty -r -t 60 tty12 1200
WARNINGS
Use of uucp commands, including uugetty , is discouraged because they are targeted for removal from
HP-UX. Use ftp(1) or rcp(1) instead.
ct does not work when uugetty is used with an intelligent modem such as a Penril or a Ventel.
FILES
/etc/gettydefs
/etc/issue
/var/spool/locks/LCK*
SEE ALSO
ct(1), cu(1), login(1), uucico(1M), getty(1M), init(1M), ioctl(2), gettydefs(4), inittab(4), tty(7).
u Tim O’Reilly and Grace Todino,
Managing UUCP and Usenet, O’Reilly & Associates, Inc. USA.
Grace Todino and Dale Dougherty,
Using UUCP and Usenet, O’Reilly & Associates, Inc. USA.

604 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

uuls(1M) uuls(1M)
(TO BE OBSOLETED)

NAME
uuls - list spooled uucp transactions grouped by transaction

SYNOPSIS
uuls [-m] [directories]...
uuls [-s] [-m] [directories]...
uuls [-k] [-m] [directories]...
DESCRIPTION
The uucp commands, including uuls , are targeted for removal from HP-UX; see the WARNINGS below.
This command lists the contents of UUCP spool directories (default /var/spool/uucp/*) with the files
in each directory grouped into three categories:
• Transactions,
• Orphans, and
• Others.

Transactions
Each output line starts with a transaction control filename, and includes the name of each local (same-
directory) subfile referenced by the control file (see below). Each is possibly followed by the total size in
bytes (-s option) or Kbytes (-k option) in the transaction (see below). The -m (meanings) option replaces
the subfile names with nodename, user, and commandline information (see below).

Orphans
All subfiles not referenced by any control file.

Others
All other files in the directory (all files not listed under one of the above categories).
Filenames are formatted into columns, so there can be more than one file per line. If a transaction has
more subfiles than fit on one line, it is followed by continuation lines which are indented further.
The -s (size in bytes) and -k (Kbytes) options cause the command to follow each transaction in the
Transactions section with a total size for all stat-able, sendable files in that transaction. This includes
D.* files only, not C.* or X.* files. It does include stat-able files outside the spool directory that are
indirectly referenced by C.* files. Sizes are either in bytes or rounded to the nearest Kbyte (1024 bytes),
respectively. A totals line is also added at the end of the Transactions section.
The -m (meanings) option causes the command to follow C.* and X.* files with a nodename !username
commandline line, instead of subfilenames. For C files, one line is printed per remote execution (D*X* )
subfile it references. nodename is truncated at seven characters, username at eight, and commandline at
however much fits on one line.
If -m is given, for each C file with no remote execution files, the command instead shows the meaning of
the C file itself on one or more lines. Each line consists of a username, then R (receive) or S (send), then
the name of the file to be transferred. See below for details.
Filenames are listed in ascending collation order within each section (see Environment Variables below),
except that the first section is only sorted by the control filename. Every file in the directory except . and
u
. . appears exactly once in the entire list, unless -m is used.
Details
Transaction files are those whose names start with C. or X. . Subfilenames, which usually start with D. ,
are gleaned from control file lines, at most one per line, from blank-separated fields, as follows:
C.*: R <remotefrom> <localto> <user> -<options>
C.*: S <localfrom> <remoteto> <user> -<options> <subfile> <mode>
X.*: F <subfile>
Lines that do not begin with the appropriate character (R, S, or F) are ignored.
In the R (receive) case, <remotefrom> is used to print the C-file meaning, and its transaction size is taken
as zero (unknown).
In the S (send) case, if <subfile> is D.0 , <localfrom> is a file not in the spool directory, resulting from a
typical uucp call without the -C (copy) option. In this case <localfrom> is used for the transaction size, if

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 605

 uuls(1M) uuls(1M)
(TO BE OBSOLETED)

stat-able, and to print the C-file meaning.

uucp -C and uux both set <subfile> to a true (spooled) subfile name.
Orphan files are those whose names start with D. and which are not referenced by any control files.
This algorithm extracts from control files the names of all subfiles that should exist in the spool directory
when the transaction is not being actively processed. It is not unusual to see "missing subfiles" and
"orphans" if you uuls a spool directory while uucico , uucp , uux , or uuxqt is active.
Meanings information is obtained by reading each D*X* subfile referenced by each C.* file, and by read-
ing X*X* files. nodename !username is taken from the last line in the file which is of the form:
U <username> <nodename>
Likewise, commandline is taken from the last line of the form:
C <commandline>
If a subfile name is referenced more than once, references after the first show the subfile as missing. If a
subfile name appears in a (corrupt) directory more than once, the name is only found once, but then it is
listed again under Orphans .
EXTERNAL INFLUENCES
Environment Variables
LC_COLLATE determines the order in which the output is sorted.
If LC_COLLATE is not specified in the environment or is set to the empty string, the value of LANG is
used as a default. If LANG is not specified or is set to the empty string, a default of ‘‘C’’ (see lang(5)) is used
instead of LANG. If any internationalization variable contains an invalid setting, uuls behaves as if all
internationalization variables are set to ‘‘C’’ (see environ(5)).

DIAGNOSTICS
The program writes an appropriate message to standard error if it has any problems dealing with a
specified file (directory), including failure to get heap space. It always returns zero as its exit value.
If a control file is unopenable (wrong permissions or it disappeared while uuls was running), its name is
preceded by a ∗ and the size of the transaction is zero. If a subfile is missing (filename not found in the
directory being listed) or not stat-able (if required for -s or -k), its name is preceded by a ∗ and it contri-
butes zero bytes to the size of the transaction.
If -m is specified and a D*X* file is missing or unreadable, its name is given with a ∗ prefixed, as usual.

BUGS
This command uses chdir(2) to change to each directory in turn. If more than one is specified, the second
through last directories must be absolute (not relative) pathnames, or the chdir() may fail.

WARNINGS
Use of uucp commands, including uuls , is discouraged because they are targeted for removal from HP-
UX. Use ftp(1) or rcp(1) instead.

AUTHOR
u uuls was developed by HP.
SEE ALSO
mail(1), uucp(1), uuto(1), uux(1), uuxqt(1M), stat(2).

606 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

uusched(1M) uusched(1M)
(TO BE OBSOLETED)

NAME
uusched - schedule uucp transport files

SYNOPSIS
/usr/lbin/uucp/uusched [-u debug_level ] [-x debug_level ]
DESCRIPTION
The uucp commands, including uusched , are targeted for removal from HP-UX; see the WARNINGS
below.
uusched is the UUCP file transport scheduler. It is usually started by the daemon uudemon.hour ,
which is started by cron (see cron(1M)) from the following entry in /var/spool/cron:
39 * * * * /usr/bin/su uucp -c */usr/lbin/uucp/uudemon.hour > /dev/null*
Options
uusched recognizes two options which are provided for debugging purposes only.
-x debug_level Output debugging messages.
-u debug_level Pass as -x to uucico (see uucico(1M)). The debug_level is a number between
0 and 9. The higher the number, the more detailed the information returned.

WARNINGS
Use of uucp commands, including uusched , is discouraged because they are targeted for removal from
HP-UX. Use ftp(1) or rcp(1) instead.

FILES
/etc/uucp/Systems
/etc/uucp/Permissions
/etc/uucp/Devices
/var/spool/uucp/*
/var/spool/locks/LCK*
/var/spool/uucppublic/*
SEE ALSO
cron(1M), uucico(1M), uusched(1M), uucp(1), uustat(1), uux(1).
Tim O’Reilly and Grace Todino,
Managing UUCP and Usenet, O’Reilly & Associates, Inc. USA.
Grace Todino and Dale Dougherty,
Using UUCP and Usenet, O’Reilly & Associates, Inc. USA.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 607

 uusnap(1M) uusnap(1M)
(TO BE OBSOLETED)

NAME
uusnap - show snapshot of the UUCP system

SYNOPSIS
uusnap
DESCRIPTION
The uucp commands, including uusnap , are targeted for removal from HP-UX; see the WARNINGS
below.
uusnap displays in tabular format a synopsis of the current UUCP situation. The format of each line is as
follows:
site N Cmds N Data N Xqts Message
Where site is the name of the site with work, N is a count of each of the three possible types of work (com-
mand, data, or remote execute), and Message is the current status message for that site as found in the
STST file.
Included in Message may be the time left before UUCP can re-try the call, and the count of the number of
times that UUCP has tried to reach the site. The process id of uucico may also be shown if it is in a
TALKING state.

WARNINGS
Use of uucp commands, including uusnap , is discouraged because they are targeted for removal from
HP-UX. Use ftp(1) or rcp(1) instead.

AUTHOR
uusnap was developed by the University of California, Berkeley.
SEE ALSO
uucp(1).
Tim O’Reilly and Grace Todino,
Managing UUCP and Usenet, O’Reilly & Associates, Inc. USA.
Grace Todino and Dale Dougherty,
Using UUCP and Usenet, O’Reilly & Associates, Inc. USA.

608 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

uusnaps(1M) uusnaps(1M)
(TO BE OBSOLETED)

NAME
uusnaps - sort and embellish uusnap output

SYNOPSIS
uusnaps
DESCRIPTION
The uucp commands, including uusnaps , are targeted for removal from HP-UX; see the WARNINGS
below.
uusnaps runs uusnap (see uusnap(1M)) and post-processes the output into a more useful form. It sorts
output lines in ‘‘Pareto-style’’, showing first those remote systems with the greatest number of Cmds files,
next Data files, and then Xqts files.
uusnaps inserts a * after the number of Xqts files on those lines where Data is not equal to (2 ×
Cmds ) + Xqts . This may be a sign of missing or orphaned transaction parts. Use uuls to check (see
uuls(1)).
uusnaps adds summary information after all uusnap output. The first line is a total of the numbers of
Cmds , Data , and Xqts files. The second line contains a grand total number of transaction files, followed
by the number of directory bytes this represents. This is an indication of the true size of the directory itself
if all empty entries were squeezed out. Finally, if it appears that transaction files might be missing or
orphaned, uusnaps returns the number of missing or excess files.

WARNINGS
Use of uucp commands, including uusnaps , is discouraged because they are targeted for removal from
HP-UX. Use ftp(1) or rcp(1) instead.
uusnaps assumes that each directory entry takes 24 bytes.
SEE ALSO
uusnap(1M), uuls(1).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 609

 uusub(1M) uusub(1M)
(TO BE OBSOLETED)

NAME
uusub - monitor uucp network

SYNOPSIS
/usr/lbin/uucp/uusub [ options ]
DESCRIPTION
The uucp commands, including uusub , are targeted for removal from HP-UX; see the WARNINGS
below.
uusub defines a uucp subnetwork and monitors the connection and traffic among the members of the
subnetwork.

Options
uusub recognizes the following options:
-asys Add sys to the subnetwork.
-dsys Delete sys from the subnetwork.
-l Report the statistics on connections.
-r Report the statistics on traffic amount.
-f Flush the connection statistics.
-uhr Gather the traffic statistics over the past hr hours.
-csys Exercise the connection to the system sys. If sys is specified as all , exercise the connec-
tion to all the systems in the subnetwork.
The connections report is formatted as follows:
sys #call #ok time #dev #login #nack #other
Format interpretation:
sys remote system name,
#call number of times the local system tried to call sys since the last flush was done,
#ok number of successful connections,
time latest successful connect time,
#dev number of unsuccessful connections because of no available device (e.g., ACU),
#login number of unsuccessful connections because of login failure,
#nack number of unsuccessful connections because of no response (e.g. line busy, sys-
tem down),
#other number of unsuccessful connections because of other reasons.
Traffic statistics are reported as follows:
sfile sbyte rfile rbyte
u
Format interpretation:
sfile number of files sent,
sbyte number of bytes sent over the period of time indicated in the latest uusub com-
mand with the -u hr option,
rfile number of files received,
rbyte number of bytes received.
The command:
uusub -c all -u 24
is typically started by cron once a day.

610 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

uusub(1M) uusub(1M)
(TO BE OBSOLETED)

WARNINGS
Use of uucp commands, including uusub , is discouraged because they are targeted for removal from
HP-UX. Use ftp(1) or rcp(1) instead.

FILES
/var/uucp/.Admin/L_sub connection statistics
/var/uucp/.Admin/R_sub traffic statistics
/var/uucp/.Log/* system log file

SEE ALSO
uucp(1), uustat(1).
Tim O’Reilly and Grace Todino,
Managing UUCP and Usenet, O’Reilly & Associates, Inc. USA.
Grace Todino and Dale Dougherty,
Using UUCP and Usenet, O’Reilly & Associates, Inc. USA.

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 611

 uuxqt(1M) uuxqt(1M)
(TO BE OBSOLETED)

NAME
uuxqt - execute remote uucp or uux command requests

SYNOPSIS
/usr/lbin/uucp/uuxqt [ -s system ] [ -x debug_level ]
DESCRIPTION
The uucp commands, including uuxqt , are targeted for removal from HP-UX; see the WARNINGS
below.
uuxqt executes remote job requests generated by use of the uux command (see uux(1)). uux generates
X. files and places them in the spool directory, where uuxqt searches for them. For each X. file,
uuxqt determines whether the required data files are available and accessible, and if file commands are
permitted for the requesting system. The Permissions file is used to validate file accessibility and com-
mand execute permission. Then uuxqt performs execution of the commands.
Two environment variables are set before the uuxqt command is executed: UU_MACHINE is the
machine that sent the previous job and UU_USER is the user who sent the job. These can be used in writ-
ing commands that remote systems can execute to provide information, auditing, or restrictions.
uuxqt recognizes the following options:
-s system Execute commands on the specified system .
-x debug_level Produce debugging output on standard output. debug_level is a single digit
between 0 and 9. The higher the number, the more detailed debugging informa-
tion returned.

WARNINGS
Use of uucp commands, including uuxqt , is discouraged because they are targeted for removal from
HP-UX. Use ftp(1) or rcp(1) instead.

FILES
/etc/uucp/Permissions
/etc/uucp/Maxuuxqts
/var/spool/uucp/*
/var/spool/locks/LCK*
SEE ALSO
uucp(1), uustat(1), uux(1), uucico(1M).
Tim O’Reilly and Grace Todino,
Managing UUCP and Usenet, O’Reilly & Associates, Inc. USA.
Grace Todino and Dale Dougherty,
Using UUCP and Usenet, O’Reilly & Associates, Inc. USA.

612 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

vgcfgbackup(1M) vgcfgbackup(1M)

NAME
vgcfgbackup - create or update LVM volume group configuration backup file

SYNOPSIS
/usr/sbin/vgcfgbackup [-f vg_conf_path] [-u] vg_name
DESCRIPTION
The vgcfgbackup command saves the LVM configuration for a volume group in a default or alternate
configuration backup file (see the -f option).
By default, vgcfgbackup runs automatically each time an LVM command changes the LVM
configuration. In this case, it always uses the default configuration backup file. An existing default
configuration backup file is renamed with an extension of .old .

Options and Arguments

vgcfgbackup recognizes the following options and arguments:
vg_name The path name of a volume group.
-f vg_conf_path Save the configuration using an alternate file name specified by vg_conf_path.
If -f is omitted, the default file name is in the form:
/etc/lvmconf/ base_vg_name .conf
base_vg_name is the base name of vg_name. For example, if vg_name is
specified as /dev/vg00 , base_vg_name is vg00 .
-u Update the configuration backup file with the latest LVM configuration. Only
those physical volumes added since the configuration backup file was last
modified need to be online.
If -u is omitted, all physical volumes for vg_name must be online.

RETURN VALUE
vgcfgbackup exits with one of the following values:
0 Successful completion.
>0 Failure. Errors occurred when information from the volume group was being accessed.
EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

EXAMPLES
Back up LVM configuration information for volume group /dev/vg00 in the default backup file
/etc/lvmconf/vg00.conf:
vgcfgbackup /dev/vg00
Update LVM configuration information corresponding to volume group /dev/vg00 in the default backup v
file /etc/lvmconf/vg00.conf:
vgcfgbackup -u /dev/vg00
Back up LVM configuration information for volume group /dev/vg00 in the alternate configuration
backup file /tmp/vg00.backup:
vgcfgbackup -f /tmp/vg00.backup vg00
WARNINGS
It is recommended that any alternate configuration backup file be created in the root file system (as is the
case with the default path name). This facilitates easy volume group recovery during maintenance mode,
such as after a system crash.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 613

 vgcfgbackup(1M) vgcfgbackup(1M)

AUTHOR
vgcfgbackup was developed by HP.
SEE ALSO
vgcfgrestore(1M).

614 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

vgcfgrestore(1M) vgcfgrestore(1M)

NAME
vgcfgrestore - display or restore LVM volume group configuration from backup file

SYNOPSIS
/usr/sbin/vgcfgrestore -n vg_name -l [-v]
/usr/sbin/vgcfgrestore [-R] [-F ] -n vg_name [-o old_pv_path] pv_path
/usr/sbin/vgcfgrestore -f vg_conf_path -l [-v]
/usr/sbin/vgcfgrestore [-R] [-F] -f vg_conf_path [-o old_pv_path] pv_path
Remarks
vgcfgrestore cannot be performed if the volume group is activated in shared mode.
vgcfgrestore cannot be performed on devices attached to activated volume groups. Prior to restoring
a backup configuration to a disk, detach the physical volume from the volume group using the pvchange
command (see pvchange(1M)), or deactivate the volume group using the vgchange command (see
vgchange(1M)).

DESCRIPTION
The vgcfgrestore command restores the LVM configuration data from a default (-n option) or alter-
nate (-f option) configuration backup file to the physical volume named by pv_path. Or, it displays the
configuration data on standard output (-l option).
The configuration stored for one physical volume, old_pv_path, can be copied to another physical volume
pv_path (-o option).

Options and Arguments

vgcfgrestore recognizes the following options and arguments:
pv_path The raw (character) device path name of a physical volume that is currently
online.
If the -o option is omitted, pv_path must specify a physical volume whose
configuration is stored in the configuration backup file.
-f vg_conf_path Get configuration information from the alternate configuration backup file
vg_conf_path.
-F Forcibly restore the LVM configuration data even if the physical volume has
alternate block(s) allocated inside the user data area. This option should be used
with extreme caution. User is advised to fix the problem because potential data
corruption could occur.
-l List the configuration information saved in the specified configuration backup
file.
-n vg_name Get configuration information from the default configuration backup file:
/etc/lvmconf/ base_vg_name .conf
vg_name is the path name of the volume group.
base_vg_name is the base name of vg_name. For example, if vg_name is
specified as /dev/vg00 , base_vg_name is vg00 . v
-o old_pv_path Restore the configuration information saved for physical volume old_pv_path to
physical volume pv_path.
This option is useful when a physical volume’s name has changed since the
configuration backup file was created or updated.
old_pv_path must be the path name of a physical volume whose configuration is
stored in the configuration backup file. It need not be currently online.
pv_path must be the path name of a physical volume that is currently online. Its
configuration need not be stored in the configuration backup file.
-R Forcibly restore the LVM configuration data even if there is a physical volume
mismatch between the kernel and the configuration backup file with the volume
group still active. This option should not be used unless the configuration file is

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 615

 vgcfgrestore(1M) vgcfgrestore(1M)

absolutely valid and up-to-date. Restoring invalid configuration data can result
in data corruption later.
If there are alternate physical volume links configured in the system, the follow-
ing message will appear when total number of physical volumes in the kernel
does not match with the configuration backup file due to missing alternate physi-
cal volume links:
Mismatch between the backup file and the running kernel: Kernel indi-
cates X disks for /dev/vgname; /etc/lvmconf/vgname indicates Y disks.
Cannot proceed with the restoration. Deactivate the Volume Group and
try again.
In this case, the user is advised to deactivate the volume group first, then use
the vgcfgrestore command to restore configuration data when the volume
group is unavailable. But if the volume group has to stay available and the user
is absolutely sure the configuration file is correct, this option will restore data
from the configuration file when the volume group stays available.
-v Provide additional information when invoked together with -l option.
• Additional values displayed for each path:
• Disk size in kilobytes
• Starting block number (kb) of the user data.
• The PVkey (see lvdisplay -k). Note that paths with the same key are
links to the same device.
Additional values displayed for each volume group:
• max_pv
• max_pe
• max_lv

RETURN VALUE
vgcfgrestore exits with one of the following values:
0 Successful completion.
>0 Failure. Errors occurred during the restore operation.
EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

EXAMPLES
Restore the LVM configuration information for the physical volume /dev/rdsk/c0t7d0 that was saved
in the default file /etc/lvmconf/vg00.conf:
v vgcfgrestore -n /dev/vg00 /dev/rdsk/c0t7d0
Force to restore the LVM configuration data when volume group is still active
vgcfgrestore -R -n /dev/vg00 /dev/rdsk/c0t7d0
Restore the LVM configuration information to physical volume /dev/rdsk/c0t4d0 using alternate
configuration file /tmp/vg00.backup:
vgcfgrestore -f /tmp/vg00.backup /dev/rdsk/c0t4d0
List backup information saved in default configuration file /etc/lvmconf/vg00.conf:
vgcfgrestore -n /dev/vg00 -l
Above command might display the following:

616 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

vgcfgrestore(1M) vgcfgrestore(1M)

Volume Group Configuration information in "/etc/lvmconf/vg00.conf"

VG Name /dev/vg00
---- Physical volumes : 2 ----
/dev/rdsk/c0t6d0 (Bootable)
/dev/rdsk/c0t5d0 (Non-bootable)
Restore LVM configuration information stored for /dev/rdsk/c0t7d0 in default configuration file
/etc/lvmconf/vg01.conf to physical volume /dev/rdsk/c0t6d0:
vgcfgrestore -n /dev/vg01 -o /dev/rdsk/c0t7d0 /dev/rdsk/c0t6d0
AUTHOR
vgcfgrestore was developed by HP.
SEE ALSO
pvchange(1M), vgcfgbackup(1M), vgchange(1M), intro(7), lvm(7).

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 617

 vgchange(1M) vgchange(1M)

NAME
vgchange - set LVM volume group availability

SYNOPSIS
Activate volume group
/usr/sbin/vgchange -a availability [-l] [-p] [-q quorum] [-s] [-P resync_daemon_count]
[vg_name ... ]

Set volume group high-availability cluster attributes

/usr/sbin/vgchange -c cluster [-S sharable] vg_name
Change activation mode of sharable volume group
/usr/sbin/vgchange -a availability -x {vg_name...}
Quiesce an active volume group
/usr/sbin/vgchange -Q quiesce_mode [-t quiesce_time] vg_name
Resume a quiesced volume group
/usr/sbin/vgchange -R vg_name
Remarks
MC/ServiceGuard cluster operations require the installation of the optional MC/ServiceGuard software,
which is not included in the standard HP-UX operating system.
Mirrored disk operations require the installation of the optional HP MirrorDisk/UX software, which is not
included in the standard HP-UX operating system.

DESCRIPTION
The vgchange command with the -a option activates or deactivates one or more volume groups.
For volume groups that are used in a high availability cluster, when the -a option is specified together with
the -x option, the vgchange command allows cross-activation, changing the activation mode of an active
sharable volume group directly to the specified activation mode, without first having to deactivate the
volume group.
The vgchange command with the -c specifies whether the indicated volume group(s) can be used in a
high availability cluster, optionally the -S option can also be specified to configure whether the volume
group is sharable (or is for exclusive activation only).
The vgchange command without the -P resync_daemon_count option (default) will spawn one
nomwcsyncd process for each volume group containing NOMWC logical volumes, and this can degrade sys-
tem performance when many of these volume groups are activated at the same time. The -P
resync_daemon_count option provides a way to control the number of concurrent nomwcsyncd processes
spawned. This parameter is advisory, LVM may use a different value internally as necessary.
The -Q option allows quiescing an active volume group to facilitate creating a consistent disk snapshot copy
of all the physical volumes in the volume group. Metadata on the physical volumes is brought current and
remains unchanged until normal operation is resumed using the -R option (or when the optionally specified
-t quiesce_time time has expired). Specifying -Q rw when quiescing the volume group quiesces applica-
tion reads and writes to the volume group. This mode is suitable for most situations. Specifying -Q w
v when quiescing the volume group quiesces application writes to the volume group while allowing reads to
proceed as usual. This mode provides improved access to the data when used with applications that are
capable of quiescing updates while allowing queries. See the Quiesced Volume Groups section for a more
complete description of quiesced volume groups.
vg_name must be defined as a volume group in the file /etc/lvmtab . If vg_name is omitted, all volume
groups defined in /etc/lvmtab are affected, except when the -c -x -Q or -R options are specified.
Only a single volume group can be provided with these options.

High Availability Cluster Overview

Volume groups can be defined on disk volumes that are accessible by more than one system in a high avai-
lability cluster. This situation has a high potential for data corruption unless higher level cluster software
services are used to coordinate shared access to the same volume group by all systems.
A volume group can be marked as part of a cluster. When such a group is activated in exclusive mode, it
can be accessed for exclusive read-write activity by only one of the systems at a time; the other systems can

618 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

vgchange(1M) vgchange(1M)

have read-only access to the data. When the volume group is also marked as sharable, it may be activated
in shared mode for read-write access by all the nodes in the cluster.
The configuration of a shared volume group can be changed only if it is activated in exclusive mode. Cross-
activation between shared and exclusive modes of shared volume groups is possible with the -x option to
vgchange .
Simultaneously quiescing a volume group on all the systems sharing the volume group can be accomplished
by invoking vgchange with the -Q option from any node in the cluster. A ServiceGuard cluster-lock
volume group cannot be quiesced, because initializing or updating the cluster-lock requires writing to the
disk.

Options and Arguments

vgchange recognizes the following options and arguments:
vg_name The path name of a volume group.
-a availability Set volume group availability. availability can have one of the following values:
y Activate each specified volume group and all associated physical and logical
volumes for read-write access. If a volume group is marked as part of a high
availability cluster, it is activated in exclusive read-write mode, as for the -a
e option.
e Activate each specified volume group and all associated physical and logical
volumes for exclusive read-write access. The volume group must be marked
as part of a high availability cluster, and the availability software must be
running on the system; otherwise, the volume group is not activated.
With the -x option, the activation mode of a shared volume group is changed
to exclusive. The volume group will remain active during the operation. The
operation will not be performed if the volume group is active in more than
one node, or if it is not currently in shared mode.
s Activate each specified volume group and all associated physical and logical
volume for shared read-write access. The volume group must be marked as
part of a high availability cluster and marked sharable; otherwise, the volume
group is not activated.
Please note HP MirrorDisk/UX software is only supported in a clustered
environment with a maximum of two nodes configured.
With the -x option, the activation mode of a shared volume group is changed
to shared. The volume group will remain active during the operation. The
operation will only be performed if the current activation mode of the volume
group is exclusive.
If the -a y or -a e option is executed on a currently active volume group,
without the -x option, vgchange attempts to include any physical volumes that
were previously listed as missing. This is useful if a physical volume has come
back online. However, no automatic synchronization of any mirrored logical
volumes is done. If synchronization is required, execute the vgsync command
(see vgsync(1M)).
r Activate each specified volume group and all associated physical and logical v
volumes for read-only access. This option is ignored for a volume group that
is already activated.
If a volume group is marked as part of a high availability cluster, the high
availability software must be running on the system; otherwise, the volume
group is not activated.
n Deactivate each specified volume group and its associated logical volumes.
You must close the logical volumes prior to executing this option. For exam-
ple, if the logical volume contains a file system, the file system must be
unmounted.
-c cluster Control the membership of volume groups in a high availability cluster. cluster
can have one of the following values:

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 619

 vgchange(1M) vgchange(1M)

y Mark each specified volume group as a member of a high availability cluster.

The high availability software must be running; otherwise, the volume group
is not marked. Needs to be done on one node only. -S may be optionally
specified with the -c option to indicate whether the VG is sharable, and
when the -c option is used without -S the VG is marked not sharable.
n Remove each specified volume group from membership in the high availabil-
ity cluster. The high availability software does not have to be running to per-
form this operation.
The volume group must be deactivated with the -a n option before a -c yn
option can be executed.
-l Disable the opening of logical volumes that belong to each specified volume group.
If the -l option is set, later attempts to open the logical volumes will fail. To
allow an opening of these logical volumes to succeed, execute lvchange -a y.
-p Activate each specified volume group only if all of the physical volumes that belong
to it are available.
-q quorum Set the quorum enforcement for each specified volume group. quorum can have
one of the following values:
y Enforce the quorum requirement. This is the default.
n Ignore the quorum requirement.
The -q n option can be used to activate the volume group when the disk quorum
is not maintained because too many disks were lost. Since it ensures the integrity
of the LVM configuration information, it is normally not advisable to override the
quorum.
-s Disable the synchronization of stale physical extents within the volume group
specified by vg_name. This option is only effective when used with the -a y or
-a e option.
-t quiesce_time Automatically resume normal read/write access to the volume group once the
specified quiesce_time (in seconds) has expired. This option should be used when
quiescing a volume group that contains critical resources (e.g., root or swap logical
volume) that are necessary for normal operation of the system, or other cir-
cumstances where manually executing the vgchange -R may not be possible
once the volume group is quiesced. The quiesce_time can be any value from 1 to
2ˆ31-1. This option is only valid when used with the -Q option.
-x Cross-activate a active sharable volume group, changing the activation mode to the
specified activation mode. This option is only valid when used with the -a availa-
bility option. Cross-activation can only be used to change the activation mode from
shared mode to exclusive mode, or from exclusive mode to shared mode.
-P resync_daemon_count
specify the advisory count to control the number of nomwcsyncd threads spawned
for NOMWC processing when activating the volume group(s). Specifying a
resync_daemon_count of 0 causes a reasonable number of threads to be spawned
(currently defined to be 4).
v -Q quiesce_mode Quiesce an active volume group to guarantee that the LVM metadata is consistent.
This allows a system administrator to perform a snapshot of all the disks in the
volume group. The volume group remains quiesced until it is resumed again using
the -R option or automatically after the optionally specified quiesce_time (given
using the -t option) has expired. See the Quiesced Volume Groups section for a
more complete description of quiesced volume groups. The quiesce_mode can have
one of the following values:
rw Quiesce both reads and writes to the volume group.
w Quiesce writes to the volume group. Applications may open and read from
logical volumes belonging to the volume group.
-R Resume a previously quiesced volume group. I/O that was quiesced is allowed to
complete. LVM commands and resync operations are enabled. See the Quiesced

620 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

vgchange(1M) vgchange(1M)

Volume Groups section for a more complete description of quiesced volume groups.
-S sharable Control the sharability of volume groups in a high availability cluster. sharable
can have one of the following values:
y Mark each specified volume group as sharable. The high availability software
must be running; otherwise, the volume group is not marked. This only has
to be done from one node of the cluster.
n Remove the shared attribute from the volume group. The high availability
software does not have to be running to perform this operation.
The volume group must be deactivated with the -a n option before a -S yn
option can be executed.

Mirrored Disk Activation

When the optional HP MirrorDisk/UX software is running and a volume group is activated, LVM performs
the necessary mirror consistency recovery for each logical volume in the volume group based on the state of
Mirror Write Cache and Mirror Consistency Recovery (see the Consistency Recovery section of
lvdisplay(1M)). In a non-shared environment, LVM supports MWC , NOMWC and the NONE recovery. But in
shared environment, LVM only supports NOMWC and the NONE recovery.
MWC Recover mirror consistency by using the Mirror Write Cache and Mirror Consistency
Record. This mode implies that the Mirror Write Cache is on.
NOMWC Recover mirror consistency by searching all logical extents and copying data from a non-
stale copy to all the other mirror copies. This mode implies that the Mirror Write Cache is
off.
NONE Do not recover mirror consistency during volume group activation on this logical volume
following a system crash. This mode implies that the Mirror Write Cache is off.
Once mirror consistency is recovered using the configured policy, the mirrors are resynchronized (any stale
extents made current) by copying data from a non-stale copy to the stale mirror copies. If the -s option is
specified on the command line, mirror synchronization does not occur. However, for those logical volumes
that have Mirror Write Cache turned off, mirror synchronization is done independently of whether the -s
option appears on the command line.

General Activation
If vgchange cannot access a physical volume, it lists the volume’s status as missing. If too many physical
volumes in the volume group are missing, vgchange reports that the group does not have a quorum and
cannot be activated. The lack of a quorum can be overridden with the -q n option.

Quiesced Volume Groups

A quiesced volume group presents a stable and consistent disk image suitable for creating snapshot copies
of the disks in the volume group.
Quiesced volume groups have the following characteristics:
• The physical volumes in the volume group appear as though the logical volumes were closed and
the volume group was deactivated. They remain unchanged until the vgchange -R command is
issued to resume access to the VG or until the optionally specified quiesce_time has expired.
• When -Q rw is specified, reads and writes are queued until the volume group is resumed. When
-Q w is specified, reads proceed as usual, but writes are queued until the volume group is
v
resumed. In the latter case, reading from the volume group will return the last data written
before the volume group was quiesced.
• LVM display commands are allowed to proceed as usual.
• LVM mirror resynchronization and configuration commands are rejected.
• I/O that is queued because a volume group is quiesced will not be completed until after the volume
group is resumed, regardless of any logical volume I/O timeout that is set on the LVs. Some appli-
cations may be sensitive to this delay and could report errors or warnings as a result.

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 621

 vgchange(1M) vgchange(1M)

EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

EXAMPLES
Activate volume group /dev/vg03 :
vgchange -a y /dev/vg03
Deactivate volume group /dev/vg03 :
vgchange -a n /dev/vg03
Activate volume group /dev/vg03 without synchronizing extents that are not current on logical volumes
that have Mirror Write Cache turned on:
vgchange -a y -s /dev/vg03
Exclusive Activation
Set up volume group /dev/vg03 for use in a high availability cluster:
vgchange -a n /dev/vg03 # Deactivate volume group
vgchange -c y /dev/vg03 # Enable volume group for HA cluster
vgchange -c y -S y /dev/vg03 # Enable volume group for HA cluster
and mark as sharable
vgchange -a e /dev/vg03 # Activate volume group in exclusive mode
vgchange -a s /dev/vg03 # Activate volume group in shared mode
Activate all volume groups; activate those that are marked for membership in a high availability cluster in
shared mode:
vgchange -a y
Activate all volumes that are marked for membership in a high availability cluster in exclusive mode:
vgchange -a e
Cross Activation
Set up volume group /dev/sh_vg for use in a high availability cluster.
To make configuration changes, to a volume group activated in shared mode, deactivate the volume group
by executing the following command on each cluster node except one:
vgchange -a n sh_vg
On the single node, where the volume group is active:
vgchange -a e -x sh_vg # Change mode to exclusive
vgchange -a s -x sh_vg # After configuration change, change
# mode back to shared
v Quiescing a Volume Group
Quiesce LVM metadata writes and application reads and writes to volume group /dev/vg03 :
vgchange -Q rw /dev/vg03
Quiesce LVM metadata and application writes but allow application reads to volume group /dev/vg03 :
vgchange -Q w /dev/vg03
Resume normal reads and writes to volume group /dev/vg03 (after having quiesced them earlier) :
vgchange -R /dev/vg03
Quiesce volume group /dev/vg03 quiescing both reads and writes and automatically resume normal
read/write access in 600 seconds:

622 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

vgchange(1M) vgchange(1M)

vgchange -Q rw -t 600 /dev/vg03

WARNINGS
Ordinary Operation
In ordinary operation (that is, without the optional high availability software), it is possible to activate a
volume group for read-write access from more than one physically connected system, leading to a high
potential for data corruption. Therefore, if access is desired from more than one system to a single volume
group, it is important that only one system activate the volume group for read-write access; the other sys-
tems can use read-only access. There is no problem if all systems activate the volume group for read-only
access.
Furthermore, volume group information is only read from the disks during volume group activation.
Dynamic changes to the volume group such as the following are not propagated to other systems sharing
the volume group:
Logical volume configuration changes.
Changes to the status of the mirrored extents.
Bad-block relocation that occurs during write operations.
Because of these limitations, when sharing volume groups between systems it is recommended that logical
volumes be accessed only by one system at a time. If logical volumes must be accessed simultaneously, the
logical volumes should not be mirrored and should not have bad-block relocation turned on, or all systems
should use read-only access to the logical volumes.

SEE ALSO
mount(1M), vgcreate(1M), vgdisplay(1M), vgextend(1M), vgreduce(1M).
If MC/ServiceGuard is installed: cmcheckconf(1M), cmquerycl(1M), and Managing MC/ServiceGuard.

HP-UX 11i Version 3: February 2007 −6− Hewlett-Packard Company 623

 vgchgid(1M) vgchgid(1M)

NAME
vgchgid - modify the Volume Group ID (VGID) on a given set of physical devices

SYNOPSIS
/usr/sbin/vgchgid PhysicalVolumePath [PhysicalVolumePath] ...
DESCRIPTION
The vgchgid command is designed to change the LVM Volume Group ID (VGID) on a supplied set of
disks. vgchgid will work with any type of storage, but it is primarily targeted at disk arrays that are
able to create "snapshots" or "clones" of mirrored LUNs. vgchgid accepts a set of raw physical devices
and ensures that they all belong to the same volume group, before altering the VGID (see WARNINGS sec-
tion).
The same VGID is set on all the disks and it should be noted that in cases of multi-PV volume groups, all
the physical volumes should be supplied in a single invocation of the vgchgid command.

Options
vgchgid recognizes the following options and arguments:
PhysicalVolumePath The raw devices path name of a physical volume.

Background
Some storage subsystems have a feature which allows a user to split off a set of mirror copies of physical
storage (termed BCV s, BCs, or Snapshots) just as LVM splits off logical volumes with the lvsplit
command. As the result of the "split," the split-off devices will have the same VGID as the original disks.
vgchgid is needed to modify the VGID on the BCV devices. Once the VGID has been altered, the BCV
disks can be imported into a new volume group by using vgimport .

WARNINGS
Once the VGID has been changed, the original VGID is lost until a disk device is re-mirrored with the origi-
nal devices. If vgchgid is used on a subset of disk devices (for example, two out of four disk devices), the
two groups of disk devices would not be able to be imported into the same volume group since they have
different VGIDs on them. The solution is to re-mirror all four of the disk devices and re-run vgchgid on
all four BCV devices at the same time, and then use vgimport to import them into the same new volume
group.
If a disk is newly added to an existing volume group and no subsequent LVM operations has been per-
formed to alter the structures (in other words, operations which perform an automated vgcfgbackup(1M));
then it is possible a subsequent vgchgid will fail. It will report that the disk does not belong to the
volume group. This may be overcome by performing a structure changing operation on the volume group
(for example, using lvcreate ).
It is the system administrator’s responsibility to make sure that the devices provided in the command line
are all Business Copy volumes of the existing standard physical volumes and are in the ready state and
writable. Mixing the standard and BC volumes in the same volume group can cause data corruption.

RETURN VALUE
vgchgid returns the following values:
0 VGID was modified with no error
v 1 VGID was not modified

EXAMPLES
An example showing how vgchgid might be used:
1. The system administrator uses the following commands to create the Business Continuity (BCV or BC)
copy:
1) For EMC Symmetrix disks, the commands are BCV establish and BCV split .
2) For XP disk array, the commands are paircreate and pairsplit .
Three BCV disks are created.
2. Change the VGID on the BCV disks.
vgchgid /dev/rdsk/c0t0d0 /dev/rdsk/c0t0d1 /dev/rdsk/c0t0d2

624 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

vgchgid(1M) vgchgid(1M)

3. Make a new volume group using the BCV disks.

mkdir /dev/vgbcv
mknod /dev/vgbcv/group c 64 0x040000
4. Import the BCV disks into the new volume group.
vgimport /dev/vgbcv /dev/dsk/c0t0d0 /dev/dsk/c0t0d1 /dev/dsk/c0t0d2
5. Activate the new volume group.
vgchange -a y /dev/vgbcv
6. Backup the new volume group’s LVM data structure.
vgcfgbackup /dev/vgbcv
7. Mount the associated logical volumes.
mkdir /bcv/lvol1 /bcv/lvol2
mount /dev/vgbcv/lvol1 /bcv/lvol1
mount /dev/vgbcv/lvol2 /bcv/lvol2
SEE ALSO
vgimport(1M), vgscan(1M), vgcfgbackup(1M).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 625

 vgcreate(1M) vgcreate(1M)

NAME
vgcreate - create LVM volume group

SYNOPSIS
/usr/sbin/vgcreate [-f] [-A autobackup] [-x extensibility] [-e max_pe] [-l max_lv ]
[-p max_pv ] [-s pe_size] [-g pvg_name] vg_name pv_path ...

DESCRIPTION
The vgcreate command creates a new volume group. vg_name is a symbolic name for the volume group
and must be used in all references to it. vg_name is the path to a directory entry under /dev that must
contain a character special file named group . Except for the group entry, the vg_name directory should
be empty. The vg_name directory and the group file have to be created by the user (see lvm(7)).
vgcreate leaves the volume group in an active state.
Before assigning a physical volume to a volume group, the physical volume has to be created using the
pvcreate command (see pvcreate (1M)).
If vgcreate fails to install the first specified physical volume into the volume group, the volume group is
not created. If, for any reason, one of the remaining specified physical volumes cannot be installed into the
volume group, an error message is printed, but the installation continues until the end of the list of physical
volumes.

Options and Arguments

vgcreate recognizes the following options and arguments:
pv_path The block device path name of a physical volume that will be assigned to the new
volume group.
On PA-RISC systems, pv_path should be the path name for the whole disk. For
Itanium(R)-based system boot physical volumes, pv_path should be the path
name for the disk section containing the HP-UX partition (see model(1) and
getconf(1)). For Itanium-based system non-boot physical volumes, pv_path can
be the path name for the whole disk or the disk section containing the HP-UX
partition.
You can specify physical volume links pv-links for a physical volume providing
different paths that reference the same physical volume in the pv_path list. The
order in which the paths are listed is important. The first path becomes the
primary link to the physical volume, and the second becomes an alter-
nate link to the physical volume. The primary link is the default path
used to access the physical volume. (see WARNINGS section). If the primary
link becomes unavailable, LVM automatically switches to the alternate
link to access the physical volume. Currently, LVM supports a maximum of 8
paths to a physical volume (7 alternate and one primary).
vg_name The path name of a subdirectory of the /dev directory. vg_name must be
empty except for a character special file named group . Typically, this directory
name is in the form /dev/vg NN, where NN numbers sequentially from 00 .
-A autobackup Set automatic backup for this invocation of this command. autobackup can have
one of the following values:
v y Automatically back up configuration changes made to the volume group.
This is the default.
After this command executes, the vgcfgbackup command (see
vgcfgbackup(1M)) is executed for the volume group.
n Do not back up configuration changes this time.
-e max_pe Set the maximum number of physical extents that can be allocated from any of
the physical volumes in the volume group. The default value for max_pe is
1016 . However, if the size of any physical volume exceeds 1016 times the
pe_size, the default value for max_pe is adjusted to match the physical volume
size. The maximum number of physical extents can be a value in the range 1 to
65535.

626 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

vgcreate(1M) vgcreate(1M)

-f This option will force a volume group to be created with a physical volume which
has alternate block(s) already allocated, (that is, this physical volume was not
initialized using pvcreate -f .) This option should be used with extreme cau-
tion. If the volume group to be created has a different physical extent size, the
alternate block(s) might be inside the user data area. Potential data corruption
could occur.
-g pvg_name Create a new physical volume group with the name pvg_name. All physical
volumes specified in the pv_path parameter become a member of the newly
created physical volume group.
The physical volume group information is stored in an ASCII file,
/etc/lvmpvg . The file can be edited to create a physical volume group
instead of using the vgcreate command. However, ensure that the physical
volumes to be used have already been installed in the volume group prior to
creating the physical volume group.
The physical volume group name must be unique within a volume group
although identical physical volume group names can appear in different volume
groups (see lvmpvg (4) for format details).
-l max_lv Set the maximum number of logical volumes that the volume group is allowed to
contain. The default value for max_lv is 255 . The maximum number of logical
volumes can be a value in the range 1 to 255.
-p max_pv Set the maximum number of physical volumes that the volume group is allowed
to contain. The default value for max_pv is 16 . The maximum number of physi-
cal volumes can be a value in the range 1 to 255.
-s pe_size Sets the number of megabytes in each physical extent, where pe_size is
expressed in units of megabytes (MB) in the range 1 to 256. pe_size must be
equal to a power of 2 (1, 2, 4, 8, etc.). The default value for pe_size is 4 (four
megabytes).
-x extensibility Set the allocation permission for adding physical extents on the physical volumes
specified by the pv_path parameter. extensibility can have one of the following
values:
y Allow allocation of additional physical extents on the physical volume. This
is the default.
n Prohibit allocation of additional physical extents on the physical volume.
Logical volumes residing on the physical volume can still be accessed after
the volume group has been activated by the vgchange -a y command.

Alternate Links (PVLinks):

In this release of HP-UX, LVM continues to support Alternate Links to a device to allow continued access to
the device, if the primary link fails. This multiple link or multipath solution increases data availability, but
does not allow the multiple paths to be used simultaneously.
There is a new feature introduced in the Mass Storage Subsystem on this version of HP-UX that also sup-
ports multiple paths to a device and allows access to the multiple paths simultaneously. The Mass Storage
Subsystem will balance the I/O load across the valid paths. This new multi-path behavior is enabled and
disabled through the use of the scsimgr command. See scsimgr(1M) for details. v
It is no longer required or recommended to configure LVM with alternate links. However, it is possible to
maintain the traditional LVM behavior. To do so, both of the following criteria must be met:
• Only the legacy device special file naming convention is used in the volume group configuration.
• The scsimgr command is used to disable the Mass Storage Subsystem multipath behavior.

EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 627

 vgcreate(1M) vgcreate(1M)

EXAMPLES
Create a volume group named /dev/vg00 containing two physical volumes with extent size set to 2 MB,
from scratch.
First, create the directory /dev/vg00 with the character special file called group .
mkdir /dev/vg00
mknod /dev/vg00/group c 64 0x030000
The minor number for the group file should be unique among all the volume groups on the system.
It has the format 0xNN 0000 , where NN runs from 00 to ff .
Initialize the disks using pvcreate .
pvcreate /dev/rdsk/c1t0d0
pvcreate /dev/rdsk/c1t2d0
Create the volume group.
vgcreate -s 2 /dev/vg00 /dev/dsk/c1t0d0 /dev/dsk/c1t2d0
Create a volume group named /dev/vg01 that can contain a maximum of three logical volumes,
with extent size set to 8 MB:
vgcreate -l 3 -s 8 /dev/vg01 /dev/dsk/c3t4d0
Create a volume group named /dev/vg00 and a physical volume group named PVG0 with two phy-
sical volumes:
vgcreate -g PVG0 /dev/vg00 /dev/dsk/c1t0d0 /dev/dsk/c2t0d0
Using the PV Links feature to create a volume group named /dev/vg00 with a physical volume that
can be referenced by two different paths. /dev/dsk/c3t0d0 and /dev/dsk/c4t0d0 refer to
the same physical volume, accessed via different controller hardware paths. In this example,
/dev/dsk/c3t0d0 becomes the primary link to the physical volume. /dev/dsk/c4t0d0
becomes an alternate link to the physical volume.
vgcreate /dev/vg00 /dev/dsk/c3t0d0 /dev/dsk/c4t0d0
SEE ALSO
getconf(1), model(1), idisk(1M), pvcreate(1M), scsimgr(1M), vgchange(1M), vgdisplay(1M), vgextend(1M),
vgreduce(1M), environ(5), lang(5), intro(7), lvm(7).

628 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

vgdisplay(1M) vgdisplay(1M)

NAME
vgdisplay - display information about LVM volume groups

SYNOPSIS
/usr/sbin/vgdisplay [-F] [-v] [vg_name...]
DESCRIPTION
The vgdisplay command displays information about volume groups. For each vg_name specified,
vgdisplay displays information for that volume group only. If no vg_name is specified, vgdisplay
displays names and corresponding information for all defined volume groups.
The volume group must be activated (see vgchange(1M)) before it can be displayed.

Options and Arguments

vgdisplay recognizes the following options and arguments:
vg_name The path name of the volume group, for example, /dev/vg00 .
-F Produce a compact listing of fields described in Compact Listing (-F Option). The output is
a list of colon separated fields formatted as key =value[,value...].
-v For each volume group, display additional information about logical volumes, physical
volumes, and physical volume groups.

Display Without -v Option

If you omit the -v option, only the following information is displayed:
--- Volume groups ---
VG Name The path name of the volume group.
VG Write Access Current access mode and quiesce mode of the volume group. The access
mode is either read/write or read-only . If the volume group is
quiesced, the quiesce mode is displayed on the same line. The quiesce
mode is either read/write-quiesced or write-quiesced.
VG Status State of the volume group: always available , as after a
vgchange -a y command, since deactivated volume groups are not
displayed.
Max LV Maximum number of logical volumes allowed in the volume group.
Cur LV Current number of logical volumes in the volume group.
Open LV Number of logical volumes currently open in the volume group.
Max PV Maximum number of physical volumes allowed in the volume group.
Cur PV Current number of physical volumes in the volume group.
Act PV Number of physical volumes that are currently active.
Max PE per PV Maximum number (limit) of physical extents that can be allocated from
any of the physical volumes in the volume group.
VGDA Number of Volume Group Descriptor Areas within the volume group.
PE Size Size of each physical extent in Megabytes. v
Total PE Total number of physical extents within the volume group: the sum of
the number of physical extents belonging to each available physical
volume in the volume group. (This does not include physical extents
belonging to stand-by spare physical volumes; presence of these is only
possible if you are using mirrored disks -- see below).
Alloc PE Number of physical extents currently allocated to logical volumes.
Free PE Number of physical extents not allocated (not including physical extents
belonging to stand-by spares).
Total PVG Total number of physical volume groups within the volume group.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 629

 vgdisplay(1M) vgdisplay(1M)

Total Spare PVs Total number of physical volumes that are designated as spares for this
volume group. This will include both stand-by and active spares -- see
below.
Total Spare PVs in use
Total number of spare physical volumes that are active in place of (con-
taining all data from) a failed physical volume.

Display With -v Option

If you specify the -v option, vgdisplay lists the following additional information for each logical volume,
for each physical volume, and for each physical volume group in the volume group:
--- Logical volumes ---
Information about logical volumes belonging to vg_name:
LV Name The block device path name of a logical volume in the volume group.
LV Status State of the logical volume:
available/stale Logical volume available but contains physi-
cal extents that are not current.
available/syncd Logical volume available with no stale
extents.
unavailable Logical volume is not available for use.
LV Size (Megabytes) Size of the logical volume.
Current LE Number of logical extents in the logical volume.
Allocated PE Number of physical extents used by the logical volume.
Used PV Number of physical volumes used by the logical volume.
--- Physical volumes ---
Information about physical volumes belonging to vg_name:
PV Name The block device path name of a physical volume in the group. When an
alternate link to a physical volume has been added, Alternate
Link is displayed next to the device path name. (See vgextend(1M) for
definition.)
PV Status State of the physical volume: (NOTE: spare physical volumes are only
relevant if you have installed HP MirrorDisk/UX software):
available The physical volume is available and is not a
spare physical volume.
available/data spared
The physical volume is available. However,
it’s data still resides on an active spare.
available/active spare
The physical volume is available and is an
v active spare physical volume. (An active
spare is a spare that has taken over for a
failed physical volume.)
available/standby spare
The physical volume is a spare "standing by"
in case of a failure on any other physical
volume in this volume group. It can only be
used to capture data from a failed physical
volume.
unavailable The physical volume is unavailable and is not
a spare physical volume.
unavailable/data spared
The physical volume is unavailable. However,

630 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

vgdisplay(1M) vgdisplay(1M)

it’s data now resides on an active spare, and

its data is available if the active spare is
available.
unavailable/active spare
The physical volume is unavailable and it’s an
active spare. Thus, the data on this physical
volume is unavailable.
unavailable/standby spare
The physical volume is a spare "standing by"
that is not currently available to capture data
from a failed physical volume.
Total PE Total number of physical extents on the physical volume.
Free PE Number of free physical extents on the physical volume.
Spared from PV If the physical volume represents an active spare, this field will show
the name of the failed physical volume whose data now resides on this
spare. This information can be used to manually move the data back to
the original physical volume once it has been repaired (see pvmove (1M)).
If it cannot be determined which physical volume that the data came
from, this field will instead display Missing PV . A missing PV would
indicate that when the volume group was last activated or reactivated
(see vgchange(1M)), the "failed" physical volume was not able to attach
to the volume group.
Spared to PV If the physical volume represents a failed physical volume, this field will
show the name of the active spare physical volume that now contains
the data that originally residing on this volume. This information can be
used to manually move the data back to the original physical volume
(see pvmove (1M)) once it has been repaired.
Autoswitch For multiported devices accessed via multiple paths, this field indicates
the autoswitch behavior for the physical volume (see pvchange(1M)).
On LVM will automatically switch from the path it is using when-
ever a better path to the physical volume is available. LVM will
switch paths when a better path recovers (after it had failed
earlier), or if the current path fails and another path is avail-
able. This is the default.
Off LVM will automatically switch to using the best available path
only when the path currently in use is unavailable. LVM will
continue using a specific path for the physical volume as long as
it works, regardless of whether another better path recovers
from a failure.
--- Physical volume groups ---
Information about physical volume groups belonging to vg_name:
PVG Name Name of a physical volume group in the volume group.
PV Name The block device path name of a physical volume in the physical volume group.
v
Compact listing (-F Option)
The -F option generates a compact and parsable listing of the command output in colon separated fields
formatted as key =value[,value...]. The -F option is designed to be used by scripts. The resulting com-
mand output may be split across multiple lines. The output may include new keys and/or values in the
future. If a key is deprecated, its associated value is set to NAM (key =NAM ). For the current version of the
vgdisplay command, the lines format is:
LINE 1
The format of Line 1 is as follows:

vg_name=value:vg_write_access=value:vg_status=value:max_lv=value:
cur_lv=value:open_lv=value:max_pv=value:cur_pv=value:act_pv=value:

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 631

 vgdisplay(1M) vgdisplay(1M)

max_pe_per_pv=value:vgda=value:pe_size=value:total_pe=value:
alloc_pe=value:free_pe=value:total_pvg=value:total_spare_pvs=value:
total_spare_pvs_in_use=value
LINE 2
The format of Line 2 is as follows:
cluster:server=value:client=value[:...]
LINE 3
The format of Line 3 is as follows:

lv_name=value:lv_status=value:lv_size=value:current_le=value:
allocated_pe=value:used_pv=value
... The above line may be repeated with different values.
LINE m
The format of Line m is as follows:

pv_name=value[,value]:pv_status=value:total_pe=value:free_pv=value:
spared_from_pv=value:spared_to_pv=value:autoswitch=value
... The above line may be repeated with different values.
LINE n
The format of Line n is as follows:
pvg_name=value:pv_name=value[,value...]
... The above line may be repeated with different values.
EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

EXAMPLES
Display information about all the volume groups within the system:
vgdisplay
Display all of the information about one volume group, including the characteristics and status of both the
logical and physical extents of the volume group:
vgdisplay -v /dev/vg02
SEE ALSO
lvdisplay(1M), pvdisplay(1M), vgchange(1M), vgcreate(1M).

632 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

vgexport(1M) vgexport(1M)

NAME
vgexport - export an LVM volume group and its associated logical volumes

SYNOPSIS
/usr/sbin/vgexport [-m mapfile] [-p] [-v] [-f outfile] vg_name
/usr/sbin/vgexport -m mapfile -s [-p] [-v] vg_name
DESCRIPTION
Using the format of the first command line of the SYNOPSIS above, the vgexport command can be used
to remove a volume group from the system. The volume group will be removed without modifying the logi-
cal volume information found on the physical volumes.
The volume group identified by vg_name is removed from the /etc/lvmtab file, and the associated dev-
ice files including the vg_name directory and group file are removed from the system.
The volume group information and data is untouched on the physical volume. These disks can be imported
to another system with the vgimport command (see vgimport (1M)).

Scan Option
Using the format of the second command line of the SYNOPSIS above, the vgexport command gen-
erates a mapfile that can be copied to other systems that are part of a high availability cluster (use the -p
option if you do not want to remove the volume group from the system the command is being run from) and
the vgimport command (see vgimport (1M)) can be used to recreate the volume group. See also
vgchange(1M). The mapfile contains a description of the volume group and its associated logical volume(s)
(if any). The logical volume information found on the physical volumes is not modified.

Options and Arguments

vgexport recognizes the following options and arguments:
vg_name The path name of the volume group.
-m mapfile By default, a file named mapfile is created in the current directory. This file con-
tains a description of the volume group and its associated logical volume(s) (if any).
Use this option to specify a different name for the file, mapfile. This file can be used
as input to vgimport (see vgimport (1M)). When used with the -s option, the
volume group specified in the mapfile can be shared with other systems in the high
availability cluster.
-p Preview the actions to be taken but do not update the /etc/lvmtab file or remove
the devices file. This option is best used in conjunction with the -v option.
-v Print verbose messages including the names of the physical volumes associated with
this volume group.
-s Scan option. When the -s option is specified, then the -m options must also be
specified. A mapfile is created that can be used to create volume group entries on
other systems in the high availability cluster (with the vgimport command).
-f outfile Write the current set of pv_paths for the volume group to the outfile. The outfile may
then be used as the infile for the vgimport -f option. If used together with the
-p option the volume group is not exported but the list of pv_paths is still written to
the outfile. This may be useful to derive a list of pv_paths for the volume group or to
use on another system which is sharing the volume group and which has an identical
v
configuration.

EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

EXAMPLES
Export the volume group /dev/vg01 into mapfile vg01.mymap . The volume group will be removed
from the exporting system.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 633

 vgexport(1M) vgexport(1M)

vgexport -m vg01.mymap /dev/vg01

Export the volume group /dev/vg01 and write the disk names into the file vg01.outfile .
vgexport -v -f vg01.outfile /dev/vg01
Create a mapfile to be copied to other systems in a high availability cluster to build the volume group infor-
mation for the volume group, /dev/vg02 . Note that the volume group is not removed from the exporting
system. The importing systems will create the volume group with the vgimport command using the -s
and -m options.
vgexport -s -p -v -m vg02.mymap /dev/vg02
SEE ALSO
vgimport(1M), vgscan(1M).

634 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

vgextend(1M) vgextend(1M)

NAME
vgextend - extend an LVM volume group by adding physical volumes

SYNOPSIS
/usr/sbin/vgextend [-f] [-A autobackup] [-g pvg_name] [-x extensibility] [-z sparepv]
vg_name pv_path ...

Remarks
vgextend cannot be performed if the volume group is activated in shared mode.
DESCRIPTION
The vgextend command assigns additional physical volumes to volume group vg_name. The volume
group must be active.
Volume groups are extended by adding one or more physical volumes specified by pv_path ...
After the physical volumes have been successfully added to the volume group, the disk space they contain
can be allocated to logical volumes.
Before assigning an additional physical volume to a volume group, create the physical volume with the
pvcreate command (see pvcreate (1M)). Then, create the volume group with the vgcreate command,
assigning at least one physical volume (see vgcreate (1M)).
If, for any reason, a specified physical volume cannot be installed into the volume group, an error message
is displayed. However, the installation continues to the end of the list of physical volumes.
When a pv_path refers to one of the physical volumes already in the volume group by a different pv_path
name to indicate the use of a different controller, this new path becomes an alternate link to the
physical volume. When two paths that reference the same disk are provided in the pv_path list, the order
of the paths is important. The first path becomes the "primary link" to the physical volume, the second
becomes an "alternate link" to the physical volume. The primary link is the path used to access the physi-
cal volume unless the primary link becomes unavailable in which case LVM automatically switches to the
alternate link to access the physical volume (see WARNINGS section). Currently LVM supports a max-
imum of 8 paths to a physical volume (7 alternates and one primary).

Options and Arguments

vgextend recognizes the following options and arguments:
pv_path The block device path name of a physical volume.
vg_name The path name of the volume group.
-A autobackup Set automatic backup for this invocation of this command. autobackup can have
one of the following values:
y Automatically back up configuration changes made to the volume group.
This is the default.
After this command executes, the vgcfgbackup command (see
vgcfgbackup(1M)) is executed for the volume group.
n Do not back up configuration changes this time.
-f Forcibly extend the volume group with a physical volume which has alternate
block(s) already allocated, (in other words, this physical volume was not initial- v
ized using pvcreate -f .) This option should be used with extreme caution.
If the disk is being extended to a volume group with a different physical extent
size, the alternate block(s) might be inside the user data area. Potential data
corruption could occur.
-g pvg_name Extend an existing physical volume group while the volume group is being
extended by adding all the physical volumes in the pv_path parameter to the
physical volume group specified by pvg_name.
If the specified physical volume group does not exist, it is created, thus providing
a means for creating new physical volume groups after the volume group has
been created. Another way to extend or add a physical volume group is to edit
the /etc/lvmpvg file as described in vgcreate (1M). See lvmpvg (4) for format
details.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 635

 vgextend(1M) vgextend(1M)

-x extensibility Set allocation permission for additional physical extents on the physical volume
specified by pv_path. extensibility can have one of the following values:
y Allow allocation of additional physical extents on the physical volume.
n Prohibit allocation of additional physical extents on the physical volume.
Logical volumes residing on the physical volume can still be accessed.
-z sparepv This option requires the installation of the optional HP MirrorDisk/UX software.
It allows you to mark the physical volume(s) specified by pv_path to be either a
spare physical volume or a regular, non-spare physical volume. (A spare physi-
cal volume can be used to replace an existing physical volume within a volume
group when mirroring is in effect, in the event the existing physical volume
fails.) sparepv can have one of the following values:
y The physical volume(s) will be used as spare(s). No physical extents from a
spare physical volume will be available as part of the "free" pool of extents
in the volume group. The spare physical volume(s) will only be used in the
event of another physical volume within this volume group becomes una-
vailable (fails).
n The physical volume(s) will be used as regular, non-spare members of the
volume group. This is the default.

Alternate Links (PVLinks)

In this release of HP-UX, LVM continues to support Alternate Links to a device to allow continued access to
the device, if the primary link fails. This multiple link or multipath solution increases data availability, but
does not allow the multiple paths to be used simultaneously.
There is a new feature introduced in the Mass Storage Subsystem on this version of HP-UX that also sup-
ports multiple paths to a device and allows access to the multiple paths simultaneously. The Mass Storage
Subsystem will balance the I/O load across the valid paths. This new multi-path behavior is enabled and
disabled through the use of the scsimgr command. See scsimgr(1M) for details.
It is no longer required or recommended to configure LVM with alternate links. However, it is possible to
maintain the traditional LVM behavior. To do so, both of the following criteria must be met:
• Only the legacy device special file naming convention is used in the volume group configuration.
• The scsimgr command is used to disable the Mass Storage Subsystem multipath behavior.

EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

EXAMPLES
Add physical volumes /dev/dsk/c0t1d0 and /dev/dsk/c0t2d0 to volume group /dev/vg03 :
vgextend /dev/vg03 /dev/dsk/c0t1d0 /dev/dsk/c0t2d0
v Extend physical volume group PVG0 while adding physical volumes /dev/dsk/c0t3d0 and
/dev/dsk/c0t4d0 to volume group /dev/vg03 :
vgextend -g PVG0 /dev/vg03 /dev/dsk/c0t3d0 /dev/dsk/c0t4d0
Add an alternate link to one of the physical volumes in the volume group where /dev/dsk/c0t4d0 and
/dev/dsk/c1t4d0 refer to the same physical volume (referenced via different controllers), and the
volume group already contains /dev/dsk/c0t4d0. /dev/dsk/c0t4d0 remains the primary link (in
use) and /dev/dsk/c1t4d0 becomes the alternate link.
vgextend /dev/vg03 /dev/dsk/c1t4d0
Add a spare physical volume to a volume group:
vgextend -z y /dev/vg03 /dev/dsk/c2t4d0

636 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

vgextend(1M) vgextend(1M)

WARNINGS
The new physical volume which has been added to the volume group could potentially have a different block
size compared to physical volumes already in the volume group.
If a logical volume is created on two or more physical volumes which have a different block size, it is not
possible to use such logical volume for file system purposes (see extendfs(1M)).
For example, when a logical volume contains physical volumes that all have 1k block size, and then it is
extended to contain a physical volume with 2k block size, then the block size of the volume group is
increased to 2k.

SEE ALSO
pvchange(1M), pvcreate(1M), vgchange(1M), vgcreate(1M), vgdisplay(1M), intro(7), lvm(7).

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 637

 vgimport(1M) vgimport(1M)

NAME
vgimport - import an LVM volume group onto the system

SYNOPSIS
/usr/sbin/vgimport [-m mapfile] [-p] [-v] vg_name pv_path ...
/usr/sbin/vgimport [-m mapfile] [-p] [-v] [-f infile] vg_name
/usr/sbin/vgimport -m mapfile [-N] [-v] [-p] -s vg_name
DESCRIPTION
The vgimport command adds the specified volume group to the system. The physical volumes, specified
as pv_path ..., are scanned to obtain the volume group information and logical volume information. This
command works much like vgcreate by requiring that the volume group device directory and the
group special file be created before the command is executed (see vgcreate (1M)). The vg_name is added to
the /etc/lvmtab file, and the associated logical volume device files are added to the system.
vgimport assumes that the volume group information has already been created on the physical volumes.
This command is useful in conjunction with the vgexport command (see vgexport (1M)), to move volume
groups from one system to other systems within a high availability cluster.
vgimport creates logical volume device files under the vg_name directory using the naming convention
given in mapfile or using the default naming convention used by the lvcreate command (see
lvcreate (1M)).
The vgimport command reconstructs the newly imported volume group entry in the /etc/lvmtab file.
The order of the disks belonging to the newly imported volume group could be different than it was before.
When a bootable volume group is imported, the boot information present in the boot disks might be
incorrect due to the change in the order of disks in the /etc/lvmtab file. This is because the boot infor-
mation on the boot disks assumes a certain order of disks in /etc/lvmtab and requires a resynchroniza-
tion of this information after the first activation of a newly imported bootable volume group. To resyn-
chronize the information on the boot disk after the first activation of a newly imported bootable volume
group, run the lvlnboot command in recovery mode (-R option).
vgimport does not activate the imported volume group due to the many possible options at volume group
activation time. To activate the volume group once it has been successfully imported, use the vgchange
command (see vgchange(1M)).

Options and Arguments

vgimport recognizes the following options and arguments:
pv_path The block device path names of a physical volume. This argument is not used with
the -s and related options.
vg_name The path name of the volume group.
-m mapfile Specify the name of the file from which logical volume names and numbers are to be
read. This option is optional when used as in the first command line format of the
SYNOPSIS. If this option is not specified, logical volume names are created using the
default naming convention lvol nn where nn is the logical volume minor number.
When used with the -s option, the volume group specified in the mapfile can be
v shared among the exporting system and the importing systems.
-N Configure the volume group by populating persistent device special files in the
/etc/lvmtab file, corresponding to the volume group, vg_name. (See intro(7) for
information about device special files.) This option can only be used with -s option.
If vgimport is invoked without a -N option, legacy device special files will be used
to populate the /etc/lvmtab file.
This option may become obsolete in future releases.
-s Scan option. Scan each of the disks connected to the system and update the
/etc/lvmtab file with the physical volumes that have matching volume group
information, as found in the mapfile. This option should always be used in conjunc-
tion with the -m option. The specified mapfile is the file generated by running the
vgexport command, also with -m and -s options.

638 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

vgimport(1M) vgimport(1M)

-p Preview the actions to be taken but do not update the /etc/lvmtab file or add the
logical volume device files. This option is best used in conjunction with the -v option.
-v Print verbose messages including names of the logical volumes.
-f infile Import the set of pv_paths held in the infile into the volume group. This option is
used as an alternative to specifying the pv_paths on the command line. Each pv_path
must appear on a new line in the infile. This option may not be used together with
the -s option.

WARNINGS
The -N option may become obsolete in future releases.
No more than eight paths to any physical volume will be added to the /etc/lvmtab file. All other paths
wll be omitted.
The following warnings apply to the -s option, when importing disks with alternate paths:
The vgimport command does not preserve the path ordering, when a volume group is exported and then
imported. This may cause the primary and alternate paths to be different on an importing system, from
that of an exported system. Also, additional alternate paths that were not configured on the exported sys-
tem may get discovered and configured on the importing system.
If the original primary path of a disk gets configured as an alternate path after the volume group is
imported, the order can easily be reverted by using vgreduce to remove the primary path and then
reconfiguring the same path again as an alternate, using vgextend .
If additional alternate paths were added to the newly imported volume group, use vgreduce to reduce
any alternate paths that were added but not required.

EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

EXAMPLES
Import the volume group /dev/vg01 that is located on physical disks /dev/dsk/c0t1d0 and
/dev/dsk/c0t3d0:
vgimport -v /dev/vg01 /dev/dsk/c0t1d0 /dev/dsk/c0t3d0
Activate the volume group following a successful import:
vgchange -a y vg01
Import the volume group /dev/vg01 using the mapfile, /tmp/vg01.mymap. mymap was previously
specified by the vgexport command on another system. The volume group, /dev/vg01 , is specified in
mymap and will be used by the importing system only:
vgimport -v -m /tmp/vg01.mymap /dev/vg01 \
/dev/dsk/c0t5d0 /dev/dsk/c0t7d0
Import the volume group /dev/vg02 using the mapfile, /tmp/vg02.mymap. mymap was previously
v
specified by the vgexport command on another system. The volume group, /dev/vg02 , is specified in
mymap and will be shared among the exporting system, this system, and other systems importing the
volume group as shared:
vgimport -v -s -m /tmp/vg02.mymap /dev/vg02
Import the volume group /dev/vg02 using the infile, /tmp/vg02.infile. infile was previously
specified by the vgexport command on another system, and it assumes that pv_paths in the
/tmp/vg02.infile are identical on both systems.
vgimport -v -f /tmp/vg02.infile /dev/vg02

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 639

 vgimport(1M) vgimport(1M)

SEE ALSO
vgexport(1M), vgscan(1M), intro(7), lvm(7).

640 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

vgmodify(1M) vgmodify(1M)

NAME
vgmodify - handle physical volume size changes and modify configuration parameters of an existing LVM
volume group

SYNOPSIS
Set Specified Parameters
/usr/sbin/vgmodify [-B bootable] [-e max_pe] [-l max_lv ] [-n] [-p max_pv ] [-r] [-v]
vg_name [pv_path ... ]

Optimize the Volume Group Settings

/usr/sbin/vgmodify -o [-B bootable] [-r] [-v] vg_name [pv_path ... ]
Display a Table of Optimized Possible Volume Group Settings
/usr/sbin/vgmodify -t [-B bootable] [-n] [-v] vg_name [pv_path ... ]
Remarks
• If vgmodify is interrupted while it is committing the configuration changes onto the disks, it may be
necessary to re-apply the configuration to all the physical volumes. The
/etc/lvmconf/VG_restore script must used to accomplish this. To apply the new configuration,
enter the following:
/etc/lvmconf/VG_restore /etc/lvmconf/VG.conf
Or to apply the old/original configuration, enter the following:
/etc/lvmconf/VG_restore /etc/lvmconf/VG.conf.old
• The root/boot volume group must be booted into maintenance mode before making changes (see
boot(1M)).
• The volume group must be removed from membership in a high availability cluster before making
changes (see vgchange(1M)).
• To expand the LVM configuration data to its maximum size it may be necessary to reallocate the first
physical extent from each physical volume from user to LVM configuration data. This will only be possi-
ble if the first extent is made free (see pvmove (1M)) and PE renumbering is enabled via the -n option.
• The LVM configuration data size is limited to the volume group extent size. Therefore, a maximum of
one physical extent from each physical volume can be reallocated from user data regardless of how many
times vgmodify is used on the volume group.
• The attributes of an lvmconf file can be viewed using the -v option of vgcfgrestore (see
vgcfgrestore (1M)).
• To take advantage of a physical volume size increase, it may be necessary to run vgmodify to increase
the maximum number of physical extents for the volume group.
• In general, a smaller number of physical volumes allows a larger number of physical extents. Likewise,
a larger number of physical volumes constrains to a smaller number of physical extents.
• The detection of physical volume size changes (LUN size expansion or contraction) is automatic, with
the handling taking place unless the -r or -t options have been used.
• The changing of physical volume type (boot to non-boot and vice versa) is selected via the -B option and
by specifying a list of physical volumes. Otherwise no physical volume type changes are performed. v
DESCRIPTION
The vgmodify command allows the user to modify an existing volume group (vg_name). The following
changes can be performed:
• Detect and handle physical volume size changes.
• Modify the maximum number of physical extents that can be allocated per physical volume (max_pe
setting) (see vgcreate (1M) -e).
• Modify the maximum number of physical volumes that the volume group can contain (max_pv setting)
(see vgcreate (1M) -p).
• Modify the maximum number of logical volumes that the volume group can contain (max_lv setting)
(see vgcreate (1M) -l).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 641

 vgmodify(1M) vgmodify(1M)

• Change a physical volume type from boot to non-boot or vice versa (see pvcreate(1M) -B ). Note that
making a physical volume non-bootable will increase the space available on that device for LVM
configuration data. However, even a single bootable physical volume in the volume group will restrict
the max_pv and max_pe settings available.
All the physical volumes associated with the volume group must be available for the vgmodify command
to succeed.
The volume group can be active when reporting the configuration (-r ) or displaying a table of available set-
tings (-t). The volume group must be de-activated before vgmodify can perform any configuration
changes (see vgchange(1M)).
If the command is interrupted before it completes, recovery steps might be required. See the Remarks sec-
tion for details.

Options and Arguments

The vgmodify command recognizes the following options and arguments:
vg_name The path name of a volume group.
pv_path The character (raw) device path name of a physical volume that will become
bootable or non-bootable based on the -B option. If type changes are not
required then the pv_path list must be empty and the -B option must not be
used.
-B bootable Make the physical volumes specified in the pv_paths list bootable or non-
bootable. bootable can have one of the following values:
y Change pv_path list from non-bootable to bootable.
n Change pv_path list from bootable to non-bootable.
See the description of the -B option in pvcreate (1M).
Making a physical volume non-bootable will increase the space available on that
device for LVM configuration data. However to fully use that space all the physi-
cal volumes in the volume group should be non-bootable. A single bootable phy-
sical volume in the volume group will restrict the available configuration set-
tings.
A physical volume can only be made bootable if either all extents on it are
unused or it was previously converted from a bootable device and the space is
still unused.
If a physical volume is being made bootable then use lvlnboot and mkboot
to complete the process (see lvlnboot(1M) and mkboot(1M)).
-e max_pe Set the maximum number of physical extents that can be allocated from any of
the physical volumes in the volume group (see vgcreate(1M)) -e ).
The maximum number of physical extents can range from the current highest
physical extent in use on any physical volume in the volume group (1 if none in
use) up to 65535.
The -t option displays a table of possible max_pe values for vg_name.
v -l max_lv Set the maximum number of logical volumes that the volume group is allowed to
contain (see vgcreate(1M) -l ).
The maximum number of logical volumes can range from the current highest
logical volume number in use (1 if none in use) to 255.
Note that changing this value has little impact on the size of the LVM
configuration data.
-n Allow renumbering of physical extents on physical volumes. This only applies to
physical volumes that have allocated extents. By default, physical extent
numbers will be unchanged by vgmodify .
Renumbering physical extents changes the allocation of the first physical extent,
if it is free, from user to LVM configuration data and vice-versa. This will often
have a considerable impact on the space available for the LVM configuration data

642 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

vgmodify(1M) vgmodify(1M)

on each physical volume and, therefore, the possible settings for the volume
group parameters.
No user data is moved during that process, only the LVM numbering of physical
extents changes.
When the first extent is being reallocated from user to LVM configuration data,
the physical extent numbers are decreased. This will only occur if the first
extent is free. For example a logical volume using physical extents 10 to 20 from
a physical volume that has its first extent reallocated to LVM configuration data
will use the physical extents 9 to 19 after the modification. User data is not
moved.
When the first extent is being reallocated from LVM configuration to user data,
the physical extent numbers are increased. For example a logical volume using
physical extents 10 to 20 from a physical volume that has its first extent re-
allocated to user data will use the physical extents 11 to 21 after the
modification. User data is not moved.
Not all configurations allow renumbering. If this is the case then an error will be
reported and a recommendation to rerun without the -n option will be given.
-o Optimize the volume group settings. The maximum number of extents and phy-
sical volumes are adjusted upwards, where possible, to make full use of the space
reserved on each physical volume for the LVM configuration data.
This option cannot be used in conjunction with -l , -p , -n , -t , or -e .
-p max_pv Set the maximum number of physical volumes that the volume group is allowed
to contain (see vgcreate (1M) -p ). The maximum number of physical volumes
can range from the current number of physical volumes in the volume group to
255.
The -t option displays a table of possible max_pv values for vg_name.
-r Report the effect of the other options being used. No changes will be made to the
volume group.
This option can be used on an active volume group.
-t Produce a table showing the optimal possible settings (max_pe, max_pv , and
maximum disk size) for the volume group.
This option can be used with and without -n to see a complete list of possible
optimal settings. In certain cases the optimal settings will not be influenced by
the extent renumbering (-n ) and a suitable message will then be reported.
Where adjacent max_pv values allow the same highest max_pe, only the highest
max_pv is displayed; therefore, there may be gaps in the table. It is still possible
to set a lower max_pv or max_pe than shown in the table but some of the LVM
configuration space will not be used.
-t is normally used to obtain the arguments for future vgmodify command
-e and/or -p options.
-v Verbose. Be verbose in reporting.
v
EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

RETURN VALUE
vgmodify returns one of the following values:
0 Successful completion.

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 643

 vgmodify(1M) vgmodify(1M)

>0 Error condition occurred.

EXAMPLES
Review the effect of setting a maximum of 6 physical volumes in the volume group:
vgmodify -p 6 -r /dev/vg02
Set a maximum of 4000 physical extents per physical volume and a maximum of 50 physical volumes, and
take advantage of extent renumbering if possible:
vgmodify -p 50 -e 4000 -n /dev/vg02
Show a table of optimal possible settings for the volume group:
vgmodify -t /dev/vg02
Show a table of optimal possible settings for the volume group taking advantage of extent renumbering if
possible:
vgmodify -t -n /dev/vg02
Show a table of optimal possible settings for the volume group, making the physical volume
/dev/rdsk/c1t2d0 non-bootable:
vgmodify -t -B n /dev/vg02 /dev/rdsk/c1t2d0
Review (do not change) the effect of choosing a maximum of 16 physical volumes, 8000 physical extents per
physical volume, while making /dev/rdsk/c1t2d0 non-bootable (these values were selected from the
table above) and be verbose:
vgmodify -p 16 -e 8000 -v -r -B n /dev/vg02 /dev/rdsk/c1t2d0
Apply the settings just reviewed:
vgmodify -p 16 -e 8000 -v -B n /dev/vg02 /dev/rdsk/c1t2d0
Verbosely review (do not change) the impact of optimizing the volume group settings:
vgmodify -v -r -o /dev/vg02
Verbosely apply the changes that will result from optimizing the volume group settings:
vgmodify -v -o /dev/vg02
If the vgmodify command is interrupted, restore the new configuration to all physical volumes in the
volume group by entering:
/etc/lvmconf/vg02_restore /etc/lvmconf/vg02.conf
WARNINGS
• Changing the type of a bootable physical volume will prevent booting from this device and, therefore,
may create an unbootable system.
• Do not restore a physical volume from a backup file (lvmconf) produced prior to the latest vgmodify
changes. Doing so will result in attempts to attach the device to the volume group failing and may lead
to activation failures. If there is any doubt about the configuration in the lvmconf file, use vgcfgre-
store -lv -f /etc/lvmconf/VG.conf to view the settings in the file.
• If the vgmodify command is interrupted prior to completing its operation then restoration to all phy-
v sical volumes in the volume group may be required. Use the restore script to accomplish this (see the
Remarks section for more information).

FILES
/etc/lvmconf/VG.conf
Holds the latest (new) configuration for the volume group.
/etc/lvmconf/VG.conf.old
If vgmodify completes successfully, this file contains the same new configuration as
/etc/lvmconf/VG.conf. If vgmodify was interrupted, this file contains the previous (old)
configuration.

644 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

vgmodify(1M) vgmodify(1M)

/etc/lvmconf/VG_restore
A script created by vgmodify before making any update, to be used if the vgmodify command is
interrupted while committing the configuration changes to the physical volumes. See the Remarks
section for its usage.

SEE ALSO
boot(1M), lvlnboot(1M), mkboot(1M), pvcreate(1M), pvmove(1M), vgcfgbackup(1M), vgcfgrestore(1M),
vgchange(1M), vgcreate(1M), vgdisplay(1M), vgextend(1M), vgreduce(1M), lvm(7).

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 645

 vgreduce(1M) vgreduce(1M)

NAME
vgreduce - remove physical volumes from an LVM volume group

SYNOPSIS
/usr/sbin/vgreduce [-A autobackup] vg_name pv_path ...
/usr/sbin/vgreduce [-A autobackup] [-l] vg_name pv_path
/usr/sbin/vgreduce [-A autobackup] [-f] vg_name
Remarks
vgreduce cannot be performed if the volume group is activated in shared mode.
DESCRIPTION
The vgreduce command removes each physical volume specified by a pv_path argument from volume
group vg_name.
The vgreduce command with -f option removes all missing physical volumes from the volume group.
All but one physical volume can be removed. The last physical volume must remain in the volume group so
that the logical volume driver can continue to operate. The last physical volume in the volume group can
be removed with the vgremove command (see vgremove (1M)).
Before executing vgreduce , remove all logical volumes residing on each physical volume represented by a
pv_path by executing the lvremove command (see lvremove (1M)).
Any physical volume in the pv_path list that is also a member of a physical volume group (as defined in
/etc/lvmpvg ) is also removed from the physical volume group. If the physical volume happens to be the
last one in the physical volume group, the physical volume group is also removed from the volume group.
When a physical volume in the pv_path list has multiple PV-links, the physical volume is not removed
from the volume group, until all the links to the volume are removed. When a physical volume in the
pv_path list is the primary link (in use) to a physical volume, removing the link forces LVM to switch to
the alternate link (For information on alternate links, see lvm(7)). When the pv_path removed is an
alternate link to the device, only the link is removed; the volume group and physical volume are other-
wise unchanged.

Options and Arguments

vgreduce recognizes the following options and arguments:
-A autobackup
Set automatic backup for this invocation of this command. autobackup can have one
of the following values:
y Automatically back up configuration changes made to the volume group. This is
the default.
After this command executes, the vgcfgbackup command (see
vgcfgbackup(1M)) is executed for the volume group.
n Do not back up configuration changes this time.
-f vg_name Force the reduction of missing physical volumes from the specified volume group.
vgreduce obtains the name of each physical volume (PV) belonging to the volume
v group. It then reads the kernel PV structures to work out which PVs are missing.
PVs which are missing will be candidates for removal.
If all the physical extents on the missing PV are free then it will be removed from the
volume group. Otherwise vgreduce will report the physical to logical extent map-
ping. For missing PVs which have extents in use, you must free up all the extents by
using the lvreduce or lvremove commands (see lvreduce(1M) and lvremove (1M))
and re-run vgreduce with the -f option. This option is most commonly used when
the vgdisplay command (see vgdisplay(1M)) shows "Cur PV" higher than "Act PV"
and all of the PVs belonging to the volume group are attached. This option only works
on PVs and not on links.
See the -l option for details on handling missing links.
-l pv_path Removes the specified pv_path/s from the lvmtab file. This task will only be per-
formed if the pv_path is currently marked as missing from the volume group. This

646 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

vgreduce(1M) vgreduce(1M)

option was mainly designed for the problem where the vgscan or the vgimport
command place too many links beyond the max limit allowed in the lvmtab file.
Currently the max limit is 8 paths to a PV (seven alternates and one primary). In this
situation, invoking the command without the -f option will not resolve the condition
because the path is not attached to the volume group. Similarly, this condition can
not be overcome by invoking with the -f option, as the same works on physical
volumes rather than the links.
pv_path The block device path name of a physical volume.
vg_name The path name of the volume group.

EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

EXAMPLES
Remove physical volume /dev/dsk/c0t1d0 from volume group /dev/vg01 :
vgreduce /dev/vg01 /dev/dsk/c0t1d0
Force, reduction of missing PVs from volume group: vg01
vgreduce -f /dev/vg01
The following messages will appear after missing PVs has been removed successfully:
PV with key 0 successfully deleted from vg /dev/vg01
Repair done, please do the following steps.....:
1. Save /etc/lvmtab to another file.
2. Remove /etc/lvmtab .
3. Use vgscan -v to recreate /etc/lvmtab .
4. NOW use vgcfgbackup to save the LVM setup.
Remove the physical volume /dev/dsk/c0t2d0 from the vg01 volume group when the physical
volume is still in the lvmtab file but is currently marked as missing from the volume group:
vgreduce -l /dev/vg01 /dev/dsk/c0t2d0
SEE ALSO
vgchange(1M), vgcreate(1M), vgdisplay(1M), vgextend(1M), intro(7), lvm(7).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 647

 vgremove(1M) vgremove(1M)

NAME
vgremove - remove LVM volume group definition from the system

SYNOPSIS
/usr/sbin/vgremove vg_name ...
DESCRIPTION
The vgremove command removes from the system the last physical volume of the volume group and the
definition of the volume group or groups specified by vg_name .... Since all system knowledge of the
volume group and its contents are removed, the volume group can no longer be accessed.
To move a volume group from one system to another, use the vgexport command instead (see
vgexport (1M)).
Before executing vgremove , remove all logical volumes residing on the last physical volume by executing
lvremove (see lvremove (1M)).
vgremove is equivalent to the inverse of executing vgcreate for one physical volume (see
vgcreate (1M)).
Before removing a volume group, two steps are necessary:
1. Remove all the logical volumes belonging to the group by using the lvremove command (see
lvremove (1M)).
2. Remove all but one physical volume belonging to the volume group by using the vgreduce com-
mand (see vgreduce(1M)).
If there is any physical volume group created under vg_name ..., the physical volume group information is
also removed from file /etc/lvmpvg .

Arguments
vgremove recognizes the following argument:
vg_name The path name of a volume group.

EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

EXAMPLES
Remove volume group /dev/vg02 from the system:
vgremove /dev/vg02
SEE ALSO
lvremove(1M), vgchange(1M), vgreduce(1M).

648 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

vgscan(1M) vgscan(1M)

NAME
vgscan - scan physical volumes for LVM volume groups

SYNOPSIS
/usr/sbin/vgscan [-p] [-v] [-a  -B  -k  -N] [-f vg_names ...]
DESCRIPTION
The vgscan command is used as follows:
1. Recovering and recreating the /etc/lvmtab file when the file has been deleted or does not match the
current physical volumes.
2. Reporting device special file lists for unconfigured volume groups.
For recovery, vgscan will add entries for volume groups that are missing from /etc/lvmtab . The
vgscan command recovers volume group information by using LVM data structures in kernel memory,
and by probing all devices, searching for LVM disks. If one or more physical volumes in the volume group
has more than 8 paths, the vgscan command will only include 8 paths per physical volume. Additional
path(s) will not be added in the /etc/lvmtab file. The volume group device special file
(/dev/vg_name/group) must be present for recovery to succeed. In addition, vgscan will recover a
missing volume group only if it has been activated at least once since the last boot, and the Volume Group
ID is unique (see the WARNINGS section).
Unconfigured volume groups are volume groups residing on attached storage that are missing from
/etc/lvmtab , and have not been activated since the last boot. The vgscan command cannot recover
the /etc/lvmtab entries for these volume groups. Instead, it will print out the physical volume device
special files for these volume groups. Configure these volume groups using the vgimport command. See
vgimport (1M).
The vgscan command will not update existing volume group entries in /etc/lvmtab unless the -f
option is used. The -f option can be used to overwrite existing volume group entries in /etc/lvmtab .
Otherwise, /etc/lvmtab should be moved before running vgscan , in order for the options to take full
effect.
In HP-UX 11i Version 3, the Mass Storage Stack supports two naming conventions for the device special
files used to identify devices (see intro(7) and lvm(7)). Devices are represented as follows:
• Persistent device special files, (/dev/disk/disk3).
• Legacy device special files, (/dev/dsk/c0t6d6).
LVM supports the use of both conventions within the same volume group.
The vgscan command provides several options for controlling the use of legacy and persistent DSFs (dev-
ice special files) during the /etc/lvmtab recovery. By default, vgscan will populate /etc/lvmtab
with legacy DSFs, including alternate paths. There is one exception:
For activated volume groups that are using persistent DSFs, vgscan will populate /etc/lvmtab
using persistent DSFs for those physical volumes. The -N and -B options allow the user to override
this default behavior.
Options and Arguments
vgscan recognizes the following options and arguments:
-a Scan all paths of multipathed physical volumes. The -a option cannot be used in conjunction
with the -k, -B, and -N options and when the legacy naming model is disabled with the rmsf
v
-L command (see rmsf(1M)).
-B Populate /etc/lvmtab using both persistent and legacy DSFs. Persistent DSFs will be added
before legacy DSFs, so they will be used as the primary path. This option can be used to migrate
a deactivated volume group using legacy DSFs to use both persistent and legacy DSFs. The -B
option cannot be used in conjunction with the -a, -k, and -N options and when the legacy nam-
ing model is disabled with the rmsf -L command (see rmsf(1M)).
-f vg_names
For the specified volume groups, force vgscan to replace any existing entries in
/etc/lvmtab with updated entries. If the volume groups are missing from /etc/lvmtab ,
they are added. The -f option provides the following functions:

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 649

 vgscan(1M) vgscan(1M)

(1) Update incorrect, existing entries for activated volume groups. For example, a volume group
may have been imported with only a partial set of devices. Or, a boot volume group may have
been activated with persistent DSFs, while the existing entry in /etc/lvmtab has legacy
DSFs.
(2) Migrate a deactivated volume group using legacy DSFs to use persistent DSFs, or vice-versa.
(3) Add volume group entries to the /etc/lvmtab file in the order specified on the command
line. For example, this option can be used to put the boot volume group first in the
/etc/lvmtab file.
With the -f option, vgscan will not search for additional volume groups and will not report
unconfigured volume groups.
-k Skip the disk probe portion of vgscan , and retrieve volume group information only from LVM
data structures in kernel memory. The disk probe portion can be a time consuming operation, so
this option can be used for faster recovery of /etc/lvmtab . However, with this option, only
volume groups currently activated are added to /etc/lvmtab . For deactivated volume
groups, no information is added to /etc/lvmtab . The -k option cannot be used in conjunc-
tion with the -a, -B, and -N options.
-N Populate /etc/lvmtab using persistent DSFs, with the following exception:
If there are volume groups activated that are using legacy DSFs, then vgscan will populate
/etc/lvmtab using legacy DSFs for those physical volumes.
The -N option cannot be used in conjunction with the -a, -k, and -B options.
-p Preview the actions that would be taken but do not update /etc/lvmtab . This option is best
used in conjunction with the -v option. As with other options, if the legacy naming model has
been disabled with the rmsf -L command (see rmsf(1M)), the -N option should also be used
with the -p option.
-v Print verbose messages.
EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

EXAMPLES
1. Append entries for volume groups missing from the /etc/lvmtab file. For deactivated volume
groups, use legacy DSFs, and for activated volume groups, use the DSFs that were used to activate
them. Report all physical volume legacy DSFs belonging to unconfigured volume groups. Do not modify
existing volume group entries in /etc/lvmtab . Run vgscan without any options:
vgscan
2. Recreate the /etc/lvmtab file for volume groups activated since the last boot. For deactivated
volume groups, use legacy DSFs, and for activated volume groups, use the DSFs that were used to
v activate them. Report all physical volume legacy DSFs belonging to unconfigured volume groups.
mv /etc/lvmtab /etc/lvmtab.BCK
vgscan
3. Recreate the /etc/lvmtab file for volume groups activated since the last boot. For deactivated
volume groups, use persistent DSFs, and for activated volume groups, use the DSFs that were used to
activate them. Report all physical volume persistent DSFs belonging to unconfigured volume groups.
mv /etc/lvmtab /etc/lvmtab.BCK
vgscan -N
4. Recreate the /etc/lvmtab file for volume groups activated since the last boot. For activated and
deactivated volume groups, use both persistent and legacy DSFs. Report all physical volume persistent
and legacy DSFs belonging to unconfigured volume groups.

650 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

vgscan(1M) vgscan(1M)

mv /etc/lvmtab /etc/lvmtab.BCK
vgscan -B
5. Recreate the /etc/lvmtab file for activated volume groups, using the DSFs that were used to
activate them. For deactivated volume groups, no entries are added to /etc/lvmtab , and no physical
volume DSFs are reported.
mv /etc/lvmtab /etc/lvmtab.BCK
vgscan -k
6. For the volume group /dev/vg01 , overwrite the existing physical volume DSFs in /etc/lvmtab
with the physical volume persistent DSFs found belonging to /dev/vg01 during a hardware probing of
all devices.
vgscan -N -f /dev/vg01
7. For the volume group /dev/vg01 , overwrite the existing physical volume DSFs in /etc/lvmtab
with the physical volume DSFs used in kernel memory. The volume group /dev/vg01 must be
activated, or this command will fail.
vgscan -k -f /dev/vg01
8. Recreate the /etc/lvmtab file with the volume groups /dev/vg00 , /dev/vg01 , and
/dev/vg02 . The volume group entries will be added to /etc/lvmtab in that order. For deac-
tivated volume groups, use legacy DSFs, and for activated volume groups, use the DSFs that were used
to activate them. Do not add any other volume groups.
mv /etc/lvmtab /etc/lvmtab.BCK
vgscan -f /dev/vg00 /dev/vg01 /dev/vg02
To preview the vgscan output for any of the above examples, include the -p and -v options in the com-
mand lines.
WARNINGS
The -N option may become obsolete in future releases.
The -B option may become obsolete in future releases.
For deactivated volume groups, vgscan cannot recover volume groups that do not have a unique Volume
Group ID, that is, when two or more volume groups share the same ID. If this scenario occurs, the
vgchgid command must be used to assign a unique Volume Group ID for each volume group. See
vgchgid(1M).
After running vgscan the number and order of physical volumes in the reconstructed /etc/lvmtab file
could be different than what was configured previously (even if the -f option is used). The results could be
as follows:
The designated primary and alternate paths may not be the same as was configured before.
Alternate paths will be added to the /etc/lvmtab file even though they weren’t initially configured
in the volume group.
The boot information may be incorrect, due to changed order of device special files in the new
/etc/lvmtab file.
Rectify the above problems as follows:
Run vgchange -a [y|e] to activate all deactivated volume groups. For shared volume groups, v
invoke vgchange -x -a e to activate the shared volume group in exclusive mode.
Invoke vgreduce to remove any unwanted alternate paths which were added to the
/etc/lvmtab file as a result of the vgscan invocation.
For boot volume groups only, invoke lvlnboot -R to correct the boot information on the physical
volumes.
If the original primary path of a physical volume is now configured as an alternate, the order can be
reversed by using vgreduce to remove the primary path and then invoking vgextend to add it
back.
The vgscan command will also print the following warning messages to notify the user of the above prob-
lems:

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 651

 vgscan(1M) vgscan(1M)

*** LVMTAB has been created successfully.

*** Do the following to resync information on disk.
*** #1. vgchange -a y
*** #2. lvlnboot -R
No more than 8 paths to any Physical Volume will be added to the /etc/lvmtab file. All other paths will
be omitted.

SEE ALSO
lvlnboot(1M), vgchange(1M), vgcreate(1M), vgextend(1M), vgexport(1M), vgimport(1M), vgreduce(1M),
intro(7), lvm(7).

652 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

vgsync(1M) vgsync(1M)
(Requires Optional HP MirrorDisk/UX Software)

NAME
vgsync - synchronize stale logical volume mirrors in LVM volume groups

SYNOPSIS
/usr/sbin/vgsync vg_name ...
Remarks
This command requires the installation of the optional HP MirrorDisk/UX software, which is not included
in the standard HP-UX operating system.

DESCRIPTION
The vgsync command synchronizes the physical extents of each mirrored logical volume in the volume
group specified by vg_name .... Synchronization occurs only on the physical extents that are stale mirrors
of the original logical extent.
The synchronization process can be time consuming, depending on the hardware characteristics and the
amount of data. Unless disabled, the mirrors within a volume group are synchronized automatically when
the volume group is activated by the vgchange -a y command.

Arguments
vgsync recognizes the following argument:
vg_name The path name of a volume group.

EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to
"C" (see environ(5)).

EXAMPLES
Synchronize the mirrors on volume group /dev/vg04 :
vgsync /dev/vg04
WARNINGS
It is not advisable to interrupt a vgsync process.

SEE ALSO
lvsync(1M), vgchange(1M), vgdisplay(1M).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 653

 vhardlinks(1M) vhardlinks(1M)

NAME
vhardlinks - checks the consistency of compartment rules for files with multiple hardlinks

SYNOPSIS
vhardlinks [-m mount_point[...]]
DESCRIPTION
vhardlinks checks the consistency of compartment rules for files that have multiple hard links pointing
to them. If a file has multiple hard links, it is possible to create compartment rules such that the file will
have conflicting rules controlling access to it.
If you invoke vhardlinks without arguments, a list of mount points is taken from the default file
/etc/cmpt/hardlinks/hardlinks.config, which contains a list of system mount points, one
per line. If the line is commented with a # or if it is not the absolute path of a mount point, it is skipped.
Output is logged to the /var/adm/syslog/cmpt.log file.

Options
vhardlinks recognizes the following option:
-m mount_point
Specifies mount points. mount_point(s) specifies the mount point(s) to check for files with
multiple hard links when using the -m option. Multiple mount points are specified as a
white space separated list.

Security Restrictions
The user invoking this command must have one of the following authorizations:
hpux.security.xsec.secrules.unrestricted
hpux.security.xsec.secrules.restricted
A user with hpux.security.xsec.secrules.unrestricted authorization can invoke this com-
mand from any compartment, while a user with hpux.security.xsec.secrules.restricted
authorization can invoke this command from only those compartments that have read and write access to
the /etc/cmpt directory heirarchy.
See authadm(1M)).

FILES
/etc/cmpt/hardlinks/hardlinks.config
Default file; a list of system mount points.
/var/adm/syslog/cmpt.log
Log file to which output from vhardlinks is directed.

SEE ALSO
cmpt_tune(1M), compartments(4), compartments(5).

654 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

vipw(1M) vipw(1M)

NAME
vipw - edit the password file

SYNOPSIS
vipw
DESCRIPTION
vipw edits the password file while setting the appropriate locks, and does any necessary processing after
the password file is unlocked. If the password file is already being edited, you will be told to try again later.
The vi editor is used unless the environment variable EDITOR indicates an alternate editor.
vipw performs a number of consistency checks on the password entry for root , and does not allow a pass-
word file with an incorrectly formatted root entry to be installed. To help reduce the possibility of leaving
the system in an unbootable state, root’s entry is not considered properly formatted if it has a user ID that
is not zero, or if it has a shell other than /sbin/sh , /usr/bin/csh , /usr/bin/ksh , or
/usr/bin/sh .
Please refer to passwd(4) and the HP-UX System Administrator’s Guide manual for further details of pass-
word file format.

WARNINGS
An /etc/ptmp file that is not removed when a system crashes prevents further editing of the
/etc/passwd file using vipw after the system is rebooted. /etc/ptmp is the standard lock used by
all commands which knowingly modify /etc/passwd .
Successful execution of vipw is not sufficient for proper system operation. To help maintain consistency
with other system databases, editing of the password file with vipw is generally discouraged. Please use
sam , useradd , usermod , userdel , chfn , chsh or passwd to edit /etc/passwd .
AUTHOR
vipw was developed by the University of California, Berkeley.
FILES
/etc/ptmp
SEE ALSO
chfn(1), chsh(1), passwd(1), sam(1M), useradd(1M), usermod(1M), userdel(1M), passwd(4).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 655

 volcopy(1M) volcopy(1M)

NAME
volcopy, labelit - copy a file system with label checking

SYNOPSIS
/usr/sbin/volcopy [options] fsname special1 volname1 special2 volname2
/usr/sbin/labelit [options] special [fsname volume [-n] ]
DESCRIPTION
The volcopy command makes a literal copy of the file system using a block size matched to the device.

Options
volcopy recognizes the following options:
-F FStype Specify the file system type on which to operate (see fstyp(1M) and fs_wrapper(5)). If
this option is not included on the command line, then the file system type is deter-
mined from the file /etc/fstab by matching special with an entry in that file. If
there is no entry in /etc/fstab , then the file system type is determined from the
file /etc/default/fs.
-a Invoke a verification sequence requiring a positive operator response instead of the
standard delay before the copy is made.
-o specific_options
Specify options specific to the file system type. specific_options is a list of suboptions
and/or keyword/attribute pairs intended for an FStype-specific module of the com-
mand. See the file system specific manual entries for a description of the
specific_options that are supported, if any.
-s (default) Invoke the DEL-if-wrong verification sequence.
-y Assume a yes response to all questions
-V Echo the completed command line, but perform no other actions. The command line
is generated by incorporating the user-specified options and arguments with other
information derived from /etc/fstab . This option allows the user to verify the
command line.
Other options are used with 9-track magnetic tapes:
-bpi density Bits per inch.
-feet size Size of reel in feet.
-reel num Beginning reel number for a restarted copy.
-buf Use double buffered I/O.
The volcopy command requests length and density information if they are not given on the command
line and they are not recorded on an input tape label. If the file system is too large to fit on one reel, the
volcopy command prompts for additional reels. Labels of all reels are checked. Tapes can be mounted
alternately on two or more drives. If the volcopy command is interrupted, it asks if the user wants to
quit or wants to escape to the command interpreter. In the latter case, other operations (such as executing
the labelit command) can be performed before returning to the volcopy command by exiting the com-
v mand interpreter.
fsname The file system name on the device (e.g., root ) being copied.
special The physical disk section or tape (e.g., /dev/rdisk/disk3 or
/dev/rtape/tape4QIC150).
volname The physical volume name; it should match the external sticker. Such label names are limited to
six or fewer characters. The argument volname can be - to use the existing volume name.
special1 The device from which the copy of the file system is being extracted.
volname1 The volume from which the copy of the file system is being extracted.
special2 The target device.
volname2 The target volume.

656 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

volcopy(1M) volcopy(1M)

The labelit command can be used to provide initial labels for unmounted disk or tape file systems.
With the optional arguments omitted, the labelit command prints current label values. The -n option
provides for initial labeling of new tapes only (this destroys previous contents). The -F, -V, and -o
options can be specified for the labelit command. The behavior of the -F, -V, and -o options is similar
to their behavior in the volcopy command.

FILES
/etc/default/fs File that specifies the default file system type.
/etc/fstab Static information about the file systems.

SEE ALSO
volcopy_hfs(1M), fs_wrapper(5), disk(7), mt(7).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 657

 volcopy_hfs(1M) volcopy_hfs(1M)

NAME
volcopy_hfs: volcopy, labelit - copy an HFS file system with label checking

SYNOPSIS
/usr/sbin/volcopy [options] fsname special1 volname1 special2 volname2
/usr/sbin/labelit [options] special [fsname volume [-n] ]
DESCRIPTION
The volcopy command makes a literal copy of an HFS file system using a block size matched to the dev-
ice.

Options
volcopy recognizes the following options:
-F hfs Specifies the HFS file system type.
-a Invoke a verification sequence requiring a positive operator response instead of the
standard delay before the copy is made.
-s (default) Invoke the DEL-if-wrong verification sequence.
-y Assume a yes response to all questions
-V Echo the completed command line, but perform no other actions. The command line
is generated by incorporating the user-specified options and arguments with other
information derived from /etc/fstab . This option allows the user to verify the
command line.
Other options are used with 9-track magnetic tapes:
-bpi density Bits per inch.
-feet size Size of reel in feet.
-reel num Beginning reel number for a restarted copy.
-buf Use double buffered I/O.
The volcopy command requests length and density information if they are not given on the command
line and they are not recorded on an input tape label. If the file system is too large to fit on one reel, the
volcopy command prompts for additional reels. Labels of all reels are checked. Tapes can be mounted
alternately on two or more drives. If the volcopy command is interrupted, it asks if the user wants to
quit or wants to escape to the command interpreter. In the latter case, other operations (such as executing
the labelit command) can be performed before returning to the volcopy command by exiting the com-
mand interpreter.
fsname The file system name on the device (e.g., root ) being copied.
special The physical disk section or tape (e.g., /dev/rdisk/disk1 or
/dev/rtape/tape4QIC150).
volname The physical volume name; it should match the external sticker. Such label names are limited to
six or fewer characters. The argument volname can be - to use the existing volume name.
special1 The device from which the copy of the file system is being extracted.
v volname1 The volume from which the copy of the file system is being extracted.
special2 The target device.
volname2 The target volume.
The labelit command can be used to provide initial labels for unmounted disk or tape file systems.
With the optional arguments omitted, the labelit command prints current label values. The -n option
provides for initial labeling of new tapes only (this destroys previous contents). The -F and -V options can
be specified for the labelit command. The behavior of the -F and -V options is similar to their
behavior in the volcopy command.

SEE ALSO
fstyp(1M), volcopy(1M), fs_wrapper(5), disk(7), mt(7).

658 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

vtdaemon(1M) vtdaemon(1M)

NAME
vtdaemon - respond to vt requests

SYNOPSIS
vtdaemon [-g[ngateway]] [-n] lan_device lan_device ...
DESCRIPTION
vtdaemon responds to requests from other systems (via local area network) made by vt (see vt(1)).
vtdaemon spawns a server to respond to each request that it receives.
Options
vtdaemon recognizes the following command-line options and arguments:
-g[ngateway ]
Causes vtdaemon to rebroadcast all requests received on one lan device to all other lan
devices specified on the command line. The optional parameter ngateway specifies the
maximum number of vtgateway servers that can be in operation concurrently. If ngateway
is not specified, there is no limit on the number of vtgateway servers that can be in opera-
tion concurrently.
-n Causes vtdaemon to ignore all requests that have come through a gateway.
The remaining arguments are the full path names of lan devices that vtdaemon looks for requests on. If no
lan devices are specified, the default lan device is used.

The major number for this device must correspond to a IEEE 802.3 local area network device.
Another function of vtdaemon is to create portals and service portal requests. A portal is a callout device
that can be used by uucico to communicate to another machine via local area network (see uucico(1M)).
Portals are created by vtdaemon according to the configuration information found in the file
/etc/uucp/L-vtdevices. Each line in L-vtdevices has the format:
<calldev>[,<lan device>] <nodename>
For each line, vtdaemon creates a portal named calldev in /dev . Whenever this device is opened,
vtdaemon spawns a server that creates a connection to the system specified by nodename via the lan dev-
ice specified. If no lan device is specified, the first one specified on the command line when vtdaemon was
started is used (or the default lan device is used if no lan devices were specified on the command line).
vtdaemon should be terminated by sending signal SIGTERM to it. When vtdaemon receives this signal
it removes all of the portals it created in /dev before exiting.

DIAGNOSTICS
Diagnostics messages produced by vtdaemon are written to /var/adm/vtdaemonlog.

WARNINGS
vtdaemon uses the Hewlett-Packard LLA (Link Level Access) direct interface to the HP network drivers.
vtdaemon uses the multicast address 0x01AABBCCBBAA. It should not be used or deleted by other
applications accessing the network. vtdaemon uses the following IEEE 802.3 sap (service access point)
values: 0x90 , 0x94 , 0x98 , 0x9C , 0xA0 , 0xA4 , 0xA8 , 0xAC , 0xB0 , 0xB4 , 0xB8 , 0xBC , 0xC0 ,
0xC4 , 0xC8 , 0xCC , 0xD0 , and 0xD4 . They should not be used by other applications accessing the net-
work.
v
Desktop HP-UX
If your system has been installed with the Desktop HP-UX product, then both ptydaemon and vtdae-
mon will not be started by default. In order to start these daemons, change PTYDAEMON_START and
VTDAEMON_START from a "0" to a "1" in the /etc/rc.config.d/ptydaemon and
/etc/rc.config.d/vt files, respectively. The system must either be rebooted for these changes to
take effect, or you can manually start both daemons by typing :
/usr/sbin/ptydaemon
/usr/sbin/vtdaemon /dev/lan0
where /dev/lan0 is the character special device file corresponding to the IEEE802.3 local area network
device.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 659

 vtdaemon(1M) vtdaemon(1M)

FILES
/var/adm/vtdaemonlog logfile used by vtdaemon.
/dev/lan0 default lan device name.

SEE ALSO
vt(1), uucico(1M).

660 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

wall(1M) wall(1M)

NAME
wall - write message to all users

SYNOPSIS
/usr/sbin/wall [-ggroupname] [file]
DESCRIPTION
Without arguments, the wall command reads a message from standard input until end-of-file. Then it
sends this message to all currently logged-in users preceded by:
Broadcast Message from ...
If the -g groupname option is specified, wall sends the message to all currently logged-in groupname
members (as specified in /etc/group ) preceded by:
Broadcast Message from ... to group groupname
If file is specified, wall reads file instead of standard input.
wall is typically used to warn all users prior to shutting down the system.
The sender must have appropriate privileges to override any protections the users may have invoked (see
mesg(1)).
wall has timing delays, and takes at least 30 seconds to complete.
You must have appropriate privileges to override any protections users may have invoked (see mesg(1)).

EXTERNAL INFLUENCES
International Code Set Support
Single- and multibyte character code sets are supported.

DIAGNOSTICS
Cannot send to ...
The open on a user’s tty file failed.

WARNINGS
The wall command will be WITHDRAWN from X/Open standard and may not be portable to other
vendor’s platforms.

AUTHOR
wall was developed by AT&T and HP.
FILES
/dev/tty*
SEE ALSO
mesg(1), write(1).

STANDARDS CONFORMANCE
wall : SVID2, SVID3, XPG2, XPG3

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 661

 whodo(1M) whodo(1M)

NAME
whodo - which users are doing what

SYNOPSIS
/usr/sbin/whodo [-h] [-l] [user ]
DESCRIPTION
The whodo command produces merged, reformatted, and dated output from the who , ps and acctcom
commands (see who(1) , ps(1) and acctcom(1M)).
If user is specified, output is restricted to all sessions pertaining to that user.
The following options are available:
-h Suppress the heading.
-l Produce a long form of output. The fields displayed are: the user’s login name, the name of
the tty the user is on, the time of day the user logged in (in hours:minutes), the idle time -
that is, the time since the user last typed anything (in hours:minutes), the CPU time used
by all processes and their children on that terminal (in minutes:seconds), the CPU time
used by the currently active processes (in minutes:seconds), and the name and arguments
of the current process.

EXTERNAL INFLUENCES
Environment Variables
LC_COLLATE determines the order in which the output is sorted.
If LC_COLLATE is not specified in the environment or is set to the empty string, the value of LANG is
used as a default. If LANG is not specified or is set to the empty string, a default of ‘‘C’’ (see lang(5)) is used
instead of LANG . If any internationalization variable contains an invalid setting, whodo behaves as if all
internationalization variables are set to ‘‘C’’ (see environ(5)).

FILES
/etc/passwd
/var/adm/pacct
SEE ALSO
ps(1), who(1), acctcom(1M).

STANDARDS CONFORMANCE
whodo : SVID2, SVID3

662 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

xntpd(1M) xntpd(1M)

NAME
xntpd - Network Time Protocol daemon

SYNOPSIS
xntpd [ -abdm ] [ -c conffile ] [ -e authdelay ] [ -f driftfile ]
[ -k keyfile ] [ -l logfile ] [ -p pidfile ] [ -r broadcastdelay ]
[ -s statsdir ] [ -t key ] [ -v variable ] [ -V variable ] [ -x ]

DESCRIPTION
xntpd is an operating system daemon which sets and maintains the system time-of-day in synchronism
with Internet standard time servers. xntpd is a complete implementation of the Network Time Protocol
(NTP) version 3, as defined by RFC-1305, but also retains compatibility with version 1 and 2 servers as
defined by RFC-1059 and RFC-1119, respectively.
xntpd does all computations in 64-bit fixed point arithmetic and requires no floating point support. While
the ultimate precision of this design, about 232 picoseconds, is not achievable with ordinary workstations
and networks of today, it may be required with future nanosecond CPU clocks and gigabit LANs.
The daemon can operate in any of several modes, including symmetric active/passive, client/server and
broadcast, as described in RFC-1305. The daemon can also operate in a multicast mode in which it listens
on a reserved multicast address. A broadcast/multicast client can discover remote servers, compute
server-client propagation delay correction factors and configure itself automatically. This makes it possible
to deploy a group of workstations without specifying configuration details specific to the local environment.
Ordinarily, xntpd reads the /etc/ntp.conf configuration file at startup time in order to determine
the synchronization sources and operating modes. It is also possible to specify a working, although limited,
configuration entirely on the command line, obviating the need for a configuration file. This may be partic-
ularly appropriate when the local host is to be configured as a broadcast or multicast client, with all peers
being determined by listening to broadcasts at run time. Various internal xntpd variables can be
displayed and configuration options altered while the daemon is running using the ntpq and xntpdc util-
ity programs.
COMMAND LINE OPTIONS
-a Enable authentication mode. The default is disable.
-b Synchronize using NTP broadcast messages.
-c conffile Specify the name and path of the configuration file.
-d Specify debugging mode. This flag may occur multiple times, with each occurrence indi-
cating greater detail of display.
-e authdelay Specify the time (in seconds) it takes to compute the NTP encryption field on this com-
puter.
-f driftfile Specify the name and path of the drift file.
-k keyfile Specify the name and path of the file containing the NTP authentication keys.
-l logfile Specify the name and path of the log file. The default is the system log facility.
-p pidfile Specify the name and path to record the daemon’s process ID.
-r broadcastdelay
Specify the default propagation delay from the server and this computer. This is used
only if the delay cannot be computed automatically by the protocol.
-s statsdir Specify the directory path for files created by the statistics facility.
-t key Add a key number to the trusted key list. x
-v variable Add a system variable.
-V variable Add a system variable listed by default.
-x Make all adjustments by SLEW.
THE CONFIGURATION FILE
The xntpd configuration file is read at initial startup in order to specify the synchronization sources,
modes and other related information. Usually, it is installed in the /etc/ntp.conf directory, but could
be installed elsewhere (see the -c conffile command line option).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 663

 xntpd(1M) xntpd(1M)

The file format is similar to other UNIX configuration files. Comments begin with a # character and extend
to the end of the line. Blank lines are ignored. Configuration commands consist of an initial keyword fol-
lowed by a list of arguments, some of which may be optional, separated by white space. Commands may
not be continued over multiple lines. Arguments may be host names, host addresses written in numeric,
dotted-quad form, integers, floating point numbers (when specifying times in seconds) and text strings.
Optional arguments are delimited by [ ] in the following descriptions, while alternatives are separated by
|. The notation [ ... ] means an optional, indefinite repetition of the last item before the [ ... ].
While there is a rich set of options available, the only required option is one or more server, peer or broad-
cast commands described in the "Configuration Options" section. The examples in
/etc/ntp.conf.example may also be helpful.
CONFIGURATION OPTIONS
The configuration commands are as described below:
peer address [ key key_id ] [ version version_id ] [ prefer ]
server address [ key key_id ] [ version version_id ] [ prefer ] [ mode mode ]
broadcast address [ key key_id ] [ version version_id ] [ ttl ttl ]
The above three commands can be used to specify either the name or address of the time server and the
mode in which the time server should operate. The address can be either a DNS name or an IP address in
dotted-quad notation.
The peer command specifies that the local server is to operate in symmetric active mode with the remote
server. In this mode, the local server can be synchronized to the remote server and, in addition, the remote
server can be synchronized by the local server. This is useful in a network of servers where, depending on
various failure scenarios, either the local or remote server may be the better source of time.
The server command specifies that the local server is to operate in client mode with the specified remote
server. In this mode, the local server can be synchronized to the remote server, but the remote server can
never be synchronized to the local server. This is the most common operating mode (by far).
The broadcast command specifies that the local server is to operate in broadcast mode, where the local
server sends periodic broadcast messages to a client population at the broadcast/multicast address specified.
Ordinarily, this specification applies only to the local server operating as a sender; for operation as a broad-
cast client, see the broadcastclient or multicastclient commands below. In this mode,
address is usually the broadcast address of (one of) the local network(s) or a multicast address assigned to
NTP. The address of 224.0.1.1 is assigned to NTP. This is presently the only address that should be used.
Note that the use of multicast features requires a multicast kernel.
OPTIONS
key key_id All packets sent to the address are to include authentication fields encrypted using the
specified key identifier, which is an unsigned 32 bit integer. The default is to not include an
encryption field.
version version_id
Specifies the version number to be used for outgoing NTP packets. Versions 1, 2, and 3 are
the choices, with version 3 the default.
prefer Marks the server as preferred. All other things being equal, this host will be chosen for
synchronization among a set of correctly operating hosts.
ttl ttl This option is used only with broadcast mode. It specifies the ttl (time-to-live) to use on
multicast packets. Selection of the proper value, which defaults to 127, must be
co-ordinated with the network administrator(s).
broadcastclient
x This command enables reception of broadcast server messages on any local interface. Upon
receiving a message for the first time, the broadcast client measures the nominal server
propagation delay using a brief client/server exchange with the server. Then, the client
enters the broadcastclient mode, in which it listens for and synchronizes to succeeding
broadcast messages. Note that, in order to avoid accidental or malicious disruption in this
mode, both the server and client should operate using symmetric-key or public-key authen-
tication.
driftfile driftfile
This command specifies the name of the file used to record the frequency offset of the local
clock oscillator. If the file exists, it is read at startup in order to set the initial frequency

664 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

xntpd(1M) xntpd(1M)

offset and then updated once per hour with the current frequency offset computed by the
daemon. If the file does not exist or this command is not given, the initial frequency offset
is assumed zero. In this case, it may take some hours for the frequency to stabilize and the
residual timing errors to subside.
enable auth|bclient|monitor|pll|pps|stats
disable auth|bclient|monitor|pll|pps|stats
Provides a way to enable or disable various server options. Flags not mentioned are
unaffected. Note that all of these flags can be controlled remotely using the xntpdc util-
ity program. Each of these flags are described below.
auth Enables the server to synchronize with unconfigured peers only if the peer has
been correctly authenticated using a trusted key and key identifier. The default
for this flag is disable.
bclient
Enables the server to listen for a message from any server, as in the multi-
castclient command with default address. The default for this flag is disable.
monitor
Enables the monitoring facility. See the xntpdc monlist command for further
information and xntpdc(1M).
pll Enables the server to adjust its local clock, with default enable. If not set, the
local clock free-runs at its intrinsic time and frequency offset. This flag is useful in
case the local clock is controlled by some other device or protocol and NTP is used
only to provide synchronization to other clients. In this case, the local clock driver
is used. See the Reference Clock Drivers for further information.
pps Enables the pulse-per-second (PPS) signal when frequency and time is disciplined
by the precision time kernel modifications. The default is enable when these
modifications are available and disable otherwise.
stats Enables the statistics facility. By default this option is enabled.
Authentication Key File Format
The NTP standard specifies an extension allowing verification of the authenticity of received NTP packets,
and to provide an indication of authenticity in outgoing packets. This is implemented in xntpd using the
DES encryption algorithm. The specification allows any one of a possible 4 billion keys, numbered with 32
bit unsigned integers, to be used to authenticate an association. The servers involved in an association
must agree on the value of the key used to authenticate their data, though they must each learn the key
independently. The keys are standard 56 bit DES keys.
Additionally, another authentication algorithm is available which uses an MD5 message digest to compute
an authenticator. The length of the key or password is limited to 8 characters. xntpd reads its keys from
a file specified using the -k command line option or the keys statement in the configuration file. While key
number 0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, one or more of the keys
numbered 1 through 15 may be arbitrarily set in the keys file.
The key file uses the same comment conventions as the configuration file. Key entries use a fixed format of
the form
keyno type key
where keyno is a positive integer, type is a single character which defines the format the key is given in,
and key is the key itself.
The key may be given in one of four different formats, controlled by the type character. The four key types,
and corresponding formats, are listed following. x
S The key is a 64 bit hexadecimal number in the format specified in the DES document, that is the high
order 7 bits of each octet are used to form the 56 bit key while the low order bit of each octet is given a
value such that odd parity is maintained for the octet. Leading zeroes must be specified (i.e. the key
must be exactly 16 hex digits long) and odd parity must be maintained. Hence a zero key, in standard
format, would be given as 0101010101010101 .
N The key is a 64 bit hexadecimal number in the format specified in the NTP standard. This is the same
as the DES format except the bits in each octet have been rotated one bit right so that the parity bit is
now the high order bit of the octet. Leading zeroes must be specified and odd parity must be

HP-UX 11i Version 3: February 2007 −3− Hewlett-Packard Company 665

 xntpd(1M) xntpd(1M)

maintained. A zero key in NTP format would be specified as 8080808080808080

A The key is a 1-to-8 character ASCII string. A key is formed from this by using the lower order 7 bits
of the ASCII representation of each character in the string, with zeroes being added on the right when
necessary to form a full width 56 bit key, in the same way that encryption keys are formed from Unix
passwords.
M The key is a 1-to-32 character ASCII string, using the MD5 authentication scheme. Note that both the
keys and the authentication schemes (DES or MD5) must be identical between a set of peers sharing
the same key number.
FILEGEN UTILITY
filegen name [ file filename ] [ type typename ] [ link |nolink ] [ enable |disable ]
This command helps in configuring the generation-file set name . The generation-file sets provides a mean
for handling files that are continuously growing during the lifetime of a server. Server statistics are a typi-
cal example for such files. The generation-file sets provide access to a set of files used to store the actual
data. At any time at most one element of the set is being written to. The type given specifies when and
how data will be directed to a new element of the set. This way, information stored in elements of a file set
that are currently unused are available for administrational operations without the risk of disturbing the
operation of xntpd . (Most important: they can be removed to free space for new data produced.)
Filenames of set members are built from three elements. name is name of the statistic to be collected.
Currently only two kinds of statistics are supported: loopstats and peerstats.
file Defines a filename string directly concatenated to the prefix mentioned above (no intervening /
(slash)) if prefix is defined in the statsdir statement.
type This part reflects individual elements of a file set. It is generated according to the type of a file
set as explained below. A file generation set is characterized by its type. The following
typenames are supported:
none The file set is actually a single plain file.
pid One element of file set is used per incarnation of a xntpd server. This type does not
perform any changes to file set members during runtime, however it provides an easy
way of separating files belonging to different xntpd server incarnations. The set
member filename is built by appending a dot . to the concatenated prefix and filename
strings, and appending the decimal representation of the process id of the xntpd
server process. (e.g <prefix><filename>.<pid> )
day One file generation set element is created per day. The term day is based on UTC. A
day is defined as the period between 00:00 and 24:00 UTC. The file set member suffix
consists of a dot and a day specification in the form <YYYYMMDD>. YYYY is a 4
digit year number (e.g. 1992). MM is a two digit month number. DD is a two digit
day number. Thus, all information written at December 10th, 1992 would end up in a
file named <prefix><filename>.19921210
week Any file set member contains data related to a certain week of a year. The term week
is defined by computing day of year modulo 7. Elements of such a file generation set
are distinguished by appending the following suffix to the file set filename base: A
dot, a four digit year number, the letter W and a two digit week number. For exam-
ple, information from January, 10th 1992 would end up in a file with suffix .1992W1.
month One generation file set element is generated per month. The file name suffix consists
of a dot, a four digit year number, and a two digit month.
year One generation file elment is generated per year. The filename suffix consists of a dot
and a 4 digit year number.
x age This type of file generation sets changes to a new element of the file set every 24
hours of server operation. The filename suffix consists of a dot, the letter a, and an
eight digit number. This number is taken to be the number of seconds the server is
running at the start of the corresponding 24 hour period.
enabled/disabled
Information is only written to a file generation set when this set is enabled . Output is
prevented by specifying disabled . The default is enabled .
link/nolink
It is convenient to be able to access the current element of a file generation set by a fixed name. This

666 Hewlett-Packard Company −4− HP-UX 11i Version 3: February 2007

xntpd(1M) xntpd(1M)

feature is enabled by specifying link and disabled using nolink . The default is link . If link is
specified, a hard link from the current file set element to a file without suffix is created. When there
is already a file with this name and the number of links of this file is one, it is renamed appending a
dot, the letter C, and the pid of the xntpd server process. When the number of links is greater than
one, the file is unlinked. This allows the current file to be accessed by a constant name.

REFERENCE CLOCK DRIVERS

Individual clocks can be activated by configuration file commands, specifically the server and fudge
commands described in the xntpdc(1M) manual page. The following discussion presents information on
how to select and configure the device drivers in a running UNIX system.
Radio and modem clocks by convention have addresses in the form 127.127.t.u , where t is the clock
type and u is a unit number in the range 0-3 used to distinguish multiple instances of clocks of the same
type. Most of these clocks require support in the form of a serial port or special bus peripheral. The partic-
ular device is normally specified by adding a soft link /dev/device u to the particular hardware device
involved, where u correspond to the unit number above.
Following is a list showing the type and title of each driver currently implemented. The compile-time
identifier for each is shown in parentheses.
The following four clock drivers are supported by HP.
Type 1 Local Clock Driver (LOCAL_CLOCK)
Type 4 Spectracom 8170 and Netclock/2 WWVB Receivers (WWVB)
Type 26 Hewlett Packard 58503A GPS Receiver (HPGPS)
Type 29 Trimble Palisade GPS Receiver (PALISADE)
The clock drivers mentioned below are not supported by HP. They may work, but have not been tested.
They are provided as is, for the convenience of the diverse users.
Type 2 Trak 8820 GPS Receiver (TRAK)
Type 3 PSTI/Traconex 1020 WWV/WWVH Receiver (PST)
Type 5 TrueTime GPS/GOES/OMEGA Receivers (TRUETIME)
Type 8 Generic Reference Driver (PARSE)
Type 10 Austron 2200A/2201A GPS Receivers (AS2201)
Type 11 * TrueTime OMEGA Receiver
Type 15 * TrueTime TM-TMD GPS Receiver
Type 16 Bancomm GPS/IRIG Receiver (HP only) (BANC)
Type 17 Datum Precision Time System (DATUM)
Type 18 NIST Modem Time Service (ACTS)
Type 20 Generic NMEA GPS Receiver (NMEA)
Type 23 PTB Modem Time Service (PTBACTS)
Type 24 USNO Modem Time Service (USNO)
Type 25 * TrueTime generic.
All TrueTime receivers are now supported by one driver, type 5. Types 11, 15 and 25 will be retained only
for a limited time and may be reassigned in future.
DEBUGGING HINTS FOR REFERENCE CLOCK DRIVERS
The ntpq and xntpdc utility programs can be used to debug reference clocks, either on the server itself
or from another machine elsewhere in the network. The server is compiled, installed and started using the
command-line switches described in the xntpdc(1M) manual page.
The first thing to look for are error messages on the system log. If none occur, the daemon has started,
opened the devices specified and waiting for peers and radios to come up.
The next step is to be sure the RS232 messages, if used, are getting to and from the clock. The most reli-
able way to do this is with an RS232 tester and to look for data flashes as the driver polls the clock and/or x
as data arrive from the clock. Our experience is that many of the problems occurring during installation
are due to problems such as miswired connectors or improperly configured device links at this stage.
If RS232 messages are getting to and from the clock, variables can be inspected using the ntpq command
(see ntpq(1M)). First, use the pe and as commands to display billboards showing the peer configuration
and association IDs for all peers, including the radio clock peers. The assigned clock address should appear
in the pe billboard and the association ID for it at the same relative line position in the as billboard. If
things are operating correctly, after a minute or two samples should show up in the pe display line for the
clock.

HP-UX 11i Version 3: February 2007 −5− Hewlett-Packard Company 667

 xntpd(1M) xntpd(1M)

Additional information is available with the rv and clockvar commands, which take as argument the
association ID shown in the as billboard. The rv command with no argument shows the system vari-
ables, while the rv command with association ID argument shows the peer variables for the clock, as well
as any other peers of interest. The clockvar command with argument shows the peer variables specific
to reference clock peers, including the clock status, device name, last received timecode (if relevant), and
various event counters. In addition, a subset of the fudge parameters is included.
The xntpdc utility program can be used for detailed inspection of the clock driver status. The most use-
ful are the clockstat file and the commands in xntpdc (see xntpdc(1M)).
Most drivers write a message to the clockstats file as each timecode or surrogate is received from the radio
clock. By convention, this is the last ASCII timecode (or ASCII gloss of a binary-coded one) received from
the radio clock. This file is managed by the filegen facility described above and requires specific com-
mands in the configuration file. This forms a highly useful record to discover anomalies during regular
operation of the clock.
SLEW
SLEW is not recommended by HP because it reduces accuracy and stability.
The NTP daemon has three regimes in which it operates:
offset below 128 milliseconds
This is the normal operating regime of NTP . A properly configured NTP hierarchy (with reasonable
networking) can operate for years without ever approaching the 128 millisecond upper limit. All time
adjustments are small and smooth (known as SLEWING), and nobody even notices the SLEW adjust-
ments unless they have a cesium clock or a GPS clock and expensive instrumentation to make sophis-
ticated measurements (HP/Agilent makes the instruments).
offset above 128 milliseconds
This regime is often encountered at power-on because, those battery-backed real-time clocks they put
in computers are not too great. Because NTP is quite capable of keeping the offset below one mil-
lisecond all the time it is running, many users want to get into the normal regime quickly when an
offset above 128 millisecond is encountered at startup. So in this situation NTP will (fairly quickly)
make a single STEP change, and is usually successful in getting the offset well below 128 millisecond so
there will be no more of the disruptive STEP changes.
offset above 1000 seconds
This is so far out of the normal operating range that NTP decides something is terribly wrong and
human intervention is required. The daemon shuts down.
The catch is that the dispersion on a WAN is frequently much greater than 128 milliseconds, so you may
see (a lot of) the STEP changes, perhaps as large as 1000 milliseconds (depends on your network). But
there are customer applications that are quite allergic to the STEP changes, particularly backward steps
(which will happen about half the time). Databases and financial transaction systems are examples.
The good news is that NTP can be forced to never make a STEP, but instead SLEW the clock to drive the
offset to zero. This is accomplished with the -x option on the command line. This effectively removes the
middle operating regime. You won’t get millisecond (or microsecond) precision with this method, but you
probably can’t get that over a WAN anyway.
It is important to note that SLEWING is a cover-up for a more fundamental problem (poor connection to
the timesource), and it does not solve this problem. SLEWING is not recommended by HP because it
causes reduced accuracy and stability, and it leads to anomalous behavior that can be quite confusing. For
example, you will see messages similar to this in the syslog:
: time reset (step) -411.093665 s
: synchronization lost
x :
:
synchronized to 15.13.115.194, stratum=1
Previous time adjustment incomplete; residual -0.022223 sec
: Previous time adjustment incomplete; residual -0.020624 sec
: Previous time adjustment incomplete; residual -0.020222 sec
: Previous time adjustment incomplete; residual -0.020623 sec
: Previous time adjustment incomplete; residual -0.020623 sec
But this does not mean that your system clock has been stepped. Only the NTP daemon process has seen
a step in its notion of the current time (and this will be passed on to clients). The system time is being gra-
dually adjusted in a series of SLEW maneuvers, and the SLEW rate is quite limited. Be warned that it can
take a long time for the system clock to reach nominal correctness, and much longer to stabilize. Each cpu

668 Hewlett-Packard Company −6− HP-UX 11i Version 3: February 2007

xntpd(1M) xntpd(1M)

model is unique, but the maximum slew rate is typically about 40 milliseconds per second. Thus a SLEW
adjustment of 411 seconds will take over 10,000 seconds (about 3 hours) to complete. A better approach
would be to run the ntpdate command once at system startup, and accept the one STEP change that
comes with it. Then start the NTP daemon process xntpd and it will never make a STEP as long as your
connection to the timesource is good. This method also overcomes the 1000 seconds problem. The NTP
startup script /sbin/rc2.d/S660xntpd will do this automatically if you configure the
NTPDATE_SERVER variable in /etc/rc.config.d/netdamons. A properly configured NTP
hierarchy with average networking (say 10Base-T) can run for years without ever making a STEP change.

AUTHOR
xntpd was developed by Dennis Ferguson at the University of Toronto.
Text amended by David Mills at the University of Delaware.

FILES
/etc/ntp.conf The default configuration file
/etc/ntp.drift The default drift file
/etc/ntp.keys The default key file

SEE ALSO
ntpq(1M), ntpdate(1M), xntpdc(1M).

HP-UX 11i Version 3: February 2007 −7− Hewlett-Packard Company 669

 xntpdc(1M) xntpdc(1M)

NAME
xntpdc - special NTP query program

SYNOPSIS
xntpdc [ -dilnps ] [ -c command ] [ host ] [ ... ]
DESCRIPTION
xntpdc is used to query the xntpd daemon about its current state and to request changes in that state.
The program may be run either in interactive mode or controlled mode using command line arguments.
Extensive state and statistics information is available through the xntpdc interface. In addition, nearly
all the configuration options which can be specified at start up using xntpd ’s configuration file may also be
specified at run time using xntpdc . If one or more request options is included on the command line when
xntpdc is executed, each of the requests will be sent to the NTP servers running on each of the hosts
given as command line arguments, or on localhost by default. If no request options are given, xntpdc will
attempt to read commands from the standard input and execute these on the NTP server running on the
first host given on the command line, again defaulting to localhost when no other host is specified.
xntpdc will prompt for commands if the standard input is a terminal device.
xntpdc uses NTP mode 7 packets to communicate with the NTP server, and hence can be used to query
any compatible server on the network which permits it. Note that since NTP is a UDP protocol, this com-
munication will be somewhat unreliable, especially over large distances in terms of network topology.
xntpdc makes no attempt to retransmit requests, and will timeout requests if the remote host is not
heard from within a suitable timeout time.
The operation of xntpdc is specific to the particular implementation of the xntpd daemon and can be
expected to work only with this and maybe some previous versions of the daemon. Requests from a remote
xntpdc program which affect the state of the local server must be authenticated, which requires both the
remote program and local server to share a common key and key identifier.

COMMAND LINE OPTIONS

Specifying a command line option other than -i or -n will cause the specified query (or queries) to be sent
to the indicated host(s) immediately. Otherwise, xntpdc will attempt to read interactive format com-
mands from the standard input.
-c command The following command is interpreted as an interactive format command and is added to
the list of commands to be executed on the specified host(s). Multiple -c commands may be
given.
-d Debugging information is printed.
-i Force xntpdc to operate in interactive mode. Prompts will be written to the standard out-
put and commands read from the standard input.
-l Obtain a list of peers which are known to the server(s). This option is equivalent to -c
listpeers command. See "CONTROL MESSAGE COMMANDS" below.
-n Output all host addresses in dotted-quad numeric format (xxx.xxx.xxx.xxx) rather than con-
verting to the canonical host names.
-p Print a list of peers known to the server as well as a summary of their state. This is
equivalent to -c peers command. See "CONTROL MESSAGE COMMANDS" below.
-s Print a list of peers known to the server as well as a summary of their state, but in a
slightly different format than the -p command. This is equivalent to -c dmpeers com-
mand. See "CONTROL MESSAGE COMMANDS" below.

x INTERACTIVE COMMANDS
Interactive format commands consist of a keyword followed by zero to four arguments. Only enough charac-
ters of the full keyword to uniquely identify the command need be typed. The output of a command is nor-
mally sent to the standard output. The output of individual commands may be redirected or sent to a file by
appending a >, followed by a file name, to the command line.
A number of interactive format commands are executed entirely within the xntpdc program itself and do
not result in NTP mode 7 requests being sent to a server. These commands are described as follows:
? [ command_keyword ]

670 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

xntpdc(1M) xntpdc(1M)

help [ command_keyword ]
A ? or help by itself will print a list of all the command keywords. ntpq . A ? or
help followed by a command keyword (command_keyword) will print function and
usage information about the command.
delay milliseconds
Specify a time interval to be added to timestamps included in requests which require
authentication. This is used to enable (unreliable) server reconfiguration over long
delay network paths or between machines whose clocks are unsynchronized.
host hostname Set the host to which future queries will be sent. The hostname may be either a host
name or a numeric address.
hostnames [ yes |no ]
If yes is specified, host names are printed in information displays. If no is specified,
numeric addresses are printed instead. The default is yes , unless modified using the
command line -n command.
keyid keyid This command allows the specification of a key number to be used to authenticate
configuration requests. The keyid must correspond to a key number that the server
has been configured to use for this purpose.
quit Exit xntpdc .
passwd This command prompts you to type in a password (which will not be echoed) which
will be used to authenticate configuration requests. The password must correspond to
the key configured for use by the NTP server for this purpose if such requests are to
be successful.
timeout milliseconds
Specify a timeout period for responses to server queries. The default is about 8000
milliseconds. Note that since xntpdc retries each query once after a timeout, the
total waiting time for a timeout will be twice the timeout value set.
CONTROL MESSAGE COMMANDS
Query commands result in NTP mode 7 packets containing requests for information being sent to the
server. These are read-only commands in that they make no modification of the server configuration state.
listpeers Obtains and prints a brief list of the peers for which the server is maintaining state.
This list should include all configured peer associations as well as those peers whose
stratum is such that they are considered by the server to be possible future synchroni-
zation candidates.
peers Obtains a list of peers for which the server is maintaining state, along with a sum-
mary of that state. Summary information includes the address of the remote peer, the
local interface address (0.0.0.0 if a local address has yet to be determined), the stra-
tum of the remote peer (a stratum of 16 indicates the remote peer is unsynchronized),
the polling interval in seconds, the reachability register in octal, and the current
estimated delay, offset and dispersion of the peer, all in seconds. In addition, the char-
acter in the left margin indicates the mode this peer entry is operating in.
+ indicates symmetric active
- indicates symmetric passive
= indicates the remote server is being polled in client mode
^ indicates the server is broadcasting to this address
~ indicates the remote peer is sending broadcasts
x
* indicates the peer that the server is currently synchronizing to.
The contents of the host field may be a host name, an IP address, a reference clock implementation
name with its parameter or REFCLK (implementation number, parameter). For hostnames no,
only IP addresses will be displayed.
dmpeers
A slightly different peer summary list. The output is similar to that of the peers command,
except for the character in the leftmost column. Characters only appear beside peers which were
included in the final stage of the clock selection algorithm. A period (.) indicates that this peer

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 671

 xntpdc(1M) xntpdc(1M)

was cast off in the falseticker detection. A plus (+) indicates that the peer made it through. An
asterisk (*) denotes the peer that the server is currently synchronizing with.
showpeer peer_address [ ... ]
Shows a detailed display of the current peer variables for one or more peers. Most of these
values are described in the NTP Version 2 specification.
pstats peer_address [ ... ]
Show per-peer statistic counters associated with the specified peer(s).
clockinfo clock_peer_address [ ... ]
Obtain and print information concerning a peer clock. The values obtained provide information
on the setting of fudge factors and other clock performance information.
kerninfo
Obtain and print kernel phase-lock loop operating parameters. This information is available only
if the kernel has been specially modified for a precision timekeeping function.
loopinfo [ oneline |multiline ]
Print the values of selected loop filter variables. The loop filter is the part of NTP which deals
with adjusting the local system clock. The offset is the last offset given to the loop filter by the
packet processing code. The frequency is the frequency error of the local clock in parts-per-
million (ppm). The time_const controls the stiffness of the phase-lock loop and thus the speed at
which it can adapt to oscillator drift. The watchdog timer value is the number of seconds which
have elapsed since the last sample offset was given to the loop filter. The oneline and mul-
tiline options specify the format in which this information is to be printed. multiline is
the default.
sysinfo
Print a variety of system state variables, i.e., the state related to the local server.
The system flags show various system flags, some of which can be set and cleared by the
enable and disable configuration commands, respectively. The configurable flags are the
auth, bclient, monitor, pll, pps and stats flags. Refer to xntpd(1M) for the description of these
flags.
The stability is the residual frequency error remaining after the system frequency correction is
applied and is intended for maintenance and debugging. In most architectures, this value will
initially decrease from as high as 500 ppm to a nominal value in the range .01 to 0.1 ppm. If it
remains high for some time after starting the daemon, something may be wrong with the local
clock, or the value of the kernel variable tick may be incorrect.
The broadcastdelay shows the default broadcast delay, as set by the broadcastdelay
configuration command.
The authdelay shows the default authentication delay, as set by the authdelay
configuration command.
sysstats
Print statistics counters maintained in the protocol module.
memstats
Print statistics counters related to memory allocation code.
iostats
Print statistics counters maintained in the input-output module.
timerstats
Print statistics counters maintained in the timer/event queue support code.
x reslist
Obtain and print the server’s restriction list. This list is (usually) printed in sorted order and may
help to understand how the restrictions are applied.
monlist [ version ]
Obtain and print traffic counts collected and maintained by the monitor facility. The version
number should not normally need to be specified.
clkbug clock_peer_address[ ... ]
Obtain debugging information for a reference clock driver. This information is provided only by
some clock drivers and is mostly undecodable without a copy of the driver source.

672 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

xntpdc(1M) xntpdc(1M)

RUNTIME CONFIGURATION REQUESTS

All requests which cause state changes in the server are authenticated by the server using a configured
NTP key. This facility is disabled if the NTP key is not configured. The key number and the corresponding
key must also be made known to xtnpdc . This can be done using the keyid and passwd commands, the
latter of which will prompt at the terminal for a password to use as the encryption key. You will also be
prompted automatically for both the key number and password the first time a command which would
result in an authenticated request to the server is given. Authentication not only provides verification that
the requester has permission to make such changes, but also gives an extra degree of protection against
transmission errors.
Authenticated requests always include a timestamp in the packet data, which is included in the computa-
tion of the authentication code. This timestamp is compared by the server to its receive time stamp. If they
differ by more than a small amount the request is rejected. This is done for two reasons. First, it makes
simple replay attacks on the server, by someone who might be able to overhear traffic on your LAN, much
more difficult. Second, it makes it more difficult to request configuration changes to your server from topo-
logically remote hosts. While the reconfiguration facility will work well with a server on the local host, and
may work adequately between time-synchronized hosts on the same LAN, it will work very poorly for more
distant hosts. As such, if reasonable passwords are chosen, care is taken in the distribution and protection
of keys and appropriate source address restrictions are applied, the run time reconfiguration facility should
provide an adequate level of security.
The following commands all make authenticated requests.
addpeer peer_address [ keyid ][ version ][ prefer ]
Add a configured peer association at the given address and operating in symmetric active
mode. Note that an existing association with the same peer may be deleted when this com-
mand is executed, or may simply be converted to conform to the new configuration, as
appropriate. If the optional keyid is a nonzero integer, all outgoing packets to the remote
server will have an authentication field (encrypted) attached with this key. If the value is 0
(or not given) no authentication will be done. The version # can be 1, 2 or 3 and defaults to
3. The prefer keyword indicates a preferred peer (and thus will be used primarily for clock
synchronization if possible). The preferred peer also determines the validity of the PPS signal
- if the preferred peer is suitable for synchronization so is the PPS signal.
addserver peer_address [ keyid ][ version ][ prefer ]
Identical to the addpeer command, except that the operating mode is client.
broadcast peer_address [ keyid ][ version ][ prefer ]
Identical to the addpeer command, except that the operating mode is broadcast. In this
case a valid key identifier and key are required. The peer_address parameter can be the
broadcast address of the local network or a multicast group address assigned to NTP. If using
a multicast address, a multicast-capable kernel is required.
unconfig peer_address [ ... ]
This command causes the configured bit to be removed from the specified peer(s). In many
cases this will cause the peer association to be deleted. When appropriate, however, the asso-
ciation may persist in an unconfigured mode if the remote peer is willing to continue on in
this fashion.
fudge peer_address [ time1][ time2 ][ stratum ][ refid ]
This command provides a way to set certain data for a reference clock. See the source listing
for further information.
enable [ flag ][ ... ]
disable [ flag ][ ... ]
These commands operate in the same way as the enable and disable configuration file
commands of xntpd . Described below are the flags supported.
x
auth Enables the server to synchronize with unconfigured peers only if the peer has been
correctly authenticated using a trusted key and key identifier. The default for this
flag is enable.
bclient
Enables the server to listen for a message from a broadcast or multicast server, as in
the multicastclient command with default address. The default for this flag is dis-
able.

HP-UX 11i Version 3: February 2007 −4− Hewlett-Packard Company 673

 xntpdc(1M) xntpdc(1M)

monitor
Enables the monitoring facility. See the xntpdc program and the monolist com-
mand for more information. The default for this flag is enable.
pll Enables the server to adjust its local clock by means of NTP. If disabled, the local
clock free-runs at its intrinsic time and frequency offset. This flag is useful in case
the local clock is controlled by some other device or protocol and NTP is used only to
provide synchronization to other clients. In this case, the local clock driver is used.
The default for this flag is enable.
pps Enables the pulse-per-second (PPS) signal when frequency and time is disciplined by
the precision time kernel modifications. The default for this flag is disable.
stats Enables the statistics facility. The default for this flag is enable.
restrict address mask flag [flag]
This command operates in the same way as the restrict configuration file commands of
xntpd .
unrestrict address mask flag [flag]
Unrestrict the matching entry from the restrict list.
delrestrict address mask [nttport]
Delete the matching entry from the restrict list.
readkeys
Causes the current set of authentication keys to be purged and a new set to be obtained by
rereading the keys file (which must have been specified in the xntpd configuration file). This
allows encryption keys to be changed without restarting the server.
trustkey [ keyid ][ ... ]
untrustkey [ keyid ][ ... ]
These commands operate in the same way as the trustedkey and untrustkey
configuration file commands of xntpd .
authinfo
Returns information concerning the authentication module, including known keys and counts
of encryptions and decryptions which have been done.
traps Display the traps set in the server. See the source listing for further information.
addtrap [ address ][ port ][ interface ]
Set a trap for asynchronous messages. See the source listing for further information.
clrtrap [ address ][ port ][ interface ]
Clear a trap for asynchronous messages. See the source listing for further information.
reset Clear the statistics counters in various modules of the server. See the source listing for
further information.

AUTHOR
xntpdc was developed by David L. Mills.
SEE ALSO
xntpd(1M), ntpdate(1M), ntpq(1M).

674 Hewlett-Packard Company −5− HP-UX 11i Version 3: February 2007

ypinit(1M) ypinit(1M)

NAME
ypinit - build and install Network Information Service databases

SYNOPSIS
/usr/sbin/ypinit -m [DOM= NIS_domain]
/usr/sbin/ypinit -s NIS_server_name [DOM= NIS_domain]
/usr/sbin/ypinit -c
Remarks
The Network Information Service (NIS) was formerly known as Yellow Pages (yp). Although the name has
changed, the functionality of the service remains the same.

DESCRIPTION
ypinit is a shell script that creates Network Information Service (NIS) databases on either a master or
slave NIS server. ypinit asks a few self-explanatory questions, and reports success or failure to the ter-
minal. For an overview of Network Information Service, see ypfiles(4) and ypserv (1M).

Options
ypinit recognizes the following options and command-line arguments:
-m Create the local host as the master server to all maps (databases) provided in the
NIS domain (see domainname(1)). All maps are built from scratch, either from
information provided to ypinit at run-time, or from ASCII files in /etc . All
such files should be complete and unabbreviated, unlike how they may exist on a
NIS client machine (see passwd(4) for examples of abbreviated files).
See ypmake(1M) for more information on how NIS databases are built on the
master server. Note that ypinit uses the NOPUSH=1 option when invoking
make , so newly formed maps are not immediately copied to slave servers (see
ypmake(1M)).
-s Create NIS databases on a slave server by copying the databases from an exist-
ing NIS server that serves the NIS domain.
The NIS_server_name argument should be the host name of either the master
server for all the maps or a server on which the maps are current and stable.
-c Configures the local host as a NIS client, so that the NIS client will attempt to
bind to a particular NIS server. Invocation of ypinit with a -c option
prompts the user to construct a list of NIS servers, in the order of preference, to
which the client will try to bind. This list of NIS servers is stored in the file
/var/yp/binding/<domain_name>/ypservers. In order for ypbind
to use this list of NIS servers, ypbind should not be invoked with -broad-
cast option. (See ypbind(1M) in ypserv (1M)). If it is so desired that it is not
necessary for a NIS client to bind to a NIS server in a particular list, the
ypinit -c installation mechanism could be ignored.
DOM= NIS_domain Causes ypinit to construct maps for the specified NIS_domain. DOM defaults
to the NIS domain shown by the domainname command (see domainname(1).

RETURN VALUE
ypinit returns exit code 0 if no errors occur; otherwise, it returns exit code 1.
AUTHOR
ypinit was developed by Sun Microsystems, Inc.
FILES
/etc/group y
/etc/hosts
/etc/netgroup
/etc/networks
/etc/passwd
/etc/protocols
/etc/publickey
/etc/rpc
HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 675
 ypinit(1M) ypinit(1M)

/etc/services
/etc/auto_master
/etc/mail/aliases
SEE ALSO
domainname(1), makedbm(1M), ypmake(1M), yppush(1M), ypserv(1M), ypxfr(1M), ypxfrd(1M), group(4),
hosts(4), netgroup(4), networks(4), passwd(4), protocols(4), publickey(4), rpc(4), services(4), ypfiles(4).

676 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

ypmake(1M) ypmake(1M)

NAME
ypmake - create or rebuild Network Information Service databases

SYNOPSIS
/var/yp/ypmake [DIR= source_directory ] [DOM= NIS_domain ] [NOPUSH=1 ]
[PWFILE= passwd_file ] [SWFILE= shadow_file ] [ map [ map ... ] ]
cd /var/yp; make [DIR= source_directory ] [DOM= NIS_domain ] [NOPUSH=1 ]
[PWFILE= passwd_file ] [SWFILE= shadow_file ] [ map ... ]

Remarks
The Network Information Service (NIS) was formerly known as Yellow Pages (yp). Although the name has
changed, the functionality of the service remains the same.

DESCRIPTION
ypmake is a shell script that builds one or more Network Information Service (NIS) maps (databases) on a
master NIS server. If no arguments are specified, ypmake either creates maps if they do not already
exist or rebuilds maps that are not current. These maps are constructed from ASCII files. ypmake then
executes yppush to notify slave NIS servers of the change and make the slave servers copy the updated
maps to their machines (see yppush(1M)).
If any maps are supplied on the command line, ypmake creates or updates those maps only. Permissible
names for maps are the filenames in /etc listed under FILES below. In addition, specific maps can be
named, such as netgroup.byuser or rpc.bynumber .
The make command can be used instead of ypmake (see make(1)). The Makefile no longer calls the
ypmake script but now actually constructs the maps. All NIS commands have been modified to use the
Makefile instead of ypmake . The Makefile and ypmake can co-exist, but it is recommended that
you consider using the Makefile which is the standard mechanism for building maps on other vendor’s
machines.
Both the Makefile and ypmake script use five variables:
DIR= source_directory The directory containing the ASCII source files from which maps are con-
structed. DIR defaults to /etc .
DOM= NIS_domain Causes ypmake to construct maps for the specified NIS_domain. DOM
defaults to the NIS domain shown by domainname (see domainname(1)).
NOPUSH=1 When non-null (null by default), NOPUSH inhibits copying the new or
updated databases to the slave NIS servers. Only slave NIS servers in the
specified domain receive yppush notification when NOPUSH is null.
NOPUSH=2 Does the same thing as NOPUSH=1 and sends a "clear current map"
request to the local ypserv process.
PWFILE= passwd_file Specifies the full pathname of the ASCII file that ypmake should use
when building the NIS passwd maps. PWFILE defaults to
$DIR/passwd .
SWFILE= shadow_file Specifies the full pathname of the ASCII file that ypmake must use in
conjunction with the PWFILE to build NIS password maps. SWFILE is
ignored if SHADOW_MODE is set to 0 in
/etc/rc.config.d/namesvrs. SWFILE defaults to
$DIR/shadow .
The order of arguments passed to ypmake is unimportant, but the maps are built or updated in the left-
to-right order provided.
Refer to ypfiles(4) and ypserv (1M) for an overview of Network Information Service.
NOTE: The /etc/hosts file contains IPv4 and IPv6 addresses. ypmake collects data from the y
/etc/hosts file and builds four maps, namely hosts.byaddr , hosts.byname ,
ipnodes.byaddr, and ipnodes.byname. The hosts.byaddr and hosts.byname maps con-
tain IPv4 data and the ipnodes.byaddr and ipnodes.byname maps contain IPv4 and IPv6 data.

DIAGNOSTICS
ypmake returns one of the following exit codes upon completion:

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 677

 ypmake(1M) ypmake(1M)

0 Normal termination; no problems.

1 One or more unrecognized arguments were passed.
2 The NIS domain name is not set.
3 The subdirectory used to contain maps for a specific NIS domain, /var/yp/domain_name,
does not exist or is not writable.
4 An error was encountered when building at least one of the maps.
5 One or more maps’ ASCII files do not exist or are unreadable.

EXAMPLES
Create or rebuild the password databases (both the passwd.byname and passwd.byuid maps) from
/etc/passwd and use yppush to copy the databases to any slave NIS servers in the default NIS
domain:
ypmake passwd.byname
Create or rebuild the hosts databases from /etc/hosts but do not copy the databases to any slave NIS
servers:
ypmake hosts NOPUSH=1
Create or rebuild the network maps from /nis/sourcefiles/networks and copy the maps to any
slave NIS servers in NIS domain DAE_NIS :
ypmake DOM=DAE_NIS networks DIR=/nis/sourcefiles
AUTHOR
ypmake was developed by Sun Microsystems, Inc.
FILES
/etc/group
/etc/hosts
/etc/netgroup
/etc/networks
/etc/passwd
/etc/protocols
/etc/publickey
/etc/rpc
/etc/services
SEE ALSO
domainname(1), make(1), makedbm(1M), ypinit(1M), yppush(1M), ypserv(1M), group(4), hosts(4), net-
group(4), networks(4), passwd(4), protocols(4), publickey(4), rpc(4), services(4), ypfiles(4).

678 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

yppasswdd(1M) yppasswdd(1M)

NAME
yppasswdd: rpc.yppasswdd - daemon for modifying Network Information Service passwd database

SYNOPSIS
/usr/lib/netsvc/yp/rpc.yppasswdd passwd_file [-l log_file] [-nogecos ] [-noshell ]
[-nopw ] [-nohome ] [-m [ arg1 arg2 ... ] ]
/usr/lib/netsvc/yp/rpc.yppasswdd [-D directory] [-l log_file] [-nogecos ] [-noshell ]
[-nopw ] [-nohome ] [-m [ arg1 arg2 ... ] ]

Remarks
The Network Information Service (NIS) was formerly known as Yellow Pages (yp). Although the name has
changed, the functionality of the service remains the same.

DESCRIPTION
The yppasswdd daemon handles password change requests from yppasswd (see yppasswd(1)). It
changes a password entry in the passwd and shadow files. The passwd and shadow files provide the basis
for the passwd.byname and passwd.byuid maps. Entries in the passwd or shadow files are changed only if
the password presented by yppasswd matches the encrypted password of the entry. All password files
are located in the PWDIR directory.
If the -D option is given, the passwd or shadow files are placed under the directory path that is the argu-
ment to -D.
yppasswdd should be executed only on the master Network Information Service (NIS) server for the
passwd database (map). The yppasswdd daemon is not executed by default, nor can it be started by
inetd (see inetd(1M)). To enable automatic startup of yppasswdd at boot time, the
NIS_MASTER_SERVER variable should be set to 1 in file /etc/rc.config.d/namesvrs on the
master NIS server.
The yppasswdd daemon in HP-UX 11i version 3 supports the shadow mode. The system can be con-
verted to shadow mode by using pwconv and reverted by using pwunconv . The SHADOW_MODE vari-
able must be set to 1 in file /etc/rc.config.d/namesvrs on the master NIS server to support the
shadow mode in NIS.
The server does not insist on the presence of a shadow file unless there is no -D option present or the direc-
tory named with the -D option is /etc .

Options
yppasswdd recognizes the following options and command-line arguments:
-l log_file Log diagnostic and error messages to log_file. These messages are not available
if yppasswdd is started without the -l option.
Information logged to the file includes date and time of the message, the host
name, process ID and name of the function generating the message, and the
message itself. Note that different services can share a single log file because
enough information is included to uniquely identify each message.
-nogecos -noshell -nopw -nohome
If these are given, then these fields may not be changed remotely using
passwd . -nohome is HP specific.
-m [ arg1 arg2 ... ] After the password or shadow file is modified, and if using the -m option,
yppasswdd executes make to update the NIS passwd database (see
ypmake(1M)). Any arguments following the -m flag are passed to make .
To ensure that the passwd map is rebuilt to contain the new password and all
slave NIS servers have their passwd maps properly updated to include the
change, always use the -m option to yppasswdd , but do not use the y
NOPUSH=1 argument to make .
-D directory The directory input specifies which directory contains the passwd file (and the
shadow file when the system is in shadow mode).
Note that the directory specified must contain the file named "passwd". If sha-
dow mode is enabled, then the directory specified must contain a file called "sha-
dow".

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 679

 yppasswdd(1M) yppasswdd(1M)

EXAMPLES
Assume the yppasswdd daemon is started on the master NIS server as follows:

/usr/lib/netsvc/yp/rpc.yppasswdd /var/yp/src/passwd \
-l /var/adm/yppasswdd.log \
-m passwd DIR=/var/yp/src
/usr/lib/netsvc/yp/rpc.yppasswdd -D /opt \
-l /var/adm/yppasswdd.log \
This indicates that the ASCII file from which the NIS passwd database is built is
/var/yp/src/passwd. When this file is updated by a request from yppasswd , the NIS passwd data-
base is rebuilt and copied to all slave NIS servers in the master’s NIS domain (see domainname(1)).
Log messages are written to the file /var/adm/yppasswdd.log.

WARNINGS
yppasswdd uses lock file /var/adm/ptmp to get exclusive access to passwd_file when updating it.
The file /var/adm/ptmp may persist if passwd_file is being updated and
• The system crashes or
•
yppasswdd is killed using SIGKILL (see kill(1) and signal(2)).
File /var/adm/ptmp must be removed before yppasswdd can function properly again.
vipw also uses /var/adm/ptmp when updating /etc/passwd (see vipw(1M)). As a result,
yppasswdd competes with vipw when it updates passwd_file if passwd_file is /etc/passwd .
AUTHOR
yppasswdd was developed by Sun Microsystems, Inc.
FILES
/var/adm/ptmp
lock file used when updating passwd_file

SEE ALSO
domainname(1), kill(1), yppasswd(1), inetd(1M), vipw(1M), ypmake(1M), signal(2), yppasswd(3N),
passwd(4), publickey(4), ypfiles(4), pwconv(1M), pwunconv(1M), shadow(4).

680 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

yppoll(1M) yppoll(1M)

NAME
yppoll - query NIS server for information about NIS map

SYNOPSIS
/usr/sbin/yppoll [-h host] [-d domain] mapname
Remarks
The Network Information Service (NIS) was formerly known as Yellow Pages (yp). Although the name has
changed, the functionality of the service remains the same.

DESCRIPTION
yppoll asks a Network Information Service (NIS) server process (see ypserv (1M)) to return the order
number (the time in seconds when the map was built − time(2)) and master NIS server’s host name for a
NIS database named mapname. yppoll then writes them to standard output.
If the server uses Version 1 NIS protocol, yppoll uses this older protocol to communicate with it.
yppoll also prints the old style diagnostic messages in case of failure.
See ypfiles(4) and ypserv (1M) for an overview of Network Information Service.

Options
-h host Ask the ypserv process on host to return the map information (see ypserv (1M)). If
-h host is not specified, the host returned by ypwhich is used (see ypwhich(1)).
-d domain Use domain instead of the domain returned by domainname (see domainname(1)).

WARNINGS
The NIS Version 1 protocol will not be available in a future HP-UX release. HP recommends that you use
the next version of this protocol.

AUTHOR
yppoll was developed by Sun Microsystems, Inc.
SEE ALSO
domainname(1), ypwhich(1), ypserv(1M), ypfiles(4).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 681

 yppush(1M) yppush(1M)

NAME
yppush - force propagation of Network Information Service database

SYNOPSIS
/usr/sbin/yppush [-d domain ] [-m maxm ] [-t mint ] [-v] mapname
Remarks
The Network Information Service (NIS) was formerly known as Yellow Pages (yp). Although the name has
changed, the functionality of the service remains the same.

DESCRIPTION
yppush copies a Network Information Service (NIS) map (database), mapname, from the map’s master
NIS server to each slave NIS server. It is usually executed only on the master NIS server by shell script
ypmake which is run either after changes are made to one or more of the master’s NIS databases or when
the NIS databases are first created. See ypmake(1M) and ypinit(1M) for more information on these
processes.
yppush constructs a list of NIS server host names by reading the NIS map ypservers within the
domain. Keys within the ypservers map are the host names of the machines on which the NIS servers
run. yppush then sends a "transfer map" request to the NIS server at each host, along with the informa-
tion needed by the transfer agent (the program that actually moves the map) to call back yppush .
When the transfer attempt is complete, whether successful or not, and the transfer agent sends yppush a
status message, the results can be printed to standard output. Messages are printed when a transfer is not
possible, such as when the request message is undeliverable or when the timeout period on responses
expires.
Refer to ypfiles(4) and ypserv (1M) for an overview of Network Information Service.

Options
yppush recognizes the following options:
-d domain Copy mapname to the NIS servers in domain rather than to the domain returned by
domainname (see domainname(1)).
-m maxm Attempt to run maxm transfers in parallel to as many servers simultaneously. Without
the -m option, yppush attempts to transfer a map to each server, one at a time. When
a network has many servers, such serial transfers can result in long delays to complete
all transfers. A maxm value greater than 1 reduces total transfer time through better
utilization of CPU time at the master. maxm can be any value from 1 through the
number of NIS servers in the domain.
-t mint Set the minimum timeout value to mint seconds. When transferring to one slave at a
time, yppush waits up to 80 seconds for the transfer to complete, after which it begins
transferring to the next slave. When multiple parallel transfers are attempted by use of
the -m option, it may be necessary to set the transfer timeout limit to a value larger than
the default 80 seconds to prevent timeouts caused by network delays related to parallel
transfers.
-v Verbose mode: messages are printed when each server is called and when each response
is received. If this option is omitted, only error messages are printed.

WARNINGS
In the current implementation (Version 2 NIS protocol), the transfer agent is ypxfr(1M) which is started by
the ypserv (1M) program at yppush’s request (see ypxfr(1M) and ypserv (1M)). If yppush detects it is
interacting with a Version 1 NIS protocol server, it uses the older protocol to send a Version 1
YPPROC_GET request and issues a message to that effect. Unfortunately, there is no way of knowing if or
when the map transfer is performed for Version 1 servers. yppush prints a comment saying that a Ver-
y sion 1 message was sent. The system administrator should then verify by other means that the transfer
actually occurred.
The NIS Version 1 protocol will not be available in a future HP-UX release. HP recommends that you use
the next version of this protocol.

682 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

yppush(1M) yppush(1M)

AUTHOR
yppush was developed by Sun Microsystems, Inc.
FILES
/usr/sbin/ domain/ypservers.{dir, pag}
/usr/sbin/ domain/mapname.{dir, pag}
SEE ALSO
domainname(1), ypserv(1M), ypxfr(1M), ypfiles(4).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 683

 ypserv(1M) ypserv(1M)

NAME
ypserv, ypbind, ypxfrd - Network Information Service (NIS) server, binder, and transfer processes

SYNOPSIS
/usr/lib/netsvc/yp/ypserv [-l log_file] [-dv ]
/usr/lib/netsvc/yp/ypbind [-l log_file] [-s] [-ypset -ypsetme ] [-broadcast ]
/usr/sbin/ypxfrd
Remarks
The Network Information Service (NIS) was formerly known as Yellow Pages (YP). The functionality
remains the same; only the name has changed.

DESCRIPTION
The Network Information Service (NIS) provides a simple network lookup service consisting of databases
and processes. The databases are ndbm files in a directory tree rooted at /var/yp (see ndbm(3X)). These
files are described in ypfiles(4). The processes are /usr/lib/netsvc/yp/ypserv, the NIS database
lookup server, and /usr/lib/netsvc/yp/ypbind, the NIS binder. Both ypserv and ypbind are
daemon processes activated at system startup time when the NIS_MASTER_SERVER or
NIS_SLAVE_SERVER variable is set to 1, for ypserv , and the NIS_CLIENT variable is set to 1, for
ypbind , in the /etc/rc.config.d/namesvrs file.
The NIS programmatic interface is described in ypclnt(3C). Administrative tools are described in
ypwhich(1), yppoll(1M), yppush(1M), ypset(1M) and ypxfr(1M). Tools to see the contents of NIS maps
(databases) are described in ypcat(1) and ypmatch(1). Database generation and maintenance tools are
described in makedbm(1M), ypinit(1M), and ypmake(1M). The command to set or show the default NIS
domain is domainname .
ypxfrd transfers entire NIS maps in an efficient manner. For systems that use this daemon, map
transfers will be faster, depending on the map. ypxfrd should be run on the master server. ypxfr (see
ypxfr(1M)) will attempt to use ypxfrd first. If that fails, it will use the older transfer method. The
ypxfrd daemon is activated at system startup time when the NIS_MASTER_SERVER or
NIS_SLAVE_SERVER variable is set to 1 in the /etc/rc.config.d/namesvrs file.
The ypserv daemon’s primary function is to look up information in its local database of NIS maps. It
runs only on NIS server machines providing data from NIS databases.
The operations performed by ypserv are defined for the implementor by the YP Protocol Specification,
and for the programmer by the header file <rpcsvc/yp_prot.h>. Communication to and from
ypserv is by means of RPC. Lookup functions are described in ypclnt(3C) and are supplied as C-callable
functions in the TI-RPC library (-lnsl ).
Four functions namely: yp_match() , yp_first() , yp_next() , and yp_all() perform a lookup
on a specific map within a NIS domain. The yp_match() operation matches a key to a record in the
database and returns its associated value. The yp_first() operation returns the first key-value pair
(record) from the map, and yp_next() can be used to enumerate (sequentially retrieve) the remainder of
the records. yp_all() returns all records in the map to the requester as the response to a single RPC
request.
A number of special keys in the DBM files can alter the way in which ypserv operates. The keys of interest
are:
YP_INTERDOMAIN
The presence of this key makes ypserv forward host lookups that cannot be satisfied by the
DBM files to a DNS server.
YP_SECURE
This key makes ypserv answer only questions coming from clients on reserved ports.
y YP_MULTI_hostname
This is a special key in the form "YP_MULTI_hostname addr1, ..., addrN". A client looking for
hostname receives the closest address.
Two functions supply information about the map itself and not the map entries. These functions are
yp_order() and yp_master() . The order number is the time of last modification of a map. The mas-
ter name is the host name of the machine on which the master map is stored. Both order number and mas-
ter name exist in the map as special key-value pairs, but the server does not return these through the

684 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

ypserv(1M) ypserv(1M)

normal lookup functions. (If you examine the map with makedbm or yppoll (see makedbm(1M) or
yppoll(1M)), they are visible.) Other functions are used within the NIS subsystem and are not of general
interest to NIS clients. These include:
Do_you_serve_this_domain?
Transfer_map
Reinitialize_internal_state
The ypbind daemon remembers information that lets client processes on its machine communicate with a
ypserv process. The ypbind daemon must run on every machine using NIS services, both NIS servers
and clients. The ypserv daemon may or may not be running on a NIS client machine, but it must be run-
ning somewhere on the network or be available through a gateway.
The information that ypbind remembers is called a binding: the association of a NIS domain name with
the Internet address of the NIS server and the port on that host at which the ypserv process is listening
for service requests. This information is cached in the directory /var/yp/binding using a filename in
the form domainname .version.
Client requests drive the binding process. As a request for an unbound domain comes in, the ypbind pro-
cess broadcasts on the network, if the file /var/yp/binding/domain_name /ypservers does not
exist, trying to find a ypserv process serving maps within that NIS domain. If the binding should be
established by broadcasting, at least one ypserv process must exist on every network. If the file
/var/yp/binding/domain_name /ypservers is present, then ypbind will try to bind to one of the
NIS servers in the order of its listing in the file. If ypbind was unable to bind to any one of the servers
available in the list, it will try establishing a binding by broadcasting. The file,
/var/yp/binding/domain_name /ypservers , containing the list of NIS servers is created by invok-
ing ypinit with the -c option. (see ypinit(1M)). If ypbind is invoked with a -broadcast option,
ypbind will try to establish a binding by broadcast immaterial of the availability of the file
/var/yp/binding/domain_name /ypservers ; that is, the option -broadcast overrides the
existence of the file /var/yp/binding/domain_name /ypservers . Once a binding is established for
a client, it is given to subsequent client requests. Execute ypwhich to query the ypbind process (local
and remote) for its current binding (see ypwhich(1)).
Bindings are verified before they are given to a client process. If ypbind is unable to transact with the
ypserv process it is bound to, it marks the domain as unbound, tells the client process that the domain is
unbound, and tries to bind again. Requests received for an unbound domain fail immediately. Generally, a
bound domain is marked as unbound when the node running ypserv crashes or is overloaded. In such a
case, ypbind binds to any NIS server (typically one that is less heavily loaded) that is available on the
network.
The ypbind daemon also accepts requests to set its binding for a particular domain. ypset accesses the
set_domain facility; it is for unsnarling messes and is not for casual use.
Options
ypserv recognizes the following options:
-l log_file Log diagnostic and error messages to the file, log_file.
If ypserv is started without the -l option, ypserv writes its messages to
/var/yp/ypserv.log if that file exists.
If ypbind is started without the -l option, ypbind writes its messages directly to
the system console, /dev/console .
Information logged to the file includes the date and time of the message, the host
name, the process id and name of the function generating the message, and the mes-
sage itself. Note that different services can share a single log file since enough infor-
mation is included to uniquely identify each message.
-d The NIS service must approach the DNS for more host information. This requires the
existence of a correct /etc/resolv.conf file pointing at a machine running
y
named . This option enables DNS forwarding regardless of whether or not the
YP_INTERDOMAIN flag is set in the hosts maps. See makedbm(1M). In the absence
of an /etc/resolv.conf file, ypserv complains, but ignores the -d option.
-v Operate in the verbose mode, printing diagnostic messages to stderr.
ypbind recognizes the following options:

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 685

 ypserv(1M) ypserv(1M)

-l log_file Log diagnostic and error messages to the file, log_file. See the description above.
-s Secure. When specified, only NIS servers bound to a reserved port are used.
This allows for a slight increase in security in completely controlled environ-
ments, where there are no computers operated by untrusted individuals. It
offers no real increase in security.
-ypset Allow ypset to be used to change the binding (see ypset(1M)). For maximum
security, this option should be used only when debugging the network from a
remote machine.
-ypsetme Allow ypset to be issued from this machine (see ypset(1M)). Security is based
on IP address checking, which can be defeated on networks where untrusted
individuals may inject packets. This option is not recommended.
-broadcast When ypbind is invoked with this option, ypbind will try to establish a bind-
ing by broadcast even though the file
/var/yp/binding/domain_name /ypservers exists. That is, the option
-broadcast overrides the existence of this file.
If -broadcast is used in conjunction with -ypset or -ypsetme , then the
-broadcast option is ignored. If ypbind is invoked with option -ypset or
-ypsetme the NIS servers list in the file
/var/yp/binding/domain_name /ypservers is ignored.
WARNINGS
NIS uses ndbm files to store maps. Therefore, it is subject to the 1024 byte limitations described in the
WARNINGS section of the ndbm(3X) man page.
The NIS Version 1 protocol will not be available in a future HP-UX release. HP recommends that you use
the next version of this protocol.

AUTHOR
ypserv , ypbind , and ypxfrd were developed by Sun Microsystems, Inc.
FILES
/var/yp/binding/domainname .version
These files cache the last successful binding created for the given
domain, in order to to speed up the binding process. When a binding
is requested, these files are checked for validity and then used.
/var/yp/securenets This file is read by both ypserv and ypxfrd at startup time. It
defines the hosts and networks which are granted access to informa-
tion in the served domain.
/var/yp/secureservers This file is read by ypbind . It contains a list of IP addresses that
ypbind will receive a binding from.
/var/yp/binding/domain_name /ypservers
This file is read by ypbind . It contains the list of NIS servers that
ypbind will attempt to bind to, if ypbind is not invoked with a
-broadcast option.
SEE ALSO
domainname(1), ypcat(1), ypmatch(1), yppasswd(1), ypwhich(1), makedbm(1M), rpcinfo(1M), ypinit(1M),
ypmake(1M), yppasswdd(1M), yppoll(1M), yppush(1M), ypset(1M), ypxfr(1M), ypclnt(3C), yppasswd(3N),
ndbm(3X), ypfiles(4).

686 Hewlett-Packard Company −3− HP-UX 11i Version 3: February 2007

ypset(1M) ypset(1M)

NAME
ypset - bind to particular Network Information Service server

SYNOPSIS
/usr/sbin/ypset [-V1 ] [-h host ] [-d domain ] server
Remarks
The Network Information Service (NIS) was formerly known as Yellow Pages (yp). Although the name has
changed, the functionality of the service remains the same.

DESCRIPTION
ypset tells ypbind to get Network Information Service (NIS) services for the specified domain from the
ypserv process running on server (see ypserv (1M) and ypbind(1M)). server is the NIS server that the NIS
client binds to, and is specified as either a host name or an IP address. If server is down or is not running
ypserv , this is not discovered until a local NIS client process tries to obtain a binding for the domain.
The ypbind daemon then tests the binding set by ypset . If the binding cannot be made to the
requested server, ypbind attempts to rebind to another server in the same domain.
The ypset command is useful for binding a client node that is not on a broadcast network, since broad-
casting is the method by which ypbind locates a NIS server. If a client node exists on a broadcast net-
work which has no NIS server running, and if there is a network with one running that is available via a
gateway, ypset can establish a binding through that gateway. It is also useful for debugging NIS client
applications such as when a NIS map exists only at a single NIS server.
In cases where several hosts on the local net are supplying NIS services, it is possible for ypbind to
rebind to another host, even while you attempt to find out if the ypset operation succeeded. For exam-
ple, typing ypset host1 followed by ypwhich and receiving the reply host2 may be confusing. It
could occur when host1 does not respond to ypbind because its ypserv process is not running or is
overloaded, and host2, running ypserv , gets the binding.
Refer to ypfiles(4) and ypserv (1M) for an overview of the Network Information Service.

Options
ypset recognizes the following options and command-line arguments:
-V1 Bind server for the (old) Version 1 NIS protocol.
-h host Set the binding on host instead of locally. host can be specified as a host name or an
IP address.
-d domain Use domain instead of the default domain returned by domainname (see domain-
name(1)).

DIAGNOTICS
Sorry, ypbind on host ’name’ has rejected your request.
The user is not root, or ypbind was run without the -ypset flags. See ypserv (1M) for explanations
of the -ypset flags.
Sorry, I couldn’t send my rpc message to ypbind on host ’name’.
The user is not root, or ypbind was run without one of the -ypset flags. See ypserv (1M) for expla-
nations of the -ypset flags.

WARNINGS
The server is the NIS server to bind to, specified as either a host name or an IP address. If server is a host
name, ypset uses the NIS services’ hosts database (built from /etc/hosts on the master server) to
resolve the name to an IP address. This process works only if the node currently has a valid binding for the
domain in question. In most cases, server should be specified as an IP address.
The NIS Version 1 protocol will not be available in a future HP-UX release. HP recommends that you use y
the next version of this protocol.

AUTHOR
ypset was developed by Sun Microsystems, Inc.

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 687

 ypset(1M) ypset(1M)

SEE ALSO
domainname(1), ypwhich(1), ypserv(1M), ypfiles(4).

688 Hewlett-Packard Company −2− HP-UX 11i Version 3: February 2007

ypupdated(1M) ypupdated(1M)

NAME
ypupdated, rpc.ypupdated - server for changing NIS information

SYNOPSIS
/usr/lib/netsvc/yp/rpc.ypupdated [-is]
Remarks
The Network Information Service (NIS) was formerly known as Yellow Pages (yp). Although the name has
changed, the functionality of the service remains the same.

DESCRIPTION
ypupdated is a daemon that updates information in the Network Information Service (NIS)
databases. It is activated at system startup when the NIS_MASTER_SERVER variable is set to 1 in
/etc/rc.config.d/namesvrs file on the NIS master server. ypupdated consults the file
updaters in the directory /var/yp to determine which NIS maps should be updated and how to change
them.
By default, the daemon requires the most secure method of authentication available to it, either DES
(secure) or UNIX (without augmented security).

Options
ypupdated supports the following options:
-i Accept RPC calls with the insecure AUTH_UNIX credentials. This allows programmatic updat-
ing of the NIS maps in all networks.
-s Accept only calls authenticated using the secure RPC mechanism (AUTH_DES authentication).
This disables programmatic updating of the NIS maps unless the network supports these calls.

AUTHOR
ypupdated was developed by Sun Microsystems, Inc.
FILES
/var/yp/updaters
SEE ALSO
keyserv(1M), updaters(1M).

HP-UX 11i Version 3: February 2007 −1− Hewlett-Packard Company 689

 ypxfr(1M) ypxfr(1M)

NAME
ypxfr, ypxfr_1perday, ypxfr_1perhour, ypxfr_2perday - transfer NIS database from server to local node

SYNOPSIS
/usr/sbin/ypxfr [b] [-c] [-d domain] [-f] [-h host] [-s domain] [-C tid prog ipaddr port]
mapname

Remarks
The Network Information Service (NIS) was formerly known as Yellow Pages (yp). Although the name has
changed, the functionality of the service remains the same.

DESCRIPTION
ypxfr copies a Network Information Service (NIS) map (database) to the local host from a NIS server by
using the NIS services. A map can be copied regardless of its age, or it can be copied depending on whether
its modification time (order number) is more recent than that of the local map.
The ypxfr command creates a temporary map in directory /var/yp/domain where domain is the NIS
domain. The ypxfr command fills the map with mapname entries, obtains the map parameters (master
and order number), and loads them. It then clears the old version of mapname and moves the temporary
map to the existing mapname.
If ypxfr is run interactively, it writes messages to standard output. If ypxfr is invoked without a con-
trolling terminal and if the log file /var/yp/ypxfr.log exists, ypxfr appends all its messages to that
file. Since ypxfr is usually run from root’s crontab file (see crontab(1)) or by yppush (see
yppush(1M)), the log file can retain a record of what ypxfr attempted and what the results were.
To maintain consistency between NIS servers, ypxfr should be executed periodically for every map in the
NIS. Different maps change at different rates. For example, the services.byname map may not
change for months at a time, and might therefore be checked for changes only once a day, such as in the
early morning hours. However, passwd.byname may change several times per day, so hourly checks for
updates might be more appropriate.
A crontab file can perform these periodic checks and transfers automatically. Rather than having a
separate crontab file for each map, ypxfr requests can be grouped in a shell script to update several
maps at once. Example scripts (mnemonically named) are in /var/yp : ypxfr_1perday,
ypxfr_2perday, and ypxfr_1perhour. They serve as reasonable rough drafts that can be changed
as appropriate.
Refer to ypfiles(4) and ypserv (1M) for an overview of the Network Information Service.

Options
ypxfr recognizes the following options:
-b Preserve the resolver flag in the map during transfer.
-c Do not send a "clear current map" request to the local ypserv process. Use this flag
if ypserv is not running locally when you are running ypxfr . Otherwise, ypxfr
complains that it cannot talk to the local ypserv , and the transfer fails. If ypserv
is running locally, do not use this flag.
-d domain Copy the map from a NIS server in domain rather than the domain returned by
domainname (see domainname(1)).
-f Force the map to be copied, even if its order number at the remote NIS server is not
more recent than the order number of the local map.
-h host Obtain the map from host, regardless of its master server. If this option is not used,
ypxfr asks the NIS service for the master’s host name and tries to obtain its map.
The host can be a name or an IP address of the form a .b .c .d .
y -s domain Specify a source domain from which to transfer a map that should be the same across
domains (such as the services.byname map.
-C tid prog ipaddr port
This option is used only by ypserv . When ypserv invokes ypxfr , it specifies that
ypxfr should call back a yppush process (that initiated the transfer) at the host
with IP address ipaddr, registered as program number prog, listening on port port,
and waiting for a response to transaction tid.

690 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007

ypxfr(1M) ypxfr(1M)

AUTHOR
ypxfr was developed by Sun Microsystems, Inc.
FILES
/usr/sbin/ypxfr.log Log file
The following scripts are suggested for use with cron .
/usr/sbin/ypxfr_1perday Run one transfer per day
/usr/sbin/ypxfr_2perday Run two transfers per day
/usr/sbin/ypxfr_1perhour Hourly transfers of "volatile" maps
SEE ALSO
crontab(1), domainname(1), cron(1M), ypinit(1M), yppush(1M), ypserv(1M), ypfiles(4).

HP-UX 11i Version 3: February 2007 −2− Hewlett-Packard Company 691

 (Notes) (Notes)

692 Hewlett-Packard Company −1− HP-UX 11i Version 3: February 2007