AIX 5L Version 5.

3 򔻐򗗠򙳰

Commands Reference, Volume 3, i - m

SC23-4890-03
AIX 5L Version 5.3 򔻐򗗠򙳰

Commands Reference, Volume 3, i - m

SC23-4890-03
 Note
Before using this information and the product it supports, read the information in “Notices,” on page 779.

Fourth Edition (July 2006)

This edition applies to AIX 5L Version 5.3 and to all subsequent releases of this product until otherwise indicated in
new editions.
A reader’s comment form is provided at the back of this publication. If the form has been removed, address
comments to Information Development, Department 04XA-905-6C006, 11501 Burnet Road, Austin, Texas
78758-3493. To send comments electronically, use this commercial Internet address: aix6kpub@[Link]. Any
information that you supply may be used without incurring any obligation to you.
© Copyright International Business Machines Corporation 1997, 2006. All rights reserved.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
About This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
How to Use This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Highlighting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
ISO 9000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
32-Bit and 64-Bit Support for the Single UNIX Specification . . . . . . . . . . . . . . . . . xiv
Related Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Alphabetical Listing of Commands. . . . . . . . . . . . . . . . . . . . . . . . . . 1

ibm3812 Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
ibm3816 Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
ibm5585H-T Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
ibm5587G Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
ibstat Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
iconv Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
id Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
ifconfig Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
ike Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
ikedb Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
imake Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
imapd Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
imapds Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
impfilt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
importvg Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
imptun Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
inc Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
indent Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
indxbib Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
inetd Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
infocmp Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
infocenter Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
install Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
install_all_updates Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
install_assist Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
install_mh Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
install_wizard Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
installbsd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
installios Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
installp Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
instfix Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
inucp Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
inudocm Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
inulag Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
inurecv Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
inurest Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
inurid Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
inusave Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
inutoc Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
inuumsg Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
invscout Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
invscoutd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
ioo Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
iostat Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
ipcrm Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

© Copyright IBM Corp. 1997, 2006 iii

ipcs Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
ipfilter Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
ipreport Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
ipsec_convert Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
ipsecstat Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
ipsectrcbuf Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
iptrace Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
isC2host Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
isCChost Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
istat Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
j2edlimit Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
jobs Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
join Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
joinvg Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
kdb Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
kdestroy Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
keyadd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
keycomp Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
keydelete Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
keyenvoy Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
keylist Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
keylogin Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
keylogout Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
keypasswd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
keyserv Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
kill Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
killall Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
kinit Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
klist Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
kmodctrl Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
kpasswd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
krlogind Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
krshd Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
ksh Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
ksh93 Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
kvno Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
last Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
lastcomm Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
lastlogin Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
lb_admin Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
lb_find Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
lbxproxy Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
ld Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
ldd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
ldedit Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
learn Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
leave Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
lecstat Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
lex Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
line Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
link Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
lint Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
listdgrp Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
listvgbackup Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
listX11input Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
llbd Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

iv Commands Reference, Volume 3

ln Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
locale Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
localedef Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
lock Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
lockd Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
locktrace Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
elogevent Command, logevent Command . . . . . . . . . . . . . . . . . . . . . . . 226
logform Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
logger Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
login Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
logins Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
logname Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
logout Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
look Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
lookbib Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
lorder Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
lp Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
[Link], [Link], [Link] Command . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
lpadmin Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
lpar_netboot Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
lparstat Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
lpc Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
lpd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
lpfilter Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
lpforms Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
lphistory Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
lpmove Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
lppchk Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
lppmgr Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
lpq Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
lpr Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
lprm Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
lpsched Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
lpstat Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
lpsystem Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
lptest Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
lpusers Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
ls Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
ls-secldapclntd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
lsactdef Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
lsallq Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
lsallqdev Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
lsarm command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
lsattr Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
lsaudrec Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
lsauthent Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
lsC2admin Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
lsCCadmin Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
lscfg Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
lscifscred Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
lscifsmnt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
lsclass Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
lscomg Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
lscondition Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
lscondresp Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
lsconn Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

Contents v
lscons Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
lscore Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
lscosi Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
lsdev Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
lsdisp Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
lsfilt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
lsfont Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
lsfs Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
lsgroup Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
lsitab Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
lskbd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
lsldap Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
lslicense Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
lslpcmd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
lslpp Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
lslv Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
lsmaster Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
lsmcode Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
lsmksysb Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
lsnamsv Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
lsnfsexp Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
lsnfsmnt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
lsnim Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
lsnlspath Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
lsparent Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
lspath Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
lsprtsv Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
lsps Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
lspv Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
lsque Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
lsquedev Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
lsresource Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
lsresponse Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
lsrole Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
lsrpdomain Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
lsrpnode Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
lsrset Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
lsrsrc Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
lsrsrcdef Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
lssavevg Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
lssec Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
lssensor Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
lsslot Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
lssrc Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
lsts Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
lstun Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
lsuser Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
lsvfs Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
lsvg Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
lsvirprt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
lsvmode Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
lsvpd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
lsvsd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
lswlmconf Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
lvmo Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
lvmstat Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

vi Commands Reference, Volume 3

m4 Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
mach Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
machstat Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
macref Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
mail, Mail, or mailx Command . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
mailq Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
mailstats Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485
make Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
makedbm Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
makedepend Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
makedev Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
makekey Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497
makemap Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
man Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
managefonts Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
mant Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
mark Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
mesg Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
mhl Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510
mhmail Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
mhpath Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
migratelp Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
migratepv Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
mirrord Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
mirrorvg Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
mirscan Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521
mk_niscachemgr Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
mk_nisd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
mk_nispasswdd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
mkboot Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528
mkC2admin Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
mkcatdefs Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
mkCCadmin Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
mkcd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533
mkcfsmnt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538
mkcifscred Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539
mkcifsmnt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 540
mkcimreg Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
mkclass Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
mkclient Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
mkcomg Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548
mkcondition Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551
mkcondresp Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
mkcosi Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558
mkdev Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559
mkdir Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
mkdirhier Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564
mkdvd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564
mkfifo Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568
mkfilt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569
mkfont Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570
mkfontdir Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
mkfs Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572
mkgroup Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575
mkhosts Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 578
mkitab Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579

Contents vii
mkinstallp Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581
mkkeyserv Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582
mkkrb5clnt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583
mkkrb5srv Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584
mklost+found Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
mklpcmd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587
mklv Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590
mklvcopy Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596
mkmaster Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598
mknamsv Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599
mknetid Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 600
mknfs Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601
mknfsexp Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
mknfsmnt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
mknfsproxy Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608
mknod Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610
mknotify Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611
mkpasswd Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612
mkpath Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613
mkprojldap Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615
mkproto Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617
mkprtldap Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621
mkprtsv Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625
mkps Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 628
mkqos Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 629
mkque Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 630
mkquedev Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631
mkramdisk Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 633
mkresponse Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635
mkrole Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640
mkrpdomain Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641
mkrset Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645
mkrsrc Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646
mkseckrb5 Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649
mksecldap Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 650
mksecpki Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 655
mksensor Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 657
mkserver Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660
mkslave Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661
mkssys Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 662
mkstr Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665
mksysb Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 666
mkszfile Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 669
mktcpip Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671
mkts Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673
mktun Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 674
mkuser Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675
[Link] Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678
mkvg Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678
mkvgdata Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 682
mkvirprt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683
mm Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685
mmt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 687
mmtu Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 689
mobip6ctrl Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 690
mobip6reqd Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 691

viii Commands Reference, Volume 3

monacct Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 692
mon-cxma Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693
monitord Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695
moo Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695
more Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 696
mosy Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701
mount Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 703
mountd Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 712
mpcfg Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 713
mpcstat Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 715
mpstat Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717
mrouted Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 720
msgchk Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 724
msh Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 725
mt Command (BSD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 726
mtrace Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 727
multibos Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 729
mv Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 732
mvdir Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735
mvfilt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736
mvt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736
mwm Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737

Appendix. Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 779

Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 780

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 783

Contents ix
x Commands Reference, Volume 3
About This Book
This book provides end users with complete detailed information about commands for the AIX® operating
system. The commands are listed alphabetically and by category, and complete descriptions are given for
commands and their available flags. If applicable, each command listing contains examples. This volume
contains AIX commands that begin with the letters i through m. This publication is also available on the
documentation CD that is shipped with the operating system.

How to Use This Book

A command is a request to perform an operation or run a program. You use commands to tell the
operating system what task you want it to perform. When commands are entered, they are deciphered by
a command interpreter (also known as a shell) and that task is processed.

Some commands can be entered simply by typing one word. It is also possible to combine commands so
that the output from one command becomes the input for another command. This is known as pipelining.

Flags further define the actions of commands. A flag is a modifier used with the command name on the
command line, usually preceded by a dash.

Commands can also be grouped together and stored in a file. These are known as shell procedures or
shell scripts. Instead of executing the commands individually, you execute the file that contains the
commands.

Some commands can be constructed using Web-based System Manager applications or the System
Management Interface Tool (SMIT).

Highlighting
The following highlighting conventions are used in this book:

Bold Identifies commands, subroutines, keywords, files, structures, directories, and other items whose
names are predefined by the system. Also identifies graphical objects such as buttons, labels, and
icons that the user selects.
Italics Identifies parameters whose actual names or values are to be supplied by the user.
Monospace Identifies examples of specific data values, examples of text similar to what you might see
displayed, examples of portions of program code similar to what you might write as a programmer,
messages from the system, or information you should actually type.

Format
Each command may include any of the following sections:

Purpose A description of the major function of each command.

Syntax A syntax statement showing command line options.
Description A discussion of the command describing in detail its function and use.
Flags A list of command line flags and associated variables with an explanation of
how the flags modify the action of the command.
Parameters A list of command line parameters and their descriptions.
Subcommands A list of subcommands (for interactive commands) that explains their use.
Exit Status A description of the exit values the command returns.
Security Specifies any permissions needed to run the command.
Examples Specific examples of how you can use the command.
Files A list of files used by the command.
Related Information A list of related commands in this book and related discussions in other books.

© Copyright IBM Corp. 1997, 2006 xi

Reading Syntax Statements
Syntax statements are a way to represent command syntax and consist of symbols such as brackets ([ ]),
braces ({ }), and vertical bars (|). The following is a sample of a syntax statement for the unget command:

unget [ -rSID ] [ -s ] [ -n ] File ...

The following conventions are used in the command syntax statements:

v Items that must be entered literally on the command line are in bold. These items include the command
name, flags, and literal charactors.
v Items representing variables that must be replaced by a name are in italics. These items include
parameters that follow flags and parameters that the command reads, such as Files and Directories.
v Parameters enclosed in brackets are optional.
v Parameters enclosed in braces are required.
v Parameters not enclosed in either brackets or braces are required.
v A vertical bar signifies that you choose only one parameter. For example, [ a | b ] indicates that you can
choose a, b, or nothing. Similarly, { a | b } indicates that you must choose either a or b.
v Ellipses ( ... ) signify the parameter can be repeated on the command line.
v The dash ( - ) represents standard input.

Listing of Installable Software Packages

To list the installable software package (fileset) of an individual command use the lslpp command with the
-w flag. For example, to list the fileset that owns the installp command, enter:
lslpp -w /usr/sbin/installp

Output similar to the following displays:

File Fileset Type
-----------------------------------------------------------------
/usr/sbin/installp [Link] File

To list the fileset that owns all file names that contain installp, enter:
lslpp -w "*installp*"

Output similar to the following displays:

File Fileset Type
-----------------------------------------------------------------
/usr/sbin/installp [Link] File
/usr/clvm/sbin/linstallpv [Link] File
/usr/lpp/[Link]/nim/methods/c_installp
[Link] File

Running Commands in the Background

If you are going to run a command that takes a long time to process, you can specify that the command
run in the background. Background processing is a useful way to run programs that process slowly. To run
a command in the background, you use the & operator at the end of the command:
Command&

Once the process is running in the background, you can continue to work and enter other commands on
your system.

xii Commands Reference, Volume 3

At times, you might want to run a command at a specified time or on a specific date. Using the cron
daemon, you can schedule commands to run automatically. Or, using the at and batch commands, you
can run commands at a later time or when the system load level permits.

Entering Commands
You typically enter commands following the shell prompt on the command line. The shell prompt can vary.
In the following examples, $ is the prompt.

To display a list of the contents of your current directory, you would type ls and press the Enter key:
$ ls

When you enter a command and it is running, the operating system does not display the shell prompt.
When the command completes its action, the system displays the prompt again. This indicates that you
can enter another command.

The general format for entering commands is:

Command Flag(s) Parameter

The flag alters the way a command works. Many commands have several flags. For example, if you type
the -l (long) flag following the ls command, the system provides additional information about the contents
of the current directory. The following example shows how to use the -l flag with the ls command:
$ ls -l

A parameter consists of a string of characters that follows a command or a flag. It specifies data, such as
the name of a file or directory, or values. In the following example, the directory named /usr/bin is a
parameter:
$ ls -l /usr/bin

When entering commands, it is important to remember the following:

v Commands are usually entered in lowercase.
v Flags are usually prefixed with a - (minus sign).
v More than one command can be typed on the command line if the commands are separated by a ;
(semicolon).
v Long sequences of commands can be continued on the next line by using the \ (backslash). The
backslash is placed at the end of the first line. The following example shows the placement of the
backslash:
$ cat /usr/ust/mydir/mydata > \
/usr/usts/yourdir/yourdata

When certain commands are entered, the shell prompt changes. Because some commands are actually
programs (such as the telnet command), the prompt changes when you are operating within the
command. Any command that you issue within a program is known as a subcommand. When you exit the
program, the prompt returns to your shell prompt.

The operating system can operate with different shells (for example, Bourne, C, or Korn) and the
commands that you enter are interpreted by the shell. Therefore, you must know what shell you are using
so that you can enter the commands in the correct format.

Stopping Commands
If you enter a command and then decide to stop that command from running, you can halt the command
from processing any further. To stop a command from processing, press the Interrupt key sequence
(usually Ctrl-C or Alt-Pause). When the process is stopped, your shell prompt returns and you can then
enter another command.

About This Book xiii

ISO 9000
ISO 9000 registered quality systems were used in the development and manufacturing of this product.

32-Bit and 64-Bit Support for the Single UNIX Specification

Beginning with Version 5.2, the operating system is designed to support The Open Group’s Single UNIX
Specification Version 3 (UNIX 03) for portability of UNIX-based operating systems. Many new interfaces,
and some current ones, have been added or enhanced to meet this specification, making Version 5.2 even
more open and portable for applications, while remaining compatible with previous releases of AIX.
To determine the proper way to develop a UNIX 03-portable application, you may need to refer to The
Open Group’s UNIX 03 specification, which can be accessed online or downloaded from
[Link] .

Related Information
The following books contain information about or related to commands:
v AIX 5L Version 5.3 Commands Reference, Volume 1
v AIX 5L Version 5.3 Commands Reference, Volume 2
v AIX 5L Version 5.3 Commands Reference, Volume 3
v AIX 5L Version 5.3 Commands Reference, Volume 4
v AIX 5L Version 5.3 Commands Reference, Volume 5
v AIX 5L Version 5.3 Commands Reference, Volume 6
v AIX 5L Version 5.3 Files Reference
v Printers and printing
v Installation and migration
v AIX 5L Version 5.3 AIX Installation in a Partitioned Environment
v AIX 5L Version 5.3 Network Information Services (NIS and NIS+) Guide
v Performance management
v AIX 5L Version 5.3 Performance Tools Guide and Reference
v Security
v Networks and communication management
v Operating system and device management
v AIX 5L Version 5.3 Technical Reference: Base Operating System and Extensions Volume 1
v AIX 5L Version 5.3 Technical Reference: Base Operating System and Extensions Volume 2
v AIX 5L Version 5.3 Technical Reference: Communications Volume 1
v AIX 5L Version 5.3 Technical Reference: Communications Volume 2
v AIX 5L Version 5.3 Technical Reference: Kernel and Subsystems Volume 1
v AIX 5L Version 5.3 Technical Reference: Kernel and Subsystems Volume 2
v AIX 5L Version 5.3 Web-based System Manager Administration Guide
v Performance Toolbox Version 2 and 3 for AIX: Guide and Reference

xiv Commands Reference, Volume 3

Alphabetical Listing of Commands
ibm3812 Command

Purpose
Postprocesses the troff command output for the IBM® 3812 Model 2 Pageprinter.

Syntax
ibm3812 [ -altpaper] [ -landscape] [ -quietly] [ -FDirectory] [ -i] [File...]

Description
The ibm3812 command is a postprocessor that can be used on intermediate output produced by the troff
command.

Note: An entire page is placed in memory before it is printed.

If given one or more file names as options, the ibm3812 command processes those files. If no file names
are specified, this command acts as a filter interpreting standard input.

The ibm3812 command’s font files allow the postprocessor to send characters of more than one byte to
the printer. These can be characters that require multiple bytes to represent them, such as code page and
point; or, they can be characters that are composed of two or more concatenated glyphs.

For example, the character code for the \(ib (improper subset) special character is:
"\001\125\xe2\xff\xe8\xe3%\x00\x16\001\074\xe3\xff\xea"

The printer is in Page Map Primitive (PMP) mode when these bytes are sent, so you must use the 001
directive to introduce a character. For single-byte codes, this Generic Font Patterns command is
automatically handled by the postprocessor. The % (percent sign) characters escape the bytes containing
0, which would otherwise terminate the code sequence. To obtain a literal % character, escape it with
another % character so that a percent sign is displayed as %%. A single-byte % code is assumed to be a
literal percent sign, so that the single-byte % character needs no special handling in the font file.

Notes:
1. The ibm3812 command depends on the files with names ending in .out in the
/usr/lib/font/devibm3812 directory. It does not produce usable output unless these files have
been properly set up.
2. The postprocessor requires additional font information to be stored in the /usr/lib/font/
devibm3812/fonts file. If new fonts are added to this file, make sure that the DESC file is also
updated to reflect the additional fonts and special characters.

The format of the file must be preserved. The file contains the following four fields:
v The one- or two-letter name of the font
v The full name of the font on the printer-font diskette
v The one- or two-letter name of the substitute font
v An array of five available sizes.

Flags
-altpaper Specifies that the file should be printed from the alternate paper drawer. By default, the
ibm3812 command prints from the primary paper drawer.

© Copyright IBM Corp. 1997, 2006 1

-landscape Specifies that the file should be printed in landscape orientation, so that the wider part of the
paper is horizontally oriented. This flag rotates the page to the right by 90 degrees. By default,
the ibm3812 command prints in portrait orientation.
-quietly Suppresses all non-fatal error messages.
-FDirectory Specifies the directory holding the font files. The default file is devibm3812. The command
looks for font files in the /usr/lib/font directory by default.
-i Suppresses initialization of the printer that runs the [Link] macro, after the job has printed.

Example
Following is an example of the troff command used with the ibm3812 command:
troff file|ibm3812|qprt-dp

Files
/usr/lib/font/devibm3812/*.out Contains font files for the ibm3812 command.
/usr/lib/font/devibm3812/fonts Contains information about the available fonts for the
ibm3812 command.

Related Information
The ibm3816 command, troff command.

The troff font file format specifies description files for the troff command.

ibm3816 Command

Purpose
Postprocesses the troff command output for the IBM 3816 Pageprinter.

Syntax
ibm3816 [ -altpaper] [ -landscape] [ -quietly] [ -FDirectory] [ -i] [File...]

Description
The ibm3816 command is a postprocessor that can be used on intermediate output produced by the troff
command.

Note: An entire page is placed in memory before it is printed.

If given one or more file names as options, the ibm3816 command processes those files. If no file names
are specified, this command acts as a filter interpreting standard input.

The ibm3816 command’s font files allow the postprocessor to send characters of more than one byte to
the printer. These can be characters that require multiple bytes to represent them, such as code page and
point; or, they can be characters that are composed of two or more concatenated glyphs.

For example, the character code for the \(ib (improper subset) special character is:
"\001\125\xe2\xff\xe8\xe3%\x00\x16\001\074\xe3\xff\xea"

The printer is in Page Map Primitive (PMP) mode when these bytes are sent, so you must use the 001
directive to introduce a character. For single-byte codes, this Generic Font Patterns command is
automatically handled by the postprocessor. The % (percent sign) characters escape the bytes containing
0, which would otherwise terminate the code sequence. To obtain a literal % character, escape it with

2 Commands Reference, Volume 3

another % character so that a percent sign is displayed as %%. A single-byte % code is assumed to be a
literal percent sign, so that the single-byte % character needs no special handling in the font file.

Notes:
1. The ibm3816 command depends on the files with names ending in .out in the
/usr/lib/font/devibm3816 directory. It does not produce usable output unless these files have
been properly set up.
2. The postprocessor requires additional font information to be stored in the /usr/lib/font/
devibm3816/fonts file. If new fonts are added to this file, make sure that the DESC file is also
updated to reflect the additional fonts and special characters.

The format of the file must be preserved. The file contains the following four fields:
v The one- or two-letter name of the font
v The full name of the font on the printer-font diskette
v The one- or two-letter name of the substitute font
v An array of five available sizes.

Flags
-altpaper Specifies that the file should be printed from the alternate paper drawer. By default, the
ibm3816 command prints from the primary paper drawer.
-landscape Specifies that the file should be printed in landscape orientation, so that the wider part of the
paper is horizontally oriented. This flag rotates the page to the right by 90 degrees. By default,
the ibm3816 command prints in portrait orientation.
-quietly Suppresses all non-fatal error messages.
-FDirectory Specifies the directory holding the font files. The default file is devibm3816. The command
looks for font files in the /usr/lib/font directory by default.
-i Suppresses initialization of the printer that runs the [Link] macro, after the job has printed.

Example
Following is an example of the troff command used with the ibm3816 command:
troff file|ibm3816|qprt-dp

Files
/usr/lib/font/devibm3816/*.out Contains font files for the ibm3816 command.
/usr/lib/font/devibm3816/fonts Contains information about the available fonts for the
ibm3816 command.

Related Information
The ibm3812 command, troff command.

The troff font file format specifies description files for the troff command.

ibm5585H-T Command

Purpose
Processes troff command output for the IBM 5585H-T printer.

Alphabetical Listing of Commands 3

Syntax
ibm5585H-T [ -FDirectory ] [ File ]

Description
The ibm5585H-T command processes the output of the troff command for output to the IBM 5585H-T
printer for traditional Chinese language. This command is provided exclusively for traditional Chinese
language support.

The ibm5585H-T command processes one or more files specified by the File parameter. If no file is
specified, the ibm5585H-T command reads from standard input.

The ibm5585H-T command uses font files in the /usr/lib/font/devibm5585H-T directory that have
command names ending with .out. The ibm5585H-T command does not produce correct output unless
these files are provided.

Flag
-FDirectory Specifies a directory name as the place to find font files. By default, the ibm5585H-T command
looks for font files in the /usr/lib/font/devibm5585H-T directory.

Example
To process the reports file for the IBM 5585H-T printer, enter:
troff reports |ibm5585H-T | qprt -dp

The ibm5585H-T command first processes the output of the troff command, then sends the file to a print
queue.

File
/usr/lib/font/devibm5585H-T/*.out Contains font files.

Related Information
The troff command.

The troff font file format.

ibm5587G Command

Purpose
Postprocesses troff command output for the IBM 5587-G01, 5584-H02, 5585-H01, 5587-H01, and
5589-H01 printers with the (32x32/24x24) cartridge installed. This command is used exclusively for
Japanese Language Support.

Syntax
ibm5587G [ -FDirectory] [ -quietly] [File ...]

Description
The ibm5587G command processes the output of the troff command for output to the 5587-G01,
5584-H02, 5585-H01, 5587-H01, and 5589-H01 printers.

4 Commands Reference, Volume 3

If given one or more files as options, the ibm5587G command processes those files. If no files are
specified, it acts as a filter interpreting standard input.

Note: The ibm5587G command assumes that the (32x32/24x24) cartridge is installed in the printer.
Incorrect output from the printer may result if the wrong cartridge is installed in the printer.

The ibm5587G command depends on the files with names ending in .out in the /usr/lib/font/
devibm5587G directory. It does not produce reasonable output unless these files have been properly set
up.

Flags
-FDirectory Specifies a directory name as the place to find the font files. By default, the ibm5587G
command looks for font files in the /usr/lib/font/devibm5587G directory.
-quietly Suppresses all nonfatal error messages.

Files
/usr/lib/font/devibm5587G/*.out Contains font files.

Related Information
The troff command formats text for printing on typesetting devices.

The troff font file format specifies description files for the troff command.

ibstat Command

Purpose
Displays operational information about one or more InfiniBand network devices.

Syntax
ibstat [ -d, -h, -i, -n, -p, -v ] DeviceName

Description
This command displays InfiniBand operational information pertaining to a specified Host Channel Adapter
Device (HCAD). If an HCAD device name is not entered, status for all available HCADs are displayed.
Select a flag to narrow down your search results. You can display specific categories of information,
including Node, Port, Interface, and Debug information. You can also choose to display all of the
information categories.

Flags
-d Displays current debug setting.
-h Displays ibstat command usage.
-i Displays network interface information.
-n Displays IB node information.
-p Displays IB port information.
-v Displays all IB device information.

The following fields display information for all valid calls:

Alphabetical Listing of Commands 5

Device Name
Displays the name of an available HCAD (for example, iba0).
Port State
Displays the current state of each HCAD port.
Down Port is disabled.
Initialized
Port is enabled and issuing training sequences.
Down Port is trained and attempting to configure to the active state.
Active Port is in a normal operational state.
Unknown
Port is in an invalid or unknown state.

Parameters
DeviceName Specifies the name of the HCAD device (for example,
iba0)

Exit Status
When you specify an invalid DeviceName, the ibstat command produces error messages stating that it
could not connect to the device. For example:
IBSTAT: No device iba2 configured.

or:
IBSTAT: Device iba3 is not available.

Examples
1. To request node and port information, enter:
ibstat -n -p

Information similar to the following is displayed:

===============================================================================
INFINIBAND DEVICE INFORMATION (iba0)
===============================================================================

-------------------------------------------------------------------------------
IB NODE INFORMATION (iba0)
-------------------------------------------------------------------------------
Number of Ports: 2
Globally Unique ID (GUID): [Link].[Link]
Maximum Number of Queue Pairs: 1023
Maximum Outstanding Work Requests: 32768
Maximum Scatter Gather per WQE: 252
Maximum Number of Completion Queues: 1023
Maximum Multicast Groups: 256
Maximum Memory Regions: 3836
Maximum Memory Windows: 3836

-------------------------------------------------------------------------------
IB PORT 1 INFORMATION (iba0)
-------------------------------------------------------------------------------
Global ID Prefix: fe.[Link].00.00.00
Local ID (LID): 0012
Port State: Active
Maximum Transmission Unit Capacity: 2048

6 Commands Reference, Volume 3

 Current Number of Partition Keys: 1
Partition Key List:
P_Key[0]: ffff
Current Number of GUID’s: 1
Globally Unique ID List:
GUID[0]: [Link].[Link]

-------------------------------------------------------------------------------
IB PORT 2 INFORMATION (iba0)
-------------------------------------------------------------------------------
Global ID Prefix: fe.[Link].00.00.00
Local ID (LID): 0011
Port State: Active
Maximum Transmission Unit Capacity: 2048
Current Number of Partition Keys: 1
Partition Key List:
P_Key[0]: ffff
Current Number of GUID’s: 1
Globally Unique ID List:
GUID[0]: [Link].[Link]

Location
/usr/sbin/ibstat

Related Information
Internet Protocol over InfiniBand.

iconv Command

Purpose
Converts the encoding of characters from one code page encoding scheme to another.

Syntax
iconv [-cs] -f FromCode -t ToCode [ FileName... ]

iconv -l

Description
The iconv command converts the encoding of characters read from either standard input or the specified
file from one coded character set to another and then writes the results to standard output. The input and
output coded character sets are identified by the FromCode and ToCode parameters. The input data
should consist of characters in the code set specified by the FromCode parameter. If the FileName
parameter is not specified on the command line, the iconv command reads from standard input.

You can use a Web-based System Manager System application (wsm system fast path) to run this
command. You could also use the System Management Interface Tool (SMIT) smit iconv fast path to run
this command. The iconv command uses the LOCPATH environment variable to search for code-set
converters of the form iconv/FromCodeSet_ToCodeSet. The default value of LOCPATH is /usr/lib/nls/loc.

Alphabetical Listing of Commands 7

Flags
-c Omits characters that cannot be converted in the input file from the output. Characters that
cannot be converted include characters that are invalid in the FromCode of the input or that
have no corresponding character in the ToCode of the output. After omitting an unconvertible
character, iconv advances to the next byte of the input to convert the next character. If -c is not
used, iconv exits upon encountering a character that cannot be converted in the input. The
presence or absence of -c does not affect the exit status of iconv.
-f FromCode Specifies the code set in which the input data is encoded. The space between the -f flag and
the FromCode parameter is optional.
-l Writes all supported FromCode and ToCode values to standard output.
-s Suppresses any messages written to standard error concerning invalid characters. When -s is
not used, an error message is written to standard error for each unconvertible or truncated
character. The presence or absence of -s does not affect the exit status of iconv.
-t ToCode Specifies the code set to which the output data is to be converted. The space between the -t
flag and the ToCode parameter is optional.
FileName Specifies a file to be converted.

The list of supported code set converters is provided in ″List of Converters″ in AIX 5L Version 5.3 General
Programming Concepts: Writing and Debugging Programs.

Exit Status
This command returns the following exit values:

0 Input data was successfully converted.

1 The specified conversions are not supported; the given input file cannot be opened for read; or there is a
usage-syntax error.
2 An unusable character was encountered in the input stream.

Examples
1. To convert the contents of the mail.x400 file from code set IBM-850 and store the results in the
[Link] file, enter:
iconv -f IBM-850 -t ISO8859-1 mail.x400 > [Link]
2. To convert the contents of the [Link] file from the 7-bit interchange (ISO2022) encoding to the
Japanese EUC code set (IBM-eucJP), enter:
iconv -f fold7 -t IBM-eucJP [Link] > [Link]
3. To convert the contents of a local file to the mail-interchange format and send mail, enter:
iconv -f IBM-943 -t fold7 [Link] | mail fxrojas

Related Information
The genxlt command describes how to define a conversion table.

The iconv subroutine, iconv_close subroutine, and iconv_open subroutines provide a method to use the
conversion service from within a program.

Converters Overview in AIX 5L Version 5.3 Network Information Services (NIS and NIS+) Guide.

For information on installing the Web-based System Manager, see Chapter 2: Installation and System
Requirements in AIX 5L Version 5.3 Web-based System Manager Administration Guide.

Converters Overview for Programming in AIX 5L Version 5.3 Network Information Services (NIS and NIS+)
Guide.

8 Commands Reference, Volume 3

id Command

Purpose
Displays the system identifications of a specified user.

Syntax
id [user]

id -G [-n ] [User]

id -g [-n l | [ -n r ] [User]

id -u [-n l | [ -n r ] [User]

Description
The id command writes to standard output a message containing the system identifications (ID) for a
specified user. The system IDs are numbers which identify users and user groups to the system. The id
command writes the following information, when applicable:
v User name and real user ID
v Name of the user’s group and real group ID
v Name of user’s supplementary groups and supplementary group IDs
Supplementary group information is written only for systems supporting multiple-user groups and only if
the specified user belongs to a supplementary group.

The id command also writes effective user and group IDs, but only for the user that invoked the id
command. (If the User parameter is specified with the id command, the effective IDs are assumed to be
identical to real IDs.) If the effective and real IDs for the invoking user are different, the id command writes
the following effective ID information, when applicable:
v Effective user name and effective user ID
v Name of effective user’s group and effective group ID

The id command, when specified with the -l option, displays login UID. Login ID indicates the system
credentials at the time of logging in to the session. Login UID indicates the user ID (numeric value) of the
user, who actually logged in. The login UID is equal to the UID for a user who has logged in to the system
and whose credentials remain unchanged. For example, when the user runs the su command, the UID for
the user changes and the login UID remains the same.

The id command will fail if the specified user does not exist or if the command cannot read the user or
group information.

Flags
The contents and format of the message written by the id command can be altered with the following
flags:

-G Specifies that the id command write the effective, real, and supplementary group IDs only. If there are
multiple entries for the effective, real, or supplementary IDs, they are separated by a space and placed on
the same line.
-g Specifies that the id command write only the effective group ID.
-u Specifies that the id command write only the effective user ID.
-r Specifies that the id command write the real ID instead of the effective ID. This flag can be invoked with
either the -g flag to write the real group ID, or the -u flag to write the real user ID.

Alphabetical Listing of Commands 9

-n Specifies that the id command outputs the name, instead of the ID number, when it is specified with the -G,
-g, and -u flags.
-l Specifies that the id command write the login ID instead of the real or effective ID. This flag can be invoked
with either the -u flag to write the login UID or the -g flag to write the primary group ID for the login user.
When username is passed with the -l option, the id command displays the ID details of the user name
instead of the login ID details.
User Specifies the login name of a user for the id command. If no user is specified, the user invoking the id
command is the default.

Security
Access Control: This program should be installed as a normal user program in the Trusted Computing
Base.

Exit Status
This command returns the following exit values:

0 Successful completion.
>0 An error occurred.

Examples
1. To display all system identifications for the current user, enter:
id

Output for the id command is displayed in the following format:

uid=1544(sah) gid=300(build) euid=0(root) egid=9(printq) groups=0(system),10(audit)

In this example, the user has user name sah with an ID number of 1544; a primary group name of
build with an ID number of 300; an effective user name of root with an ID number of 0; an effective
group name of printq with an ID number of 9; and two supplementary group names of system and
audit, with ID numbers 0 and 10, respectively.
2. To display all group ID numbers for the current user, enter:
id -G

Output is displayed in the following format:

0 10 300 9

The -G flag writes only the group IDs for a user. In this example, user sah is a member of the system
(0), audit (10), build (300), and printq (9) groups.
3. To display all group names for the current user, enter:
id -Gn

Output is displayed in the following format:

system audit build printq

The -n flag writes only the names instead of the ID numbers.

4. To display the real group name for the current user, enter:
id -gnr

Output is displayed in the following format:

build
5. To display the login UID after logging in as root and running the su command to user sah, type:

10 Commands Reference, Volume 3

 id -lu

Output is displayed in the following format:

0
6. To display the primary group name of the user who actually logged in, type:
id -lgn

Output is displayed in the following format:

system
7. To display the primary group ID of the user who actually logged in, type:
id -lg

Output is displayed in the following format:

0

Files
/usr/bin/id Contains the id command.

Related Information
The getty command, login command, setgroups command, su command, tsm command.

ifconfig Command

Purpose
Configures or displays network interface parameters for a network using TCP/IP.

Syntax
ifconfig Interface [ AddressFamily [ Address [ DestinationAddress ] ] [ Parameters... ] ]

ifconfig Interface [ ProtocolFamily ] Interface ProtocolFamily

ifconfig -a [ -l ] [ -d ] [ -u ] [ ProtocolFamily ]

ifconfig Interface [ tcp_low_rto rto | -tcp_low_rto ]

Description
You can use the ifconfig command to assign an address to a network interface and to configure or
display the current network interface configuration information. The ifconfig command must be used at
system startup to define the network address of each interface present on a machine. After system startup,
it can also be used to redefine an interfaces address and its other operating parameters. The network
interface configuration is held on the running system and must be reset at each system restart. The
ifconfig command interprets the IFF_MULTICAST flag and prints its value if it is set.

An interface can receive transmissions in differing protocols, each of which may require separate naming
schemes. It is necessary to specify the AddressFamily parameter, which may change the interpretation of
the remaining parameters. The address families currently supported are inet and inet6.

For the DARPA-Internet family, inet, the address is either a host name present in the host name database,
that is, the /etc/hosts file, or a DARPA-Internet address expressed in the Internet standard dotted decimal
notation.

Alphabetical Listing of Commands 11

While any user can query the status of a network interface, only a user who has administrative authority
can modify the configuration of those interfaces.

The ifconfig function displays the current configuration for a network interface when no optional
parameters are supplied.

If a protocol family is specified, ifconfig will report only the details specific to that protocol family.

Only a super user may modify the configuration of a network interface.

Gratuitous ARP is supported for Ethernet, token-ring, and FDDI interfaces. This means when an IP
address is assigned, the host sends an ARP request for its own address (the new address) to inform other
machines of its address so that they can update their ARP entry immediately. It also lets hosts detect
duplicate IP address. If you get a response to the ARP request, an error is logged in /var/adm/ras/errlog
which can be viewed using errpt command (or using SMIT interface) for the error ID
AIXIF_ARP_DUP_ADDR.

Flags
-a Optionally, the -a flag may be used instead of an interface name. This flag instructs
ifconfig to display information about all interfaces in the system.
-d The -d flag displays interfaces that are down.
-l This flag may be used to list all available interfaces on the system, with no other
additional information. Use of this flag is mutually exclusive with all other flags and
commands, except for -d and -u.
-u The -u flag displays interfaces that are up.
ProtocolFamily This flag specifies protocols such as tcp, udp, tcp6, udp6, icmp, and icmp6.

Parameters
Address Specifies the network address for the network interface. For the inet family, the
Address parameter is either a host name or an Internet address in the standard
dotted decimal notation.
AddressFamily Specifies which network address family to change. The inet and inet6 address
families are currently supported. This parameter defaults to the inet address
family.
DestinationAddress Specifies the address of the correspondent on the remote end of a point-to-point
link.

12 Commands Reference, Volume 3

Interface Specifies the network interface configuration values to show or change. You must
specify an interface with the Interface parameter when you use the ifconfig
command. Abbreviations for the interfaces include:
v at for ATM (Asynchronous Transfer Mode)
v en for Standard Ethernet (inet)
v et for IEEE 802.3 Ethernet (inet)
v gre for Generic Routing Encapsulation tunnel pseudo-interface (inet)
v tr for Token-Ring (inet)
v xt for X.25 (inet)
v sl for serial line IP (inet)
v lo for loopback (inet)
v op for serial (inet)
v vi for Virtual IP Address (inet)

Include a numeral after the abbreviation to identify the specific interface (for
example, tr0).

If Interface is not yet loaded, ifconfig Interface loads that interface and netstat
-in lists it. In processing a status query for Interface, that interface is loaded (if
not already loaded) to complete the query processing.
Parameter Allows the following parameter values:
alias Establishes an additional network address for the interface. When
changing network numbers, this parameter is useful for accepting
packets addressed to the old interface.
allcast Sets the Token-Ring interface to broadcast to all rings on the network.
-allcast
Confines the Token-Ring interface to broadcast only to the local ring.
arp Enables the ifconfig command to use the Address Resolution Protocol
in mapping between network-level addresses and link-level addresses.
The arp value is the default.
-arp Disables the use of the Address Resolution Protocol.
authority
Reserved for future use.
bridge Reserved for future use.

-bridge Reserved for future use.

broadcast Address
(inet only) Specifies the address to use to broadcast to the network. The
default broadcast address has a host part of all 1s.

checksum_offload
Enables the flag to indicate that transmit TCP checksum should be
offloaded to the adapter. The command will also reset the per-interface
counter that determines whether TCP should dynamically enable or
disable offloading of checksum computation.
-checksum_offload
Disables transmit TCP checksum offloading.
-dad (inet6 only) Does not perform duplicate IPv6 address detection.
-debug Disables driver-dependent debug code.

Alphabetical Listing of Commands 13

 delete Removes the specified network address. This is used when an alias is
incorrectly specified or when it is no longer needed. Incorrectly setting an
ns address has the side effect of specifying the host portion of the
network address. Removing all ns addresses allows you to re-specify
the host portion.

device dev_name
This parameter applies to ATM Network interface only. It specifies the
device name this interface is associated with. Unlike Token Ring or
Ethernet, in case of ATM, there is not a one-to-one correspondence
between interface and device. In the case of ATM, there can be more
than one interface for every device.
detach Removes an interface from the network interface list. If the last interface
is detached, the network interface driver code is unloaded. In order for
the interface route of an attached interface to be changed, that interface
must be detached and added again with ifconfig.
down Marks an interface as inactive (down), which keeps the system from
trying to transmit messages through that interface. If possible, the
ifconfig command also resets the interface to disable reception of
messages. Routes that use the interface, however, are not automatically
disabled.

eui64 (inet6 only) The real IPv6 address is computed by replacing the last 64
bytes of the given address with the Interface Identifier.
first Puts an IPv6 address at the first place on an interface in order to select
it as the source for unbound sockets. The syntax for using this
parameter is,
ifconfig interface inet6 first address

firstalias
(inet6 only) Same as alias, but sets the address in front of the interface
address list in order to select it as the source for unbound sockets.
group ID
Adds a group ID to the group ID list for the interface. This list is used in
determining the route to use when forwarding packets that arrived on the
interface.
-group ID
Removes a group ID from the group ID list for the interface. This list is
used in determining the route to use when forwarding packets that
arrived on the interface.
hwloop
Enables hardware loopback. The hardware loopback specifies that
locally addressed packets handled by an interface should be sent out
using the associated adapter.
-hwloop
Disables hardware loop-back. The hardware loop-back specifies that
locally addressed packets handled by an interface should be sent out
using the associated adapter.
ipdst Specifies an Internet host willing to receive IP packets encapsulating ns
packets bound for a remote network. An apparent point-to-point link is
constructed, and the specified address is taken as the ns address and
network of the destination.

14 Commands Reference, Volume 3

ipv6dst
Used to specify an IPv6 node that is willing to receive IPv6 packets
encapsulating IPv6 or IPv4 packets through a tunnel. The apparent
destination of the point to point tunnel interface may not be the real
destination of the packets. At the tunnel endpoint, the decapsulated
packets may then be forwarded to their final destination.
largesend
Enables one LPAR to send large data in a single packet to another
LPAR. It works similarly to largesend over real adapters except in this
case there is no TCP segmentation done. If the SEA on VIOS supports
largesend, the LPAR can transmit large data, which will get segmented
by the real adapter on SEA. Use the chdev command to enable the
largesend attribute on SEA.
-largesend
Disables largesend over virtual Ethernet. This is the default.
link [0-2]
Enables special processing of the link level of the interface. These three
options are interface-specific. In actual effect, however, they are
generally used to select special modes of operation. An example of this
is to enable SLIP compression, or to select the connector type for some
Ethernet cards. Refer to the manual page for the specific driver for more
information.
-link [0-2]
Disables special processing at the link level with the specified interface.
metric Number
Sets the routing metric of the interface to the value specified by the
Number variable. The default is 0 (zero). The routing metric is used by
the routing protocol (the routed daemon). Higher metrics have the effect
of making a route less favorable. Metrics are counted as addition hops to
the destination network or host.
monitor
Enables the underlying adapter to notify the interface layer of link status
changes. The adapter must support link status callback notification. If
multipath routing is used, alternate routes are selected when a link goes
down.
-monitor
Disables adapter link status monitoring.
mtu Value
Sets the maximum IP packet size for this system. The Value variable can
be any number from 60 through 65535, but is media dependent. See
Automatic configuration of network interfaces in Networks and
communication management for maximum transmission unit (MTU)
values by interface.

Alphabetical Listing of Commands 15

 netmask Mask
Specifies how much of the address to reserve for subdividing networks
into subnetworks. This parameter can be used only with an address
family of inet.
The Mask variable includes both the network part of the local address
and the subnet part, which is taken from the host field of the address.
The mask can be specified as a single hexadecimal number beginning
with 0x, in standard Internet dotted decimal notation, or beginning with a
name or alias that is listed in the /etc/networks file.
In the 32-bit address, the mask contains 1s (ones) for the bit positions
reserved for the network and subnet parts and 0s for the bit positions
that specify the host. The mask should contain at least the standard
network portion, and the subnet segment should be contiguous with the
network segment.
pvc This parameters applies to ATM Network interface only. It specifies that
this interface will support PVC (Permanent Virtual Circuit) types of virtual
connections only.
pktchain
Enables the flag to indicate that this interface can handle multiple
packets chained together on the output path.
-pktchain
Disables the flag that indicates that this interface can handle multiple
packets chained together on the output path.
svc_c server_addr
This parameter applies to ATM Network interface only. It specifies that
this interface will support both SVC (Switched Virtual Circuit) and PVC
types of virtual connections. It further specifies that this interface will be
an ARP client. The server_addr is the list of 20 byte ATM address of the
ARP servers that this client will use. The addresses are specified in the
form of [Link]....xx. The first entry is considered the Primary ARP server
and the rest are considered Secondary ARP servers. The list of 20 byte
ARP server addresses must separated by a comma.
site6 Sets the IPv6 site number (default is zero). This should be used only
with site-local addresses on a multi-sited node.
svc_s This parameter applies to ATM Network interface only. It specifies that
this interface will support both SVC and PVC types of virtual
connections. It further specifies that this interface will be the ARP server
for this Logical IP Subnetwork (LIS).
security
Reserved for future use.
snap Reserved for future use.
-snap Reserved for future use.

tcp_low_rto
Enables the use of lower retransmission timeouts (RTO) for TCP
connections on a low latency, fast network, such as Gigabit Ethernet and
10 Gigabit Ethernet). If the networks experience packet drops, the
respective TCP connections use the rto value for RTO. The rto values
range from 0-3000 ms. This runtime option must be set in the if_isno
flags field. The use_isno option must also be set for this flag to be
effective.

16 Commands Reference, Volume 3

 tcp_nocksum
Disables verification of the checksum of TCP data for local traffic to the
subnet attached to the interface. Checksum verification of TCP, UDP and
IP headers continues. Checksum verification of TCP data read or written
from this interface from or to remote networks also continues.

-tcp_nocksum
Enables verification of the checksum of TCP data for local traffic to the
subnet attached to the interface. This is the default.
thread (inet only) Configures dedicated kernel threads for an interface. This
parameter can only be used on SMP machines that have multiple
CPU’s. This parameter causes input packets to be queued to a kernel
thread after processing by the device driver and input demuxer. The
input packet is processed in IP and TCP or UDP by the thread instead of
directly on the interrupt level. Setting this parameter can improve
throughput when high speed adapters bottleneck on a single CPU during
interrupt processing by allowing the input packets to be processed on
other CPU’s running the kernel threads (improved pipelining). For some
work loads, this parameter increases the per packet overhead, due to
thread scheduling overhead, resulting in higher CPU utilization an
possibly lower throughput. This parameter only applies to AIX 4.3.3 or
later.
-thread (inet only) Disables kernel thread support that has been configured with
the thread parameter. This parameter only applies to AIX 4.3.3 or later.
up Marks an interface as active (up). This parameter is used automatically
when setting the first address for an interface. It can also be used to
enable an interface after an ifconfig down command.
vipa_iflist
Adds the interfaces to the list of interfaces that should use this vipa as
the source address in the outgoing packets.
-vipa_iflist
Removes the interfaces from the list of interfaces that are configured to
use this vipa as the source address in the outgoing packets.
rto Specifies the retransmission timeout in milliseconds. The range for this value is
0-3000.

In AIX 4.3.3 and later versions, the following network options, commonly known as ISNO (Interface
Specific Network Options), can be configured on a per interface basis:
rfc1323 [0 | 1]
Enables or disables TCP enhancements as specified by RFC 1323, TCP Extensions for High
Performance. A value of 1 specifies that all TCP connections using this interface will attempt to
negotiate the RFC enhancements. A value of 0 disables rfc1323 for all connections using this
interface. The SOCKETS application can override this ISNO and global behavior on individual TCP
connections with the setsockopt subroutine.
-rfc1323
Removes the use of ISNO for rfc1323 for this network. A SOCKETS application can override the
global behavior on individual TCP connections using the setsockopt subroutine.
tcp_mssdflt Number
Sets the default maximum segment size used in communicating with remote networks. If
communicating over this interface, a socket uses Number as the value of the default maximum
segment size.

Alphabetical Listing of Commands 17

-tcp_mssdflt
Removes the use of ISNO for tcp_mssdflt. The global value, manipulated via /usr/sbin/no, is
used instead.
tcp_recvspace Size
Specifies the default socket buffer Size for interface sockets receiving data. The buffer size affects
the window size used by TCP. (See the no command for more information.)
-tcp_recvspace
Removes the use of ISNO for tcp_recvspace. The global value is used instead.
tcp_sendspace Size
Specifies the default socket buffer Size for interface sockets sending data. The buffer size affects
the window size used by TCP. (See the no command for more information.)
-tcp_sendspace
Removes the use of ISNO for tcp_sendspace. The global value is used instead.
tcp_nodelay [0 | 1]
Specifies that sockets using TCP over this interface follow the Nagle algorithm when sending data.
By default, TCP follows the Nagle algorithm.
-tcp_nodelay
Removes the use of ISNO for the tcp_nodelay option.

Note: ISNO parameters set by ifconfig are lost at the next reboot. Use the chdev command to
change the ODM database for each interface if you wish to make the ISNOs permanent. Use lsdev
-E -l [interface] to see the interface attributes and chdev -l -a [attribute=value] to change the
desired attribute. For example:
lsattr -E -l en0
chdev -l en0 -a tcp_sendspace=65536

Examples
1. To query the status of a serial line IP interface, enter the command in the following format:
ifconfig sl1

In this example, the interface to be queried is sl1. The result of the command looks similar to the
following:
sl1: flags=51<UP,POINTOPOINT,RUNNING>
inet [Link] --> [Link] netmask ffffff00
2. To configure the local loop-back interface, enter the command in the following format:
ifconfig lo0 inet [Link] up
3. To mark the local Token-Ring interface as down, enter the command in the following format:
ifconfig tr0 inet down

In this example, the interface to be marked is token0.

Note: Only a user with root user authority can modify the configuration of a network interface.
4. To turn rfc1323 off for all connections over en5 (assuming that the global value is 1), enter:
ifconfig en0 rfc1323 0
5. To configure a list of interfaces to use a vipa, enter:
ifconfig vi0 vipa_iflist en0,en1,tr0
6. To remove interface(s) that are configured to use vipa, enter:
ifconfig vi0 -vipa_iflist en1,tr0
7. To find out which interfaces are configured to use a vipa, say vi0, enter:
ifconfig vi0

18 Commands Reference, Volume 3

 8. To enable link status monitoring, enter:
ifconfig en0 monitor

If the link status on adapter ent0 changes to down, the adapter notifies the interface layer, which
causes the interface to also be marked as down.
9. To configure a GRE pseudo-interface as an endpoint of a GRE tunnel, enter:
ifconfig gre0 [Link] [Link]

This creates a GRE tunnel with [Link] and [Link] as the endpoints. The previous end of
the tunnel is identified by gre0.
10. To configure NAT on a GRE tunnel, enter:
ifconfig gre0 nat toaddr [Link] fromport 80 toport 8080

In this example, the original destination port of the GRE packet is 80 and the command changes the
destination port to 8080 and the destination address to [Link].

Files
/etc/host Contains the host-name database.
/etc/networks Contains network names.

Related Information
The netstat command.

The hosts file format, networks file format.

TCP/IP network interfaces, TCP/IP protocols, TCP/IP routing, Subnet addresses in Networks and
communication management.

ike Command

Purpose
Starts, stops, and monitors IP Security dynamic tunnels which use the Internet Key Exchange Protocol
(ISAKMP/Oakley).

Syntax
ike cmd=Subcommand [ parameter ... ]

Description
The ike is used to start, stop, and monitor IP Security dynamic tunnels using the Internet Key Exchange
(IKE) protocol. IP Security tunnels protect IP traffic by authenticating and/or encrypting IP data. The ike
command performs several functions. It can activate, remove, or list IKE and IP Security tunnels. For an
overview of IP Security and IKE tunnels, see Internet Protocol security in the Security.

Note: You must have root access to use the ike command.

The IKE negotiation occurs in two phases. The first phase authenticates the two parties and sets up a Key
Management (also known as phase 1) Security Association for protecting the data that is passed during
the negotiation. In this phase the key management policy is used to secure the negotiation messages. The
second phase negotiates Data Management (also known as the phase 2) Security Association, which

Alphabetical Listing of Commands 19

uses the data management policy to set up IP Security tunnels in the kernel for encapsulating and
decapsulating data packets. The secure channel established in phase 1 can be used to protect multiple
data management negotiations between 2 hosts.

The ike command is used to activate tunnels with identification and policy information which has already
been entered using the ikedb command or the Web-based System Manager Graphical User Interface
(GUI) under Virtual Private Networks (IP Security) in the Network application. The parameters to be used
during the negotiation are entered by the user and stored in a database. The ike command allows the
activation, removal and listing of tunnels that have been started using the security parameters stored in the
database.

In most uses of the ike command, activation and deletion occurs for both phases, however the command
allows these operations to be done separately.

Subcommands
activate

Purpose Start the negotiation of an IKE tunnel. If phase is not specified, both a phase 1 and phase 2 tunnel
are started. If IP addresses are supplied, the tunnel is setup using those IP addresses. If the IDs
used during the negotiation are not IP addresses, the local and remote host IDs must be entered
using the Virtual Private Networks Web-based System Manager Graphical User Interface (GUI)
panels. A unique tunnel number is created. The tunnel can then be referenced by the tunnel number
in the ike command to indicate the particular tunnel to be started.
Syntax ike cmd=activate [ phase=1|2 ] [numlist=tunnel_num_list] [ namelist=tunnel_name_list ] [
remid=remote_id ] [ipaddr=src_addr,dst_addr] [autostart]
Description The activate subcommand works using a two phase paradigm. A phase 1 tunnel must be
established before a phase 2 tunnel can be started. If a phase 1 tunnel is specified, then only the
phase 1 tunnel negotiation takes place. If a phase 2 tunnel is specified, the system checks for the
existence of the corresponding phase 1 tunnel before creating the phase 2 tunnel. If the phase 1
negotiation has not been started, it is started automatically.

Upon successful completion of a phase 2 tunnel, the tunnel definition and corresponding filter rules
are inserted into the IP Security kernel, and the new tunnel is activated. Traffic described by the
tunnel definition passing between the designated endpoints is protected by the encryption and
authentication algorithms indicated by the associated IKE security policy.

Multiple phase 2 tunnels can be started under the same phase 1 tunnel. A situation where this may
be desired is if different types of traffic between two endpoints need different levels of security
protection. The Security Association used for the phase 1 tunnel can be shared by multiple phase 2
tunnels. The phase 2 tunnels would specify the type of traffic (by protocol and port, or subnet mask,
for instance) and could have different security policies protecting them.

The ike command returns if either a negotiation has been initiated, an error returns, or the tunnel
already exists. Since the remote host must be contacted during the negotiation and the amount of
time needed to complete the negotiation is uncertain, the list subcommand should be used to
determine if the negotiation was successful.

Errors that are detected during the negotiation process can be captured by using syslog.

20 Commands Reference, Volume 3

Flags
phase Specifies the type of negotiation desired. If omitted, the activate subcommand activates
both a phase 1 and phase 2 tunnel. The phase flag is an optional flag.
numlist
Initiates the ike tunnel number which corresponds to the desired phase 1 or phase 2
tunnel(s) to be started. The , (comma) and - (dash) characters can be used to delimit values
and indicate ranges. The list subcommand with the database option db can be used to
determine the tunnel number for a particular tunnel. An example using tunnel numbers is
shown below:
ike cmd=activate numlist=1,3,5-7

This would start tunnels 1, 3, 5, 6 and 7.

remid Starts phase 1 or phase 2 tunnel(s) from the local ID to the specified remote ID. remid
could be a phase 1 ID (such as IP address, FQDN, user FQDN and X500DN), a phase 2 ID
(such as IP address, subnet and IP address range) or a group ID. The , (comma) is used to
delimit the subnet id and subnet mask, and the starting and ending IP address. If remid is a
group name, a tunnel is initiated for each group member. remid is an optional flag and can
only be used with the activate subcommand. It cannot be used in conjunction with the
ipaddr, numlist or namelist flags.
1. To activate a phase 1 tunnel to remote IP address [Link], type:
ike cmd=activate phase=1 remid=[Link]
2. To activate a phase 2 tunnel to remote subnet ID [Link],[Link], type:
ike cmd=activate phase=2 remid=[Link],[Link]
ip_addr
Starts a phase 1 or phase 2 tunnel between the specified IP Addresses.
autostart
Causes the activation of all phase 1 and phase 2 tunnel database entries which were
created with the autostart parameter set. The autostart flag does not work in conjunction
with any other flags pertaining to the activate subcommand.
namelist
Specifies a tunnel name or comma-separated list of tunnel names to be activated. This flag
requires the use of the phase flag.
Examples 1. To activate a phase 2 tunnel between source IP address x.x.x.x and destination IP address
y.y.y.y, enter:
ike cmd=activate phase=2 ipaddr=x.x.x.x,y.y.y.y
The security policy indicated in the database for the IP addresses x.x.x.x and y.y.y.y is used for
activating the tunnel.
2. To activate phase 1 tunnels for tunnels 1 and 2, enter:
ike cmd=activate phase=1 numlist=1,2
3. To activate phase 2 tunnels for inactive tunnels named AIXFW1_DM and remote_office in the
database enter:
ike cmd=activate phase=2 namelist=AIXFW1_DM,remote_office

Note: Because each phase 2 tunnel must have an associated phase 1 tunnel, a phase 1 tunnel
is automatically activated before the phase 2 tunnel is activated.

list

Purpose Monitors the status of IP Security tunnels by phase. It is also used to view tunnel entries defined in
the IKE database.
Syntax ike cmd=list [phase=1|1+|2] [numlist= tunnel_num_list] [db | role=i|r] [verbose]

Alphabetical Listing of Commands 21

Description The list subcommand queries the Tunnel Manager and lists phase 1 and phase 2 tunnel status and
information according to the result of the query. This command can also be used to view information
in the Tunnel Definition database. The default behavior is to list the tunnels currently active. To list
the tunnels in the database, the db option must be used.
Flags
phase Indicates the type and order of the tunnel(s) to be listed. A phase value of 1 results in only
the requested phase 1 tunnel information being displayed. A phase value of 2 results in the
information for the requested phase 2 tunnel(s) and their associated phase 1 tunnel(s)
should be displayed. A phase value of 1+ means that the requested phase 1 tunnel and all
associated phase 2 tunnels should be displayed. The default phase value is 1+.
numlist
Lists of the tunnel numbers which you would like to view. If omitted, the information from all
tunnels is displayed. The , (comma) and - (dash) characters can be used to delimit values
and indicate ranges. For example:
ike cmd=list numlist=1,3,5-7

When used in conjunction with db, tunnels from the IKE Security Policy database are
shown.
Note: Active tunnel numbers and tunnel numbers from the IKE Tunnel Definitions database
do not necessarily match up. This is because a single tunnel entry in the database can
correspond to multiple active tunnels.
db Shows the entries in the database. If this flag is omitted, only active tunnels are displayed.
This cannot be used in conjunction with role. Supply the list of tunnel numbers which you
would like to view.
role Allows the display of tunnels by the point of initiation. If i is specified, then the tunnels that
were initiated by the local host are displayed. If r is specified, then the tunnels where the
local host acted as a responder are displayed. If this flag is omitted, both initiator and
responder tunnels are shown. This flag cannot be used in conjunction with db.
verbose
Shows extended information about the specified tunnels. If this flag is not specified, then
only a concise entry for each tunnel is shown.
Examples Note: Tunnel numbers from the database and tunnel numbers from the tunnel manager do not
necessarily reflect the same tunnel.
1. To perform a concise (short form) listing of phase 1 tunnels with entries in the tunnel manger,
enter:
ike cmd=list phase=1 numlist=1,2,3
These tunnels are either being negotiated, in the active state , or have expired. Only tunnels 1,
2, and 3 are listed. Tunnels can be either initiator or responder role.
2. To perform a concise (short form) listing of of the specified phase 2 tunnels in the database with
each preceded by the associated phase 1 tunnel, enter:
ike cmd=list phase=2 numlist=1-3 db
These are tunnels defined in the database which may or may not be currently active in the tunnel
manager. All tunnels in the database are used in the initiator role only.
3. To perform a verbose (long form) listing of a phase 1 tunnel followed by all of its associated
phase 2 tunnels from the tunnel manager, enter:
ike cmd=list phase=1+ role=r verbose
Only tunnels which were activated in the responder role are listed. All available tunnel numbers
are listed since no numlist was specified.

remove

Purpose Deactivates specified phase 1 or phase 2 tunnel(s).

Syntax ike cmd=remove [phase=1|2] [numlist= tunnel_num_list] [all]

22 Commands Reference, Volume 3

Description The remove subcommand requests the deactivation of phase 1 or phase 2 tunnel(s). Because
phase 2 tunnels are associated with a phase 1 tunnel, if a phase 1 tunnel is deactivated, all phase 2
tunnels under the phase 1 tunnel are not refreshed when the phase 2 tunnel lifetime expires.
Flags
phase Indicates the phase of the tunnel to be deactivated and must be specified. A phase value of
1 refers to a phase 1 tunnel and a phase value of 2 refers to a phase 2 tunnel.
numlist
Lists the tunnel numbers you would like to deactivate. The , (comma) and - (dash)
characters can be used to delimit values and indicate ranges. For example:
ike cmd=remove numlist=1,3,5-7

When numlist is omitted, all tunnels are deactivated.

all Deactivates all active tunnels. This parameter does not work in conjunction with numlist.
Examples 1. To deactivate phase 1 tunnels numbered 1, 2, and 3, enter:
ike cmd=remove phase=1 numlist=1-3
2. To deactivate all phase 1 and phase 2 tunnels, enter:
ike cmd=remove all
3. To deactivate all phase 2 tunnels but keep all phase 1 tunnels active, enter:
ike cmd=remove phase=2 all
4. To deactivate all phase 1 tunnels (corresponding phase 2 tunnels will not be refreshed), enter:
ike cmd=remove phase=1 all

log

Purpose Read the ISAKMP daemon log level from /etc/[Link] and start logging at that level.
Syntax ike cmd=log
Note: If the log level or the output file name in /etc/[Link] are changed, the refresh -s
syslogd command must also be run.
Description The log subcommand causes the ISAKMP daemon to read the log level from /etc/[Link],
and a filename from /etc/[Link]. The logging level specified is set and the log output, along
with other syslog output, is placed in the file specified.

Note: There are four valid logging levels for the ISAKMP daemon. They are none, errors,
events, and information. none means no logging, errors means logging of only ISAKMP
daemon errors will occur, events means errors and other ISAKMP daemon events will be
logged, and information is the highest level of logging which is all inclusive.

Files
/usr/sbin/ike Location of the ike admin commands.
/etc/[Link] Configuration file for the iksakmpd daemon.
/etc/[Link] Provides configuration information for the syslogd daemon.

Related Information
The syslog subroutine.

The [Link] file.

The syslogd daemon.

Alphabetical Listing of Commands 23

The ikedb command.

ikedb Command

Purpose
Retrieves, updates, deletes, imports, and exports information in the IKE database.

Syntax
ikedb -p[F s] [ -e entity-file ] [ XML-file ]

ikedb -g[r] [ -t type [ -n name | -i ID -y ID-type ] ]

ikedb -d -t type [ -n name | -i ID -y ID-type ]

ikedb -c[F] [ -l linux-file ] [ -k secrets-file ] [ -f XML-file ]

ikedb -x

ikedb -o

Description
The ikedb command allows the user to write to (put) or read from (get) the IKE database. The input and
output format is an Extensible Markup Language (XML) file. The format of an XML file is specified by its
Document Type Definition (DTD). The ikedb command allows the user to see the DTD that is used to
validate the XML file when doing a put. While entity declarations can be added to the DTD using the -e
flag, this is the only modification to the DTD that can be made.

Any external DOCTYPE declaration in the input XML file will be ignored and any internal DOCTYPE
declaration might result in an error. The rules followed to parse the XML file using the DTD are specified in
the XML standard. /usr/samples/ipsec has a sample of what a typical XML file that defines common
tunnel scenarios looks like.

Flags
-p Performs a put, which writes to the database, based on the given XML-file.
-F Forces a put, even if a specified tunnel, protection, proposal, group, or pre-shared key would
overwrite one that already exists in the database. The default is for such put attempts to fail.
-s Swaps the local and remote IDs of all tunnels. This facilitates importing a tunnel generated by a
peer machine. This flag only affects tunnels. This option is illegal if the remote ID of any tunnel is a
group.
-e entity-file
Specifies the name of the file containing the <!ENTITY ...> lines as defined by entity-file. These
lines are added to the internal DTD and allow the user to include XML files in other XML files.
XML-file
Specifies the XML-file to be used and must be the last argument to be displayed in the command
line. The XML-file determines whether the write is to a tunnel, protection, proposal, group,
pre-shared key, or all of these. If no XML-file is specified, input is read from stdin. A - (hyphen) can
also be used to specify stdin.

24 Commands Reference, Volume 3

-g Performs a get, which displays what is stored in the IKE database. Output is sent to stdout and is in XML
format, which is suitable for processing with ikedb -p.
-r Recursive. If this flag is specified for a phase 1 tunnel, information is also returned for all associated
phase 2 tunnels and all protections and proposals associated with both sets of tunnels.
-t type Specifies the type of output requested. Type can have the value of any of the XML elements under
AIX_VPN, such as IKETunnel, IPSecProtection, and so on. If omitted, the entire database is
output.
-n name
Specifies the name of the requested object. Name can be the name of a proposal, protection,
tunnel, or group, depending on the value of the -t flag. The -n flag is valid with all values specified
by the -t flag, except IKEPresharedKey. If omitted, all objects of the specified type will be output.
-i ID Specifies the ID associated with a pre-shared key. The -i flag is only valid with the
IKEPresharedKey value of the -t flag. If omitted, all objects of the specified type will be output. The
-i flag must be used in conjunction with the -y flag.
-y ID-type
Specifies the ID-type defined by the -i flag. ID-type can be any of the legal types allowed in the XML
file, such as User_FQDN, IPV4_Address, and so on. The -y flag must be used in conjunction with
the -i flag.
-d Performs a delete on the specified item from the database. The flags are the same as for the -g flag, except
that -r is not supported.
-c Performs a conversion from a Linux® IPSec configuration file to an AIX IPSec configuration file in XML
format. It requires as input one or two files from Linux, a configuration file, and possibly a secrets file with
pre-shared keys.
-F Forces a put, even if a specified tunnel, protection, proposal, group, or pre-shared key would
overwrite one that already exists in the database. The default is for such put attempts to fail. The -F
flag has no effect if the -f flag is also used.
-l linux-file
Specifies the Linux configuration file as define by linux-file. If no file is specified, the system looks
for the [Link] file in the current directory.
-k secrets-file
Specifies the Linux pre-shared keys file as defined by the secrets-file parameter. If no file is
specified, the system looks for the [Link] file in the current directory.
-f XML-file
Specifies the XML configuration file to which the Linux configuration files are converted. The default
behavior is to do a put directly to the IKE database. If the filename given is a hyphen (-), the results
are sent to stdout.
-x Performs an expunge on the database. This empties out the database.
-o Performs an output of the DTD that specifies all elements and attributes for an XML file that is used by the
ikedb command. The DTD is sent to stdout.

Files
/usr/samples/ipsec Examples of an XML file that sets up various tunnel configurations.

Examples
1. To put definitions to the IKE database from an XML file that has been generated on a peer machine
and overwrite any existing objects in the database with the same name, type:
ikedb -pFs peer_tunnel_conf.xml
peer_tunnel_conf.xml is the XML file generated on a peer machine.

Alphabetical Listing of Commands 25

2. To get the definition of the phase 1 tunnel named tunnel_sys1_and_sys2 and all dependent phase 2
tunnels with respective proposals and protections, type:
ikedb -gr -t IKETunnel -n tunnel_sys1_and_sys2
3. To delete all preshared keys from the database, type:
ikedb -d -t IKEPresharedKey

imake Command

Purpose
C preprocessor interface to the make command.

Syntax
imake [ -DDefine ] [ -IDirectory ] [ -TTemplate ] [ -f FileName ] [ -C FileName ] [ -s FileName ] [ -e ] [ -v ]

Description
The imake command generates Makefiles from a template, a set of cpp macro functions, and a
per-directory input file called Imakefile. This command keeps machine dependencies (such as compiler
options, alternate command names, and special make command rules) separate from the descriptions of
the items to build.

imake invokes cpp with any -I or -D flags passed on the command line and passes to it the following three
lines:
#define IMAKE_TEMPLATE "[Link]"
#define INCLUDE_MAKEFILE "Imakefile"
#include IMAKE_TEMPLATE

Override [Link] and Imakefile by using the -T and -f flags, respectively.

The IMAKE_TEMPLATE typically reads the following files:

v A machine-dependent parameters file in which the parameters are specified as cpp symbols
v A site-specific parameters file
v A file that defines variables
v A file containing cpp macro functions for generating make command rules
v The Imakefile (specified by INCLUDE_IMAKEFILE) in the current directory.

The Imakefile file uses the macro functions to indicate what targets to build and the imake command
generates the appropriate rules.

Imake configuration files contain two types of variables, imake variables and make variables. The imake
variables are interpreted by cpp when the imake command is run. By convention, they are not
case-sensitive. The make variables are written into the Makefile for later interpretation by the make
command. By convention, make variables are uppercase.

The rules file (usually named [Link] in the configuration directory) contains a variety of cpp macro
functions that are configured according to the current platform. The imake command replaces any
occurrences of the string ``@@’’ with a newline ( carriage return ) to support macros that generate more
than one line of make rules. For example, the macro:
#define program_target(program, objlist) @@\
program: objlist @@\
$(CC) -o $@ objlist $(LDFLAGS)

when called with program_target(foo,foo1.o foo2.o) will expand to:

26 Commands Reference, Volume 3

foo: foo1.o foo2.o
$(CC) -o $@ foo1.o foo2.o $(LDFLAGS)

On systems whose cpp reduces multiple tabs and spaces to a single space, the imake command attempts
to put back any necessary tabs (the make command distinguishes between tabs and spaces). For this
reason, precede all colons (:) in command lines by a backslash (\).

Use with AIXwindows

AIXwindows uses the imake command extensively for both full builds within the source tree and builds of
external software. Two special variables, TOPDIR and CURDIR, are set to make referencing files using
relative path names easier. For example, the following command is generated automatically to build the
Makefile in the lib/X directory (relative to the top of the sources):
% ../.././config/imake -I../.././config \
-DTOPDIR=../../. -DCURDIR=./lib/X

To build AIXwindows programs outside the source tree, a special symbol, UseInstalled, is defined and the
TOPDIR and CURDIR variables are omitted. If the configuration files are properly installed, you can use
the xmkmf command.

The imake command reads the following files as used by AIXwindows.

Note: The indented format indicates files that include other files.
[Link] generic variables
[Link] site-specific, BeforeVendorCF defined
*.cf machine-specific
*[Link] shared library
[Link] site-specific, AfterVendorCF defined
[Link] rules
[Link] X-specific variables
*[Link] shared library variables
Imakefile
[Link] library rules
[Link] server rules
[Link] multi-thread rules

Note: The [Link] file is included twice, both before and after the *.cf file. Although most site
customizations are specified after the *.cf file, some, such as the choice of compiler, need to be
specified before, because other variable settings may depend on them.

The first time the [Link] file is included, the BeforeVendorCF variable is defined, and the second
time, the AfterVendorCF variable is defined. All code in the [Link] file should be placed inside a
#ifdef macro for one of these symbols.

Flags
-DDefine Passed directly to cpp to set directory-specific variables. For example, X-windows uses this flag
to set the TOPDIR variable to the name of the directory containing the top of the core
distribution, and the CURDIR variable to the name of the current directory, relative to the top.
-e Indicates that the imake command should execute the generated Makefile. The default is to
leave this to the user.
-f FileName Specifies the name of the per-directory input file. The default is the Imakefile file.
-IDirectory (Uppercase i) Passed directly to cpp to indicate the directory in which the imake template and
configuration files are located.
-C FileName Specifies the name of the .c file that is constructed in the current directory. The default is
Imakefile.c.
-s FileName Specifies the name of the make description file to be generated, without invoking the make
command. If the FileName variable is a - (dash), the output is written to stdout. The default is
to generate, but not execute, a Makefile.

Alphabetical Listing of Commands 27

-TTemplate Specifies the name of the master template file ( which is usually located in the directory
specified with -I ) used by the cpp command. The default is the [Link].
-v Indicates that imake should print the cpp command line that it is using to generate the
Makefile.

Environment Variables
Note: The following environment variables may be set, but their use is not recommended because
they introduce dependencies that are not readily apparent when the imake command is run.

IMAKEINCLUDE If defined, specifies an include argument for the C preprocessor. For example:
-I/usr/include/local
IMAKECPP If defined, specifies a valid path to a preprocessor program. For example:
/usr/local/cpp

The default is the /lib/cpp program.

IMAKEMAKE Specifies a valid path to a make program such as /usr/local/make. By default, imake uses
whatever make program is found using the execvp subroutine. This variable is only used if
the -e flag is specified.

Example
imake -I/usr/lib/X11/config -DTOPDIR=/usr/lpp/X11/Xamples

Files
/usr/tmp/[Link] Specifies the temporary input file for the cpp preprocessor.
/usr/tmp/[Link] Specifies the temporary input file for make.
/lib/cpp The default C preprocessor.

Related Information
The make command, xmkmf command.

imapd Daemon

Purpose
Starts the Internet Message Access Protocol (IMAP) server process.

Syntax
imapd [-c]

Description
The imapd command is an IMAP4 server. It supports the IMAP4 remote mail access protocol. Also, it
accepts commands on its standard input and responds on its standard output. You normally invoke the
imapd command with the inetd daemon with those descriptors attached to a remote client connection.

The imapd command works with the existing mail infrastructure consisting of sendmail and bellmail.

Flags
-c Suppresses the reverse host name lookup.

28 Commands Reference, Volume 3

Exit Status
All error and status information is written to a logfile if syslogd is configured for logging.

Security
The imapd daemon is a PAM-enabled application with a service name of imap. System-wide configuration
to use PAM for authentication is set by modifying the value of the auth_type attribute, in the usw stanza
of /etc/security/[Link], to PAM_AUTH as the root user.

The authentication mechanisms used when PAM is enabled depend on the configuration for the imap
service in /etc/[Link]. The imapd daemon requires /etc/[Link] entries for the auth and session
module types. Listed below is a recommended configuration in /etc/[Link] for the imap service:
#
# AIX imap configuration
#
imap auth required /usr/lib/security/pam_aix

imap session required /usr/lib/security/pam_aix

Files
/usr/sbin/imapd Contains the imapd command.
/etc/services Specifies the file with port assignments for required services. The following entry must
be in this file:
imap2 143/tcp # Internet Mail Access Protocol

Related Information
The pop3d daemon.

imapds Daemon

Purpose
Starts the Internet Message Access Protocol (IMAP) server process over TSL/SSL.

Syntax
imapds [-c]

Description
The imapds command is an IMAP4 server. It supports the IMAP4 remote mail access protocol. Also, it
accepts commands on its standard input and responds on its standard output. You normally invoke the
imapds command with the inetd daemon with those descriptors attached to a remote client connection.

The imapds command works with the existing mail infrastructure consisting of sendmail and bellmail.

Flags
-c Suppresses the reverse host name lookup.

Exit Status
All error and status information is written to a logfile if syslogd is configured for logging.

Alphabetical Listing of Commands 29

Security
The imapds daemon is a PAM-enabled application with a service name of imap. System-wide
configuration to use PAM for authentication is set by modifying the value of the auth_type attribute, in the
usw stanza of /etc/security/[Link], to PAM_AUTH as the root user.

The authentication mechanisms used when PAM is enabled depend on the configuration for the imap
service in /etc/[Link]. The imapds daemon requires /etc/[Link] entries for the auth and session
module types. Listed below is a recommended configuration in /etc/[Link] for the imap service:
#
# AIX imap configuration
#
imap auth required /usr/lib/security/pam_aix

imap session required /usr/lib/security/pam_aix

Files
/usr/sbin/imapds Contains the imapds command.
/etc/services Specifies the file with port assignments for required services. The following entry must
be in this file:
imaps 993/tcp # imap4 protocol over TLS/SSL

Related Information
The pop3ds daemon.

impfilt Command

Purpose
Imports filter rules from an export file.

Syntax
impfilt [ -v 4|6] -f directory [ -l filt_id_list]

Description
Use the impfilt command to import filter rules from text export file(s) that are generated by the expfilt
command. IPsec filter rules for this command can be configured using the genfilt command, IPsec smit
(IP version 4 or IP version 6), or Web-based System Manager in the Virtual Private Network submenu.

Flags
-v IP version of the rules to be imported. The value of 4 specifies IP version 4 and the value of 6 specifies
IP version 6. When this flag is not used, both IP version 4 and IP version 6 are imported.
-f Specifies the directory where the imported text files are to be read.
-l Lists the IDs of the filter rules to be imported. The filter rule IDs can be separated by ″,″. If this flag is not
used, all filter rules for the applicable IP version(s) in the text export files will be imported.

Related Information
The expfilt command.

30 Commands Reference, Volume 3

importvg Command

Purpose
Imports a new volume group definition from a set of physical volumes.

Syntax
importvg [ -V MajorNumber ] [ -y VolumeGroup ] [ -f ] [ -c ] [ -x ] | [ -L VolumeGroup ] [ -n ] [ -F ] [ -R ] [ -I
] PhysicalVolume

Description
Attention: When you issue the importvg command to a previously defined volume group, the
QUORUM and AUTO ON values will be reset to volume group default values. You should verify the
parameters of the newly imported volume group with the lsvg command and change any values with
the chvg command.

The importvg command makes the previously exported volume group known to the system. The
PhysicalVolume parameter specifies only one physical volume to identify the volume group; any remaining
physical volumes (those belonging to the same volume group) are found by the importvg command and
included in the import. An imported volume group is automatically varied unless the volume group is
Concurrent Capable. You must use the varyonvg command to activate Concurrent Capable volume
groups before you access them.

When a volume group with file systems is imported, the /etc/filesystems file is updated with values for the
new logical volumes and mount points. After importing the volume group and activating it with the
varyonvg command, you must run the fsck command before the file systems can be mounted. However,
the mount point information would be missing from the LVCB (logical volume control block) if it is longer
than 128 characters. In this case, the importvg command will not be able to update the /etc/filesystems
file with the stanza for the newly imported logical volume. You should manually edit the /etc/filesystems
file to add a new stanza for this logical volume.

The importvg command changes the name of a logical volume if the name already exists in the system. It
prints a message and the new name to standard error, and updates the /etc/filesystems file to include the
new logical volume name.

Notes:
1. To use this command, you must either have root user authority or be a member of the system
group.
2. AIX Version 4 changed the behavior of importvg so that as part of the importvg process, the
volume group is automatically varied on by the system after it is imported. However, if the volume
group is Concurrent Capable then the importvg command prompts you to varyonvg the
imported volume group manually.
3. A volume group with a mirrored striped logical volume cannot be back ported into a version older
than AIX 4.3.3.

You can use the Volumes application in Web-based System Manager (wsm) to change volume
characteristics. You could also use the System Management Interface Tool (SMIT) smit importvg fast
path to run this command.

Flags
-c This flag is ignored. On AIX 5.2 and higher only Enhanced Concurrent Capable volume
groups will be created.
-f Forces the volume group to be varied online.

Alphabetical Listing of Commands 31

-LVolumeGroup Takes a volume group and learns about possible changes performed to that volume
group. Any new logical volumes created as a result of this command emulate the
ownership, group identification, and permissions of the /dev special file for the volume
group listed in the -y flag. The -L flag performs the functional equivalent of the -F and
-n flags during execution.

Restrictions:
1. The volume group must not be in an active state on the system executing the -L
flag.
2. The volume group’s disks must be unlocked on all systems that have the volume
group varied on and operational. Volume groups and their disks may be unlocked,
remain active and used via the varyonvg -b -u command.
3. The physical volume name provided must be of a good and known state, the disk
named may not be in the missing or removed state.
4. If an active node has both added AND deleted logical volumes on the volume
group, the -L flag may produce inconsistent results. The -L flag should be used
after each addition or deletion, rather than being deferred until after a sequence of
changes.
5. If a logical volume name clash is detected, the command will fail. Unlike the basic
importvg actions, clashing logical volume names will not be renamed.
-F Provides a fast version of importvg that checks the Volume Group Descriptor Areas of
only the disks that are members of the same volume group. As a result, if a user
exercises this flag, they must ensure that all physical volumes in the volume group are
in a good and known state. If this flag is used on a volume group where a disk may be
in missing or removed state, the command may fail or the results may be inconsistent.
-I Causes the importvg command to fail if imfs fails.
-n Causes the volume not to be varied at the completion of the volume group import into
the system.
-R Restores the ownership, group ID, and permissions of the logical volume special device
files. These values will be restored only if they were set using U, G and P flags of mklv
and chlv commands. This flag is applicable only for scalable and big vg format volume
groups.
-V MajorNumber Specifies the major number of the imported volume group.
-x This flag is ignored. On AIX 5.2 and higher only Enhanced Concurrent Capable volume
groups will be created.

Attention: This entry must be added after the entry used to initiate srcmstr.

-y VolumeGroup Specifies the name to use for the new volume group. If this flag is not used, the system
automatically generates a new name.

The volume group name can only contain the following characters: ″A″ through ″Z,″ ″a″
through ″z,″ ″0″ through ″9,″ or ″_″ (the underscore), ″-″ (the minus sign), or ″.″ (the
period). All other characters are considered invalid.

Examples
1. To import the volume group bkvg from physical volume hdisk07, enter:

importvg -y bkvg hdisk07

The volume group bkvg is made known to the system.
2. To use the -L on a multi-tailed system:
Node A has the volume group datavg varied on.
Node B is aware of datavg, but it is not varied on.
Node A: varyonvg -b -u datavg
Node B: importvg -L datavg hdisk07
Node A: varyonvg datavg

32 Commands Reference, Volume 3

Files
/usr/sbin Directory where the importvg command resides.
/tmp Directory where the temporary files are stored while the command is running.

Related Information
The exportvg command, varyonvg command.

The Logical volume storage in Operating system and device management explains the Logical Volume
Manager, physical volumes, logical volumes, volume groups, organization, ensuring data integrity, and
allocation characteristics.

For information on installing the Web-based System Manager, see Chapter 2: Installation and System
Requirements in AIX 5L Version 5.3 Web-based System Manager Administration Guide.

The System management interface tool in Operating system and device management explains the
structure, main menus, and tasks that are done with SMIT.

imptun Command

Purpose
Adds the exported tunnel definitions and optional user-defined filter rules associated with the tunnels to the
local host.

Syntax
imptun -f directory [ -t tunnel_id_list ] [ -v 4 | 6 ] [ -n ] [ -r ] [ -g ] [ -l manual ]

Description
Use the imptun command to add exported tunnel definitions and optional user-defined filter rules
associated with the exported tunnels (files generated by the tunnel owner by using the exptun command)
to the local host. This command can also import tunnel definitions from the exported files generated by the
IBM firewall (SNG) product export command.

A new tunnel ID is generated by the local host when a tunnel is imported to the local tunnel table. The
auto-generated filter rules associated with the tunnel also is generated automatically. Importing the
exported user-defined filter rules is optional.

If the exported files are transmitted by diskette, it is assumed they will be loaded to a local file directory
using a command such as tar, depending on the tunnel owner’s instructions.

Flags
-f Specifies the directory from where the exported files will be read.
-g The suppress system auto-generated filter rule flag. If the -g flag is not used, the imptun command
generates two filter rules for each imported tunnel automatically. The auto-generated filter rules allow all
traffic between the two end points of the tunnel to go through the tunnel. If the -g flag is specified, the
command only imports the tunnel ibm definitions, and the user must add user-defined filter rules to use
the tunnel.
-l Specifies the type of the tunnel(s) you want to import. If manual is specified, only manual tunnel(s) are
imported. -n and -l flags are mutually exclusive.
-n Specifies that the export files were generated by the IBM firewall (version 2.2) tunnel export command.
This flag cannot be specified with the -v flag. The -n flag is also mutually exclusive with the -r flag.

Alphabetical Listing of Commands 33

-r Imports the user-defined filter rules associated with the tunnels that are being imported. To use the -r
flag, it must have been specified with the exptun command when the exported files were generated.
The -r flag is mutually exclusive with the -n flag.
-t Lists the set of tunnel IDs to be imported from the export files. The tunnel definitions identified by these
tunnel IDs are added to the local host. If this flag is not used, all the tunnel definitions in the export files
are added to the local host.
-v Specifies the IP version of the tunnel definitions from the exported files that you wish to import. If the -v
flag is not given, then all IP version 4 and IP version 6 tunnel definitions that exist in the export files are
imported.

Related Information
The gentun command, chtun command, rmtun command, exptun command, mktun command, and
lstun command.

inc Command

Purpose
Files new mail in a folder.

Syntax
inc [ + Folder ] [ -noaudit | -audit File ] [ -changecur | -nochangecur ] [ -form FormFile | -format String
] [ -help] [ -file File ] [ -truncate | -notruncate ] [ -nosilent | -silent ] [ -width Number ]

Description
The inc command files incoming mail in a specified folder and outputs a list of the messages filed. A folder
is a system directory. By default, the inc command removes the new messages from your mail drop and
places them in the specified folder. To file new mail without deleting the mail drop, use the -notruncate
flag.

If the specified folder does not exist, the inc command prompts you for permission to create it. The system
creates the folder as a subdirectory of the user’s Message Handler (MH) directory. The default folder is
inbox.

Note: If you do not have a Path: entry specified in your .mh_profile file, the inc command creates
the folder as a subdirectory of the current directory.

Filed messages are assigned consecutive message numbers starting with the next highest number in the
folder. Each new message receives the protection code specified in the Msg-Protect: entry in your
.mh_profile file. If the Msg-Protect: entry does not exist, a protection code of 644 is assigned. If the
Unseen-Sequence: entry exists, new messages are added to each sequence specified by the entry.

Flags
-audit File Copies the current date to the specified file and appends the output of the inc command
to the file.
-changecur Sets the first new message as the current message for the specified folder. This flag is
the default.
-file File Files messages from the specified file instead of the user’s maildrop.
+Folder Specifies the folder in which to place new messages. By default, the system creates a
subdirectory called inbox in the user’s MH directory.
-form FormFile Identifies a file that contains an alternate output format for the inc command.
-format String Specifies a string that defines an alternate output format for the inc command.

34 Commands Reference, Volume 3

-help Lists the command syntax, available switches (toggles), and version information.

Note: For MH, the name of this flag must be fully spelled out.
-noaudit Suppresses recording of information about any new messages filed. This is the default.
-nochangecur Prevents alteration of the current message for the specified folder.
-nosilent Prompts the user for any necessary information. This flag is the default.
-notruncate Prevents clearing of the mailbox or file from which the inc command is taking new
messages. If the -file flag is specified, the -notruncate flag is the default.
-silent Prevents prompting by the inc command for information. This flag is useful when running
the inc command in the background.
-truncate Clears the mailbox or file from which the inc command is taking new messages. If the
-file flag is not specified, the -truncate flag is the default.
-width Number Sets the number of columns in the command output. The default is the width of the
display.

Profile Entries
The following entries are entered in the UserMhDirectory/.mh_profile file:

Alternate-Mailboxes: Specifies alternate mailboxes.

Folder-Protect: Sets the protection level for new folder directories.
Msg-Protect: Sets the protection level for new message files.
Path: Specifies the user’s MH directory.
Unseen-Sequence: Specifies the sequences used to keep track of unseen messages.

Examples
1. To incorporate new mail into the default mail folder, inbox, enter:
inc

If the inbox folder exists, the system displays a message similar to the following:
Incorporating new mail into inbox...
65+ 04/08 [email protected] Meeting <<The meeting will
66 04/08 [email protected] Schedule <<Schedule change

In this example, two messages are filed in the inbox folder. The subject of the first message is
Meeting, and the first line starts with the words The meeting will. The subject of the second message
is Schedule, and the first line starts with the words Schedule change.
2. To incorporate new mail into a new folder called testcases, enter:

inc +testcases

The system prompts you as follows:

Create folder "/home/mary/testcases"?

If you wish to create the folder, enter:

yes

A message similar to the following is displayed:

Incorporating new mail into testcases...
67+ 04/08 [email protected] Meeting <<We will begin
68 04/08 [email protected] Schedule <<Schedule change

Alphabetical Listing of Commands 35

Files
$HOME/.mh_profile Customizes the MH user profile.
/etc/mh/mtstailor Tailors the MH environment to the local environment.
/var/spool/mail/$USER Specifies the location of the mail drop.
/usr/bin/inc Contains the inc command.

Related Information
The mhmail command, post command, scan command.

The mh_alias file format, mh_profile file format.

Mail applications in Networks and communication management.

indent Command

Purpose
Reformats a C language program.

Syntax
indent InputFile [ OutputFile ] [ -nbad | -bad ] [ -nbap | -bap ] [ -nbbb | -bbb ] [ -nbc | -bc ] [ -br | -bl] [
-cn] [ -cdn ] [ -ncdb | -cdb ] [ -nce | -ce ] [ -cin ] [ -clin ] [ -dn ] [ -din ] [ -ndj | -dj ] [ -nei | -ei ] [ -fa ] [
-nfa ] [ -nfc1 | -fc1 ] [ -in ] [ -nip | -ip ] [ -ln ] [ -lcn ] [ -nlp | -lp ] [ -npro ] [ -npcs | -pcs ] [ -nps | -ps ] [
-npsl | -psl ] [ -nsc | -sc ] [ -nsob | -sob ] [ -nslb | -slb ] [ -st ] [ -troff ] [ -nv | -v ] [ -TType ] ...

Description
The indent command reformats a C program as specified by flags entered with the command.

If you only specify the InputFile parameter, the reformatted file is written back into the InputFile parameter
and a backup copy of the InputFile parameter is written in the current directory with a .BAK filename
suffix.

If you specify the OutputFile parameter, the indent command checks to make sure its name is different
from the InputFile parameter.

To set up your own profile of defaults for the indent command, create a file called .[Link] in your
login directory or the current directory. In this file, include as many flags as desired, separated by spaces,
tabs, or new lines.

Flags in the .[Link] file in the current directory override those in your login directory (with the
exception of -TType flags, which accumulate). If the indent command is run and a profile file exists, the
profile file is read to set up the defaults of the program. Flags on the command line, however, override
profile flags.

Comment Handling
The indent command assumes that any comment with a - (dash) or * (asterisk) immediately after the start
of a comment marker (/*- or /**) is a comment surrounded by asterisks. Each line of the comment is left
unchanged, except for its indentation. This indentation can be adjusted to account for the change in
indentation of the first line of the comment.

All other comments are treated as text. The indent command fits as many words (separated by blanks,
tabs, or new-lines) on a line as possible. Blank lines break paragraphs.

36 Commands Reference, Volume 3

A block comment is a comment that is not to the right of the code, and extends for more than one line.

If a comment is on a line with code, it is started in the comment column set by the -cn flag. Otherwise, the
comment is started at n indentation levels less than where code is currently being placed, where n is
specified by the -dn flag. If the code on a line extends past the comment column, the comment starts
further to the right. The right margin can be extended automatically in extreme cases.

Preprocessor Lines Handling

In general, the indent command leaves preprocessor lines alone. The only reformatting it does is to
straighten up trailing comments. It leaves embedded comments alone. Conditional compilation (code
between #ifdef and #endif lines) is recognized and the indent command attempts to compensate
correctly for the syntactic peculiarities introduced.

C Syntax Handling
The parser built into the indent command attempts to cope with incomplete and misformed syntax. In
particular, the use of macros like:
#define forever for(;;)

is handled properly. For best results, use the indent command on source that is syntactically correct.

Flags
Note: Flags can appear before or after file names.

-bad Forces a blank line after every block of declarations.

-nbad Suppresses a blank line after every block of declarations; active unless turned off with the -bad flag.
-bap Forces a blank line after every procedure body.
-nbap Suppresses a blank line after every procedure body; active unless turned off with the -bap flag.
-bbb Forces a blank line before every block comment.
-nbbb Suppresses a blank line before every block comment; active unless turned off with the -bbb flag.
-bc Forces a new line after each comma in a declaration.
-nbc Suppresses a new line after each comma in a declaration; active unless turned off with the -bc flag.
-bl Formats compound statements, structure initializations, and enum initializations, as follows:
if (...)
{
code
}
-br Formats compound statements, structure initializations, and enum initializations, as follows:
if (...) {
code
}

This flag is active unless turned off with the -bl flag.
-cn Sets the initial tab position for comments on code to the n variable. The default value is 33.
-cdn Sets the initial tab position for comments on declarations to the n variable. By default, this flag uses the
value defined with the -c flag.
-cdb Enables placing comment delimiters on blank lines; active unless turned off with the -ncdb flag. The -cdb
flag affects only block comments, not comments to the right of code. Resulting comments look like the
following:
/*
* this is a comment
*/
-ncdb Disables placing comment delimiters on blank lines. The -ncdb flag affects only block comments, not
comments to the right of code. Resulting comments look like the following:
/* this is a comment */
-ce Enables forcing else statements to follow the immediately preceding } (left bracket); active unless turned
off with the -nce flag.
-nce Disables forcing else statements to follow the immediately preceding } (left bracket).

Alphabetical Listing of Commands 37

-cin Indents the continuation lines n positions from the beginning of the first line of the statement. Expressions
in parentheses have extra indentation added to indicate the nesting, unless the -lp flag is in effect. By
default, this flag uses the value defined by the -i flag.
-clin Indents the case labels n positions to the right of the containing flag statement. Entering -cli0.5 causes
case labels to be indented half a tab stop. This option is the only one that takes a fractional argument. By
default, the value is -cli0.
-dn Controls the placement of comments that are not to the right of code with the n variable. Specifying the -d1
flag causes such comments to appear one indention level to the left of code. By default, this flag uses -d0
and comments are aligned with code. The location of comment lines relative to program code affects the
comment indention.
-din Specifies the number of positions to indent an identifier from a preceding declaration keyword with the n
variable. By default, this flag uses -di16.
-dj Left-justifies declarations.
-ndj Indents declarations; active unless turned off with the -dj flag.
-ei Enables special else-if processing; active unless turned off with the -nei flag. The -ei flag causes if
statements following else statements to have the same indentation as the preceding if statement.
-nei Disables special else-if processing.
-fa Flips assign operators from old style C code to the ANSI format. This flag remains active unless turned off
with the -nfa flag.

Attention: The possibility of changing the meaning of the code exists if the code was meant for the
ANSI compiler. For example, A=-B becomes A-=B.

Note: Use no spaces between operators. If the user means subtraction, then the flipping is
necessary; on the other hand, if the user means A equals the negative of B, the flipping alters the
meaning.
-nfa Suppresses flipping the operators. Use this flag if the code is written for an ANSI compiler.
-fc1 Enables formatting comments that start in column 1; active unless turned off with the -nfc1 flag.
-nfc1 Disables formatting comments that start in column 1.
-in Sets the indentation level size. By default, the level size is 8 positions.
-ip Enables indenting parameter declarations; active unless turned off with the -nip flag.
-nip Disables indenting parameter declarations.

-ln Sets the maximum column position of comments that are to the right of the code. If the comment does
not fit on a line, a maximum of 25 characters are printed.
-lcn Sets the maximum line length for block comments to the n variable. By default, this flag uses the length
specified with the -l flag.
-lp Aligns code surrounded by parentheses in continuation lines; active unless turned off with the -nlp flag. If
a line has a left parenthesis with no matching right parenthesis on that line, continuation lines start at the
position following the left parenthesis.

With the -lp flag in effect, such lines appear as follows:

p1 = first_procedure(second_procedure(p2,p3),
third_procedure(p4,p5));

Inserting two more new lines yields the following:

p1 = first_procedure(second_procedure(p2,
p3),
third_procedure(p4,
p5));
-nlp Leaves code surrounded by parentheses in continuation lines unaligned. With the -nlp flag in effect, such
lines appear as follows:
p1 = first_procedure(second_procedure(p2,p3),
third_procedure(p4, p5));
-npro Causes the profile files ./.[Link] and $HOME/.[Link] to be ignored.
-pcs Inserts a space between each procedure call name and the following ( (left parenthesis).
-npcs Suppresses a space between each procedure call name and the following ( (left parenthesis); active
unless turned off with the -pcs flag.

38 Commands Reference, Volume 3

-ps Inserts spaces on both sides of the pointer following the -> operator.
-nps Suppresses spaces on both sides of the pointer following the -> operator; active unless turned off with
the -ps flag.
-psl Left-justifies the names of procedures being defined; active unless turned off with the -npsl flag. The
procedure types, if any, remain on the previous lines.
-npsl Disables left-justification of names of defined procedures.
-sc Enables the placement of * (asterisks) to the left of comments; active unless turned off with the -nsc flag.
-nsc Disables the placement of * (asterisks) to the left of comments.
-slb Treats any single-line comment that is not to the right of the code as a block comment.
-nslb Disables treating any single-line comment that is not to the right of the code as a block comment; active
unless turned off with the -slb flag.
-sob Removes optional blank lines. Works in combination with any of the following flags: -nbad, -nbap, or
-nbbb. Removes only blank lines that were inserted by the -bad, -bap, or -bbb flags.
-nsob Retains optional blank lines; active unless turned off with the -sob flag.
-st Causes the indent command to take its input from stdin and output to stdout.
-TType Adds the Type variable to the list of type keywords. Names accumulate so -T can be specified more than
once. You should specify all the types appearing in your program defined by typedef statements to
produce the best output from the indent command.
-troff Formats the C program for processing by troff. Produces a listing similar to listings produced by the
vgrind command. If no output file is specified, the default is standard output, rather than formatting in
place.
-v Turns on verbose mode, which reports when one line of input is split into two or more lines of output and
gives size statistics at completion.
-nv Turns off verbose mode; active unless turned off with the -v flag.

Examples
1. To format the test.c file using the default settings of the indent command and place the output into
the newtest.c file, enter:
indent test.c newtest.c
2. To format the test.c file so that a blank line is forced after every block of declarations and procedure
body, use all other default settings, and store the output in the newtest.c file, enter:
indent test.c newtest.c -bad -bap
3. To format the test.c file using the default settings of the indent command and to define uint as a
type keyword recognizable to the indent command, enter:
indent test.c newtest.c -Tuint

Files
./.[Link] Contains the profile file.
$HOME/.[Link] Contains the profile file.
/usr/ccs/bin/indent Contains the indent command.

Related Information
The cb command.

Commands in Operating system and device management.

indxbib Command

Purpose
Builds an inverted index for a bibliography.

Alphabetical Listing of Commands 39

Syntax
indxbib Database ...

Description
The indxbib command makes an inverted index to the named database (or files) for use by the lookbib
and refer commands. These files contain bibliographic references (or other kinds of information) separated
by blank lines.

Note: The indxbib command expects the database to exist in the current working directory.

A bibliographic reference is a set of lines, constituting fields of bibliographic information. Each field starts
on a line beginning with a % (percent sign), followed by a key letter, then a space character, and finally the
contents of the field, which can continue until the next line starting with a % (percent sign). All key letters
are ASCII characters.

The indxbib command is a shell script that calls the /usr/lib/refer/mkey and /usr/lib/refer/inv files. The
first program, mkey, performs the following operations:
1. Truncates words (delimited by blanks or tabs) to six characters.
2. Maps uppercase to lowercase characters.
3. Discards words shorter than three characters.
4. Discards the most commonly used words according to an existing ign file. An English language file,
/usr/lib/eign, has been provided with a list of common English words. It is suggested, but not
necessary, that users create their own files, named ign, consisting of language-specific common
words. This file, if created, should exist in the /usr/lib/nls/msg/$LANG directory.
5. Discards numbers (dates) less than 1900 or greater than 2099.

Note: All dates should be indexed because many disciplines refer to literature written in the 1800s or
earlier.

The second program, inv, creates in the working directory an entry file (.ia), a posting file (.ib), and a tag
file (.ic).

Files
/usr/lib/eign Contains the default list of common words the indxbib command discards while
processing.
[Link] Contains the entry file.
[Link] Contains the posting file.
[Link] Contains the tag file.

Environment Variables
NLSPATH Refers to a list of directory names where the message catalog files can be found.

Related Information
The addbib command, lookbib command, refer command, roffbib command, sortbib command.

40 Commands Reference, Volume 3

inetd Daemon

Purpose
Provides Internet service management for a network.

Syntax
Note: Use SRC commands to control the inetd daemon from the command line. Use the [Link] file
to start the daemon with each system restart.

/usr/sbin/inetd [ -d ] [ -t SecondsToWait ] [ ConfigurationFile ]

Description
The /usr/sbin/inetd daemon provides Internet service management for a network. This daemon reduces
system load by invoking other daemons only when they are needed and by providing several simple
Internet services internally without invoking other daemons.

The inetd daemon starts by default each time you start your system. When the daemon starts, it reads its
configuration information from the file specified in the ConfigurationFile parameter. If the parameter is not
specified, the inetd daemon reads its configuration information from the /etc/[Link] file.

Once started, the inetd daemon listens for connections on certain Internet sockets in the /etc/[Link].
The /etc/[Link] file describes to the inetd daemon how Internet service requests on Internet sockets
should be handled. When the inetd daemon receives a request on one of these sockets, it determines
which service corresponds to that socket and then either handles the service request itself or invokes the
appropriate server.

Subservers of the inetd Daemon

The inetd daemon (a subsystem) controls the following daemons (subservers):
v comsat daemon
v ftpd daemon
v fingerd daemon
v rlogind daemon
v rexecd daemon
v rshd daemon
v talkd daemon
v telnetd daemon
v tftpd daemon
v uucpd daemon.

The ftpd, rlogind, rexecd, rshd, talkd, telnetd, and uucpd daemons are started by default. The tftpd,
fingerd, and comsat daemons are not started by default unless they are uncommented in the
/etc/[Link] file.

Inetd Configuration File

The /etc/[Link] file can be updated by using the System Management Interface Tool (SMIT), the
System Resource Controller (SRC), or by editing the /etc/[Link].

If you change the /etc/[Link], using SMIT, then the inetd daemon will be refreshed automatically and
will read the new /etc/[Link] file. If you change the file using your favorite editor, run the refresh -s
inetd or kill -1 InetdPID command to inform the inetd daemon of the changes to its configuration file.

Alphabetical Listing of Commands 41

The entries in the /etc/[Link] file include the following information:

Service Name Specifies the name of a valid Internet service.

Socket Type Specifies the type of Internet socket used for the Internet service. (Only stream and datagram
sockets are implemented.) Valid values are:

stream

dgram

sunrpc_udp

sunrpc_tcp
Protocol Specifies the Internet Protocol used for the Internet service. Valid values are:

tcp

tcp6

udp

udp6
Wait/Nowait Specifies whether the inetd daemon should wait for the service to complete before continuing
to listen for this type of service request.
Wait/Nowait Specifies whether the inetd daemon should wait for the service to complete before continuing
to listen for this type of service request. SRC works like wait, but instead of forking and
waiting for the child to die, it does a startsrc on the subsystem and store information about
the starting of the service. When the service is removed from the [Link] file and inetd is
restarted, the service has a stopsrc issued to the service to stop it.
User Specifies the user name that inetd should use to start the subserver.
Path Specifies the fully qualified path name that inetd should execute to provide the service. For
services that inetd provides internally, this entry should be internal.
Command Specifies the name of the service to start and its parameters. This field is empty for internal
services.

The inetd daemon can be run with or without the SRC. In addition, the inetd daemon can be controlled by
issuing signals using the kill command.

Flags
-d Sends debugging messages to the syslogd daemon.
-t SecondsToWait Specifies the number of seconds to wait in the select() system call before looping.
The SecondsToWait can be a number from 1 to 999999. Without this flag the inetd
daemon will block until one of the active services is requested by a network
connection. This flag should only be used when a machine is servicing many wait
services like tftp and is not being used for other services. Since timing out the
select() system call will cause the inetd daemon to use more CPU cycles, this flag is
not recomended for most situations.

Service Requests
The Internet service requests that are supported internally by the inetd daemon are generally used for
debugging. They include the following internal services:

ECHO Returns data packets to a client host.

DISCARD Discards received data packets.
CHARGEN Discards received data packets and sends predefined or random data.
DAYTIME Sends the current date and time in user-readable form.
TIME Sends the current date and time in machine-readable form.

42 Commands Reference, Volume 3

Related Information
The fingerd daemon, ftpd daemon, rexecd daemon, rlogind daemon, rshd daemon, syslogd daemon,
talkd daemon, telnetd daemon, tftpd daemon.

The [Link] file format, protocols file format, services file format.

TCP/IP daemons in Networks and communication management.

infocmp Command

Purpose
Manages terminfo descriptions.

Syntax
infocmp [ -d] [ -c] [ -n] [ -I] [ -L] [ -C] [ -r] [ -u] [ -s { d| i| l| c}] [ -v] [ -V] [ -1] [ -w Width] [ -A Directory] [ -B
Directory] [TermName...]

Description
The infocmp command manages terminfo descriptions. You can use this command to:
v Compare a binary terminfo entry with other terminfo entries.
v Print a terminfo description from the binary file.
v Rewrite a terminfo description to take advantage of the use attribute.

The infocmp command prints the Boolean attributes first, the numeric attributes second, and the string
attributes last.

Comparing Entries
Use the -d, -c, and -n flags to compare entries. The -d flag returns the differences between entries. The -c
flag produces a list of the capabilities that are set and in common between two entries. The -n flag returns
a list of the capabilities that neither entry has.

To compare terminfo entries, you specify two or more TermName parameters. The infocmp command
compares the terminfo description of the first TermName parameter with each of the descriptions for the
subsequent TermNames specified. If a capability is defined for only one of the terminal descriptions, the
value returned will depend on the type of capability. For Boolean capabilities the infocmp command
returns an F, the command returns a -1 for integer capabilities, and null for string capabilities.

Producing a Source Listing

Use the -l (uppercase i), -L, -C, and -r flags to produce a source listing for one or more terminals. If you
do not specify a TermName parameter, the system uses the TERM environment variable. You can use
these source options to produce a source file for a terminfo binary when one is not available.

The I (uppercase i) flag produces a listing with the terminfo names. The -L flag produces a listing using
the long C variable names listed in /usr/include/term.h.

The -C flag uses termcap names instead of terminfo capability names when producing the source listing.
The infocmp commands translates and outputs only those terminfo capabilities that have a
corresponding termcap code name. To remove this restriction, specifying the -r flag. This flag causes the
command to output terminfo capabilities that cannot be translated into termcap format.

Alphabetical Listing of Commands 43

When using the -C and -r flags, the infocmp command notes any string parameters it was unable to
convert to the termcap format. You must edit these parameters manually. The command collects all
padding information for strings together and places it at the beginning of the string where termcap expects
it. Mandatory padding is optional after translation. Mandatory padding is padding information with a trailing
/ (slash).

Note: The -C and -r flags cannot always convert a terminfo string into its equivalent termcap form.
Similarly, a conversion from the termcap file format back into the terminfo file format does not
necessarily reproduce the original source.

Definitions with the use Attribute

Given a list of terminal menus and the -u flag, the infocmp command compares the first terminal’s
description against the other terminal descriptions. The infocmp command then creates a new description
for the first terminal using as much of the subsequent terminal descriptions as possible.

When you specify the -u flag and a list of terminal names, the infocmp command does the following:
v Compares subsequent terminal descriptions against the first.
v Creates a description of the first terminal you specified relative to the description of the other terminals.

The new description for the first terminal will have the following:
v Capabilities that exist in the subsequent terminals but do not exist for the first terminal will appear with
an @ in the resulting description.

Note: The @ implies that the capability does not exist.

v Capabilities defined in a subsequent terminal with the same value are replaced with use=<subsequent
terminal>.
v Any capabilities in the first terminal not found in any of the other terminals are printed along with the
corresponding values.
v If the first terminal has a capability whose value differs from the value found in at least one of the other
terminals, the capability is printed.

You can change a description and specify a capability after the use attribute. If this capability is also found
in the terminal referenced by the use attribute, the second capability takes precedence over the one
referenced by the use attribute.

Changing Databases
By default, terminal descriptions appear in the system terminfo database directory, /usr/share/lib/
terminfo. You can specify a different database location with the TERMINFO environment variable. The
infocmp command first checks to see if this variable exists. If the variable does not exist, the command
uses the system terminfo database.

You can use the -A and -B flag with the infocmp command to override the system database. The -A flag
identifies the terminfo database for the first TermName parameter. The -B flag identifies the database to
use for any subsequent terminals you name. Together, these flags make it possible to compare
descriptions for two terminals with the same name located in two different databases.

Flags
-A Directory Identifies the terminfo database for the first TermName parameter.
-B Directory Identifies the terminfo database for every TermName parameter except the first.
-C Uses the termcap code names to produce the source listing. Will not list terminfo
capabilities that cannot be translated to termcap format.

44 Commands Reference, Volume 3

-c Lists the capabilities that are common between the two entries. Capabilities that are
not set are ignored. This flag can be used as a quick check to see if it is desirable to
use the -u flag.
-d Lists the capabilities that are different between terminals. You can use this flag to
pinpoint the differences between similar terminal entries.
-I (uppercase i) Uses the terminfo capability names when producing the source listing.
-1 (numeral) Prints the capabilities one to a line. by default, the fields are printed several to a line
to a maximum width of 60 characters.
-L Uses the long C variable name listed in /usr/include/term.h file to produce the
source listing.
-n Compares two entries and lists the capabilities that do not exist in either. If you do not
specify a TermName parameter, the system uses the TERM environment variable for
both TermName parameters. You can use this as a quick check to see if anything
was left out of the description.
-r Instructs the infocmp command to output terminfo capabilities that cannot be
translated to termcap format. This flag is valid only with the -C flag.
-s Sorts the output from the infocmp command within each capability type (Boolean,
numeric, and string) and according to the argument below:
d Sort in the order specified in the terminfo database.
i Sort by terminfo name.
l Sort by the long C variable name.
c Sort by the termcap name.

If you do not specify an option with the -s flag, the command sorts each capability
alphabetically by the terminfo name within each type. If you specify the -C or the -L
flags with the -s flag, the capabilities are sorted by the termcap name or the long C
variable name, respectively.
-u Compares two or more terminal descriptions and produces new descriptions using the
use attribute.
-v Prints out tracing information on standard error.
-V Prints out the version of the program in use on standard error and exits.
-w Width Changes the output to the specified number of characters per line. The output
includes as many fields as possible that can fit within the specified number of
characters.

Note: Fields are not truncated.

Examples
1. To list the common capabilities between the aixterm and lft terminals, enter:
infocmp -c aixterm lft
2. To list all of the capabilities that are possible but do not currently exist for the current terminal, enter:
infocmp -n
3. To produce a source listing for the lft terminal in terminfo format, enter:
infocmp -I lft
4. To produce a source listing for the terminal description my_term that is located in /tmp using as much
of the lft description as possible, enter:
infocmp -A /tmp -u my_term lft

File
/usr/share/lib/terminfo Contains the compiled terminal description database.

Alphabetical Listing of Commands 45

Related Information
The tic and captoinfo commands.

The terminfo file format.

infocenter Command

Purpose
Starts the Information Center in a browser window.

Syntax
infocenter

Description
The infocenter command starts the Information Center in a browser window. The Information Center is
the primary location for finding information about your system. With the Information Center you can
navigate and search the documentation. The Information Center can also be started by clicking the
Information Center icon on the Help panel available from the CDE toolbar.

Note: The Information Center is available only by means of an HTML browser. If the default URL is an
external address, then access to the Internet is required. The infocenter command (and the
Information Center icon) activates the browser and directs the browser to the Web address of the
Information Center.

The actual Information Center brought up by the command depends on how it was configured. If no
Information Center files have been installed or no configuration has been done, the Information Center that
appears in the browser window is the default specified in the /usr/lpp/bosinst/[Link] file. If
the Information Center has been installed on a system within an intranet, using Configuration Assistant,
SMIT, or Web-based System Manager, then the server specified during the configuration process is used
as the documentation server.

The Web address of the Information Center is in the /usr/lpp/bosinst/[Link] file. If the
Information Center Web address is provided in this file, it will be in the following format:
export INFORMATION_CENTER_URL=information center url

If a line similar to this does not exist in the /usr/lpp/bosinst/[Link] file, or if the file does not
exist and the Information Center has not been configured to use a documentation server, the user will
receive a message indicating that the Information Center cannot start because an Information Center URL
was not found.

Files
/usr/sbin/infocenter Starts the Information Center in a browser window.
/usr/lpp/bosinst/[Link] Contains vendor profile information including the Web address used
by the infocenter command.

install Command

Purpose
Installs a command.

46 Commands Reference, Volume 3

Syntax
/usr/bin/install [- c DirectoryA] [- f DirectoryB] [- i] [- m] [- M Mode] [- O Owner] [- G Group] [- S] [- n
DirectoryC] [- o] [- s] File [Directory ... ]

Description
The install command installs a specified file in a specific place within a file system. It is most often used in
makefiles. When replacing files, the install command copies (or moves) each file into the appropriate
directory, thereby retaining the original owner and permissions based on the behavior of the cp and mv
commands. An attempt is made to change the destination to owner bin and group bin. The -O Owner and
-G Group flags can be used to specify a different owner or group. The install command writes a message
telling you exactly which files it is replacing or creating and where they are going.

You must be a super-user if you want to specify the ownership of the installed file with the -O or -G flags.

If you do not specify the Directory parameter, the install command searches a set of default directories
(/usr/bin, /etc, and /usr/lib, in that order) for a file with the same name as the File parameter. The first
time it finds one, it overwrites it with File and issues a message indicating that it has done so. If a match is
not found, the install command issues a message telling you there was no match and exits with no further
action. If the File parameter does not exist in the current directory, the install command displays an error
message and exits with a nonzero value.

If any directories are specified on the command line, the install command searches them before it
searches the default directories.

Flags
-c DirectoryA Installs a new command file in the DirectoryA variable only if that file does not already exist
there. If it finds a copy of File there, it issues a message and exits without overwriting the
file. This flag can be used alone or with the -s, -M, -O, -G, or -S flag.
-f DirectoryB Forces installation of File in DirectoryB whether or not File already exists. If the file being
installed does not already exist, the command sets the permission code and owner of the
new file to 755 and bin, respectively. This flag can be used alone or with the -o,-s, -M, -O,
-G, or -S flag.
-G Group Specifies a different group for the destination file. The default group is bin.
-i Ignores the default directory list and searches only those directories specified on the
command line. This flag cannot be used with the -c, -f, or -m flags.
-m Moves the File parameter to the directory instead of being copied. Cannot be used with the
-c, -f, -i, or -n flag.
-M Mode Specifies the mode of the destination file.
-n DirectoryC Installs the File parameter in the DirectoryC variable if it is not in any of the searched
directories, and sets the permissions and owner of the file to 755 and bin, respectively.
This flag cannot be used with the -c, -f, or -m flag.
-o Saves the old copy of the File parameter by copying it into a file called OLDFile in the
same directory. This flag cannot be used with the -c flag.
-O Owner Specifies a different owner of the destination file. The default owner is bin.
-s Suppresses the display of all but error messages.
-S Causes the binary to be stripped after installation.

Examples
1. To replace a command that already exists in one of the default directories, enter:
install fixit

Alphabetical Listing of Commands 47

 This replaces the fixit file if it is found in the /usr/bin, /etc, or /usr/lib directory. Otherwise, the fixit file
is not installed. For example, if /usr/bin/fixit exists, then this file is replaced by a copy of the file fixit
in the current directory.
2. To replace a command that already exists in a specified or default directory and to preserve the old
version, enter:

install -o fixit /etc /usr/games

This replaces the fixit file if it is found in the /etc or /usr/games directory or in one of the default
directories. Otherwise the fixit file is not installed. If the file is replaced, the old version is preserved by
renaming it OLDfixit in the directory in which it was found.
3. To replace a command that already exists in a specified directory, enter:

install -i fixit /home/jim/bin /home/joan/bin /usr/games

This replaces the fixit file if it is found in the /home/jim/bin, /home/joan/bin, or /usr/games directory.
Otherwise, the file is not installed.
4. To replace a command found in a default directory or install it in a specified directory if it is not found,
enter:

install -n /usr/bin fixit

This replaces the fixit file if it is found in one of the default directories. If the file is not found, it is
installed as /usr/bin/fixit.
5. To install a new command, enter:

install -c /usr/bin fixit

This creates a new command by installing a copy of the fixit file as /usr/bin/fixit, but only if this file
does not already exist.
6. To install a command in a specified directory whether or not it already exists, enter:

install -f /usr/bin -o -s fixit

This forces the fixit file to be installed as /usr/bin/fixit whether or not it already exists. The old
version, if any, is preserved by moving it to /usr/bin/OLDfixit (a result of the -o flag). The messages
that tell where the new command is installed are suppressed (a result of the -s flag).

Compatibility
For compatibility with Berkeley Software Distribution (BSD), two install commands exist. See the
installbsd command.

Files
/usr/bin/install Contains the install command.

Related Information
The chgrp command, chmod command, chown command, cp command, installbsd command, make
command, mv command, strip command.

48 Commands Reference, Volume 3

install_all_updates Command

Purpose
Updates installed software to the latest level on media and verifies the current recommended maintenance
or technology level.

Syntax
install_all_updates -d Device [ -p ] [ -i ] [ -c ] [ -r ] [ -n ] [ -s ] [ -x ] [ -v ] [ -N ] [ -S ] [ -Y ] [ -V ] [ -D ]

Description
install_all_updates examines currently installed software and attempts to update it to the latest level that
is available on the media. install_all_updates will not install any file sets that are present on the media,
but not installed on the system except in the following situations:
v the new file sets are installed as requites of other file sets.
v the /var/adm/ras/[Link] file sets ALL_DEVICES_KERNELS to yes.
For installp images, all installp requisites are enforced.
Notes:
1. Currently, install_all_updates processes installp images and rpm images. Because the rpm utility
does not support automatic installation of requisites, some rpm software may not be installable with
install_all_updates.
2. install_all_updates verifies the current recommended maintenance or technology level by using the
″oslevel″ utility and checking with the latest recommended maintenance or technology level known to
this version of install_all_updates.
3. If install_all_updates locates an update to the install utilities (the [Link] fileset), it first installs
the update and then reinvokes itself to process the remaining updates. The ″-i″ flag can be used to
update the install utilities only, this is useful when attempting to view an accurate preview.
4. install_all_updates applies all installp updates unless the COMMIT flag (-c) is specified. For more
information of APPLY vs. COMMIT please see the installp man page.
5. install_all_updates will by default instruct installp to automatically install requisites and to do any
necessary filesystem expansions. The ″-n″ will override the install requisite default, and ″-x″ will
override the filesystem expansion default.
6. The following flags apply to installp updates only: -c, -n, -x, -v, -S, and -V.

Flags
-c Instructs installp to commit all newly installed updates. Updates are applied by default (Please see
the installp man page for more explanation on applying vs. committing updates).
-d Device Specifies where the installation media can be found. This can be a hardware device such as tape or
cdrom or it can be a directory that contains installation images. When installation media is a tape
device it should be specified as no-rewind-on-close and no-retension-on-open.
-D Turns on install_all_updates debug output. This flag is for debugging the install_all_updates utility
and should not be used for normal operations.
-i Update install utilities only.
-n Instructs installp to not automatically install requisites. Automatic installation of requisites is the
default behavior.
-N Skip updating install utilities first.
Note: This flag is not recommended unless you are debugging a related problem.
-p Performs a preview of an action by running all preinstallation checks for the specified action. No
software changes are made.
-r Update rpm images (if possible). This flag is not set by default.

Alphabetical Listing of Commands 49

-s Skip recommended maintenance or technology level verification. The verification is performed by
default.
-S Instructs installp to suppress multi-volume processing of cdrom media.
-v Instructs installp to verify that all installed files in the fileset have the correct checksum value after
the installation. This operation may require more time to complete the installation.
-V Instructs installp to run in verbose output mode.
-x Instructs installp to not automatically expand file systems. Automatic expansion of file systems is the
default.
-Y Agrees to all software license agreements which are required for software installation.

Exit Status
0 All lppmgr related operations completed successfully.
>0 An error occurred.

Security
Only the root user can execute install_all_updates.

Examples
1. To install all installp updates on device /dev/cd0 and to verify the current recommended maintenance
or technology level, enter:
install_all_updates -d /dev/cd0
2. To commit install all installp updates and install any installable rpm updates in directory /images, enter:
install_all_updates -d /images -rc
3. To install the latest level of install utilities on device /dev/cd0 ([Link] installp fileset), enter:
install_all_updates -d /dev/cd0 -i

Files
/usr/sbin/install_all_updates Contains the install_all_updates command.

Related Information
The installpl command, lslpp command, rpm commnand

install_assist Command

Purpose
Starts the Installation Assistant application.

Syntax
install_assist

Description
The install_assist command starts Installation Assistant, an application designed to simplify the
customization of your system after a Base Operating System (BOS) installation. The Installation Assistant
guides you through post-installation tasks and, in some cases, automatically installs software packages for
you. The Installation Assistant has two interfaces, ASCII and graphical. The interface that displays is based
on your terminal type (defined in the TERM environment variable).

50 Commands Reference, Volume 3

If your terminal type is not set, the first menu displayed by the ASCII Installation Assistant requires you to
enter your terminal type (tty). If you enter a terminal type that is not valid, this menu redisplays until a valid
type is entered. If you enter a valid terminal type that does not match your terminal, the next screen
displayed could be unreadable. In this case, press the break key sequence to return to the Set Terminal
Type screen. For most terminal types, the break key sequence is Ctrl-C.

On a system with an ASCII interface, the newly installed BOS reboots and starts the Installation Assistant
to guide you through completing configuration tasks. You must have root user authority to use the
Installation Assistant. To access the Installation Assistant later, type install_assist on the command line.
You can also access it from a graphics system through the SMIT smit assist fast path. If there are
outstanding software license agreements that must be accepted before you can continue to use the
machine, the Installation Assistant prompts you to view and accept these agreements.

On a system with a graphical interface, the newly installed BOS reboots and the Configuration Assistant
starts to guide you through the configuration tasks. If there are outstanding software license agreements
that must be accepted before you can continue to use the machine, the Configuration Assistant prompts
you to view and accept these agreements. To access the Configuration Assistant later, type configassist
on the command line.

Most Installation Assistant tasks create or add to the [Link] and [Link] files in your home directory.
(These are the same files appended when you run a SMIT session.) The commands built and run by the
Installation Assistant tasks are added to the end of the [Link] file along with the command output. The
time, name of the task, and the command (flags and parameters included) are added to the end of the
[Link] file in a format that can easily be used to create executable shell scripts.

Example
1. To start the Installation Assistant, type:
install_assist
2. To access the Configuration Assistant, type:
configassist
3. Access the Installation Assistant from a graphical interface, use the SMIT smit assist fast path.

Files
[Link] Specifies detailed information on your session, with time stamps.
[Link] Specifies the task commands run during your session, with time stamps.

Related Information
The configassist command.

Configuring AIX in Installation and migration

install_mh Command

Purpose
Sets up mailbox directories.

Syntax
install_mh [ -auto ] [ -help ]

Alphabetical Listing of Commands 51

Description
The install_mh command sets up mailbox directories. The install_mh command is not started by the
user. The install_mh command is called by other programs only.

The install_mh command starts automatically the first time you run any Message Handler (MH) command.
The install_mh command prompts you for the name of your mail directory. If the directory does not exist,
the install_mh command queries you if it should be created. Upon receiving a positive response, the
install_mh command creates the $HOME/.mh_profile file and places the Path: profile entry in it. This
entry identifies the location of your mailbox by specifying the directory path for your MH directory,
UserMHDirectory.

Flags
-auto Creates the standard MH path without prompting.
-help Lists the command syntax, available switches (toggles), and version information.

Note: For MH, the name of this flag must be fully spelled out.

Files
$HOME/.mh_profile Contains the MH user profile.

Related Information
Mail applications in Networks and communication management.

install_wizard Command

Purpose
Invokes the Web-based System Manager Install Wizard or the SMIT install menu.

Syntax
install_wizard [ -d Media ]

Description
The install_wizard command invokes the Web-based System Manager Install Wizard or the SMIT install
menu. This provides an easy path to the install interfaces. These interfaces show media content for
installp, UDI, or ISJE products and launch the appropriate installer.

Flags
-d device or directory The device or directory containing the images to install.

Example
To invoke the Web-based System Manager Install Wizard, insert an install CD in cd1 and type:
install_wizard -d /dev/cd1

Files
/usr/sbin/install_wizard

52 Commands Reference, Volume 3

Related Information
The installp command.

installbsd Command

Purpose
Installs a command (BSD version of the install command).

Syntax
/usr/bin/installbsd [ -c ] [ -g Group ] [ -m Mode ] [ -o Owner ] [ -s ] BinaryFileDestination

Description
The installbsd command installs the file specified by the BinaryFile parameter by moving it to a file or
directory specified by the Destination parameter. Use of the -c flag copies the BinaryFile rather than
moving it. If the specified Destination parameter is a directory, the BinaryFile is moved into the directory. If
the specified Destination parameter already exists as a file, the installbsd command removes that file
before the BinaryFile is moved. The installbsd command does not move a file onto itself.

Installing the file /dev/null creates an empty file.

Flags
-c Copies the file specified by the BinaryFile parameter to the file or directory specified by the
Destination parameter.
-g Group Specifies a group for the file specified by the Destination parameter. The default group is staff.
-m Mode Specifies a mode for the file specified by the Destination parameter. The default mode is 755. The
specified mode can be an octal number or a symbolic value.
-o Owner Specifies the owner for the file specified by the Destination parameter. The default owner is the root
user.
-s Causes the file specified by the BinaryFile parameter to be stripped after installation.

Examples
To install a new command called fixit, enter:

installbsd -c o mike fixit /usr/bin

This command sequence installs a new command by copying the program fixit to /usr/bin/fixit, with
user mike as the owner.

Files
/usr/ucb/install Hard-link to the /usr/bin/installbsd file.
/usr/bin/installbsd Contains the installbsd command.

Related Information
The chgrp command, chmod command, chown command, cp command, install command, mv
command, strip command.

Alphabetical Listing of Commands 53

installios Command

Purpose
Sets up the environment and creates NIM resources from the Virtual I/O Server DVD to install the Virtual
I/O logical partition and the Integrated Virtualization Manager.

Syntax
To set up the environment and create NIM resources for installing a Virtual I/O logical partition or
Integrated Virtualization Manager:

installios [ -p partition_name -i ipaddrorhostname -S subnet_mask -g gateway -d path -s system_name -r

profile [ -n ] [ -P speed ] [ -D duplex ] [ -l language ] [ -L location ] ]

To clean up tasks from the setup process:

installios -u [ -f | -U ]

Description
The installios command creates NIM resources from the Virtual I/O Server DVD to install a Virtual I/O
logical partition and Integrated Virtualization Manager. When invoked on a NIM client, the -L flag must be
specified with the location of the [Link] fileset. The installios command configures the
client as a NIM master and creates the resources from the Virtual I/O Server DVD to install the ioserver
logical partition or the Integrated Virtualization Manager. After the logical partition or Integrated
Virtualization Manager have been installed, the installios command can return the NIM master back to its
original state by removing the created resources from the DVD or by unconfiguring the NIM master. All of
the flags are optional. If no flags are specified, the installios wizard runs and the user is prompted to
interactively enter the flag information.

Flags
-d path Specifies the path to the installation images (/dev/cd0 or
the path to a system backup of the Virtual I/O Server
created by the backupios command. The path may also
specify a remote NFS-mountable location such as
hostname:/path_to_backup.
-D duplex Specifies duplex (optional). This is the duplex setting with
which to configure the client’s network interface. This
value can be full or half. The default value is full if this flag
is not specified.
-f Forces a cleanup to deallocate and remove resources
which are not yet installed on a Virtual I/O logical partition
or Integrated Virtualization Manager.
-g gateway Specifies the client gateway (the default gateway that the
client will use during network installation of the Virtual I/O
Server operating system).
-i ipaddrorhostname Specifies the client IP address or hostname (the IP
address or hostname with which the client’s network
interface will be configured for network installation of the
Virtual I/O Server operating system).

54 Commands Reference, Volume 3

-l language Specifies the language (optional). This is the language in
which the license agreement will be displayed before the
installation. When the license is viewed, a prompt displays
asking if the license is to be accepted. If the prompt is
answered with y, then the installation will proceed and the
Virtual I/O Server license is automatically accepted after
installation. If the prompt is answered with n, the
installios command exits and the installation does not
proceed. If this flag is not specified, the installation
proceeds, but the Virtual I/O Server will not be usable until
the license is manually accepted after installation.
-L location Specifies the location of the [Link] fileset
to configure a client to become a NIM master.
-n Specifies that the client’s network interface should not be
configured. If this flag is specified, the client’s network
interface will not be configured with the IP settings that
were specified in the flags given to the installios
command after the installation has completed.
-p partition_name Specifies the partition name. This is the name of the
LPAR that will be installed with Virtual I/O Server
operating system. This partition must be of type Virtual I/O
Server and the partition name must match the name
shown on the HMC; the name is not a host name.
-P speed Specifies speed (optional). This is the communication
speed to use when configuring the client’s network
interface. This value can be 10, 100, or 1000. The default
value is 100 if this flag is not specified.
-r profile Specifies the profile name. This is the name of the profile
that will contain the hardware resources that will be
installed.
-s system_name Specifies the managed system (the name of the managed
system maintained by the HMC). This name must match
the name shown on the HMC; the name is not a host
name.
-S subnet_mask Specifies the client subnet mask (the subnet mask with
which the client’s network interface will be configured for
network installation of the Virtual I/O Server operating
system).
-u Cleans up the environment to return the NIM master back
to its original state.
-U Unconfigures the NIM master.

Exit Status
0 The installios command was successful.

Security
You must have root authority to run the installios command

Examples
1. To create Virtual I/O resources on a NIM master for installing client [Link], type:
installios -d /dev/cd0 -i [Link] -g [Link] -S [Link]
2. To create Virtual I/O resources on a NIM client for installing client [Link] where /tmp contains the
[Link] fileset, type:
installios -d /dev/cd0 -i [Link] -g [Link] -S [Link] -L /tmp

Alphabetical Listing of Commands 55

3. To clean up tasks performed while creating Virtual I/O resources, type:
installios -u
4. To clean up tasks performed during the creation of Virtual I/O resources on a logical partition which
has not yet been installed, type:
installios -u -f
5. To clean up tasks and unconfigure NIM after creating Virtual I/O resources, type:
installios -u -U

Location
/usr/sbin/installios

Files
/usr/sbin/installios Contains the installios command
/etc/niminfo Contains variables used by NIM

Related Information
The nim_master_setup command, nim command, and nimconfig command.

installp Command

Purpose
Installs available software products in a compatible installation package.

Syntax
To Install with Apply Only or with Apply and Commit
installp [ -a | -a c [ -N ] ] [ -eLogFile ] [ -V Number ] [ -dDevice ] [ -E ] [ -Y ] [ -b ] [ -S ] [ -B ] [ -D ] [ -I ] [
-p ] [ -Q ] [ -q ] [ -v ] [ -X ] [ -F | -g ] [ -O { [ r ] [ s ] [ u ] } ] [ -tSaveDirectory ] [ -w ] [ -zBlockSize ] {
FilesetName [ Level ]... | -f ListFile | all }

To Commit Applied Updates

installp -c [ -eLogFile ] [ -VNumber ] [ -b ] [ -g ] [ -p ] [ -v ] [ -X ] [ -O { [ r ] [ s ] [ u ] } ] [ -w ] {
FilesetName [ Level ]... | -f ListFile | all }

To Reject Applied Updates

installp -r [ -eLogFile ] [ -VNumber ] [ -b ] [ -g ] [ -p ] [ -v ] [ -X ] [ -O { [ r ] [ s ] [ u ] } ] [ -w ] {
FilesetName [ Level ]... | -f ListFile }

To Deinstall (Remove) Installed Software

installp -u [ -eLogFile ] [ -VNumber ] [ -b ] [ -g ] [ -p ] [ -v ] [ -X ] [ -O { [ r ] [ s ] [ u ] } ] [ -w ] {
FilesetName [ Level ]... | -f ListFile }

To Clean Up a Failed Installation:

installp -C [ -b ] [ -eLogFile ]

To List All Installable Software on Media

installp { -l | -L } [ -eLogFile ] [ -d Device ] [ -B ] [ -I ] [ -q ] [-E ] [ -zBlockSize ] [ -O { [ s ] [ u ] } ]

56 Commands Reference, Volume 3

To List All Customer-Reported Problems Fixed with Software or Display All
Supplemental Information
installp { -A| -i } [ -eLogFile ] [ -dDevice ] [ -B ] [ -I ] [ -q ] [ -z BlockSize ] [ -O { [ s ] [ u ] } ] { FilesetName
[ Level ]... | -f ListFile | all }

To List Installed Updates That Are Applied But Not Committed

installp -s [ -eLogFile ] [ -O { [ r ] [ s ] [ u ] } ] [ -w ] { FilesetName [ Level ]... | -fListFile | all }

To List Platform Specific Installable Software on Media

installp { -l | -L } { -MPlatform } [ -eLogFile ] [ -d Device ] [ -B ] [ -I ] [ -q ] [ -z BlockSize ] [ -O { [ s ] [ u ] }
]

Description
Notes:
1. The noclobber option of the Korn or C shell should be unset in the environment from which an
installation is performed.
2. Update all can be accomplished with smitty or with install_all_updates.

The installp command installs and updates software.

A fileset is the lowest installable base unit. For example, [Link] [Link] is a fileset. A fileset
update is an update with a different fix ID, maintenance level, or technology level. For example,
[Link] [Link] and [Link] [Link] are both fileset updates for [Link]
[Link].

When a base level (fileset) is installed on the system, it is automatically committed. You can remove a
fileset regardless of the state (committed, broken, committed with applied updates, committed with
committed updates, etc.).

When a fileset update is applied to the system, the update is installed. The current version of that
software, at the time of the installation, is saved in a special save directory on the disk so that later you
can return to that version if desired. After a new version of a software product has been applied to the
system, that version becomes the currently active version of the software.

Updates that have been applied to the system can be either committed or rejected at a later time. The
installp -s command can be used to get a list of applied updates that can be committed or rejected.

When updates are committed with the -c flag, the user is making a commitment to that version of the
software product, and the saved files from all previous versions of the software product are removed from
the system, thereby making it impossible to return to a previous version of the software product. Software
can be committed at the time of installation by using the -ac flags. Note that committing already applied
updates does not change the currently active version of a software product. It merely removes saved files
for previous versions of the software product.

When a base level is removed with the -u flag, the files that are part of the software product and all its
updates are removed from the system. Most cleanup of system configuration information pertaining to the
product is also done, but this is dependent on the product and may not always be complete.

When a software product update is rejected with the -r flag, the active version of the software product is
changed to the version immediately previous to the rejected update. Files saved for the rejected update
and any updates that were applied after it are removed from the system.

A software product that is to be removed from the system can be in any state. Any product updates can be
in either the applied or committed state, and they will also be removed.

Alphabetical Listing of Commands 57

If a previously interrupted installation leaves any software in a state of either applying or committing, it is
necessary to perform cleanup with the -C flag before any further installations will be allowed. Although the
installp -C command accepts software product names on the command line without returning an error, an
attempt is always made to clean up all products when the -C flag is used. An attempt is made to clean up
any incomplete installations by removing those parts that were previously completed. An attempt is also
made to return to the previous version of the software product, if one exists, as the currently active
version. If this cannot be done, the software product is marked as broken, and unpredictable results can
occur if the user attempts to use it. Therefore, it is advisable for the user to reinstall any broken software
products or updates.

The -t flag specifies an alternate location for a save directory that holds files being replaced by an update.
This option is primarily useful in the following two circumstances.
v You have enough local disk space for saving replaced files but you do not want to permanently expand
the root and /usr file systems.
In this case, you can choose to create a separate file system for the alternate save directory. When you
are satisfied with the updated system and have committed all applied updates, disk space can be
retrieved by deleting the save file system.
v If you do not have enough local disk space for saving replaced files but you have access to ample disk
space on a remote system, then you can specify a directory that is mounted from a remote file system.
If a remote file system is used, commit the updates as soon as possible. You may want to initiate the
installation action as an apply and commit operation with the -ac flags. If you want to apply only to be
capable of rejecting any unwanted updates, then test the newly installed updates as soon as possible
and then commit or reject them.
Take into account the following considerations when using an alternate save directory:
v It is recommended that you use the same alternate save location on each invocation of the installp
command.
v If an alternate save directory is used for an apply operation, make sure that the file system containing
that directory remains mounted. It is highly recommended that any necessary mounts be done
automatically on a reboot.
v If an alternate save directory is missing on a commit operation, the commit takes place, and a warning
is given stating that the save directory could not be deleted. It is then your responsibility to delete the
save directories that are no longer used in order to retrieve that disk space.
v If an alternate save directory is missing on reject, the reject operation cannot be done because the
saved files are missing. An error is given, and the entire reject operation is cancelled. If the missing
save directory is not caused by a temporary situation (for example, the inability to contact a remote
directory on the network,) your only options are to commit the updates or leave them in an applied state
permanently.
v When doing a system backup, you are responsible for backing up any alternate save directories that do
not reside in the root volume group.
v The installation process safeguards users with a remote save directory from the possibility of two
different systems using the same remote directory. However, use directory pathnames that easily and
uniquely identify each user’s system. For example, you might add the system’s hostname somewhere in
the pathname.
v Do not create a mksysb backup of a system with a remote save directory and then try to restore the
mksysb image onto a system other than the original. In this case, using a mksysb image to install
several like systems causes multiple ownership of the same remote save directory.

The installp -A command can be used to obtain a list of the Authorized Program Analysis Report (APAR)
numbers and summaries for all customer-reported problems that are fixed in the specified software
package. The installp -i command can be used to display supplemental information contained in files that
can be a part of the specified software package.

58 Commands Reference, Volume 3

To list all the software products and updates on the specified installation media, use the installp -l
command. The output of the installp command with the -l flag resembles the following:
# Fileset Name Level I/U Q Content
#================================================================
[Link] [Link] I N usr
# AIXwindows Application Development Toolkit Include F

[Link] [Link] I N usr

# AIXwindows Application Development Toolkit Libraries
#
[Link] [Link] I N usr
# AIXwindows Application Development Toolkit Motif

#
[Link] [Link] I N usr
# AIXwindows Application Development Toolkit Bitmap Fi

#
[Link] [Link] I N usr
# AIXwindows Application Development Toolkit for X Ext
#
[Link] [Link] I N usr
# AIXwindows Application Development Toolkit imake
#
[Link] [Link] I N usr
# AIXwindows Runtime Configuration Applications
#
[Link] [Link] I N usr
# AIXwindows msmit Application

The fields have the following meanings:

Fileset Name Name of the fileset to be installed.

Level Level of the fileset to be installed.
I/U Indicates the type of package of which the fileset is a part. The fileset may belong to an
installation package or to one of several types of update packages. The package types are
as follows:
I Indicates an installation package.
S Indicates a single update.
SR Indicates a required update. Whenever the installp command encounters a required
update, the update is automatically included in the input list.
SF Indicates a required update. Whenever the installp command encounters a required
update, the update is automatically included in the input list. Reserved for updates to
the installp fileset.
M Indicates a maintenance or technology package. This is a packaging update that
contains only a list of other updates to be applied. This package delivers no files.
ML Indicates an update package that identifies a new maintenance or technology level
for the product. This is a cumulative set of all updates since the previous product
level.
Q Quiescent (quiet) column. A Y indicates that running processes can be affected by the
installation of this fileset. Refer to the documentation supplied with the software product. An N
indicates that running processes are not affected by the installation of this fileset. A B
indicates bosboot and quiescent. A b indicates bosboot and not quiescent.

Alphabetical Listing of Commands 59

Content Content column:
usr,root
/usr and root file systems (AIX 3.2 and later)
usr /usr file system only (AIX 3.2 and later)
share /usr/share file system only (AIX 3.2 and later)

Output from the installp -s command, which is used to get a list of applied software fileset updates and
updates that are available to be either committed or rejected, resembles the following:
Installp Status
---------------
Name Part Level State
--------------------------------------------------------------------
[Link] USR [Link] APPLIED
[Link] ROOT [Link] APPLIED
[Link] USR [Link] APPLIED
[Link].misc_cmds USR [Link] APPLIED
[Link] USR [Link] APPLIED

The fields have the following meanings:

Name Name of the installed software product fileset.

Part The part of the fileset where:
ROOT root file system
SHARE /usr/share file system
USR /usr file system.
Level The level of the installed software product option.
State The state of the installed software product option.

The software products and updates to be installed can be identified in one of three ways:
v by the keyword all, which indicates that all software contained on the specified installation media is to
be installed
v by a list of software product names (each of which can optionally be followed by a level) that indicates
the software to be installed
v by the -f flag followed by a file name, where each line in the file is an entry containing a software
product name, optionally followed by a level, or is a comment line that begins with a # and is ignored

Note: The installp program uses the sysck command to verify files after restoring them. The sysck
command does not recognize the following special characters in file names: ~, `, ’, \, ″, $, ^, &, (
), |, {}, [], <>, and ?. If a file name contains one of these characters, installation fails.

The FilesetName parameter can be used to specify an entire software product or any separately installable
filesets within the software package. For example, [Link] is the name of a software package, and the
separately installable filesets within that software package are [Link], [Link], and
[Link]. If the user specifies [Link] for the FilesetName parameter, then all of the separately
installable filesets listed are installed. If the user specifies [Link] for the FilesetName
parameter, then only that fileset is installed.

The Level parameter indicates the level of the software product or update that is to be installed. The Level
parameter is of the form [Link] where:

vv is a numeric field of 1 to 2 digits that represents the version number.

rr is a numeric field of 1 to 2 digits that represents the release number.
mmmm is a numeric field of 1 to 4 digits that represents the modification level.

60 Commands Reference, Volume 3

ffff is a numeric field of 1 to 4 digits that represents the fix level.
ppppppppp is a character field of 1 to 9 characters that represents the fix ID.

If a user is installing an installation package from installation media that contains only installation packages
it is not usually necessary to specify the level. More than one software product installation package with
different levels does not often exist on the same installation medium, but when this does occur installp
installs the specified software product at the latest software product level when Level is not specified with
FilesetName. For installation media that contain either update packages only or contain both installation
and update packages, all applicable update packages that are present on the installation media for the
specified FilesetName are also installed when Level is not specified. For installation media that contain
both installation and update packages the user can request the installation of only installation packages or
only update packages by specifying the -I or -B flags, respectively. If the user wants to install only some of
the updates on the installation medium for a specific software product both FilesetName and Level for
each of the updates to be installed for that software product must be specified.

An example of what might be entered to install TCP/IP and one of its updates that are both contained in
the /usr/sys/[Link] directory would be the following:
installp -a -d/usr/sys/[Link] [Link] [Link]
[Link] [Link]

Note: In the event that there are duplicate filesets at the same level, installp will use the first one that it
finds in the install table of contents ( .toc ). This situation can occur when bffcreate is used to
extract images from different media to the same installation directory. For this reason, make sure
that update images are not extracted to the same directory as base level images for the same
fileset at the same level.

A summary report is given at the end of the installp output that lists the status of each of the software
products that were to be installed. An example summary report for the previous installp command follows:
Installp Summary
----------------
Name Level Part Event Result
--------------------------------------------------------------------
[Link] [Link] USR APPLY SUCCESS
[Link] [Link] ROOT APPLY SUCCESS
[Link] [Link] USR APPLY SUCCESS

Note: If a previously installed level of a fileset update is in the broken state, the -acgN flags must be used
when that fileset update is installed again.

Summary Report Values

The summary report identifies the name of the product option and the part of the product. Other
information given includes the requested action (event) and the result of that action.

Event Values
The Event column of the summary report identifies the action that has been requested of the installp
command. The following values may be found in this column:

Event Definition
APPLY An attempt was made to apply the specified fileset.
COMMIT An attempt was made to commit the specified fileset update.
REJECT An attempt was made to reject the specified fileset update.
CLEANUP An attempt was made to perform cleanup for the specified fileset.
DEINSTALL An attempt was made to remove the specified fileset.

Alphabetical Listing of Commands 61

Result Values
The Result column of the summary report gives the result of installp performing the requested action. It
can have the following values:

Result Definition
SUCCESS The specified action succeeded.
FAILED The specified action failed.
CANCELLED Although preinstallation checking passed for the specified option, it was necessary to cancel the
specified action before it was begun. Interrupting the installation process with Ctrl-c can sometimes
cause a canceled action, although, in general, a Ctrl-c interrupt causes unpredictable results.

Flags
-A Displays the APAR number and summary of all customer-reported problems that are
fixed in the specified software package. No installation is attempted.
-a Applies one or more software products or updates. This is the default action. This flag
can be used with the -c flag to apply and commit a software product update when
installed.
-b Prevents the system from performing a bosboot in the event that one is needed.
-B Indicates that the requested action should be limited to software updates.
-C Cleans up after an interrupted installation and attempts to remove all incomplete
pieces of the previous installation. Cleanup should be performed whenever any
software product or update is in a state of either applying or committing and can be
run manually as needed. For backwards compatibility other flags and parameters can
be accepted with installp -C, but are ignored because all necessary cleanup is
attempted.
-c Commits all specified updates that are currently applied but not committed. When an
update is committed all other software products it is dependent on must also be
committed (unless they are already in the committed state). The specified software
product is dependent on any software product that is a prerequisite or corequisite of
the specified product. The commit will fail and error messages will be given if any
requisite software products are not in the committed state. The -g flag can be used to
automatically commit requisite software product updates.
-D Deletes the installation image file after the software product or update has been
successfully installed. When the -g flag is specified, the installation image files for any
products that are automatically included will also be deleted. This flag is valid only
with the -a or -ac flags and is not valid with the -Or flag. This flag is also only valid
when the device is a directory and an installation image file on the system where the
installation is taking place.
-d Device Specifies where the installation media can be found. This can be a hardware device
such as tape or diskette, it can be a directory that contains installation images, or it
can be the installation image file itself. When the installation media is a product tape
or Corrective Service tape, specified the tape device as no-rewind-on-close and
no-retension-on-open. Examples of this would be /dev/rmt0.1 for a high density tape,
or /dev/rmt0.5 for a low density tape. Use the options specified by the tape supplier.
The default device is /dev/rfd0.

62 Commands Reference, Volume 3

-e LogFile Enables event logging. The -e flag enables the user to append certain parts of the
installp command output to the file specified by the LogFile variable. By default the
output of the installp command goes to stdout and stderr, unless SMIT or VSM is
used, in which case the output goes to the [Link]. The LogFile variable must
specify an existing, writable file, and the file system in which the file resides must
have enough space to store the log. The log file does not wrap.

Not all output is appended. Copyright information is still displayed to the user. Any
error messages are displayed on the screen and sent to the file specified by the
LogFile variable. A results summary of the installp command invocation is also
displayed on the screen and sent to the LogFile. This flag is primarily used by NIM
and BOS install to limit the output shown to the user, but keep useful information for
later retrieval.
-E Displays software license agreements. This flag is only valid with the -a or -l flags. If
the -E flag is specified with the -a flag, a new section is emitted showing the pending
license agreements associated with the selected filesets. If the -E flag is specified
with the -l flag, output is emitted showing the license agreements associated with all
filesets on the media.
-F This option can be used to force the installation of a software product even if there
exists a previously installed version of the software product that is the same as or
newer than the version currently being installed. The -F flag is not valid with update
packages or the -g flag. When you use the -F flag, the -I flag is implicit.
-f ListFile Reads the names of the software products from ListFile. If ListFile is a - (dash), it
reads the list of names from the standard input. Software fileset names, optionally
followed by a level, should be one per line of text, and any text following the second
set of white spaces or tabs on a line is ignored. Output from the installp -l command
is suitable for input to this flag.
-g When used to install or commit, this flag automatically installs or commits,
respectively, any software products or updates that are requisites of the specified
software product. When used to remove or reject software, this flag automatically
removes or rejects dependents of the specified software. The -g flag is not valid when
used with the -F flag.
Note: This flag also automatically pulls in a superseding update present on the
media if the specified update is not present. This flag causes the newest update to be
installed for a given fileset, when there are multiple superseding updates for the same
fileset on the installation media.
-I (uppercase i) Indicates that the requested action should be limited to base level
filesets.
-i Displays on standard output the [Link], [Link], [Link], and README files
on the installation media for the software product, if they exist. This flag can take a
significant amount of time for a large number of filesets.
-J This flag is used when the installp command is executed from the System
Management Interface Tool (SMIT) menus.
-l (lowercase L) Lists all the software products and their separately installable options
contained on the installation media to standard output. No installation occurs. The -l
flag is not valid with the -Or flag.
-L Displays the contents of the media by looking at the table of contents (TOC) and
displaying the information in colon-separated output. This flag is used by smit and
vsm to list content of the media. The format provided:
package:fileset:v.r.m.f:PTF:type:state:supersede:\
sup_ptf:sup_state:latest_sup:quiesce:Descr:\
netls_vendor_id:netls_prod_id:netls_prod_ver
-MPlatform Specifies the Platform value. Any of the following values may be used to list the
installable software packages:
R Specifies POWER-based platform packages only.
N Specifies neutral packages, that is, packages that are not restricted to the
POWER-based platform.
A Specifies all packages.

Alphabetical Listing of Commands 63

-N Overrides saving of existing files that are replaced when installing or updating. This
flag is valid only with the -ac flags. If there is a failure in the system during the
installation, there is no recovery of replaced files when this flag is used.
-O{[r][s][u]} Installs the specified part of the software product. The r indicates the / (root) part is to
be installed, the s indicates the /usr/share part is to be installed, and the u indicates
the /usr part is to be installed. The -O flag is not needed with standard systems
because without this flag all parts are installed by default. This flag is needed for use
with the installation of diskless or dataless workstations and is designed for use by
the nim command. The -Or option is not valid with the -d or -l flags.
-p Performs a preview of an action by running all preinstallation checks for the specified
action. This flag is only valid with apply, commit, reject, and remove (-a, -c, -r, and -u)
flags.
-Q Suppresses errors and warnings concerning products failing to install due to
instrequisites. This flag applies only to AIX 4.2 or later.
-q Specifies quiet mode, which suppresses the prompt for the device, except for media
volume change.
-r Rejects all specified software updates that are currently applied but not committed.
When a software update is rejected any other software product that is dependent on
it (that is, those software products that have the specified software product as a
requisite) must also be rejected. The -g flag can be used to reject automatically
dependent software updates. The keyword all is not valid with the reject flag (-r). For
backwards compatibility, the -R flag is also accepted as a reject flag. The -R cannot
be used to remove base level filesets; use the -u flag.
-s Lists information about all software products and updates that have been applied but
not committed. This list comprises the software that is available to be either
committed or rejected.
-S Suppresses multiple volume processing when the installation device is a CD-ROM.
Installation from a CD_ROM is always treated as a single volume, even if the
CD-ROM contains information for a multiple volume CD set. This same suppression
of multiple volume processing is performed if the INU_SINGLE_CD environment is
set.
-t SaveDirectory Specifies an alternate save directory location for files being replaced by an update.

The -t flag is only valid with an apply or an apply/commit operation for updates. This
flag is not valid with the -N flag.

The -t flag is useful when there is insufficient space in the default file systems (/ and
/usr) or when it is undesirable to permanently expand these file systems. It may be
desirable for the specified directory to be a remote file system. A remote file system
must have ample space, because the installp command cannot expand remote file
systems.
-u Removes the specified software product and any of its installed updates from the
system. The product can be in either the committed or broken state. Any software
products that are dependent on the specified product must also be explicitly included
in the input list unless the -g flag is also specified. Removal of any [Link] fileset is
never permitted.
-v Verifies that all installed files in the fileset have the correct checksum value after the
installation. Installed files are always verified for correct file size after installation. Use
this flag after network or remote device installations. If any errors are reported, it
might be necessary to install the software product again. Post-installation requisite
consistency checks are also started by this flag.

64 Commands Reference, Volume 3

-V Number Specifies the verbose option that provides four levels of detail for preinstallation
output. The valid values for the Number parameter are 2, 3, or 4. The default level of
verbosity, without the use of the -V flag, prints an alphabetically ordered list of
FAILURES, WARNINGS, and SUCCESSES from preinstallation processing. Requisite
failures are reported with emphasis on the real cause of the failure. Extraneous
requisites for failed filesets are not displayed. The preinstallation output is modified by
levels 2 through 4 as described below:
2 Prints alphabetically ordered list of FAILURES and WARNINGS. Requisite
failures are displayed with additional information describing requisite
relationships between selected filesets and the requisites causing them to
fail. Failing requisites suppressed under Level 1are displayed. Preinstallation
SUCCESSES are displayed in the order in which they are processed.
3 Level 3 is the same as Level 2, with the exception that additional requisite
information is displayed for SUCCESSES.
4 Level 4 is the same as Level 3 for SUCCESSES and WARNINGS. Requisite
failures are displayed in a format depicting detailed requisite relationships.

Note: If verbosity level 2 or higher is used, the files that are restored on to the
system is shown in the output. Because this will make installp’s output much more
verbose, make sure that your / (root) filesystem does not become full when the
/[Link] becomes large (if using smit to run installp).
-w Does not wildcard FilesetName. Use this flag from smit so it only installs the fileset
chosen and will not install filesets that match. For example, if you choose [Link],
[Link] is not automatically pulled in, as it would be by default, without the -w
flag. This flag applies only to AIX 4.2 or later.
-X Attempts to expand any file systems where there is insufficient space to do the
installation. This option expands file systems based on current available space and
size estimates that are provided by the software product package. Note that it is
possible to exhaust available disk space during an installation even if the -X flag is
specified, especially if other files are being created or expanded in the same file
systems during an installation. Also note that any remote file systems cannot be
expanded.
-Y Agrees to required software license agreements for software to be installed. This flag
is only valid with the -a flag.
-z BlockSize Indicates in bytes the block size of the installation media. The default value of Size is
512.
FilesetName This is the name of the software product to be installed and can specify either an
entire software product or any separately installable filesets within the software
product. This can be used to specify the name of a fileset or fileset update.
Level This indicates the level of the software product or update that is to be installed and is
of the form [Link]. If a fileset update has an additional fix ID (also know as
ptf id), that ID should also be specified in the Level as in [Link].

Return Values
A zero (0) return value indicates that all attempted installations were successful, or that no processing was
required for the requested action on the requested filesets (for example, if a requested fileset was already
installed).

A nonzero return value indicates that some part of the installation was not successful.

A summary report is given at the end of the installp output that lists the status of each of the software
products that were to be installed. For those software products that could not be installed or whose
installation failed, the user can search for the cause in the more detailed information that is continually
displayed from the installp command during the installation process.

Alphabetical Listing of Commands 65

Security
Privilege Control: Only the root user can run this command.

Auditing Events:

Event Information
INSTALLP_Inst Success or failure of the apply, commit, reject, and cleanup operations.

Examples
1. To list all software products and installable options contained on an installation cartridge tape, type:
installp -L -d /dev/rmt0.1
2. To list all customer-reported problems fixed by all software products on an installation tape, type:
installp -A -d /dev/rmt0.1 all
3. To install (automatically committed) all filesets within the [Link] software package (located in the
/usr/sys/[Link] directory) and expand file systems if necessary, type:
installp -aX -d/usr/sys/[Link] [Link]
4. To reinstall and commit the NFS software product option that is already installed on the system at the
same level (from tape), type:
installp -acF -d/dev/rmt0.1 [Link] [Link]
5. To install (apply only) certain updates that are contained on diskette for the TCP/IP software product,
type:
installp -a [Link] [Link] [Link] [Link]
6. To remove a fileset named [Link], type:
installp -u [Link]
7. To specify an alternate storage directory on a remote file system for a BOSNET TCP/IP update with
-t/temp_space, see the following example: the save directory becomes /temp_space/My_Hostname/
usr/lpp/[Link]/[Link]/[Link].save.
mount Server_Name:/Save_Area /temp_space

installp -a -t /temp_space/My_Hostname \
[Link] [Link]
8. In order to capture a log file of all output from the installp command, the script command can be
used as in the following example. Output is written to the typescript file in the current directory.
script
installp ...
<Ctrl>d

or
installp ... 2>&1 | tee /tmp/[Link]

In the second example, output is written to the screen and a copy is saved.
9. To preview (without performing) the installation of the Application Developer bundle of software using
the installp command, type:
installp -pacgXd /dev/rmt0.1 -f /usr/sys/[Link]/sys_bundles \
/App_Dev.bnd
10. To install TCP/IP and one of its updates that are both contained in the /usr/sys/[Link], type:
A summary report is given at the end of the installp output that lists the status of each of the software
products that were to be installed. An example summary report for the previous installp command
follows:

66 Commands Reference, Volume 3

 Installp Summary
----------------
Name Level Part Event Result
-----------------------------------------------------------------
[Link] [Link] USR APPLY SUCCESS
[Link] [Link] ROOT APPLY SUCCESS
[Link] [Link] USR APPLY SUCCESS

Note: This summary is also saved in /var/adm/sw/[Link] until the next installp
invocation. The header file inuerr.h in the /usr/include directory describes the fields making
up the records in the [Link] file.
11. To list software products (located in the /usr/sys/[Link] directory) that are installable on
POWER-based machines, type:
installp -l -MR -d /usr/sys/[Link]
12. To update all file sets from a CD that are currently installed on the system, type:
lslpp -lc | awk -F ":" ’{print $2}’ | tail -n +2 > /tmp/lslpp
installp -agXd /dev/cd0 -e /tmp/[Link] -f /tmp/lslpp

where the -e logs the output to the /tmp/[Link] file.

Files
/dev/rfd0 Specifies the default restore device.
/dev/rmtn Specifies the raw streaming tape interface.
/usr/sys/[Link] directory Contains files in backup format for use in installing or
updating a complete set or subset of software products.

Related Information
The bffcreate command, inudocm command, inutoc command, lppchk command, lslpp command,
sysck command.

instfix Command

Purpose
Installs filesets associated with keywords or fixes.

Syntax
instfix [ -T [ -M Platform ] ] [ -s String ] [ -S ] [ -k Keyword | -f File ] [ -p ] [ -d Device ] [ -i [ -c ] [ -q ] [ -t
Type ] [ -v ] [ -F ] ] [ -a ]

Description
The instfix command allows you to install a fix or set of fixes without knowing any information other than
the Authorized Program Analysis Report (APAR) number or other unique keywords that identify the fix.

Any fix can have a single fileset or multiple filesets that comprise that fix. Fix information is organized in
the Table of Contents (TOC) on the installation media. After a fix is installed, fix information is kept on the
system in a fix database.

The instfix command can also be used to determine if a fix is installed on your system.

Note: Return codes for the instfix command are documented in the /usr/include/inuerr.h file, which
is shipped with the [Link] fileset. There is also a general failure code of 1 and a single
reference to EACCES (13) from /usr/include/errno.h.

Alphabetical Listing of Commands 67

Flags
-a Displays the symptom text associated with a fix. Can be combined with the -i, -k, or -f flag.
-c Displays colon-separated output for use with -i flag. Output includes keyword name, fileset
name, required level, installed level, status, and abstract. To display filesets that are not
installed, the -v flag must also be used. Status values are:
- Down level
= Correct level
+ Superseded
! Not installed
-d Device Specifies the input device. Not valid with the -i and -a flags.
-F Returns failure unless all filesets associated with the fix are installed.
-f File Specifies the input file containing keywords or fixes. Use - (dash) for standard input. The -T flag
produces a suitable input file format for -f.
-i Displays whether fixes or keywords are installed. Use this flag with the either the -k or the -f
flag. Installation is not attempted when the -i flag is used. If you do not specify the -k or the -f
flag, all known fixes are displayed.
-k Keyword Specifies an APAR number or keyword to be installed. Multiple keywords can be entered. A list
of keywords entered with the -k flag must be contained in quotation marks and separated with
spaces.
-M Platform Specifies that any of the Platform values may be used to list the fixes for that particular
platform.
R Specifies POWER-based platform fixes only.
N Specifies neutral fixes, that is, fixes that are not restricted to the POWER-based
platform.
A Specifies all fixes.
-p Displays filesets associated with keywords. This flag is used with either the -k or the -f flag.
Installation is not attempted when the -p flag is used.
-q Specifies quiet mode. Use this flag with the -i flag. If you use the -c flag, no heading is
displayed, otherwise there is no output.
-s String Searches for and displays fixes on media containing a specified string.
-S Suppresses multiple volume processing when the installation device is a CD-ROM. Installation
from a CD_ROM is always treated as a single volume, even if the CD-ROM contains
information for a multiple volume CD set. This same suppression of multiple volume processing
is performed if the INU_SINGLE_CD environment is set.
-T Displays the entire list of fixes present on the media.
-tType Used with the -i flag to limit searches to a given type. Valid types are:
f fix
p preventive maintenance
-v Used with the -i flag to specify verbose mode. Displays information about each fileset
associated with a fix or keyword. Use this flag with the -i flag to display filesets that are not
installed. An uninstalled fileset is indicated by an ! (exclamation point).

Security
Privilege Control: You must be the root user to install using the instfix command, but any user can run the
instfix command to query the fix database.

Examples
1. To install all filesets associated with fix IX38794 from the tape mounted on /dev/rmt0.1, type:

instfix -k IX38794 -d /dev/rmt0.1

68 Commands Reference, Volume 3

2. To install all fixes on the media in the tape drive, type:

instfix -T -d /dev/rmt0.1 | instfix -d /dev/rmt0.1 -f-

The first part of this command lists the fixes on the media, and the second part of this command uses
the list as input.
3. To list all keyword entries on the tape containing the string SCSI, type:

instfix -s SCSI -d /dev/rmt0.1

4. To inform the user on whether fixes IX38794 and IX48523 are installed, type:

instfix -i -k ″IX38794 IX48523″

5. To create a list of filesets associated with fix IX12345 for bffs in the /bffs directory, type:

instfix -p -k IX12345 -d /bffs | installp -acgX -f- -d /bffs

This sequence passes the list of fixes to the installp command to be applied and committed. The
installp command extends filesystems as needed with the flags shown. This example shows that you
can select other installp flags. The instfix command calls installp if the -p flag is not used.
6. To list all of the fixes that are not restricted to the POWER-based platform, type:

instfix -T -MN -d /dev/cd0

Files
/usr/sbin/instfix Contains the instfix command.
/usr/lib/objrepos/fix Specifies the path to the Object Data Manager database.

Related Information
The installp command.

inucp Command

Purpose
Performs simple copy operations for the installp command. This command is used by the installp
command and the install scripts.

Syntax
inucp -s StartDirectory [ -e FinalDirectory ] ListFile ProductName

Description
The inucp command copies the files in a file tree with its root at StartDirectory to the appropriate place on
the FinalDirectory root.

Before replacing files that may already exist in the FinalDirectory file tree, the inusave command should
be called to save the files until needed by the inurecv command.

The ListFile parameter specifies a list, one per line, of all the files for ProductName. ListFile is the full path
name of the file that contains the relative path names of files that the product needs to have copied.

The ProductName parameter specifies the name of the software product to be copied.

Alphabetical Listing of Commands 69

Flags
-e FinalDirectory Indicates the root of the file tree that the files are to be copied to. The
FinalDirectory should be the base of the file tree. The default directory is the / (root)
directory when this flag is not specified.
-s StartDirectory Indicates the root of the file tree that the files are to be copied from.

Environment Variables
INUEXPAND This flag is set to 1 by the installp command if file systems are to be expanded if necessary to
do the copy (that is, the -X flag was passed). It is set to 0 if file systems are not to be expanded.
If this environment variable is not set, the default is not to expand file systems.
INUTEMPDIR This flag is set by the installp command to the path of the current temporary directory. If this flag
is not set the default is /tmp.

Error Codes
The inucp command returns the following error codes, which are defined in inuerr.h.

INUACCS One or both of StartDirectory and FinalDirectory are not directories.

INUBADAR Could not archive files in [Link] file.
INUBADC1 The copy operation failed.
INUBADMN Unrecognizable flag specified.
INUGOOD No error conditions occurred.
INUNOAP2 Could not access the ListFile.
INUNODIR No write access to FinalDirectory.
INUNOLPP One or both of StartDirectory and FinalDirectory do not have the necessary permissions.
INUNOMK Could not create a needed directory.
INUNOSPC Insufficient space for the copy and INUEXPAND was not set.
INUTOOFW One or more parameters were missing.
INUTOOMN Too many parameters were specified.

Security
Privilege Control: You must be the root user to run this command.

Examples
To copy all the files listed in the /usr/lpp/X11/inst_root/al list from the /usr/lpp/X11/inst_root file tree to
the root directory, enter:

inucp -s /usr/lpp/X11/inst_root /usr/lpp/X11/inst_root/al X11

Related Information
The installp command, inurecv command, inurest command, inusave command.

inudocm Command

Purpose
Displays contents of files containing supplemental information.

Syntax
inudocm [ -d Device ] [ -q ] { ProductName ... | all }

70 Commands Reference, Volume 3

Description
Note: This command is used by the installp command and is not recommended as a way to get
README information.(See installp -i.)

The inudocm command is used to display supplemental information. The files from the media that are
displayed, if they exist, are the [Link] file, the [Link] file, the [Link] file and the README file.

The ProductName parameter specifies the name of the software product being checked. Specify all to
display information about all software products that are known to the system.

Flags
-d Device Specifies where the installation media can be found. The Device parameter can specify a hardware
device, such as a tape or diskette drive, a directory that contains installation images, or an
installation image file. The default device is /dev/rfd0.
-q Specifies quiet mode, which suppresses prompts.

Security
Privilege Control: Only a root user can run this command.

Examples
To display the update instructions for the snaserv software product on /dev/rfd0, enter:
inudocm snaserv

Files
/usr/sbin/inudocm Contains the inudocm command.
/usr/lpp/ProductName/[Link] Specifies the update instructions for the software
product.
/usr/lpp/ProductName/[Link] Specifies special instructions for the software product.
/usr/lpp/ProductName/README Specifies special instructions for the software product.
/usr/lpp/ProductName/[Link] Specifies the updates to the documentation for the
software product.

Related Information
The installp command, restore command.

inulag Command

Purpose
Acts as the front end to the subroutines to manage license agreements.

Syntax
inulag -r [ -n FilesetName | -s FileName | -p Product ] [ -d Description [ -m MessageSpecification ]] -f File

inulag -l | -q [ -c | -v ] [ -n FilesetName | -s FileName | -p Product | -a ]

inulag -u [ -n FilesetName | -s FileName | -p Product ]

inulag -A

Alphabetical Listing of Commands 71

inulag -D

Description
The inulag command manages software license agreements. The basic forms are license agreement
registration, license agreement listing, license agreement deactivation, license agreement validation, and
license agreement revalidation.

The -r flag manages software license agreement registration of a fileset installed with installp or an
independently-installed product installed through another installer. The path to a file that is always installed
with an independently-installed product must be specified with the -s flag when the license agreement is
registered.

The -l flag lists software license agreement registrations. If the -c flag is specified, the path to the software
license agreement file is displayed rather than the contents of the file.

The -q flag queries for existence of software license agreements. A return code of 0 is returned if a license
agreement exists. If the -a flag is also specified, then a return code of 0 is returned if there is a pending
license agreement.

The -u flag removes the listing of software license agreements for a fileset or independently-installed
product.

The -D flag forces revalidation of software license agreements upon the next system reboot.

Flags
-a Used with the -l flag to show products that have a pending license agreement.
-A Registers agreements for all pending license agreements.
-c Used with the -l flag for colon-separated listing. Cannot be used with the -v flag.
-d Description Specifies the default description for the fileset or product to which license applies.
-D Forces the revalidation all license agreements on the next reboot.
-f File Specifies the pathname specification for the license agreement. A ’%L’ in the
specification is a substitution pattern for the current locale. en_US is the default
locale. A ″%l″ in the specification matches the first two characters of the locale unless
the current locale is zh_CN, in which all five characters of the locale designation are
used.
-l Lists software license agreements.
-m MessageSpecification Specifies the message catalog for a translated description of the form ″catalog,set
number,message number″.
-n FilesetName Specifies the name of a fileset registered in the software vital product database
governed by the license agreement.
-p Product Specifies the product id, a nontranslatable alphanumeric string that uniquely identifies
a product.
-q Queries for license agreements. Does not show output. The value of 0 is returned if a
license agreement exists. The -q flag can be used with other flags to query for
particular license agreements or pending license agreements.
-r Registers a software license agreement. Requires the -f flag for the path to the
agreement file and either the -n flag or the -s flag to indicate the fileset name or
signature file containing software subject to the agreement. The -r flag cannot be
used with the -l, -q, or the -u flag. License agreements are registered as pending
(status=’P’) during system installation, and NIM SPOT installation unless the
environment variable ACCEPT_LICENSES is set to yes.

72 Commands Reference, Volume 3

-s FileName Specifies a signature file unique to installed software that identifies software not
registered in the software vital product database that is governed by the license
agreement. This is for use by software products not registering into the software vital
product database. This form exists for the purpose of identifying software installed but
not registered in the software vital product database. The FileName includes the full
path to the file.
-u Removes a license agreement. This does not actually remove the license agreement
file, rather it changes the status of a license agreement associated with a fileset to
inactive. Inactive license agreements do not need to be reagreed to, but they do not
show up when listing installed software licenses.
-v Used with the -l flag for verbose listing. Cannot be used with the -c flag.

Security
The agreement database is writable only by root. As a result, all flags other than the -l flag can only be
used by a user operating with root user authority.

Related Information
The installp command, lslpp command, nim command.

Installing optional software products and service updates in Installation and migration

inurecv Command

Purpose
Recovers files saved by the inusave command.

Syntax
inurecv ProductName [ OptionList ]

Description
The inurecv command recovers files and archive constituent files saved from a previous inusave
command. It uses the [Link] and [Link] files from the directory specified by the INUSAVEDIR
environment variable. The inurecv command recovers files saved by program-provided installation or
update procedures.

The inurecv command is primarily called by the installp -r command and the installp -C command to
recover the files for a rejected program or a program that needs to be cleaned up.

The inurecv command is used to recover all the files for an installable program by separate calls to
inurecv for the root, /usr, and /usr/share file trees. The save directories for the root, /usr, and /usr/share
parts of an installation are:
v /lpp/PackageName/FilesetName/[Link],
v /usr/lpp/PackageName/FilesetName/[Link] , and
v /usr/share/lpp/PackageName/FilesetName/[Link]

respectively, when set up by the installp command. Level refers to the level of the software product and
has the format of [Link], where vv = version, rr = release, mmmm = modification, ffff
= fix, and ppppppppp = fix ID (only for Version 3.2 images).

Alphabetical Listing of Commands 73

Parameters
OptionList Specifies the full path name of a stanza file that contains the names of the separately
installable options, such as [Link], that are to be recovered for the ProductName
software product. The option names in the OptionList file must be specified one per line.
ProductName Specifies the installable software product, such as bosnet, whose files are to be recovered.

Environment Variables
INUEXPAND This flag is set to 1 by the installp command if file systems are to be expanded if necessary to
do the recover (that is, the -X flag was passed to installp). It is set to 0 if file systems are not to
be expanded. If this environment variable is not set, the default is not to expand file systems.
INUSAVE This flag is set to 1 by the installp command if files are to be saved (that is, the -N flag was not
passed), and otherwise set to 0. The inurecv command attempts to recover files if INUSAVE is
set to 1. If INUSAVE is set to 0, inurecv performs no recovery and exits with a return code of
INUGOOD. If this environment variable is not set, the default is to attempt to recover files.
INUSAVEDIR The full path name to the directory where files are saved. If this environment variable is not set,
then the directory used is /usr/lpp/ProductName/inst_updt.save.
ODMDIR The Object Data Manager object repository where the software vital product data is saved. If this
environment variable is not set, the default directory used is /etc/objrepos.

Error Codes
INUBADC1 A copy of a file from one directory to another was unsuccessful.
INUGOOD No error conditions occurred.
INUNORP1 Unsuccessful replacement of a file in an archive file during program recovery.
INUNOSAV The save directory does not exist.
INUNOSVF A file that was saved in the save directory was not found.

Security
Privilege Control: Only the root user can run this command.

Examples
To recover all files previously saved for the snaserv program, enter:
inurecv snaserv

Files
/lpp/PackageName/FilesetName/[Link]
Files saved for the root file tree.
/usr/lpp/PackageName/FilesetName/[Link]
Files saved for the /usr file tree.
/usr/share/lpp/PackageName/FilesetName/[Link]
Files saved for the /usr/share file tree.

Related Information
The installp command, inusave command.

74 Commands Reference, Volume 3

inurest Command

Purpose
Performs simple archive and restore operations for the installp command and shell scripts. This command
is used by the installp command and the install scripts.

Syntax
inurest [ -d Device ] [ -q ] ListFile ProductName

Description
The inurest command restores or archives all files listed in the file specified by the ListFile parameter.

If files are to be archived, there must be an archive control file, /usr/lpp/ProductName/[Link], which
contains entries in the following form:
ComponentFile LibraryFile.a.

If the archive control file exists, the inurest command compares each of the file names in the ListFile file
to the component files listed in /usr/lpp/ProductName/[Link]. Whenever the inurest command finds a
match, the file name is added to a list of files that are archived. This list is then used to archive the
restored files into a copy of the corresponding archive. When the archive is finished, the copy replaces the
original file.

The ListFile parameter specifies the full path name of a file containing the relative path names, one per
line, of files that a product needs to have restored.

The ProductName parameter specifies the software product to be restored.

Flags
-d Device Specifies the input device. The default device is the /dev/rfd0 device.
-q Specifies quiet mode. Suppresses the prompt from restore.

Environment Variables
INUEXPAND This flag is set to 1 by the installp command if file systems are to be expanded if necessary to
do the restore (that is, the -X flag was passed). It is set to 0 if file systems are not to be
expanded. If this environment variable is not set, the default is not to expand file systems.
INULIBDIR This is the directory where files that are specific to software product installation reside. If
INULIBDIR is not set the /usr/lpp/ProductName directory is used.
INUTEMPDIR The directory to use for temporary space that is needed during the execution of this command. If
this environment variable is not set, then the directory used is /tmp.

Error Codes
INUBADRC Restoration of an updated version of files was unsuccessful.
INUBADMN Unusable flag was specified.
INUCHDIR Cannot change directory.
INUGOOD No error conditions occurred.
INUNOAP2 Unable to access the apply list.
INUNORP2 Failed replacing a constituent file in the archive file.
INUTOOFW One or more parameters are missing.
INUTOOMN Too many parameters are specified.

Alphabetical Listing of Commands 75

Security
Privilege Control: Only the root user can run this command.

Examples
To restore all the files listed in the ac file for the snaserv program, enter:
inurest /usr/lpp/snaserv/ac snaserv

Files
$INULIBDIR/[Link] Archive control file.

Related Information
The installp command, inucp command, inurecv command, inusave command.

inurid Command

Purpose
Removes information used for installation of diskless/dataless clients from the inst_root directories of
installed software.

Syntax
inurid [ -q | -r ]

Description
The inurid command is used to remove files stored in the inst_root directories of installed software.

The names of these directories are of the forms: /usr/lpp/PackageName/inst_root for software products
and /usr/lpp/PackageName/OptionName/v.r.m.f/inst_root for AIX Version 4 updates.

When this command is called, the inst_root directories are removed for all products and updates in the
committed state. Also, an indicator is stored in the Software Vital Product Data indicating that the proper
inst_root directory information is to be removed after the completion of each future installation action, for
example, actions performed by the installp command.

Attention: One reason a user may want to remove inst_root directories is to save disk space. The
implication of removing these directories is that the system cannot be used as a Shared Product
Object Tree (SPOT) server of diskless/dataless clients. Also, once inst_root directories are removed
from a system, there is no way to retrieve the directories. Therefore, the system cannot later be
converted to a SPOT server without reinstalling the entire operating system.

Flags
-q Queries whether inst_root directories have been removed from the system. A return value of 0 indicates that
inst_root directories have not been removed and a return value of 1 indicates that the inst_root directories
have been removed.
-r Requests inst_root directories be removed from the system.

76 Commands Reference, Volume 3

Security
Privilege Control: You must be the root user to run this command.

Files
/usr/lib/instl/inurid Contains the inurid command.

Related Information
The installp command.

inusave Command

Purpose
Saves files that are installed or updated during an installation procedure. This command is used by the
installp command and the install scripts.

Syntax
inusave ListFile ProductName

Description
The inusave command saves the files and archived files that are listed in the file specified by the ListFile
parameter for the ProductName software product. The inusave command is designed for use with the
installp command.

The inusave command creates the /usr/lpp/PackageName/FilesetName/[Link] directory if it does

not already exist, where Level has the form [Link] and vv = the version, rr = the release, mmmm
= the modification, and ffff = fix. This is the directory in which the installation procedures store saved files.
The save directory is defined by the INUSAVEDIR environment variable.

The save directories for the / (root), /usr, and /usr/share parts of an installation are:
v /lpp/PackageName/FilesetName/[Link],
v /usr/lpp/PackageName/FilesetName/[Link] , and
v /usr/share/lpp/PackageName/FilesetName/[Link]

respectively, when set up by the installp command. The installp command calls inusave for each of
these three directories. The ListFile parameter is the full path name of the file that lists the files that are to
be saved if a current copy exists.

If a file named in the ListFile file already exists, the inusave command copies that file to the
$INUSAVEDIR/update.n file, where n is an integer assigned by the inusave command. If the file does not
exist, the inusave command assumes that this entry in the ListFile parameter represents either a new file
or a file to be archived or processed by the archive procedure described later in this section.

The inusave command maintains a list of saved files in the $INUSAVEDIR/[Link] file. This file is a
stanza file with an entry for each saved file. Entries in the [Link] file resemble the following:
/usr/bin/chkey:
update.n = update.1
option = [Link]
_id = 209
_reserved = 0
_scratch = 0
lpp_id = 72

Alphabetical Listing of Commands 77

 private = 0
file_type = 0
format = 1
loc0 = /usr/bin/chkey
size = 7800
checksum = 44561

/usr/bin/domainname:
update.n = update.2
option = [Link]
_id = 210
_reserved = 0
_scratch = 0
lpp_id = 72
private = 0
file_type = 0
format = 1
loc0 = /usr/bin/domainname
size = 2526
checksum = 12439

In the previous example /usr/bin/chkey (the name of the stanza) is the name of an original file that was
saved and update.1 is the name of the file in the $INUSAVEDIR directory to which it was copied. The file
/usr/bin/chkey belongs to the [Link] installable option of the software product bosnet. The
stanza name and the first two items in the stanza (update.n and option) exist for each stanza in the
[Link] file. The remaining items in the stanza, which may vary, are information from the Software Vital
Product Data (SWVPD) database.

An archived constituent file is saved if there is a valid archive control file, [Link], in the current directory.
If the [Link] file exists, the inusave command compares each of the file names in ListFile to the
constituent file names in [Link]. When it finds a match, the inusave command uses the ar command to
extract the constituent file from its associated archive file. It then moves the file to the
$INUSAVEDIR/archive.n file, where n is an integer selected by the inusave command.

The inusave command maintains a list of the extracted files that have been saved in the
$INUSAVEDIR/[Link] file. This file is a stanza file with an entry for each saved constituent file.
Entries in the [Link] file resemble the following:
/[Link]:
archive.n = archive.1
arc_name = /usr/lib/productx/libprodx.a
option = [Link]
_id = 833
_reserved = 0
_scratch = 0
lpp_id = 7
private = 0
file_type = 0
format = 1
loc0 = /[Link]
loc1 = "h11,h12"
loc2 =
"/usr/lpp/[Link]/s11,/usr/lpp/[Link]/s12"
size = 1611
checksum = 62793

In the previous example /[Link] (the name of the stanza) is the name of the original constituent file
that was saved and archive.1 is the name of the file in the $INUSAVEDIR directory to which it was
copied. The /usr/lib/productx/libprodx.a is the full path name of the archive file defined in the [Link]
archive control file. The constituent file /[Link] belongs to the [Link] installable option
of the software product productx. The stanza name and the first three items in the stanza (archive.n,
arc_name, and option) will exist for each stanza in the [Link] file. The remaining items in the stanza,
which may vary, are information from the SWVPD database.

78 Commands Reference, Volume 3

Parameters
ListFile Specifies the full path name of the file containing a list of relative path names, one per line, of
files that are to be saved.
ProductName Specifies the installable software product whose files are to be saved.

Environment Variables
INUEXPAND This flag is set to 1 by the installp command if file systems are to be expanded if necessary to
do the save (that is, the -X flag was passed to installp). It is set to 0 if file systems are not to be
expanded. If this environment variable is not set, the default is not to expand file systems.
INUSAVE This flag is set to 1 by the installp command if files are to be saved (that is, the -N flag was not
passed to installp). It is set to 0 if files are not to be saved. If this environment variable is not
set, the default is to save files.
INUSAVEDIR The full path name to the directory where files are to be saved. If this environment variable is not
set, then the directory to be used is /usr/lpp/ProductName/inst_updt.save.
INUTEMPDIR The directory to use for temporary space that is needed during the execution of this command. If
this environment variable is not set, then the directory used is /tmp.

Error Codes
The following error codes are defined in /usr/include/inuerr.h:

INUBADSC A save directory could not be created.

INUBADC2 A file could not be copied from one directory to another.
INUGOOD No error conditions occurred.
INUNOAP1 Could not access ListFile.
INUTOOFW One or more parameters were missing.
INUTOOMN Too many parameters were specified.

Security
Privilege Control: Only the root user can run this command.

Examples
To save all the files listed in the [Link] file of the snaserv program, enter:
inusave /usr/lpp/snaserv/[Link] snaserv

Files
/usr/lpp/PackageName/[Link]
Specifies the archive control file.
/lpp/PackageName/FilesetName/[Link]
Specifies the save directory for the root.
/usr/lpp/PackageName/FilesetName/[Link]
Specifies the save directory for the /usr files.
/usr/share/lpp/PackageName/FilesetName/[Link]
Specifies the save directory for the /usr/share files.

Related Information
The installp command, inurecv command.

Alphabetical Listing of Commands 79

inutoc Command

Purpose
Creates a .toc file for directories that have backup format file install images. This command is used by the
installp command and the install scripts.

Syntax
inutoc [ Directory ]

Description
The inutoc command creates the .toc file in Directory. If a .toc file already exists, it is recreated with new
information. The default installation image Directory is /usr/sys/[Link]. The inutoc command adds
table of contents entries in the .toc file for every installation image in Directory.

The installp command and the bffcreate command call this command automatically upon the creation or
use of an installation image in a directory without a .toc file.

Error Codes
INUBADIR Usage error or Directory did not specify a directory.
INUCHDIR Unable to change directories to Directory.
INUCRTOC Could not create the .toc file.
INUGOOD No errors occurred.
INUSYSFL A system call failed.

Security
Privilege Control: Only the root user can run this command.

Examples
1. To create the .toc file for the /usr/sys/[Link] directory, enter:
inutoc
2. To create a .toc file for the /tmp/images directory, enter:
inutoc /tmp/images

Files
/usr/sys/[Link] The default directory to create a .toc file.
.toc The file created by this command in the specified directory.

Related Information
The bffcreate command, installp command.

inuumsg Command

Purpose
Displays specific error or diagnostic messages provided by a software product’s installation procedures.
This command is used by the installp command and the install scripts.

80 Commands Reference, Volume 3

Syntax
inuumsg Number [ Argument1 ] [ , Argument2 ] [ , Argument3 ] [ , Argument4 ]

Description
The inuumsg command displays error or diagnostic messages for a software product’s installation
procedures. Rather than each procedure having its own text, messages are maintained in a central
message catalog, /usr/lpp/msg/$LANG/[Link]. When you run the inuumsg command and specify
the message Number, the error message is displayed. Up to four string arguments, Argument1 to
Argument4, can be substituted into the message in the appropriate location.

Return Values
0 Indicates the message was found and displayed.
1 Indicates the message was not found and not displayed.

Security
Privilege Control: Only the root user can run this command.

Examples
To see error message number 3, enter:
inuumsg 3

Files
/usr/lpp/msg/$LANG/[Link] The message catalog.

Related Information
The installp command.

invscout Command

Purpose
Surveys the host system for currently installed microcode or Vital Product Data (VPD).

Syntax
invscout [ -v ] [ -c ] [ -r ] [ -m machine_type_and_model ] [ -s serial_number ] [ -catl
microcode_catalog_path ][ -g ] [ -q ] [ -h ]

Description
The invscout command executes one instance of the stand-alone version of the Inventory Scout process.
The invscoutd command starts the server daemon side of a client-server version.

The Inventory Scout process supports two survey types:

v Microcode Survey
v Vital Product Data (VPD) Survey ( -v)

Microcode Survey

Alphabetical Listing of Commands 81

A Microcode Survey gathers data from the host system on currently installed microcode for
invscout-supported systems, devices and adapters. It compares the gathered microcode levels to the
latest levels available, and stores the data in a Microcode Survey Upload File that can be displayed
locally via the webSM GUI, or uploaded to a Web server via the Internet.

A Microcode Survey also produces a Microcode Survey Formatted Text Report File. This file can be
printed or displayed on a monitor and contains a subset of the information recorded in the upload file. This
subset includes information about the invscout execution itself and the levels of currently installed
microcode. The -r flag causes this report also to be sent to the screen from where the command was
invoked.

All of the previous reports can contain information on the following:

v system microcode
v service microcode
v device and adapter microcode

VPD Survey (-v)

A VPD Survey stores the system VPD in a VPD Survey Upload File that can be uploaded to a Web
server via the Internet . Once on a Web server, a CGI forwards the file to a repository and produces a
Web page indicating the status of the operation.

No formatted text report is available for VPD Surveys.

Survey Results Concatenation (-c)

This option concatenates two or more Microcode Survey Upload Files into a single Microcode Survey
Concatenated Upload File or two or more VPD Survey Upload Files into a single VPD Survey
Concatenated Upload File. A Concatenated Upload File can be uploaded to a Web server using the
Internet and processed by the server CGI to give the same results as would have been obtained by
uploading and processing all the component files individually. The input files can be any valid upload files
but, typically, this operation is done to simplify the task of uploading the results from several host systems.
v The version of the command executing the concatenation and the versions of the commands that
produced the files to be concatenated must all be the same.
v Microcode Survey Upload Files cannot be concatenated with VPD Survey Upload Files.
v Versions [Link] and subsequent versions of this command do not require concatenation of Microcode
Survey Upload Files, because the files are processed locally.

To concatenate a set of existing Microcode Survey upload files, do the following:

1. Copy the files into the Microcode Survey Concatenation Input Directory.
2. Execute:
invscout -c
3. Find the output Microcode Survey Concatenated Upload File in the same directory as the upload
file for a Microcode Survey.

To concatenate a set of existing VPD Survey upload files, do the following:

1. Copy the files into the VPD Survey Concatenation Input Directory.
2. Execute:
invscout -v -c
3. Find the output VPD Survey Concatenated Upload File in the same directory as the upload file for a
VPD Survey.

82 Commands Reference, Volume 3

Flags
-v Sets the survey or concatenation type to VPD (the default is Microcode).
-c Concatenates existing survey upload files (the default is to perform a new
survey).
-r For a Microcode Survey, sends a copy of the formatted text report file to the
screen from which the command was invoked. This flag is ignored if either
the -v or the -c flag is used.
-m machine_type_and_model For a VPD survey, allows input of the host platform machine type and model
for hosts that use/require this information.
-s serial_number For a VPD survey, allows input of the host serial number for hosts that
use/require this information.
-catl microcode_catalog_path Overrides the default location of the microcode catalog path.
-g Displays the versions of this command and of the logic database currently in
use.
-q Suppresses most run-time messages.
-h Generates a help (usage) statement. If this flag is used, all other flags are
ignored.

Exit Status
This command returns the following exit values:

0 Indicates successful completion.

Non-zero Indicates an error occurred.

If an error occurs, the command writes an error log.

Security
This command is owned by root, and is installed with the setuid bit ON so that any user can run it.

Examples
1. To run one Microcode Survey and send the results to a formatted text report file and an upload file,
type:
invscout
2. To run one VPD Survey and send the results to an upload file, type:
invscout -v
3. To concatenate previously produced Microcode Survey upload files into a single upload file, type:
invscout -c

Note: Only applicable to Versions of this command prior to [Link].

4. To concatenate previously produced VPD Survey upload files into a single upload file, type:
invscout -v -c

Files
/usr/sbin/invscout Contains the invscout command.
/var/adm/invscout/[Link] Microcode Survey Upload File. The host variable is the host name of
the system represented in the file.
/var/adm/invscout/[Link] Microcode Survey Formatted Text Report File.
/var/adm/invscout/[Link] VPD Survey Upload File. The host variable is the host name of the
system represented in the file.
/var/adm/invscout/[Link] Microcode Survey Concatenation Input Directory.

Alphabetical Listing of Commands 83

/var/adm/invscout/[Link] VPD Survey Concatenation Input Directory
/var/adm/invscout/[Link] Microcode Survey Concatenated Upload File.
/var/adm/invscout/[Link] VPD Survey Concatenated Upload File.
/var/adm/invscout/[Link] Error log written if the command encounters an error.
/var/adm/invscout/microcode Directory for microcode-related actions. Default location for microcode
catalog file.
/var/adm/invscout/microcode/[Link] Default microcode catalog file.
/var/adm/invscout/[Link] Log file.
/var/adm/invscout/tmp Holds invscout temporary files. All files in this directory are deleted
at the start of every execution of this command.

Related Information
The invscoutd command.

invscoutd Command

Purpose
Launches a permanent Inventory Scout server daemon.

Syntax
invscoutd [ -o] [ -p Portno ] [ -b Bufsize ] [ -t Timeout ] [ -v Verblev ]

Description
The invscoutd command implements a permanent Inventory Scout server daemon on one machine in a
user’s local network. The usual client is a Java™ applet running in the user’s Web browser, which was
downloaded from a central Inventory Scout CGI application.

Daemon initialization involves reading command line options and several local Inventory Scout companion
files. When in operation, each client-server transaction involves reading from a well-known socket for a
text string and returning a text report over the same socket.

The daemon maintains a record of its actions in a log file. Depending on the specified verbosity level, the
log lines may contain startup and shutdown banners, traces of each call, detailed internal program traces,
and error statements. Depending on the specified verbosity level, startup banners may also be written to
stderr.

Protocols
Client connections to the daemon’s socket use the Internet TCP/IP protocol. In a transaction, the invoking
client applet sends an action request, as a URL-encoded text string, to the server daemon. The request is
by any ASCII control character (x00 to x1F), which triggers the processing of the request.

Some requests require the client to pass additional data. In these cases, the additional data immediately
follow the termination byte for a length specified in the action request.

With one exception (ACTION=PING), the server daemon always returns a pseudo MIME format text report
written back over the same socket connection. The pseudo MIME format is used even for error results.
The daemon terminates the returned text and the transaction itself by closing the socket, resulting in an
end-of-file (EOF) indication to the invoking client. The client should close the socket at its end of the
connection as soon as the EOF is received.

84 Commands Reference, Volume 3

URL-encoded message
The action request string is a standard URL-encoded string. For example:
"ACTION=actionword&NAME1=value1&NAME2&NAME3=word%xx+word+word\0"

Supported Field Names and Values

Name Meaning/Use Supported Values
ACTION See the action request table that follows. The left-hand column of the action request table
constitutes a list of supported Values.
MRDM Allows the client to provide a (cleartext) Any ASCII string (case sensitive).
password for any ACTION that
uses/requires this information. The value is
case sensitive.
DATALEN This name must be present if additional Any integer up to the value implied by the
binary data immediately follow an ACTION presence or absence of the -d command line
string termination byte, and must be option
absent if no additional data follow the
termination byte. The integer value
provided specifies the number of additional
data bytes. If the client attempts to write
more data than this, if the action does not
accept the DATALEN parameter and
discards any additional data, or if the
action processor detects an early error, the
daemon may prematurely close the
client-to-server socket pipe. A transaction
with n greater than a specific maximum
value will immediately return an error code
(see the -d command line option).
CLIENT Allows the client to identify itself for any The HSC value instructs Inventory Scout to allow
ACTION that uses/requires this certain actions that are only allowed when under
information. the control of an HMC Inventory Scout master.
MODEL Allows the client to inform the server of the Any ASCII string of up to 25 characters
server’s model number for VPD surveys (restrictions apply with some machines)
that use/require this information.
SERIAL Allows the client to inform the server of the Any ASCII string of up to 25 characters
server’s serial number for VPD surveys (restrictions apply with some machines)
that use/require this information.

Notes:
1. Field names and their values are separated by equal signs (=).
2. Name=Value pairs are separated by an & character.
3. The Name field is always case insensitive.
4. The Value field is case insensitive, unless documented otherwise.
5. The ACTION=keyword pair must always be present.
6. A string between ampersands without an equal sign is parsed as a Name with an Empty value.
7. Spaces can be represented by + (plus signs).
8. Binary characters may be coded as the escape sequence of a percent sign followed by exactly two
hexadecimal chars (%xx). This escape sequence must also be used to code URL metacharacters like
the &, = (equal sign), and + (plus sign) within a Value.
9. The control character termination byte must always be sent by the client.

Alphabetical Listing of Commands 85

Action Requests
Action MRDM Description
PING not required The daemon immediately closes the socket, causing an immediate EOF in the
client. This is the only action that does not return a result code or text of any
kind. Example:
"action=ping\0"

<EOF>
ECHO not required The daemon returns a text report consisting of the original unparsed request
string followed by a linefeed. A password (MRDM) is not required but will be
echoed if provided, along with everything else. Additional data (DATALEN) are
not required but will be echoed if present, as is, after the request string. For
the ECHO request, DATALEN will be silently truncated to a maximum of 2000.
Example:
"action=ECHO&MRDM=xyz&datalen=5\0abcde"

"RESULT=0\n"
"\n"
"action=ECHO&MRDM=xyz&datalen=5\n"
"abcde"<EOF>
URLDECODE not required The daemon returns a text report of the request string after parsing, and an
exact copy of any subsequent data. A password (MRDM) is not required but
will be parsed and returned if provided. Additional data (DATALEN) are not
required but will be parsed and returned if provided; however, any actual
additional data beyond the request string will be discarded. Each numbered
line of the report exhibits one parsed Name=Value pair from the original
string. Example:
"action=UrlDecode&subaction=xyz\0"

"RESULT=0\n"
"\n"
" 0: ACTION UrlDecode\n"
" 1: SUBACTION xyz\n"
<EOF>
TESTPWD required The daemon returns RESULT=0 if the MRDM password is valid. Otherwise it
returns RESULT=2. Additional data (DATALEN) are not accepted and will be
discarded if present. Example:
"ACTION=TESTPWD&MRDM=thepassword\0"

"RESULT=0\n"
"\n"
<EOF>
VERSIONS not required The daemon reports the current version numbers of the Inventory Scout itself.
Additional data (DATALEN) are not accepted and will be discarded if present.
Example:
"ACTION=VERSIONS\0"

"RESULT=0\n"
"\n"
"[Link]\n"
"[Link]\n"
<EOF>

86 Commands Reference, Volume 3

Action Requests
Action MRDM Description
CATALOG required The daemon updates the scout’s microcode catalog file with the file data
passed. Both a password and the data length parameter must be included in
the request string. The daemon does not necessarily have to execute as root
for this action but it must have file write permissions to /var/adm/invscout/
microcode/[Link]. Example:
"ACTION=CATALOG&MRDM=xyz&DATALEN=17042\0"
"...17042 bytes of ascii data..."

"RESULT=0\n"
"\n"
<EOF>
MCODES required The daemon executes the Microcode Survey Option. Additional data
(DATALEN) are not accepted and will be discarded if present. Example:
"ACTION=MCODES&MRDM=xyz\0"

"RESULT=0\n"
"\n"
"Report Line 1\n"
"Report Line 2\n"
:
:
"Report Line N\n"
<EOF>
VPDS required The daemon executes the VPD Survey Option. Additional data (DATALEN)
are not accepted and will be discarded if present. Example:
"ACTION=VPDS&MRDM=xyz\0"

"RESULT=0\n"
"\n"
"Report Line 1\n"
"Report Line 2\n"
:
:
"Report Line N\n"
<EOF>

Results
The daemon returns a text result in a pseudo MIME format. It returns a header consisting of one or more
Name=Value pairs, each on a line by itself. The first Name=Value pair always is the result code in the
form RESULT=number. The result code always is returned for every action, except the PING action.

Internal scout result codes applicable only to the Java applet client are not documented in the following
information.

An optional free-form text report may follow the header lines depending on the result code. If there is a
free-form text report, the header is first terminated by an empty line, such as two adjacent linefeeds.

In any event, the result report is terminated by an EOF indicator after reading the last of the report text
from the socket. The EOF also signifies the end of the transaction itself.
Result Codes
Result= Description
0 Complete success.
1 Daemon aborted due to memory allocation error. This can happen in either the parent server
daemon or one of the service children.

Alphabetical Listing of Commands 87

Result Codes
Result= Description
2 Service child daemon aborted because the required password (MRDM=password) was missing or
not valid.
3 Service child daemon aborted because the action name-value pair (ACTION=keyword) was missing
or not valid.
4 Service child daemon aborted because it was unable to reset its user ID to invscout.
21 Service child daemon aborted due to overflow of socket input buffer. The text report part of the
result is a native language error message. Client must reduce the length of the request string, or kill
and restart the daemon with an increased buffer size.
22 Service child daemon aborted due to socket read error. The text report part of the result is a native
language error message including the system’s I/O errno string. A logfile entry will also contain the
system’s errno string.
23 Service child daemon aborted due to socket read timeout. The text report part of the result is a
native language error message. Client must send a control character termination byte after the end
of the request string, and must always send as many data bytes as specified in the DATALEN
parameter. The timeout period may be changed with the -t command line argument.
24 Service child daemon aborted due to premature EOF while reading request string. The text report
part of the result is a native language error message. Client must send a termination byte after the
end of the request string before closing the socket connection.
25 Service child daemon aborted due to missing or invalid DATALEN parameter for an action that
requires it. The text report pair of the result is a native language error message. Client must send
the length of the data for all actions which pass additional binary data beyond the URL-encoded
request string. Most such actions also require that the DATALEN value be limited to a specific
maximum size.
26 Service child daemon aborted due to regular file I/O error, such as a permissions error, out of disk
space, and so on. The text report part of the result is a native language error message. Usually, the
I/O problem must be corrected on the server machine before the client can attempt the action
again.
27 Service child daemon aborted because it was unable to retrieve the version number for an activity
that required it.

Flags
Specify any arguments, beginning with a hyphen (-). Space is not allowed between a flag and its value.

-o Overwrites an existing logfile. If the -o flag is not specified, new logfile lines are
appended to any existing logfile.
-p Portno Changes this server’s port number from the default 808 to Port.
-b Bufsize Inventory Scout commands are specified as URL-encoded strings read from a
TCP/IP socket into a 1024 byte fixed length buffer. The -b flag can change the
buffer size to Bufsize bytes if future protocol changes require a larger read buffer.
-t Timeout The client applet writes a control character termination byte at the end of the
URL-encoded request string to indicate the end of the request. If the invscoutd
daemon does not receive the termination byte within a timeout period, it aborts
the transaction and closes the socket. Similarly the client must send all bytes of
the additional data specified in the DATALEN parameter with sufficient speed to
prevent timeout between read blocks. The -t option changes the default timeout
period from 30 seconds to Timeout seconds.

88 Commands Reference, Volume 3

-v Verblev The amount of detail written to the logfile and stderr depends on the verbosity
level of the daemon. Each level incorporates the messages in the lower levels;
increasing the verbosity level increases the number and types of messages that
are written. The verbosity level is an integer ranging from 0 to 25. The -v flag
changes the verbosity level from the default 18 to Verblev.

Verbosity Levels
Level Description
0 All error and status messages disabled.
5 Only fatal error messages are written. Fatal errors result in the death of the server. Usually, similar
messages are written to both the Logfile and stderr.
10 All error messages are written. These include nonfatal errors such as protocol errors, as well as fatal
errors. Nonfatal error messages are usually written only to the Logfile.
15 This level includes startup and shutdown banner messages. Simple banner messages are usually
written to both the Logfile and stderr.
18 This level includes call trace status messages. Every client call results in a single trace message.
This is the default level for the invscoutd daemon. Trace messages are written only to the Logfile.
20 This level includes program trace messages. Program traces are fairly detailed program execution
status messages typically used for debugging purposes. This level is not suitable for usual
production execution because over time, it floods the Logfile with large amounts of text. Trace
messages are written only to the Logfile.
25 This is the maximum level and includes extensive program debug messages. This level is not
suitable for usual production execution. Trace messages are written only to the Logfile.

Exit Status
This command returns the following exit values:

0 Indicates successful initialization

Non-zero Indicates unsuccessful initialization

Security
The daemon must execute as effective user ID 0 (root). It is owned by root, and is installed with the
″setuid″ bit ON so that any user can launch it. At certain execution points, however, service children of the
daemon reset their user ID to the authentication user ID invscout. The daemon will not execute unless the
user invscout has been created on the host system.

By default, an accompanying cleartext password is required from the client for most operations. If the
client’s password does not match the system password for the authentication user ID invscout, the action
exits with a return code. The authentication user ID cannot be changed.

Files
/usr/sbin/invscoutd Contains the invscoutd command
/etc/security/password Host system password file
/var/adm/invscout/microcode Directory for microcode-related actions. Default location for
microcode catalog file.
/var/adm/invscout/microcode/[Link] Default microcode catalog file.
/var/adm/invscout/[Link] Log file

Alphabetical Listing of Commands 89

Related Information
The invscout command.

ioo Command

Purpose
Manages Input/Output tunable parameters.

Syntax
ioo [ -p | -r ] { -o Tunable [ =NewValue ] }

ioo [ -p | -r ] {-d Tunable}

ioo [ -p | -r ] -D

ioo [ -p | -r ] -a

ioo -h [ Tunable ]

ioo -L [ Tunable ]

ioo -x [ Tunable ]

Note: Multiple -o, -d, -x and -L flags are allowed.

Description
Note: The ioo command can only be executed by root.

The ioo command configures Input/Output tuning parameters. This command sets or displays current or
next boot values for all Input/Output tuning parameters. This command can also make permanent changes
or defer changes until the next reboot. Whether the command sets or displays a parameter is determined
by the accompanying flag. The -o flag performs both actions. It can either display the value of a parameter
or set a new value for a parameter.

If a process appears to be reading sequentially from a file, the values specified by the minpgahead
parameter determine the number of pages to be read ahead when the condition is first detected. The
value specified by the maxpgahead parameter sets the maximum number of pages that are read ahead,
regardless of the number of preceding sequential reads.

The operating system allows tuning of the number of file system bufstructs (numfsbuf) and the amount
of data processed by the write-behind algorithm (numclust).

Understanding the Effect of Changing Tunable Parameters

Misuse of the ioo command can cause performance degradation or operating-system failure. Before
experimenting with ioo, you should be thoroughly familiar with Performance overview of the Virtual
Memory Manager.

Before modifying any tunable parameter, you should first carefully read about all its characteristics in the
Tunable Parameters section below, and follow any Refer To pointer, in order to fully understand its
purpose.

90 Commands Reference, Volume 3

You must then make sure that the Diagnosis and Tuning sections for this parameter truly apply to your
situation and that changing the value of this parameter could help improve the performance of your
system.

If the Diagnosis and Tuning sections both contain only ″N/A″, you should probably never change this
parameter unless specifically directed by AIX development.

Flags
-h [Tunable] Displays help about the Tunable parameter if one is specified. Otherwise, displays the ioo
command usage statement.
-a Displays current, reboot (when used in conjunction with -r) or permanent (when used in conjunction
with -p) value for all tunable parameters, one per line in pairs tunable = value. For the permanent
option, a value is only displayed for a parameter if its reboot and current values are equal.
Otherwise NONE displays as the value.
-d Tunable Resets Tunable to its default value. If a Tunable needs to be changed (that is it is currently not set
to its default value) and is of type Bosboot or Reboot, or if it is of type Incremental and has been
changed from its default value, and -r is not used in combination, it is not changed but a warning
displays.
-D Resets all tunables to their default value. If tunables needing to be changed are of type Bosboot or
Reboot, or are of type Incremental and have been changed from their default value, and -r is not
used in combination, they are not changed but a warning displays.
-o Tunable Displays the value or sets Tunable to NewValue. If a Tunable needs to be changed (the specified
[=NewValue ] value is different than current value), and is of type Bosboot or Reboot, or if it is of type
Incremental and its current value is bigger than the specified value, and -r is not used in
combination, it is not changed but a warning displays.

When -r is used in combination without a NewValue, the nextboot value for tunable displays. When
-p is used in combination without a NewValue, a value displays only if the current and next boot
values for he Tunableare the same. Otherwise NONE displays as the value.
-p Specifies that the changes apply to both the current and reboot values when used in combination
with the -o, -d or -D flags. Turns on the updating of the /etc/tunables/nextboot file in addition to
the updating of the current value. These combinations cannot be used on Reboot and Bosboot
type parameters, their current value cannot be changed.

When used with -a or -o without specifying a new value, the values display only if the current and
next boot values for a parameter are the same. Otherwise NONE displays as the value.
-r Makes changes apply to reboot values when used in combination with the -o, -d or -D flags. That
is, turns on the updating of the /etc/tunables/nextboot file. If any parameter of type Bosboot is
changed, the user is prompted to run bosboot.

When used with -a or -o without specifying a new value, next boot values for tunables display
instead of current values.

Alphabetical Listing of Commands 91

-L [Tunable] Lists the characteristics of one or all tunables, one per line, using the following format:
NAME CUR DEF BOOT MIN MAX UNIT TYPE
DEPENDENCIES
--------------------------------------------------------------------------------
minpgahead 2 2 2 0 4K 4KB pages D
maxpgahead
--------------------------------------------------------------------------------
maxpgahead 8 8 8 0 4K 4KB pages D
minpgahead
--------------------------------------------------------------------------------
pd_npages 64K 64K 64K 1 512K 4KB pages D
--------------------------------------------------------------------------------
maxrandwrt 0 0 0 0 512K 4KB pages D
--------------------------------------------------------------------------------
numclust 1 1 1 0 16KB/cluster D
--------------------------------------------------------------------------------
numfsbufs 196 196 196 M
--------------------------------------------------------------------------------
...
where:
CUR = current value
DEF = default value
BOOT = reboot value
MIN = minimal value
MAX = maximum value
UNIT = tunable unit of measure
TYPE = parameter type: D (for Dynamic), S (for Static), R (for Reboot),
B (for Bosboot), M (for Mount), I (for Incremental), C (for Connect), and d (for Deprecated)
DEPENDENCIES = list of dependent tunable parameters, one per line

-x [Tunable] Lists characteristics of one or all tunables, one per line, using the following (spreadsheet) format:
tunable,current,default,reboot,min,max,unit,type,{dtunable }

where:
current = current value
default = default value
reboot = reboot value
min = minimal value
max = maximum value
unit = tunable unit of measure
type = parameter type: D (for Dynamic), S (for Static), R (for Reboot),
B (for Bosboot), M (for Mount), I (for Incremental),
C (for Connect), and d (for Deprecated)
dtunable = space separated list of dependent tunable parameters

Any change (with -o, -d or -D) to a parameter of type Mount will result in a message being displayed to
warn the user that the change is only effective for future mountings.

Any change (with -o, -d or -D flags) to a parameter of type Connect will result in inetd being restarted,
and a message being displayed to warn the user that the change is only effective for future socket
connections.

Any attempt to change (with -o, -d or -D) a parameter of type Bosboot or Reboot without -r, will result in
an error message.

Any attempt to change (with -o, -d or -D but without -r) the current value of a parameter of type
Incremental with a new value smaller than the current value, will result in an error message.

Tunable Parameters Type

All the tunable parameters manipulated by the tuning commands (no, nfso, vmo, ioo, raso, and schedo)
have been classified into these categories:

Dynamic If the parameter can be changed at any time

Static If the parameter can never be changed

92 Commands Reference, Volume 3

Reboot If the parameter can only be changed during reboot
Bosboot If the parameter can only be changed by running bosboot and rebooting the machine
Mount If changes to the parameter are only effective for future file systems or directory mounts
Incremental If the parameter can only be incremented, except at boot time
Connect If changes to the parameter are only effective for future socket connections
Deprecated If changing this parameter is no longer supported by the current release of AIX.

For parameters of type Bosboot, whenever a change is performed, the tuning commands automatically
prompt the user to ask if they want to execute the bosboot command. For parameters of type Connect,
the tuning commands automatically restart the inetd daemon.

Note that the current set of parameters managed by the ioo command only includes Static, Dynamic,
Mount and Incremental types.

Compatibility Mode
When running in pre 5.2 compatibility mode (controlled by the pre520tune attribute of sys0, see
Performance tuning enhancements for AIX 5.2 in the Performance management), reboot values for
parameters, except those of type Bosboot, are not really meaningful because in this mode they are not
applied at boot time.

In pre 5.2 compatibility mode, setting reboot values to tuning parameters continues to be achieved by
imbedding calls to tuning commands in scripts called during the boot sequence. Parameters of type
Reboot can therefore be set without the -r flag, so that existing scripts continue to work.

This mode is automatically turned ON when a machine is MIGRATED to AIX 5L™ Version 5.2. For
complete installations, it is turned OFF and the reboot values for parameters are set by applying the
content of the /etc/tunables/nextboot file during the reboot sequence. Only in that mode are the -r and -p
flags fully functional. See Kernel Tuning in AIX 5L Version 5.3 Performance Tools Guide and Reference
for more information.

Tunable Parameters
j2_dynamicBufferPreallocation
Purpose:
Specifies the number of 16k slabs to preallocate when the
filesystem is running low of bufstructs.
Values:
Default: 16 (256k worth)
Range: 0 to 256
Type: Dynamic
Diagnosis:
N/A
Tuning:
The value is in 16k slabs, per filesystem. The filesystem does
not need remounting. The bufstructs for Enhanced JFS are now
dynamic; the number of buffers that start on the paging device
is controlled by j2_nBufferPerPagerDevice, but buffers are
allocated and destroyed dynamically past this initial value. If the
value of external pager filesystem I/Os blocked with no
fsbuf (from vmstat -v) increases, the
j2_dynamicBufferPreallocation should be increased for that
filesystem, as the I/O load on the filesystem could be exceeding
the speed of preallocation. A value of 0 (zero) disables dynamic
buffer allocation completely.

Alphabetical Listing of Commands 93

j2_inodeCacheSize
Purpose:
Controls the amount of memory Enhanced JFS will use for the
inode cache.
Values:
Default: 400
Range: 1 to 1000
Type: Dynamic
Diagnosis:
Tuning this value is useful when accessing large numbers of
files causes excessive I/O as inodes are recycled.
Tuning:
This tunable does not explicitly indicate the amount that will be
used, but is instead a scaling factor. It is used in combination
with the size of the main memory to determine the maximum
memory usage for the inode cache. The valid values for this
tunable are between 1 and 1000, inclusive. This value
represents a maximum size. The system may not reach the
maximum size. If the tunable is lowered, a best effort will be
made to lower the size. It may not be possible to lower the size
immediately, so shortly after tuning the size of the cache may
be higher than the maximum. It is not recommended to set the
values above 400, but the interface is provided in case it helps
certain workloads. Values above 400 may exhaust the kernel
heap. Similarly, low values (values below 100) may be too few
depending on the workload and demands on the system. This
may result in errors such as ″File table full″ being returned to
the application. Also, on the 32-bit kernel, the ideal maximum
may never be reached due to a restricted kernel heap. If this
value is changed, the value for metadata_cache_size may
need to be reconsidered if tuning for a specific workload. The
inode cache controls the inode data stored in memory, so if the
workload uses a large number of files, increasing the maximum
size of the inode cache may help. If the workload uses few files,
but the files are large, increasing the maximum size of the
metadata cache may help; use the metadata_cache_size
tunable for that. Because the inode cache is pinned memory,
the cache size can be decreased if the workload uses few files.
This frees the memory for use elsewhere.

94 Commands Reference, Volume 3

j2_maxPageReadAhead
Purpose:
Specifies the maximum number of pages to be read ahead
when processing a sequentially accessed file on Enhanced
JFS.
Values:
Default: 128
Range: 0 to 65536 (64 K)
Type: Dynamic
Diagnosis:
N/A
Tuning:
The difference between minfree and maxfree should always be
equal to or greater than j2_maxPageReadAhead. If run time
decreases with higher a j2_maxPageReadAhead value, observe
other applications to ensure that their performance has not
deteriorated.
Refer To:
Sequential read performance tuning
j2_maxRandomWrite
Purpose:
Specifies a threshold for random writes to accumulate in RAM
before subsequent pages are flushed to disk by the Enhanced
JFS’s write-behind algorithm. The random write-behind
threshold is on a per-file basis.
Values:
Default: 0
Range: 0 to 65536 (64 K)
Type: Dynamic
Diagnosis:
N/A
Tuning:
Useful if too many pages are flushed out by syncd.

Alphabetical Listing of Commands 95

j2_maxUsableMaxTransfer
Purpose:
Specifies the maximum LTG (Logical Track Group) size, in
pages, that Enhanced JFS will gather into a single bufstruct.
Defaults to 512, or a 2 megabyte LTG in a single bufstruct.
Values:
Default: 512
Range: 1 to 4096
Type: Mount
Diagnosis:
N/A
Tuning:
The value is in pages. It is a mount tunable. The range is 1 to
4096. The filesystem must be remounted. This tunable is not
applicable on the 32-bit kernel due to heap constraints. On the
64-bit kernel, this value is the maximum size of the gather list of
pages that can be collected into a single buf struct. The actual
size of the gather list depends on the LTG size of the
filesystem, this tunable only specifies a maximum size that
Enhanced JFS will use to construct the bufstructs. Kernel heap
exhaustion may occur due to the size of Enhanced JFS
bufstructs. It is best to increment this value slowly, observing
overall system performance after each change, to avoid kernel
heap exhaustion.

96 Commands Reference, Volume 3

j2_metadataCacheSize
Purpose:
Controls the amount of memory Enhanced JFS will use for the
metadata cache.
Values:
Default: 400
Range: 1 to 1000
Type: Dynamic
Diagnosis:
Tuning this value is useful when accessing large amounts of file
metadata causes excessive I/O.
Tuning:
This tunable does not explicitly indicate the amount that will be
used, but is instead a scaling factor; it is used in combination
with the size of the main memory to determine the maximum
memory usage for the inode cache. The valid values for this
tunable are between 1 and 1000, inclusive. This value
represents a maximum size. The system may not reach the
maximum size. If the tunable is lowered, a best effort will be
made to lower the size. It may not be possible to lower the size
immediately, so shortly after tuning the size of the cache may
be higher than the maximum. It is not recommended to set the
values above 400, but the interface is provided in case it helps
certain workloads. Values above 400 may exhaust the kernel
heap. Similarly, low values (values below 100) may be too few
depending on the workload and demands on the system. This
may result in extremely slow access times. Also, on the 32-bit
kernel, the ideal maximum may never be reached due to a
restricted kernel heap. If this value is changed, the value for
inode_cache_size may need to be reconsidered if tuning for a
specific workload. The inode cache controls the inode data
stored in memory, so if the workload uses a large number of
files, increasing the maximum size of the inode cache may help;
use the inode_cache_size tunable for that. If the workload
uses few files, but the files are large, increasing the maximum
size of the metadata cache may help. Because the metadata
cache is pinned memory, the cache size can be decreased if
the workload uses small files. This frees the memory for use
elsewhere.

Alphabetical Listing of Commands 97

j2_minPageReadAhead
Purpose:
Specifies the minimum number of pages to be read ahead
when processing a sequentially accessed file on Enhanced
JFS.
Values:
Default: 2
Range: 0 to 65536 (64 K)
Type: Dynamic
Diagnosis:
N/A
Tuning:
Useful to increase if there are lots of large sequential accesses.
Observe other applications to ensure that their performance has
not deteriorated. Value of 0 may be useful if I/O pattern is
purely random.
Refer To:
Sequential read performance tuning
j2_nBufferPerPagerDevice
Purpose:
Specifies the minimum number of file system bufstructs for
Enhanced JFS.
Values:
Default: 512
Range: 512 to 262144 (256 K)
Type: Mount
Diagnosis:
Using vmstat -v, look for the ″external pager filesystem I/Os
blocked with no fsbuf″. If the kernel must wait for a free
bufstruct, it puts the process on a wait list before the start I/O is
issued and will wake it up once a bufstruct has become
available.
Tuning:
This tunable specifies the number of bufstructs that start on the
paging device. Enhanced JFS will allocate more dynamically.
Ideally, this value should not be tuned, and instead
j2_dynamicBufferPreallocation should be tuned. However, it
may be appropriate to change this value if, when using vmstat
-v, the value of ″external pager filesystem I/Os blocked with no
fsbuf″ increases rapidly and j2_dynamicBufferPreallocation
tuning has already been attempted. It may be appropriate to
increase if striped logical volumes or disk arrays are being
used.

98 Commands Reference, Volume 3

j2_nonFatalCrashesSystem
Purpose:
Turns on the j2_nonFatalCrashesSystem flag to crash the
system when Enhanced JFS corruption occurs.
Values:
Default: 0
Range: 0 or 1
Type: Mount
Diagnosis:
N/A
Tuning:
N/A
j2_nPagesPerWriteBehindCluster
Purpose:
Specifies the number of pages per cluster processed by
Enhanced JFS’s write behind algorithm.
Values:
Default: 32
Range: 0 to 65536 (64 K)
Type: Dynamic
Diagnosis:
N/A
Tuning:
Useful to increase if there is a need to keep more pages in
RAM before scheduling them for I/O when the I/O pattern is
sequential. May be appropriate to increase if striped logical
volumes or disk arrays are being used.
j2_nRandomCluster
Purpose:
Specifies the distance apart (in clusters) that writes have to
exceed in order for them to be considered as random by the
Enhanced JFS’s random write behind algorithm.
Values:
Default: 0
Range: 0 to 65536 (64 K)
Type: Dynamic
Diagnosis:
N/A
Tuning:
Useful to increase if there is a need to keep more pages in
RAM before scheduling them for I/O when the I/O pattern is
random and random write behind is enabled
(j2_maxRandomWrite).

Alphabetical Listing of Commands 99

j2_syncModifiedMapped
Purpose:
Syncs files that are modified through a mapping of shmat or
mmap by using either the sync command or sync daemon. If
set to 0, these files are skipped by the sync command and the
sync daemon and must be synced using fsync.
Values:
Default: 1
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning:
N/A
jfs_clread_enabled
Purpose:
This tunable controls whether JFS uses clustered reads on all
files.
Values:
Default: 0
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning:
In general, this option is not needed, but it may benefit certain
workloads that have relatively random read access patterns.
jfs_use_read_lock
Purpose:
Controls whether JFS uses a shared lock when reading from a
file. If this option is turned off, two processes cannot disrupt
each other’s read.
Values:
Default: 0
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning:
Certain workloads may benefit from this.

100 Commands Reference, Volume 3

lvm_bufcnt
Purpose:
Specifies the number of LVM buffers for raw physical I/Os.
Values:
Default: 9
Range: 1 to 64
Type: Dynamic
Diagnosis:
Applications performing large writes to striped raw logical
volumes are not obtaining the desired throughput rate.
Tuning:
LVM splits large raw I/Os into multiple buffers of 128 K a piece.
Default value of 9 means that about 1 MB I/Os can be
processed without waiting for more buffers. If a system is
configured to have striped raw logical volumes and is doing
writes greater than 1.125 MB, increasing this value may help
the throughput of the application. If performing larger than 1 MB
raw I/Os, it might be useful to increase this value.
Refer To:
File system buffer tuning
maxpgahead
Purpose:
Specifies the maximum number of pages to be read ahead
when processing a sequentially accessed file.
Values:
Default: 8 (the default should be a power of two and should
be greater than or equal to minpgahead)
Range: 0 to 4096
Type: Dynamic
Diagnosis:
Observe the elapsed execution time of critical
sequential-I/O-dependent applications with the time command.
Tuning:
Because of limitations in the kernel, do not exceed 512 as the
maximum value used. The difference between minfree and
maxfree should always be equal to or greater than
maxpgahead. If execution time decreases with higher
maxpgahead, observe other applications to ensure that their
performance has not deteriorated.
Refer To:
Sequential page read ahead

Alphabetical Listing of Commands 101

maxrandwrt
Purpose:
Specifies a threshold (in 4 KB pages) for random writes to
accumulate in RAM before subsequent pages are flushed to
disk by the write-behind algorithm. The random write-behind
threshold is on a per-file basis.
Values:
Default: 0
Range: 0 to largest_file_size_in_pages
Type: Dynamic
Diagnosis:
vmstat shows page out and I/O wait peaks on regular intervals
(usually when the sync daemon is writing pages to disk).
Tuning:
Useful to set this value to 1 or higher if too much I/O occurs
when syncd runs. Default is to have random writes stay in
RAM until a sync operation. Setting maxrandwrt ensures these
writes get flushed to disk before the sync operation has to
occur. However, this could degrade performance because the
file is then being flushed each time. Tune this option to favor
interactive response time over throughput. After the threshold is
reached, all subsequent pages are then immediately flushed to
disk. The pages up to the threshold value stay in RAM until a
sync operation. A value of 0 disables random write-behind.
Refer To:
Sequential and random write behind
minpgahead
Purpose:
Specifies the number of pages with which sequential
read-ahead starts.
Values:
Default: 2
Range: 0 to 4096 (should be a power of two)
Type: Dynamic
Diagnosis:
Observe the elapsed execution time of critical
sequential-I/O-dependent applications with time command.
Tuning:
Useful to increase if there are lots of large sequential accesses.
Observe other applications to ensure that their performance has
not deteriorated. Value of 0 may be useful if I/O pattern is
purely random.
Refer To:
Sequential page read ahead

102 Commands Reference, Volume 3

numclust
Purpose:
Specifies the number of 16 k clusters processed by the
sequential write-behind algorithm of the VMM.
Values:
Default: 1
Range: 0 to any positive integer
Type: Dynamic
Diagnosis:
N/A
Tuning:
Useful to increase if there is a need to keep more pages in
RAM before scheduling them for I/O when the I/O pattern is
sequential. May be appropriate to increase if striped logical
volumes or disk arrays are being used.
Refer To:
Sequential and random write behind
numfsbufs
Purpose:
Specifies the number of file system bufstructs.
Values:
Default: 196 (value is dependent on the size of the bufstruct)
Type: Mount
Diagnosis:
A default numfsbufs is calculated based on the running kernel
and the memory configuration of the machine. This value can
be increased from the default value to a max of 2G-1. However,
increasing the numfsbufs to a value close to 2G may cause
kernel heap exhaustion. It is best to tune the numfsbufs
incrementally, observing overall system performance as each
change is made.
Tuning:
If the VMM must wait for a free bufstruct, it puts the process on
the VMM wait list before the start I/O is issued and will wake it
up once a bufstruct has become available. May be appropriate
to increase if striped logical volumes or disk arrays are being
used.
Refer To:
File system buffer tuning

Alphabetical Listing of Commands 103

pd_npages
Purpose:
Specifies the number of pages that should be deleted in one
chunk from RAM when a file is deleted.
Values:
Default: 65536
Range: 1 to largest filesize_in_pages
Type: Dynamic
Diagnosis:
Real-time applications that experience sluggish response time
while files are being deleted.
Tuning:
Tuning this option is only useful for real-time applications. If
real-time response is critical, adjusting this option may improve
response time by spreading the removal of file pages from RAM
more evenly over a workload.
Refer To:
File system buffer tuning
pgahd_scale_thresh
Purpose:
When a system is low on free frames, aggressive pagehead
can unnecessarily exhaust the free list and start page
replacement. This tunable specifies a number of pages on the
free list below which pagehead should be scaled back.
Values:
Default: 0 (Do not scale back pagehead)
Range: 0 to 4/5 of memory
Type: Dynamic
Diagnosis:
The system is paging but the expected memory usage should fit
within main store, and the workload makes significant use of
sequential access to files.
Tuning:
When the number of free pages in a mempool drops below this
threshold, pageahead will be linearly scaled back, avoiding
prepaging memory that would then need to be forced back out
when the LRU daemon runs. Useful to increase if the system is
unable to meet the memory demands under heavy read
workload.

104 Commands Reference, Volume 3

pv_min_pbuf
Purpose:
Specifies the minimum number of pbufs per PV that the LVM
uses. This is a global value that applies to all VGs on the
system.
Values:
Default: 256 on 32-bit kernel; 512 on 64-bit kernel.
Range: 512 to 2G-1
Type: Dynamic
Diagnosis:
Increase when the value of ″pending disk I/Os blocked with no
pbuf″ (as displayed by vmstat -v) is increasing rapidly. This
indicates that the LVM had to block I/O requests waiting for
pbufs to become available.
Tuning:
Useful to increase if there is a substantial number of
simultaneous I/Os and the value of ″pending disk I/Os blocked
with no pbuf″ (as displayed by vmstat -v), increases over time.
The lvmo command can also be used to set a different value
for a particular VG. In this case, the larger of the two values is
used for this particular VG. Using a value close to 2G will pin a
great deal of memory and might result in overall poor system
performance. This value should be increased incrementally, and
overall system performance should be monitored at each
increase.
Refer To:
LVM performance tuning with the lvmo command
sync_release_ilock
Purpose:
If set, will cause a sync() to flush all I/O to a file without holding
the i-node lock, and then use the i-node lock to do the commit.
Values:
Default: 0 (off)
Range 0 or 1
Type: Dynamic
Diagnosis:
I/O to a file is blocked when the syncd daemon is running.
Tuning:
Default value of 0 means that the i-node lock is held while all
dirty pages of a file are flushed.
Refer To:
File synchronization performance tuning

Examples
1. To list the current and reboot value, range, unit, type and dependencies of all tunables parameters
managed by the ioo command, type:
ioo -L
2. To turn sync_release_ilock on, type:
ioo -o sync_release_ilock=1
3. To display help on j2_nPagesPerWriteBehindCluster, type:
ioo -h j2_nPagesPerWriteBehindCluster
4. To set maxrandwrt to 4 after the next reboot, type:

Alphabetical Listing of Commands 105

 ioo -r -o maxrandwrt=4
5. To permanently reset all ioo tunable parameters to default, type:
ioo -p -D
6. To list the reboot value of all ioo parameters, type:
ioo -r -a
7. To list (spreadsheet format) the current and reboot value, range, unit, type and dependencies of all
tunables parameters managed by the ioo command, type:
ioo -x

Related Information
The nfso command, no command, raso command, schedo command, tuncheck command, tunchange
command, tundefault command, tunrestore command, tunsave command, and vmo command.

Kernel Tuning in AIX 5L Version 5.3 Performance Tools Guide and Reference.

Performance tuning enhancements for AIX 5.2 in Performance management.

iostat Command

Purpose
Reports Central Processing Unit (CPU) statistics, asynchronous input/output (AIO) and input/output
statistics for the entire system, adapters, tty devices, disks and CD-ROMs.

Syntax
iostat [ -a ] [ -l ] [ -s ] [-t ] [ -T ] [ -z ] [ { -A [ -P ] [ -q | -Q ] } | { -d |-D [-R ] }[ -m ] [ Drives ... ] [ Interval] [
Count ]

Description
The iostat command is used for monitoring system input/output device loading by observing the time the
physical disks are active in relation to their average transfer rates. The iostat command generates reports
that can be used to change system configuration to better balance the input/output load between physical
disks and adapters.

All statistics are reported each time the iostat command is run. The report consists of a tty and CPU
header row followed by a row of tty or asynchronous I/O and CPU statistics. On multiprocessor systems,
CPU statistics are calculated system-wide as averages among all processors.

A header row with Number of CPUs and the Number of disks that are currently active in the system are
printed at the beginning of the output. If the -s flag is specified, a system header row is displayed followed
by a line of statistics for the entire system. The hostname of the system is printed in the system header
row.

If the -a flag is specified, an adapter-header row is displayed followed by a line of statistics for the adapter.
This will be followed by a disk-header row and the statistics of all the disks/CD-ROMs connected to the
adapter. Such reports are generated for all the disk adapters connected to the system.

A disks header row is displayed followed by a line of statistics for each disk that is configured. If the
PhysicalVolume parameter is specified, only those names specified are displayed.

If the PhysicalVolume parameter is specified, one or more alphabetic or alphanumeric physical volumes
can be specified. If the PhysicalVolume parameter is specified, the tty and CPU reports are displayed and
the disk report contains statistics for the specified drives. If a specified logical drive name is not found, the

106 Commands Reference, Volume 3

report lists the specified name and displays the message Drive Not Found. If no Logical Drive Names are
specified, the report contains statistics for all configured disks and CD-ROMs. If no drives are configured
on the system, no disk report is generated. The first character in the PhysicalVolume parameter cannot be
numeric.

The Interval parameter specifies the amount of time in seconds between each report. If the Interval
parameter is not specified, the iostat command generates a single report containing statistics for the time
since system startup (boot). The Count parameter can be specified in conjunction with the Interval
parameter. If the Count parameter is specified, the value of count determines the number of reports
generated at Interval seconds apart. If the Interval parameter is specified without the Count parameter, the
iostat command generates reports continuously.

The iostat command is useful in determining whether a physical volume is becoming a performance
bottleneck and if there is potential to improve the situation. The % utilization field for the physical volumes
indicates how evenly the file activity is spread across the drives. A high % utilization on a physical volume
is a good indication that there may be contention for this resource. Since the CPU utilization statistics are
also available with the iostat report, the percentage of time the CPU is in I/O wait can be determined at
the same time. Consider distributing data across drives if the I/O wait time is significant and the disk
utilization is not evenly distributed across volumes.

Beginning with AIX 5.3, the iostat command reports number of physical processors consumed (physc) and
the percentage of entitlement consumed (% entc) in Micro-Partitioning environments. These metrics will
only be displayed on Micro-Partitioning environments.

Note: Some system resource is consumed in maintaining disk I/O history for the iostat command. Use
the sysconfig subroutine, or the System Management Interface Tool (SMIT) to stop history
accounting. While the iostat command is running for Count of iterations and if there is a change in
system configuration that affects the output of iostat command, it prints a warning message about
the configuration change. It then continues the output after printing the updated system
configuration information and the header.

Reports
The iostat command generates four types of reports, the tty and CPU Utilization report, the Disk Utilization
report, the System throughput report and the Adapter throughput report.

tty and CPU Utilization Report: The first report generated by the iostat command is the tty and CPU
Utilization Report. For multiprocessor systems, the CPU values are global averages among all processors.
Also, the I/O wait state is defined system-wide and not per processor. The report has the following format:

Column Description
tin Shows the total number of characters read by the system for all ttys.
tout Shows the total number of characters written by the system to all ttys.
% user Shows the percentage of CPU utilization that occurred while executing at the user level (application).
% sys Shows the percentage of CPU utilization that occurred while executing at the system level (kernel).
% idle Shows the percentage of time that the CPU or CPUs were idle and the system did not have an
outstanding disk I/O request.
% iowait Shows the percentage of time that the CPU or CPUs were idle during which the system had an
outstanding disk I/O request.
physc Number of physical processors consumed, displayed only if the partition is running with shared
processor.
% entc The percentage of entitled capacity consumed, displayed only if the partition is running with shared
processor. Because the time base over which this data is computed can vary, the entitled capacity
percentage can sometimes exceed 100%. This excess is noticeable only with small sampling
intervals.

Alphabetical Listing of Commands 107

This information is updated at regular intervals by the kernel (typically sixty times per second). The tty
report provides a collective account of characters per second received from all terminals on the system as
well as the collective count of characters output per second to all terminals on the system.

Methods Used to Compute CPU Disk I/O Wait Time: Operating system version 4.3.3 and later contain
enhancements to the method used to compute the percentage of CPU time spent waiting on disk I/O (wio
time). The method used in AIX 4.3.2 and earlier versions of the operating system can, under certain
circumstances, give an inflated view of wio time on SMPs. The wio time is reported by the commands sar
(%wio), vmstat (wa) and iostat (% iowait).

The method used in AIX 4.3.2 and earlier versions is as follows: At each clock interrupt on each processor
(100 times a second per processor), a determination is made as to which of the four categories
(usr/sys/wio/idle) to place the last 10 ms of time. If the CPU was busy in usr mode at the time of the clock
interrupt, then usr gets the clock tick added into its category. If the CPU was busy in kernel mode at the
time of the clock interrupt, then the sys category gets the tick. If the CPU was not busy, a check is made
to see if any I/O to disk is in progress. If any disk I/O is in progress, the wio category is incremented. If no
disk I/O is in progress and the CPU is not busy, the idle category gets the tick. The inflated view of wio
time results from all idle CPUs being categorized as wio regardless of the number of threads waiting on
I/O. For example, systems with just one thread doing I/O could report over 90 percent wio time regardless
of the number of CPUs it has.

The method used in AIX 4.3.3 and later is as follows: The change in operating system version 4.3.3 is to
only mark an idle CPU as wio if an outstanding I/O was started on that CPU. This method can report
much lower wio times when just a few threads are doing I/O and the system is otherwise idle. For
example, a system with four CPUs and one thread doing I/O will report a maximum of 25 percent wio time.
A system with 12 CPUs and one thread doing I/O will report a maximum of 8 percent wio time. NFS client
reads/writes go through the VMM, and the time that biods spend in the VMM waiting for an I/O to
complete is now reported as I/O wait time.

Disk Utilization Report: The second report generated by the iostat command is the Disk Utilization
Report. The disk report provides statistics on a per physical disk basis. The default report has a format
similar to the following:

% tm_act Indicates the percentage of time the physical disk was active (bandwidth utilization for the drive).
Kbps Indicates the amount of data transferred (read or written) to the drive in KB per second.
tps Indicates the number of transfers per second that were issued to the physical disk. A transfer is an
I/O request to the physical disk. Multiple logical requests can be combined into a single I/O request
to the disk. A transfer is of indeterminate size.
Kb_read The total number of KB read.
Kb_wrtn The total number of KB written.

If the -D flag is specified, the report has the following metrics:

Metrics related to disk transfers

(xfer):
% tm_act Indicates the percentage of time the physical disk was active (bandwidth
utilization for the drive).
bps Indicates the amount of data transferred (read or written) per second to the
drive. Different suffixes are used to represent the unit of transfer. Default is in
bytes per second.
tps Indicates the number of transfers per second that were issued to the physical
disk. A transfer is an I/O request to the physical disk. Multiple logical requests
can be combined into a single I/O request to the disk. A transfer is of
indeterminate size.
bread Indicates the amount of data read per second, from the drive. Different suffixes
are used to represent the unit of transfer. Default is in bytes per second.

108 Commands Reference, Volume 3

Metrics related to disk transfers
(xfer):
bwrtn Indicates the amount of data written per second, to the drive. Different suffixes
are used to represent the unit of transfer. Default is in bytes per second.

Disk Read Service Metrics (read):

rps Indicates the number of read transfers per second.
avgserv Indicates the average service time per read transfer. Different suffixes are used
to represent the unit of time. Default is in milliseconds.
minserv Indicates the minimum read service time. Different suffixes are used to represent
the unit of time. Default is in milliseconds.
maxserv Indicates the maximum read service time. Different suffixes are used to
represent the unit of time. Default is in milliseconds.
timeouts Indicates the number of read timeouts per second.
fails Indicates the number of failed read requests per second.

Disk Write Service Metrics

(write):
wps Indicates the number of write transfers per second.
avgserv Indicates the average service time per write transfer. Different suffixes are used
to represent the unit of time. Default is in milliseconds.
minserv Indicates the minimum write service time. Different suffixes are used to represent
the unit of time. Default is in milliseconds.
maxserv Indicates the maximum write service time. Different suffixes are used to
represent the unit of time. Default is in milliseconds.
timeouts Indicates the number of write timeouts per second.
fails Indicates the number of failed write requests per second.

Disk Wait Queue Service Metrics

(queue):
avgtime Indicates the average time spent by a transfer request in the wait queue.
Different suffixes are used to represent the unit of time. Default is in
milliseconds.
mintime Indicates the minimum time spent by a transfer request in the wait queue.
Different suffixes are used to represent the unit of time. Default is in
milliseconds.
maxtime Indicates the maximum time spent by a transfer request in the wait queue.
Different suffixes are used to represent the unit of time. Default is in
milliseconds.
avgwqsz Indicates the average wait queue size.
avgsqsz Indicates the average service queue size.
sqfull Indicates the number of times the service queue becomes full (that is, the disk is
not accepting any more service requests) per second.

Legend of suffixes representing different units of representation

Suffix Description
K 1000 bytes
M 1 000 000 bytes if displayed in xfer metrics. Minutes, if displayed in read/write/wait service metrics.
G 1 000 000 000 bytes.
T 1 000 000 000 000 bytes.
S Seconds.
H Hour.

Alphabetical Listing of Commands 109

Note: For drives that do not support service time metrics, read, write and wait queue service metrics will
not be displayed.

Statistics for CD-ROM devices are also reported.

System Throughput Report: This report is generated if the -s flag is specified. This report provides
statistics for the entire system. This report has the following format:

Kbps Indicates the amount of data transferred (read or written) in the entire system in KB per second.
tps Indicates the number of transfers per second issued to the entire system.
Kb_read The total number of KB read from the entire system.
Kb_wrtn The total number of KB written to the entire system.

Adapter Throughput Report: This report is generated if the -a flag is specified. This report provides
statistics on an adapter-by-adapter basis (for both physical and virtual adapters). This report has the
following format for a physical adapter report:

Kbps Indicates the amount of data transferred (read or written) in the adapter in KB per second.
tps Indicates the number of transfers per second issued to the adapter.
Kb_read The total number of KB read from the adapter.
Kb_wrtn The total number of KB written to the adapter.

The virtual adapter’s default throughput report has the following format:

Kbps Indicates the amount of data transferred (read or written) in the adapter in KB per second.
tps Indicates the number of transfers per second issued to the adapter.
bkread Number of blocks received per second from the hosting server to this adapter.
bkwrtn Number of blocks per second sent from this adapter to the hosting server.
partition-id The partition ID of the hosting server, which serves the requests sent by this adapter.

The virtual adapter’s extended throughput report (-D option) has the following format:

Metrics related to
transfers (xfer:)
Kbps Indicates the amount of data transferred (read or written) in the adapter in KB per
second.
tps Indicates the number of transfers per second issued to the adapter.
bkread Number of blocks received per second from the hosting server to this adapter.
bkwrtn Number of blocks per second sent from this adapter to the hosting server.
partition-id The partition ID of the hosting server, which serves the requests sent by this adapter.

Adapter Read Service

Metrics (read:)
rps Indicates the number of read requests per second.
avgserv Indicates the average time to receive a response from the hosting server for the read
request sent. Different suffixes are used to represent the unit of time. Default is in
milliseconds.
minserv Indicates the minimum time to receive a response from the hosting server for the read
request sent. Different suffixes are used to represent the unit of time. Default is in
milliseconds.
maxserv Indicates the maximum time to receive a response from the hosting server for the read
request sent. Different suffixes are used to represent the unit of time. Default is in
milliseconds.

110 Commands Reference, Volume 3

Adapter Write Service
Metrics (write:)
wps Indicates the number of write requests per second.
avgserv Indicates the average time to receive a response from the hosting server for the write
request sent. Different suffixes are used to represent the unit of time. Default is in
milliseconds.
minserv Indicates the minimum time to receive a response from the hosting server for the write
request sent. Different suffixes are used to represent the unit of time. Default is in
milliseconds.
maxserv Indicates the maximum time to receive a response from the hosting server for the write
request sent. Different suffixes are used to represent the unit of time. Default is in
milliseconds.

Adapter Wait Queue

Metrics (queue:)
avgtime Indicates the average time spent by a transfer request in the wait queue. Different
suffixes are used to represent the unit of time. Default is in milliseconds.
mintime Indicates the minimum time spent by a transfer request in the wait queue. Different
suffixes are used to represent the unit of time. Default is in milliseconds.
maxtime Indicates the maximum time spent by a transfer request in the wait queue. Different
suffixes are used to represent the unit of time. Default is in milliseconds.
avgwqsz Indicates the average wait queue size.
avgsqsz Indicates the average service queue size.
sqfull Indicates the number of times the service queue becomes full (that is, the hosting server
is not accepting any more service requests) per second.

Legend of suffixes representing different units of representation

Suffix Description
K 1000 bytes.
M 1 000 000 bytes if displayed in xfer metrics. Minutes, if displayed in read/write/wait service metrics.
G 1 000 000 000 bytes.
T 1 000 000 000 000 bytes.
S Seconds.
H Hours.

Asynchronous I/O report: The asynchronous I/O report has the following column headers :

avgc Average global AIO request count per second for the specified interval.
avfc Average fastpath request count per second for the specified interval.
maxgc Maximum global AIO request count since the last time this value was fetched.
maxfc Maximum fastpath request count since the last time this value was fetched.
maxreqs Maximum AIO requests allowed.

Disk Input/Output History: To improve performance, the collection of disk input/output statistics has
been disabled. To enable the collection of this data, type:
chdev -l sys0 -a iostat=true

To display the current settings, type:

lsattr -E -l sys0 -a iostat

Alphabetical Listing of Commands 111

If the collection of disk input/output history is disabled and iostat is called without an interval, the iostat
output displays the message Disk History Since Boot Not Available instead of disk statistics.

Flags
-a Specifies adapter throughput report.
-A Displays AIO statistics for the specified interval and count.
-d Specifies drive report only.
-D Specifies extended drive report only.
-l Displays the output in long listing mode. The default column width is 80.
-m Specifies statistics for paths.
-P Same as -A option, except data is obtained using the POSIX AIO calls.
-q Specifies AIO queues and their request counts.
-Q Displays a list of all the mounted filesystems and the associated queue numbers with their request
counts.
-R Specifies that the reset of min* and max* values should happen at each interval. The default is to do
the reset only once when iostat is started.
-s Specifies system throughput report.
-t Specifies tty/cpu report only.
-T Specifies time stamp.
-z Resets the disk input/output statistics. Only root users can use this option.

Notes:
1. -q or -Q can be specified only with -A.
2. -a and -s can also be specified with -A, but not when -q or -Q are specified.
3. -t and -d cannot be specified together.
4. -t and -D cannot be specified together.
5. -d and -D cannot be specified together.
6. -R can be specified only with -D.

Examples
1. To display a single history since boot report for all tty, CPU, and Disks, type:
iostat
2. To display a continuous disk report at two second intervals for the disk with the logical name disk1,
type:
iostat -d disk1 2
3. To display six reports at two second intervals for the disk with the logical name disk1, type:
iostat disk1 2 6
4. To display six reports at two second intervals for all disks, type:
iostat -d 2 6
5. To display six reports at two second intervals for three disks named disk1, disk2, disk3, type:
iostat disk1 disk2 disk3 2 6
6. To print the System throughput report since boot, type:

iostat -s
7. To print the Adapter throughput reports at 5-second intervals, type:
iostat -a 5
8. To print 10 System and Adapter throughput reports at 20-second intervals, with only the tty and CPU
report (no disk reports), type:

iostat -sat 20 10

112 Commands Reference, Volume 3

 9. To print the System and Adapter throughput reports with the Disk Utilization reports of hdisk0 and
hdisk7 every 30 seconds, type:
iostat -sad hdisk0 hdisk7 30
10. To display time stamp next to each line of output of iostat, type:
iostat -T 60
11. To display 6 reports at 2-second intervals on AIO, type:
iostat -A 2 6
12. To display AIO statistics since boot for queues associated with all mounted filesystems, type:
iostat -A -Q
13. To display extended drive report for all disks, type:
iostat -D
14. To display extended drive report for a specific disk, type:
iostat –D hdisk0
15. To reset the disk input/output statistics, type:
iostat –z

File
/usr/bin/iostat Contains the iostat command.

Related Information
The vmstat command.

Monitoring disk I/O in Performance management

The Input and Output Handling Programmer’s Overview in AIX 5L Version 5.3 General Programming
Concepts: Writing and Debugging Programs describes the files, commands, and subroutines used for
low-level, stream, terminal, and asynchronous I/O interfaces.

ipcrm Command

Purpose
Removes message queue, semaphore set, or shared memory identifiers.

Syntax
ipcrm [ -m SharedMemoryID ] [ -M SharedMemoryKey ] [ -q MessageID ] [ -Q MessageKey ] [ -s
SemaphoreID ] [ -S SemaphoreKey ]

ipcrm -r {-q|-m|-s} Name

ipcrm -r -u [-o Owner] [-g Group]

Description
The ipcrm command removes one or more message queues, semaphore sets, or shared memory
identifiers.

Flags
-g Group Restricts the removal to unnamed semaphores matching the group specified.

Alphabetical Listing of Commands 113

-m SharedMemory ID Removes the shared memory identifier SharedMemoryID. The shared memory
segment and data structure associated with SharedMemoryID are also removed
after the last detach operation.
-M SharedMemoryKey Removes the shared memory identifier, created with the key SharedMemoryKey.
The shared memory segment and data structure associated with it are also
removed after the last detach operation.
-o Owner Restricts the removal to unnamed semaphores matching the owner specified.
-q MessageID Removes the message queue identifier MessageID and the message queue and
data structure associated with it.
-Q MessageKey Removes the message queue identifier, created with the key MessageKey, and
the message queue and data structure associated with it.
-r Removes named or unnamed real-time interprocess communication objects. The
named real-time object is either a real-time message queue (-q), a real-time
shared memory (-m), or a real-time semaphore (-s) and is identified by its Name.
-s SemaphoreID Removes the semaphore identifier SemaphoreID and the set of semaphores and
data structure associated with it.
-S SemaphoreKey Removes the semaphore identifier, created with the key SemaphoreKey, and the
set of semaphores and data structure associated with it.
-u Removes all real-time unnamed semaphores. Using a descriptor on a destroyed
unnamed semaphore can result in unspecified behavior.

The msgctl, shmctl, and semctl subroutines provide details of the remove operations. The identifiers and
keys can be found by using the ipcs command.

Examples
To remove the shared memory segment associated with SharedMemoryID 18602, enter:
ipcrm -m 18602

Related Information
The ipcs command.

The msgget subroutine, semctl subroutine, semget subroutine, shmctl subroutine, shmget subroutine.

The Commands in Operating system and device management.

ipcs Command

Purpose
Reports interprocess communication facility status.

Syntax
ipcs [ -m] [ -q] [ -s] [ -S] [ -P] [ -l] [ -a | -b -c -o -p -r -t] [ -T] [ -C CoreFile] [ -N Kernel ] [ -X ]

Description
The ipcs command writes to the standard output information about active interprocess communication
facilities. If you do not specify any flags, the ipcs command writes information in a short form about
currently active message queues, shared memory segments, semaphores, remote queues, and local
queue headers.

The column headings and the meaning of the columns in an ipcs command listing follow. The letters in
parentheses indicate the flags that cause the corresponding heading to appear. The designator all means
the heading is always displayed. These flags only determine what information is provided for each facility.

114 Commands Reference, Volume 3

They do not determine which facilities are listed.

T (all) the type of facility. There are three facility types:

q message queue
m shared memory segment
s semaphore
ID (all) the identifier for the facility entry.
KEY (all) the key used as a parameter to the msgget subroutine, the semget subroutine, or the
shmget subroutine to make the facility entry.

Note: The key of a shared memory segment is changed to IPC_PRIVATE when the
segment is removed until all processes attached to the segment detach from it.
MODE (all) the facility access modes and flags. The mode consists of 11 characters that are
interpreted as follows:

The first two characters can be the following:

R If a process is waiting on a msgrcv system call.
S If a process is waiting on a msgsnd system call.
D If the associated shared memory segment has been removed. It disappears when
the last process attached to the segment detaches it.
C If the associated shared memory segment is to be cleared when the first attach is
run.
- If the corresponding special flag is not set.

The next nine characters are interpreted as three sets of 3 bits each. The first set refers to
the owner’s permissions; the next to permissions of others in the user group of the facility
entry; and the last to all others. Within each set, the first character indicates permission to
read, the second character indicates permission to write or alter the facility entry, and the last
character is currently unused.

The permissions are indicated as follows:

r If read permission is granted.
w If write permission is granted.
a If alter permission is granted.
- If the indicated permission is not granted.
OWNER (all) The login name of the owner of the facility entry.
GROUP (all) The name of the group that owns the facility entry.
CREATOR (a,c) The login name of the creator of the facility entry.
CGROUP (a,c) The group name of the creator of the facility entry.

Note: For the OWNER, GROUP, CREATOR, and CGROUP, the user and group IDs
display instead of the login names.
CBYTES (a,o) The number of bytes in messages currently outstanding on the associated message
queue.
QNUM (a,o) The number of messages currently outstanding on the associated message queue.
QBYTES (a,b) The maximum number of bytes allowed in messages outstanding on the associated
message queue.
LSPID (a,p) The ID of the last process that sent a message to the associated queue. If the last
message sent was from a process in a node other than the node that holds the queue,
LSPID is the PID of the kernel process that actually placed the message on the queue, not
the PID of the sending process.

Alphabetical Listing of Commands 115

LRPID (a,p) The ID of the last process that received a message from the associated queue. If the
last message received was from a process in a node other than the node that holds the
queue, LRPID is the PID of the kernel process that actually received the message on the
queue, not the PID of the receiving process.
STIME (a,t) The time when the last message was sent to the associated queue. For remote queues,
this is the server time. No attempt is made to compensate for time-zone differences between
the local clock and the server clock.
RTIME (a,t) The time when the last message was received from the associated queue. For remote
queues, this is the server time. No attempt is made to compensate for any time-zone
differences between the local clock and the server clock.
CTIME (a,t) The time when the associated entry was created or changed. For remote queues, this is
the server time. No attempt is made to compensate for any time-zone differences between
the local clock and the server clock.
NATTCH (a,o) The number of processes attached to the associated shared memory segment.
SEGSZ (a,b) The size of the associated shared memory segment.
CPID (a,p) The process ID of the creator of the shared memory entry.
LPID (a,p) The process ID of the last process to attach or detach the shared memory segment.
ATIME (a,t) The time when the last attach was completed to the associated shared memory
segment.
DTIME (a,t) The time the last detach was completed on the associated shared memory segment.
NSEMS (a,b) The number of semaphores in the set associated with the semaphore entry.
OTIME (a,t) The time the last semaphore operation was completed on the set associated with the
semaphore entry.
SID (S) The shared memory segment id. SIDs can be used as input to the svmon -S command.
RTFLAGS (r) Filled with UNLINK when the real-time interprocess communication object has been
unlinked. Otherwise, a hyphen (-) is displayed.
NAME (r) The name of the real-time interprocess communication object. A hyphen (-) is displayed
for the unnamed semaphores.

This command supports multibyte character sets.

Flags
-a Uses the -b, -c, -o, -p and -t flags.
-b Writes the maximum number of bytes in messages on queue for message queues, the size of
segments for shared memory, and the number of semaphores in each semaphores set.
-c Writes the login name and group name of the user that made the facility.
-CCoreFile Uses the file specified by the CoreFile parameter in place of the /dev/mem file. The CoreFile
parameter is a memory image file produced by the Ctrl-(left)Alt-Pad1 key sequence.
-l When used with the -S flag, this flag writes the list of SIDs unwrapped.
-m Writes information about active shared memory segments.
-NKernel Uses the specified Kernel (the /usr/lib/boot/unix file is the default).
-o Writes the following usage information:
v Number of messages on queue
v Total number of bytes in messages in queue for message queues
v Number of processes attached to shared memory segments
-p Writes process number information:
v Process number of the last process to receive a message on message queues
v Process number of last process to send a message on message queues
v Process number of the creating process
v Process number of last process to attach or detach on shared memory segments
-P Writes the list of SIDs (segment IDs) associated with the shared memory ID, along with the
number of bytes pinned to that segment and an indication of whether the segment is large-page
enabled or not. If the segment is large-page enabled, a ’Y’ is displayed, otherwise a ’-’ is
displayed.

116 Commands Reference, Volume 3

-q Writes information about active message queues.
-r Writes information about real-time interprocess communication objects.
-s Writes information about active semaphore set.
-S Writes the list of SID attached to shared memory id.
-t Writes time information:
v Time of the last control operation that changed the access permissions for all facilities
v Time of the last msgsnd and msgrcv on message queues
v Time of the last shmat and shmdt on shared memory
v Time of the last semop on semaphore sets
-T Writes the output of the -t flag with the date.
-X Prints all available characters of each user name, group name of owner, creator, owner group,
creator group instead of truncating to the first 8 characters.

Notes:
1. If the user specifies either the -C or -N flag, the real and effective UID/GID is set to the real UID/GID of
the user invoking ipcs.
2. Values can change while ipcs is running; the information it gives is guaranteed to be accurate only
when it was retrieved.

Example
Example output from entering ipcs without flags:
IPC status from /dev/mem as of Mon Aug 14 [Link] 1989
T ID KEY MODE OWNER GROUP
Message Queues:
q 0 0x00010381 -Rrw-rw-rw- root system
q 65537 0x00010307 -Rrw-rw-rw- root system
q 65538 0x00010311 -Rrw-rw-rw- root system
q 65539 0x0001032f -Rrw-rw-rw- root system
q 65540 0x0001031b -Rrw-rw-rw- root system
q 65541 0x00010339--rw-rw-rw- root system
q 6 0x0002fe03 -Rrw-rw-rw- root system
Shared Memory:
m 65537 0x00000000 DCrw------- root system
m 720898 0x00010300 -Crw-rw-rw- root system
m 65539 0x00000000 DCrw------- root system
Semaphores:
s 131072 0x4d02086a --ra-ra---- root system
s 65537 0x00000000 --ra------- root system
s 1310722 0x000133d0 --ra------- 7003 30720

Files
/usr/lib/boot/unix Specifies the system kernel image.
/dev/mem Specifies memory.
/etc/passwd Specifies user names.
/etc/group Specifies group names.
/usr/include/sys/ipc.h Contains the header file.

Related Information
The ipcrm command.

The svmon command.

The msgrcv subroutine, msgsnd subroutine, semop subroutine, shmat subroutine, shmdt subroutine.

Alphabetical Listing of Commands 117

Commands in Operating system and device management.

ipfilter Command

Purpose
Extracts different operation headers from an ipreport output file and displays them in a table. Some
customized nfs information regarding requests and replies is also provided.

Syntax
ipfilter [ -f [ u n t x c a ] ] [ -s [ u n t x c a ] ] [ -n [ -d milliseconds ] ] ipreport_output_file

Description
The ipfilter command extracts specific information from an ipreport output file and displays it to a table.
The operation headers currently recognized are: udp, nfs, tcp, ipx, icmp, atm. The ipfilter command has
three different types of reports:
v A single file ([Link]) that displays a list of all the selected operations. The table displays packet
number, Time, Source and Destination, Length, Sequence #, Ack #, Source Port, Destination Port,
Network Interface, and Operation Type.
v Individual files for each selected header ([Link], [Link], [Link], [Link], [Link],
[Link]). The information is the same as [Link].
v A file [Link] that reports on nfs requests and replies. The table contains: Transaction ID #, Type of
Request, Status of Request, Call Packet Number, Time of Call, Size of Call, Reply Packet Number,
Time of Reply, Size of Reply, and Elapsed millisecond between call and reply.

Flags
untxca Specifies operation headers (udp, nfs, tcp, ipx, and icmp and atm respectively).
-d milliseconds Only Call/Reply pairs whose elapsed time is greater than milliseconds are to be shown.
-f [ u n t x c a ] Selected operations are to be shown in [Link].
-n Generates an [Link].
-s [ u n t x c ] Separate files are to be produced for each of the selected operations.

Related Information
The iptrace daemon, ipreport command.

ipreport Command

Purpose
Generates a packet trace report from the specified packet trace file.

Syntax
/usr/sbin/ipreport [ -e ] [ -r ] [ -n ] [ -s ] LogFile

Description
The /usr/sbin/ipreport command generates a trace report from the specified trace file created by the
iptrace command. The LogFile parameter specifies the name of the file containing the results of the
Internet Protocol trace. This file is created by the iptrace command.

118 Commands Reference, Volume 3

Flags
-e Generates the trace report in EBCDIC format. The default format is ASCII.
-r Decodes remote procedure call (RPC) packets.
-n Includes a packet number to facilitate easy comparison of different output formats.
-s Prepends the protocol specification to every line in a packet.

Related Information
The iptrace command, trpt command.

ipsec_convert Command

Purpose
Converts IP Security tunnel export files to a format that can be imported by the IBM Secure Network
Gateway.

Syntax
ipsec_convert SNG22 | FW31 [-f export_directory]

Description
IP Security allows the importing of IBM Secure Network Gateway 2.2 and IBM Firewall 3.1 tunnels using
the imptun command. However, these firewall products do not allow the reverse capability. The
ipsec_convert command allows for this capability by translating exported IP Security tunnels to IBM
Firewall tunnels. The translated files will be placed in the current directory.

Flags
SNG22 | FW31 Specifies whether the format of the resulting files will be in the format of IBM Secure Network
Gateway 2.2 or IBM Firewall 3.1 format.
-f Specifies the directory where the exported IPSec files are located.

Related Information
The imptun command.

ipsecstat Command

Purpose
Lists status of IP Security devices, IP Security crypto algorithms, and statistics of IP Security packets.

Syntax
ipsecstat [ -c ] [ -d ] [ -A ] [ -E ]

Description
The ipsecstat command, used without flags, displays the status of the IP Security devices, the crypto
algorithms installed for IP Security, and the statistics of IP Security packets.

The command can be used with flags to only list the status of IP Security devices, to only list the installed
algorithms, or to reset statistic counters (to zero).

Alphabetical Listing of Commands 119

Flags
-c Resets statistics counters (after displaying current value). The -c flag cannot be used with any other
flags.
-d Lists only the status of the IP Security devices. The -d flag cannot be used with any other flags.
-A Lists only the installed authentication algorithms. The -A flag cannot be used with any other flags.
-E Lists only the installed encryption algorithms. The -E flag cannot be used with any other flags.

ipsectrcbuf Command

Purpose
Lists the contents of tracing buffers in the IP Security subsystem.

Syntax
ipsectrcbuf [-l {0|1|2}]

Description
The IP Security subsystem maintains a memory resident trace buffer to help debug if there is a problem.
The content of the buffer, a fixed number of the most recent trace messages, will be in a system dump or
can be listed by running this command with no arguments.

Flags
-l Sets the IP Security trace level. By default, of the nine IP Security trace hooks, only IPSEC_ERROR
trace messages are put into the buffer. To enable or disable the other trace hooks, use the -l flag
with one of the following values:
0 Only IPSEC_ERROR trace messages are written to the buffer. This is the default.
1 IPSEC_FILTER, IPSEC_CAPSUL, IPSEC_CRYPTO, IPSEC_TUNNEL, as well as
IPSEC_ERROR trace messages are written to the buffer.
2 All IP Security trace messages are put into the buffer (that includes IPSEC_FILTER_INFO,
IPSEC_CAPSUL_INFO, IPSEC_CRYPTO_INFO, and IPSEC_TUNNEL_INFO as well as
those in level 1).

iptrace Daemon

Purpose
Provides interface-level packet tracing for Internet protocols.

Syntax
/usr/sbin/iptrace [ -a ] [ -b ][ -e ] [ -u ] [ -PProtocol_list ] [ -iInterface ] [ -pPort_list ] [ -sHost [ -b ] ] [
-dHost ] [ -L Log_size ] [ -B ] [ -T ] [ -S snap_length] LogFile

Description
The /usr/sbin/iptrace daemon records Internet packets received from configured interfaces. Command
flags provide a filter so that the daemon traces only packets meeting specific criteria. Packets are traced
only between the local host on which the iptrace daemon is invoked and the remote host.

120 Commands Reference, Volume 3

If the iptrace process was started from a command line without the System Resource Controller (SRC), it
must be stopped with the kill -15 command. The kernel extension loaded by the iptrace daemon remains
active in memory if iptrace is stopped any other way.

The LogFile parameter specifies the name of a file to which the results of the iptrace command are sent.
To format this file, run the ipreport command. The ipreport command may display the message TRACING
DROPPED xxxx PACKETS. This count of dropped packets indicates only the number of packets that the
iptrace command was unable to grab because of a large packet, the size of which exceeded the
socket-receive buffer size. This message does NOT mean that the packets are being dropped by the
system.
Notes:
1. The file specified by the LogFile parameter should not reside on an NFS-mounted file system.
Specifying an output file on an NFS-mounted file system can cause the iptrace daemon to hang. In
this case, you might not be able to kill the iptrace daemon, thus, requiring that you restart the system.
2. If iptrace is killed with kill -9, it is required that you issue iptrace -u to unload the bpf kernel
extensions or simply reboot. Sometimes, on a busy system, it is required that you issue iptrace -u
multiple times due to a possibility that the kernel extension used by iptrace is busy processing
packets.
3. The iptrace command supports srcmstr as well and can be started and stopped from the command
line. If started from the command line, it can be stopped using the kill -9 command.

Flags
-a Suppresses ARP packets.
-b Changes the -d or -s flags to bidirectional mode.
-B Uses bpf for packet capture.
-d Host Records packets headed for the destination host specified by the Host variable. The Host
variable can be a host name or an Internet address in dotted-decimal format.

If used with the -b flag, the -d flag records packets both going to and coming from the host
specified by the Host variable.
-e Enables promiscuous mode on network adapters that support this function.
-i Interface Records packets received on the interface specified by the Interface variable.
-L Log_size This option causes iptrace to log data in such that the LogFile is copied to [Link] at
the start and also every time it becomes approximately Log_size bytes long.
-P Protocol_list Records packets that use the protocol specified by the Protocol_list variable which is a
comma separated list of protocols. The Protocols can be a decimal number or name from the
/etc/protocols file.
-p Port_list Records packets that use the port number specified by the Port_list variable which is a
comma separated list of ports. The Port_list variable can be a decimal number or name from
the /etc/services file.
-s Host Records packets coming from the source host specified by the Host variable. The Host
variable can be a host name or an Internet address in dotted-decimal format.

If used with the -b flag, the -s flag records packets both going to and coming from the host
specified by the Host variable.
-S snap_length Specifies the snap size (how much of each packet is actually captured from wire. The
command iptrace -S 1500 /tmp/[Link] will limit captured packet size to 1500 bytes.
The default is 80 bytes.
-T Creates a tcpdump compatible dump file. To read the output, use ipreport -T or tcpdump -r.
iptrace -T in AIX 5.3.0 is not compatible with release 5.2 and earlier, due to different versions
of packet capture library (libpcap). Captured files created with iptrace -T in AIX 5.3 cannot
be read with standard AIX tcpdump or ipreport on AIX 5.2 and earlier.
-u Unloads the kernel extension that was loaded by the iptrace daemon at startup.

Alphabetical Listing of Commands 121

Examples
1. To start the iptrace daemon with the System Resource Controller (SRC), enter:
startsrc -s iptrace -a "/tmp/nettrace"

To stop the iptrace daemon with SRC enter the following:

stopsrc -s iptrace
2. To record packets coming in and going out to any host on every interface, enter the command in the
following format:
iptrace /tmp/nettrace

The recorded packets are received on and sent from the local host. All packet flow between the local
host and all other hosts on any interface is recorded. The trace information is placed into the
/tmp/nettrace file.
3. To record packets received on an interface from a specific remote host, enter the command in the
following format:
iptrace - i en0 -p telnet -s airmail /tmp/[Link]

The packets to be recorded are received on the en0 interface, from remote hostairmail, over the
telnet port. The trace information is placed into the /tmp/[Link] file.
4. To record packets coming in and going out from a specific remote host, enter the command in the
following format:
iptrace -i en0 -s airmail -b /tmp/[Link]

The packets to be recorded are received on the en0 interface, from remote hostairmail. The trace
information is placed into the /tmp/[Link] file.

Related Information
The ipreport command, the tcpdump command.

The /etc/protocols file format, /etc/services file format.

isC2host Command

Purpose
Determine the C2 status of a system.

Syntax
isC2host [ -i | -s ]

Description
The isC2host command returns the configuration status of the host machine. If the host has been
configured to operate in C2 mode, the command exits with a zero (true) code. If the host has not been
configured to operate in C2 mode, the command exits with a non-zero (false) code.

This command may be used in shell scripts where the security status of the host must be known.

The -i option is used to determine the installation status of the system. The C2 status of the system is
determined by examining the ODM database, and the exit status indicates whether or not the system was
installed in C2 mode.

122 Commands Reference, Volume 3

The -s option is used to initialize AIX in C2 mode and may only be issued by the root user. The C2 status
of the system is determined by examining the ODM database. On a system that has not been installed
with C2, as indicated by the ODM, this option performs no operation.

Flags
-i Determine the C2 installation status of the system.
-s Set the C2 status of the system from the ODM.

Subcommands
Exit Status
0 When used with no options, the system has been initialized to operate in C2 mode. When used
with the -s flag, the system was successfully initialized according to the C2 mode setting defined
in the ODM database. When used with the -i flag, the system was installed with C2 enabled.
1 When used with no options, the system has not been initialized to operate in C2 mode. When
used with the -s flag, the system could not be initialized to operate in the security mode that was
defined in the ODM. When used with the -i flag, the system was installed with C2 enabled but is
not currently operating in C2 mode.
2 When used with the -s option, the isC2host command was executed by a non-root user. When
used with the -i option, the system was not installed with C2 enabled.
3 The isC2host command was executed with an invalid command line option.

Files
/usr/sbin/isC2host Contains the isC2host command.

Related Information
The chC2admin command, lsC2admin command, mkC2admin command, rmC2admin command.

The sysconfig() subroutine.

The Object Data Manager subsystem.

isCChost Command

Purpose
Determine the Common Criteria enabled status of a system.

Syntax
isCChost [ -i | -s ]

Description
The isCChost command returns the configuration status of the host machine. If the host has been
configured to operate in Common Criteria enabled mode, the command exits with a zero (true) code. If the
host has not been configured to operate in Common Criteria enabled mode, the command exits with a
non-zero (false) code.

This command may be used in shell scripts where the security status of the host must be known.

Alphabetical Listing of Commands 123

The -i option is used to determine the installation status of the system. The Common Criteria enabled
status of the system is determined by examining the ODM database, and the exit status indicates whether
or not the system was installed in Common Criteria enabled mode.

The -s option is used to initialize AIX in Common Criteria enabled mode and may only be issued by the
root user. The Common Criteria enabled status of the system is determined by examining the ODM
database. On a system that has not been installed with Common Criteria enabled, as indicated by the
ODM, this option performs no operation.

Flags
-i Determine the Common Criteria enabled installation status of the system.
-s Set the Common Criteria enabled status of the system from the ODM.

Subcommands
Exit Status
0 When used with no options, the system has been initialized to operate in Common Criteria
enabled mode. When used with the -s flag, the system was successfully initialized according to
the Common Criteria enabled mode setting defined in the ODM database. When used with the -i
flag, the system was installed with Common Criteria enabled enabled.
1 When used with no options, the system has not been initialized to operate in Common Criteria
enabled mode. When used with the -s flag, the system could not be initialized to operate in the
security mode that was defined in the ODM. When used with the -i flag, the system was installed
with Common Criteria enabled but is not currently operating in Common Criteria enabled mode.
2 When used with the -s option, the isCChost command was executed by a non-root user. When
used with the -i option, the system was not installed with Common Criteria enabled.
3 The isCChost command was executed with an invalid command line option.

Files
/usr/sbin/isCChost Contains the isCChost command.

Related Information
The chCCadmin command, lsCCadmin command, mkCCadmin command, rmCCadmin command.

The sysconfig() subroutine.

The Object Data Manager subsystem.

istat Command

Purpose
Examines i-nodes.

Syntax
istat {FileName | i-nodeNumber Device}

124 Commands Reference, Volume 3

Description
The istat command displays the i-node information for a particular file. You can specify the file either by
providing a file or directory name with the FileName parameter or by providing an i-node number with the
i-nodeNumber parameter and a device name with the Device parameter. You can specify the Device
parameter as either a device name or as a mounted file system name.

If you specify the FileName parameter, the istat command writes the following information about the file:
v Device where the file resides
v i-node number of the file, on that device
v File type, such as normal, directory, and block device
v File access permissions
v Name and identification number of the owner and group

Note: The owner and group names for remote files are taken from the local /etc/passwd file.
v Number of links to the file
v If the i-node is for a normal file, length of the file
v If the i-node is for a device, major and minor device designations
v Date of the last i-node update
v Date of the last file modification
v Date of the last reference to the file

If you specify the i-nodeNumber and Device parameters, the istat command also displays, in hexadecimal
values, the block numbers recorded in the i-node.

Note: The Device parameter cannot refer to a remote device.

Examples
1. To display the information in the i-node corresponding to the /usr/bin/ksh file, enter:
istat /usr/bin/ksh

This command displays the i-node information for the /usr/bin/ksh file. The information looks similar
to the following:
Inode 10360 on device 10/6 File
Protection: r-xr-xr-x
Owner: 2(bin) Group: 2(bin)
Link count: 2 Length 372298 bytes

Last updated: Wed May 13 [Link] 1992

Last modified: Wed May 13 [Link] 1992
Last accessed: Sun Jan 31 [Link] 1993
2. To display i-node information by specifying a file i-node number, enter:
istat 10360 /dev/hd2

This command displays the information contained in the i-node identified by the number 10360 on the
/dev/hd2 device. In addition to the information shown in Example 1, this displays:
Block pointers (hexadecimal):
2a9a 2a9b 2a9c 2a9d 2a9e 2a9f 2aa0 2aa1

These numbers are addresses of the disk blocks that make up the /usr/bin/ksh file.

Alphabetical Listing of Commands 125

Files
/usr/bin/istat Contains the istat command.

Related Information
The fsdb command.

The filesystems file, jfs/filsys.h file.

File systems in Operating system and device management explains file system types, management,
structure, and maintenance.

Files in Operating system and device management provides information on working with files.

Directories in Operating system and device management provides an introduction on i-nodes and how they
are used by the file system.

j2edlimit Command

Purpose
Manages quota Limits Classes for JFS2 file systems.

Syntax
To edit Quota Limits Classes:

j2edlimit [ -e ] [ -u | -g ] Filesystem

To list Quota Limits Classes:

j2edlimit -l [ -u | -g ] Filesystem

To Set an Existing Limits Class as the Default Limits Class:

j2edlimit -d LimitsClassID [ -u | -g ] Filesystem

To Assign a User or Group to a Limits Class:

j2edlimit -a LimitsClassID [ -u UserName | -g GroupName ] Filesystem

Description
Quotas are managed in JFS2 file systems through the use of Limits Classes. Each Limits Class has hard
and soft limits for disk space and file, and grace periods for exceeding the soft limits. Individual users and
groups may be assigned to a Limits Class and are then subject to the quotas defined by that class. Any
user or group not assigned to a class is subject to the quotas defined by the default class (Class ID 0).
Quota limits for all users or groups in a particular class can be changed by using j2edlimit to modify the
Limits Class, without having to change or duplicate quotas for each user or group. By default, or when
used with the -e flag, the j2edlimit command edits the User Limits Classes for the file system specified on
the command line. When used with the -g flag, the j2edlimit command edits the Group Limits Classes for
the specified file system. The command creates a temporary file that contains the file system’s current
limits classes, then invokes the vi editor (or the editor specified by the EDITOR environment variable) on
the temporary file so that the limits classes can be added and modified. When the editor is exited, the
command reads the temporary file and modifies the binary quota files to reflect any changes.

126 Commands Reference, Volume 3

Note: If you specify an editor in the EDITOR environment variable, you must use the full pathname of the
editor.

Fields displayed in the temporary file are:

Block Hard Limit
The total amount of 1KB blocks the user or group will be allowed to use, including temporary
storage during a quota grace period.
Block Soft Limit
The number of 1KB blocks the user or group will be allowed to use during normal operations.
File Hard Limit
The total number of files the user or group will be allowed to create, including temporary files
created during a quota grace period.
File Soft Limit
The number of files the user or group will be allowed to create during normal operations.
Block Grace Period
Amount of time a user can exceed the Block Soft Limit before it becomes enforced as a hard limit.
File Grace Period
Amount of time a user can exceed the File Soft Limit before it becomes enforced as a hard limit.
Notes:
1. A hard limit with a value of 1 indicates that no allocations are permitted. A soft limit with a value of 1, in
conjunction with a hard limit with a value of 0, indicates that allocations are permitted only on a
temporary basis. Hard or soft limits can be specified in kilobytes (the default), megabytes, or gigabytes.
2. A user can exceed established soft limits for the length of the corresponding grace period. Upon
expiration of the grace period, the soft limit is enforced as a hard limit. The grace period can be
specified in days, hours, mnutes, or seconds. A value of 0 indicates that the default grace period is
imposed; a value of 1 second indicates that no grace period is granted.
3. After changing a grace period using the j2edlimit command, users who have already reached their
old grace period must reduce their file system usage to a level below their soft limits in order to use
the new grace period. In the future, when these users exceed their soft limits, the new grace period will
be in effect.

Flags
-a Assigns the User or Group specified by the -u or -g flag to the indicated Limits Class in the file system
specified on the command line.
-d Sets the indicated Limits Class as the default for the file system specified on the command line. By default,
or with the -u flag, the default is set for User quotas. With the -g flag, the default is set for Group quotas.
-e Edits the Limits Classes for the file system specified on the command line (this is the default operation for
the j2edlimit command). By default, or with the -u flag, the default is set for User quotas. With the -g flag,
the default is set for Group quotas.
-g When used with the -d, -l or optional -e flag, performs the peration on the Group Limits Classes for the file
system specified on the command line. When used with the -a flag, assigns the associated Group to the
specified Limits Class.
Note: If the parameter contains all numbers then it will be treated as a Group ID, and the Group ID will be
assigned to the Limits Class.
-l Lists the Limits Classes for the file system specified on the command line. By default, or with the -u flag,
User limits classes are listed. With the -g flag, Group limits classes are listed. The format of the listing is the
same as found in the temporary file when editing Limits Classes.

Alphabetical Listing of Commands 127

-u When used with the -d, -l or optional -e flag, performs the operation on the User Limits Classes for the file
system specified on the command line. When used with the -a flag, assigns the associated User to the
specified Limits Class.
Note: If the parameter contains all numbers then it will be treated as a User ID, and the User ID will be
assigned to the Limits Class.

Security
Access Control:
Only the root user can execute this command.

Examples
1. To edit User Limits Classes for the /home file system:
j2edlimit /home
2. To list Group Limits Classes for the /home file system:
j2edlimit -l -g /home
3. To set User Limits Class ID 2 as the default for the /foo file system:
j2edlimit -d2 /foo
4. To assign user markg to Limits Class ID 1 in the /home file system:
j2edlimit -a 1 -u markg /home

Files
[Link] Contains usage and Limits information for users.
[Link] Contains usage and Limits information for groups.
/etc/filesystems Contains file system names and locations.

Related Information
The quota command, quotacheck command quotaon, quotaoff command, and repquota command.

The Disk quota system overview and Setting up the disk quota system in the Security.

jobs Command

Purpose
Displays status of jobs in the current session.

Syntax
jobs [ -l | -n | -p ] [ JobID ... ]

Description
The jobs command displays the status of jobs started in the current shell environment. If no specific job is
specified with the JobID parameter, status information for all active jobs is displayed. If a job termination is
reported, the shell removes that job’s process ID from the list of those known by the current shell
environment.

The /usr/bin/jobs command does not work when operating in its own command execution environment,
because that environment does not have applicable jobs to manipulate. For this reason, the jobs
command is implemented as a Korn shell or POSIX shell regular built-in command.

128 Commands Reference, Volume 3

If the -p flag is specified, output consists of one line for each process ID. If no flags are specified, standard
output is a series of lines with the following fields:

job-number Indicates the process group number to use with the wait, fg, bg, and kill commands. When
used with these commands, prefix the job number with a % (percent sign).
current A + (plus sign) identifies the job that will be used as a default for the fg or bg commands.
This job ID can also be specified using the %+ (percent sign, plus) or %% (double percent
sign).

A - (minus sign) identifies the job that becomes the default if the current default job exits.
This job ID can also be specified using %- (percent sign, minus).

For other jobs, the current field is a space character. Only one job can be identified with a
+, and only one job can be identified with a -. If there is a single suspended job, that will be
the current job. If there are at least two suspended jobs, then the previous job is also
suspended.
state Displays one of the following values (in the POSIX locale):
Running
Indicates that the job has not been suspended by a signal and has not exited.
Done Indicates that the job completed and returned exit status 0.
Done (code)
Indicates that the job completed normally and that it exited with the specified
non-zero exit status code. This code is expressed as a decimal number.
Stopped
Indicates that the job was suspended.
Stopped (SIGTSTP)
Indicates that the SIGTSTP signal suspended the job.
Stopped (SIGSTOP)
Indicates that the SIGSTOP signal suspended the job.
Stopped (SIGTTIN)
Indicates that the SIGTTIN signal suspended the job.
Stopped (SIGTTOU)
Indicates that the SIGTTOU signal suspended the job.
command The associated command that was given to the shell.

If the -l flag is specified, a field containing the process group ID is inserted before the state field. Also,
more processes in a process group may be output on separate lines, using only the job-number and
command fields.

Flags
-l (lowercase L) Provides more information about each job listed. This information includes the job number,
current job, process group ID, state, and the command that initiated the job.
-n Displays only jobs that have stopped or exited since last notified.
-p Displays the process IDs for the process group leaders for the selected jobs.

By default the jobs command displays the status of all stopped jobs, all running background jobs, and all
jobs whose status has changed but not been reported by the shell.

Exit Status
The following exit values are returned:

0 Successful completion.

Alphabetical Listing of Commands 129

>0 An error occurred.

Examples
1. To display the status of jobs in the current environment, enter:
jobs -l

The screen displays a report similar to the following output:

+[4] 139 Running CC - C foo c&
-[3] 465 Stopped mail morris
[2] 687 Done(1) [Link]&
2. To display the process ID for the job whose name begins with ″m,″ enter:
job -p %m

Using the jobs reported in Example 1, the screen displays the following process ID:
465

Files
/usr/bin/ksh Contains the Korn shell jobs built-in command.
/usr/bin/jobs Contains the jobs command.

Related Information
The bg command,csh command, fg command, kill command, ksh command, wait command.

join Command

Purpose
Joins the data fields of two files.

Syntax
join [ -a FileNumber | -v FileNumber ] [ -e String ] [ -o List ] [ -t Character ] [ -1 Field ] [
-2 Field ] File1 File2

Description
The join command reads the files specified by the File1 and File2 parameters, joins lines in the files
according to the flags, and writes the results to standard output. The File1 and File2 parameters must be
text files. Both File1 and File2 must be sorted in the collating sequence of sort -b on the field that they are
being joined by before invoking the join command.

One line appears in the output for each identical join field appearing in both files. The join field is the field
in the input files examined by the join command to determine what will be included in the output. The
output line consists of the join field, the rest of the line from the file specified by the File1 parameter, and
the rest of the line from the file specified by the File2 parameter. Specify standard input in place of either
the File1 or File2 parameter by substituting a - (dash) as the file name. Both input files cannot be specified
with a - (dash).

Fields are usually separated by a space, a tab character, or a new-line character. In this case, the join
command treats consecutive separators as one and discards leading separators.

130 Commands Reference, Volume 3

Flags
-1 Field Joins the two files using the field specified by the Field variable in the File1 input file. The
value of the Field variable must be a positive decimal integer.
-2 Field Joins the two files using the field specified by the Field variable in the File2 input file. The
value of the Field variable must be a positive decimal integer.
-a FileNumber Produces an output line for each line in the file specified by the FileNumber variable whose
join fields do not match any line in the other input file. The output lines are produced in
addition to the default output. The value of the FileNumber variable must be either 1 or 2,
corresponding to the files specified by the File1 and File2 parameters, respectively. If this
flag is specified with the -v flag, this flag is ignored.
-e String Replaces empty output fields with the string specified by the String variable.
-o List Constructs an output line to comprise the fields specified in the List variable. One of the
following forms applies to the List variable:
[Link]
Where FileNumber is a file number and Field is a decimal-integer field number.
Separate multiple fields with a , (comma) or space characters with quotation marks
around the multiple fields.
0 (zero)
Represents the join field. The -o 0 flag essentially selects the union of the join
fields.
-t Character Uses the character specified by the Character parameter as the field separator character in
the input and the output. Every appearance of the character in a line is significant. The
default separator is a space. With default field separation, the collating sequence is that of
the sort -b command. If you specify -t, the sequence is that of a plain sort. To specify a tab
character, enclose it in single quotation marks.
-v FileNumber Produces an output line for each line in the file specified by the FileNumber variable whose
join fields do not match any line in the other input file. Default output is not produced. The
value of the FileNumber variable must be either 1 or 2, corresponding to the files specified
by File1 and File2 parameters, respectively. If this flag is specified with the -a flag, the -a
flag is ignored.

Exit Status
This command returns the following exit values:

0 Successful completion.
>0 An error occurred.

Examples
Note: The vertical alignment shown in the following examples might not be consistent with your output.
1. To perform a simple join operation on two files where the first fields are the same, type:
join phonedir names

If the phonedir file contains the following names:

Adams A. 555-6235
Dickerson B. 555-1842
Erwin G. 555-1234
Jackson J. 555-0256
Lewis B. 555-3237
Norwood M. 555-5341
Smartt D. 555-1540
Wright M. 555-1234
Xandy G. 555-5015

Alphabetical Listing of Commands 131

 and the names file contains these names and department numbers:
Erwin Dept. 389
Frost Dept. 217
Nicholson Dept. 311
Norwood Dept. 454
Wright Dept. 520
Xandy Dept. 999

the join command displays:

Erwin G. 555-1234 Dept. 389
Norwood M. 555-5341 Dept. 454
Wright M. 555-1234 Dept. 520
Xandy G. 555-5015 Dept. 999

Each line consists of the join field (the last name), followed by the rest of the line found in the phonedir
file and the rest of the line in the names file.
2. To display unmatched lines with the join command, type:

join -a2 phonedir names

If the phonedir and names files are the same as in Example 1, the join command displays:
Erwin G. 555-1234 Dept. 389
Frost Dept. 217
Nicholson Dept. 311
Norwood M. 555-5341 Dept. 454
Wright M. 555-1234 Dept. 520
Xandy G. 555-5015 Dept. 999

This command performs the same join operation as in Example 1, and also lists the lines of names
that have no match in the phonedir file. The names Frost and Nicholson are included in the listing,
even though they do not have entries in the phonedir file.
3. To display selected fields with the join command, type:

join -o 2.3,2.1,1.2,1.3 phonedir names

This displays the following fields in the order given:

Field 3 of names Department number

Field 1 of names Last name
Field 2 of phonedir First initial
Field 3 of phonedir Telephone number

If the phonedir file and names files are the same as in Example 1, the join command displays:
389 Erwin G. 555-1234
454 Norwood M. 555-5341
520 Wright M. 555-1234
999 Xandy G. 555-5015
4. To perform the join operation on a field other than the first, type:

sort -b +2 -3 phonedir | join -1 3 - numbers

This command combines the lines in the phonedir and numbers files, comparing the third field of the
phonedir file to the first field of the numbers file.
First, this command sorts the phonedir file by the third field, because both files must be sorted by their
join fields. The output of the sort command is then piped to the join command. The - (dash) by itself

132 Commands Reference, Volume 3

 causes the join command to use this output as its first file. The -1 3 flag defines the third field of the
sorted phonedir file as the join field. This is compared to the first field of numbers because its join field
is not specified with a -2 flag.
If the numbers file contains:
555-0256
555-1234
555-5555
555-7358

then this command displays the names listed in the phonedir file or each telephone number:
555-0256 Jackson J.
555-1234 Erwin G.
555-1234 Wright M.

Note that the join command lists all the matches for a given field. In this case, the join command lists
both Erwin G. and Wright M. as having the telephone number 555-1234. The number 555-5555 is not
listed because it does not appear in the phonedir file.

Files
/usr/bin/join Contains the join command.
/usr/lib/nls/loc/*.src Contains collation information.

Related Information
The awk command, comm command, cut command, paste command, sort command.

Files in Operating system and device management.

Input and output redirection in Operating system and device management.

National Language Support Overview for Programming in AIX 5L Version 5.3 National Language Support
Guide and Reference.

joinvg Command

Purpose
Joins a snapshot volume group back into its orginal volume group.

Syntax
joinvg [ -f ] VGname

Description
Joins a snapshot volume group that was created with the splitvg command back into its orginal volume
group. The snspshot volume group is deleted and the disks reactivated in the orginal volume group. Any
stale partitions will be resycrhonized by a background process.

Flags
-f Forces the join when disks in the snashot volume group are not active. The mirror copy on the
inactive disks will be removed from the orginal volume group.
VGname The orginal volume group name with the splitvg command.

Alphabetical Listing of Commands 133

Security
Access Control: You must have root authority to run this command.

Examples
To join the the original volume group, testvg, with the snapshot volume group snapvg, type:
joinvg testvg

Files
/usr/sbin Directory where the joinvg command resides.

Related Information
The splitvg and recreatevg commands.

kdb Command

Purpose
Allows for the examining of a system dump or a running kernel.

Syntax
kdb -h

kdb [ -c CommandFile ] [ -cp ] [ -i HeaderFile ] [ -l ] [ -script ] -w -u KernelFile

kdb [ -c CommandFile ] [ -cp ] [ -i HeaderFile ] [ -l ] [ -script ] [ -v ] [ SystemImageFile [ KernelFile

[KernelModule ... ]]]

kdb [ -c CommandFile ] [ -cp ] [ -i HeaderFile ] [ -l ] [ -script ] [ -v ] [ -m SystemImageFile ] [ -u KernelFile

] [ -k KernelModule ]

Description
The kdb command is an interactive utility for examining an operating system image or the running kernel.
The kdb command interprets and formats control structures in the system and provides miscellaneous
functions for examining a dump.

Root permissions are required to use the kdb command on the active system because the /dev/pmem
special file is used. To run the kdb command on the active system, type the following:
kdb

Note: Stack tracing of the current process on a running system does not work.

To invoke the kdb command on a system image file, type the following:
kdb SystemImageFile

When kdb starts, it looks for a .kdbinit file in the user’s home directory and in the current working
directory. If a .kdbinit file exists in either of these locations, kdb will execute all of the commands inside
the file as if they were entered at the interactive kdb prompt. If a .kdbinit file exists in both of these
locations, the file in the home directory will be processed first, followed by the file in the current working
directory (unless the current directory is the home directory, in which case the file is processed only once).

134 Commands Reference, Volume 3

Flags
-c CommandFile Specifies a different name for the startup script file. If this option is used, then kdb searches
for the CommandFile parameter in the home and current directories instead of the .kdbinit
file.
-cp Causes kdb to print out each command in the startup script files as the command is run.
This can be used to help debug the .kdbinit files, or any other file specified with the -c flag.
Each command is printed with a plus (+) sign in front of it.
-h Displays a short help message in regard to command line usage and a brief listing of the
available command line options.
-i HeaderFile Makes all of the C structures defined in the HeaderFile parameter available for use with the
kdb print subcommand. This option requires a C compiler to be installed on the system. If
the HeaderFile variable needs additional .h files to compile, these might have to be
specified with separate -i options as well.
-k Module Instructs kdb to use the specified Module parameter as an additional kernel module for
resolving symbol definitions not found in the kernel itself. Using this option is equivalent to
specifying the kernel module with the KernelModule parameter.
-l Disables the inline pager (that is, the more (^C to quit) ? prompt) in kdb. In this case, the
set scroll subcommand in kdb has no effect, and the inline pager is always disabled
regardless of the scroll setting.
-m Image Instructs kdb to use the specified Image parameter as the system image file. Using this
option is equivalent to specifying the system image file with the SystemImageFile
parameter.
-script Disables the inline pager (that is, the more (^C to quit) ? prompt) and disables printing of
most status information when kdb starts. This option facilitates parsing of the output from
the kdb command by scripts and other programs that act as a front end for kdb.
-u Kernel Instructs kdb to use the specified Kernel as the kernel file for resolving symbol definitions.
Using this option is equivalent to specifying the kernel with the KernelFile parameter.
-v Displays a list of all Component Dump Tables (CDTs) in the system dump file when kdb
starts. CDTs list the memory regions that are actually included in the system dump. If kdb is
used on a live system, this option is ignored.
-w Examines a kernel file directly instead of a system image. All kdb subcommands which
normally display memory locations from the system image file will instead read data directly
from KernelFile. Subcommands which write memory are not available.

Parameters
KernelFile Specifies the AIX kernel that kdb will use to resolve kernel symbol defintions. A
kernel file must be available. When examining a system dump, it is imperative that
the kernel file be the same as the kernel that was used to take the system dump.
The default value is /unix.
KernelModule Specifies the file names of any additional kernel modules that kdb uses to resolve
symbol definitions not found in the kernel file itself.
SystemImageFile Specifies the file that contains the system image. The value can indicate a system
dump, the name of a dump device, or the /dev/pmem special file. The default value
is /dev/pmem.

Examples
The following examples demonstrate invocation options for the kdb command:
1. To invoke the kdb command with the default system image and kernel image files, type the following:
kdb
The kdb program returns a (0)> prompt and waits for the entry of a subcommand.
2. To invoke the kdb command using a dump file named /var/adm/ras/vmcore.0 and the UNIX® kernel
file named /unix, type the following:
kdb /var/adm/ras/vmcore.0 /unix

Alphabetical Listing of Commands 135

 The kdb program returns a (0)> prompt and waits for the entry of a subcommand.

Files
/usr/sbin/kdb Contains the kdb command.
/dev/pmem Default system image file.
/unix Default kernel file.

Related Information
AIX 5L Version 5.3 KDB Kernel Debugger and kdb command

kdestroy Command

Purpose
Destroys a Kerberos credentials cache.

Syntax
kdestroy [ -q] [ -c cache_name | -e expired_time]

Description
The kdestroy command deletes a Kerberos credentials cache file.

If you specify the -e flag, the command checks all of the credentials cache files in the default cache
directory (/var/krb5/security/creds) and deletes any file which contains only expired tickets, provided the
tickets have been expired for the specified expired_time.

Flags
-c cache_name Specifies the name of the credentials cache you want to destroy. The default credentials cache is
destroyed if you do not specify a command flag.

If the KRB5CCNAME environment variable is set, its value is used to name the default
credentials (ticket) cache.

This flag is mutually exclusive with the -e flag.

-e expired_time Specifies that all credentials cache files containing expired tickets be deleted if the tickets have
been expired at least as long as the expired_time value.

The expired_time is expressed as nwndnhnmns, where:

n represents a number
w represents weeks
d represents days
h represents hours
m represents minutes
s represents seconds

You must specify the expired_time components in this order but you can omit any component.
For example, 4h5m represents four hours and 5 minutes and 1w2h represents 1 week and 2 hours.
If you only specify a number, the default is hours.
-q Suppress the beep when kdestroy fails to destroy the ticket.

136 Commands Reference, Volume 3

Security
To delete a credentials cache, the user must be the owner of the file or must be a root (uid 0) user.

Examples
1. To delete the default credentials cache for the user, type:
kdestroy
2. To delete all credentials cache with expired tickets older than one day, type:
kdestroy -e 1d

Files
/usr/krb5/bin/kdestroy
/var/krb5/security/creds/krb5cc_[uid] default credentials cache ([uid] is the UID of
the user.)

Related Information
The kinit command, klist command, and env command.

keyadd Command

Purpose
keyadd retrieves objects from the source keystore and adds them to the destination keystore.

Syntax
keyadd [-S servicename] -l label -s source_keystore [-d destination_keystore] [username]

Description
The keyadd command retrieves the objects named by label from the source keystore and adds them to
the destination keystore. In a keystore, a user may have the private key, public key and the certificate
stored using the same label. All objects matching a label are copied regardless of the object type. If an
object with the same label already exists in the destination keystore, the command returns an error. This
forces the user to explicitly remove an existing object instead of blindly destroying it.

Attention: Generally, there is no way to recover a destroyed object.

The -S option specifies which end-entity services and libraries to use while adding the objects from the
keystore. Available services are defined in /usr/lib/security/pki/[Link]. When invoked without -S,
keydelete will use the default service, which is local. It is an error to specify a servicename which does
not have an entry in the /usr/lib/security/ pki/[Link] file.

The -l option must be specified. This label uniquely identifies an object in the keystore to be copied. The
-s option must also be specified.

If the -d option is not given, the username’s default keystore file will be used as the destination keystore
The user’s default keystore location is /var/pki/security/keys/<username>.

If no username is given, the currend user’s username will be used. The user will be prompted for the
password of the destination keystore and the source keystore. If the destination keystore does not exist,
one will be created and the user will be asked to enter the destination keystore password again for
confirmation.

Alphabetical Listing of Commands 137

Flags
-S servicename Specifies which service module to use.
-l label Specifies the label associated with the key to be added.
-s source_keystore Species the location of the source keystore.
-d destination_keystore Specifies the location of the destination keystore.

Exit Status
0 The command completed successfully.
>0 An error occurred.

Security
This is a setuid command. In order to list the contents of a keystore the user must know the password of
the private keystore.

Root and invokers belonging to group security are allowed to list anybody’s keystore. However, they can
only successfully complete this operation if they know the password to the keystore. A non-privileged user
is only allowed to list the keystore that he owns.

Audit
This command records the following event information:

KEY_Add <username>

Examples
To copy a keystore object labeled as label from /var/pki/security/keys/[Link] to
/var/pki/security/keys/[Link], enter:
$ keyadd -s /var/pki/security/keys/[Link] -d /var/pki/
security/keys/[Link] -l label pkitest

Files
/usr/lib/security/pki/[Link]

/usr/lib/security/pki/[Link]

Related Information
The certadd, certcreate, certdelete, certget, certlink, certlist, certrevoke, certverify, keydelete,
keylist, keypasswd and mksecpki commands.

keycomp Command

Purpose
Compiles a keyboard mapping file into an input method keymap file.

Syntax
keycomp <Infile >Outfile

138 Commands Reference, Volume 3

Description
The keycomp command reads a textual description of the keyboard from standard input and produces a
binary file that maps the keys to standard output. The binary file is used by the Input Method to translate
key strokes into character strings.

You can bind characters and strings to keys on a keyboard with specified combinations of modifier keys
called keyboard states, or you can specify particular key and state combinations as unbound (return
nothing). All input keys are represented by keysyms, which stand for the key symbols that are usually used
in the AIXwindows environment to represent keyboard input.

Any combination of modifier keys is possible when you press a key on the keyboard, but usually the keys
are mapped into a smaller set of states. This state mapping can be specified.

Keycomp Source File

The input file used by the keycomp command consists of one or more lines. The items on the line are
separated by a space. Each line begins with a keysym or a hexadecimal value for a keysym. The
hexadecimal value represents keyboard input in the AIXwindows environment. Items following the keysym
represent the binding for a particular combination of the Ctrl, Alt, Shift, Lock, and Alt Graphic keys.

An item can be one of the following:

v Character surrounded by single quotation marks
v String surrounded by double quotation marks
v Keysym allowing mapping to other keysyms
v U indicating that the entry is unbound

Hexadecimal ( \xXX), octal ( \oOOO), and decimal ( \dDDD) notations of a byte can be contained in
character and string items.

Keyboard States
Modifier keys (Shift, Lock, Ctrl, Alt, and Alt Graphics keys) change the state of the keyboard. They are
used to select one item from a line corresponding to the input keysym. A value that is a combination of
bits, each bit corresponding to a modifier key, indicates the state of a keyboard. The modifier keys
increase in significance in the following order: Shift, Lock, Ctrl, Alt, and Alt Graphic modifier keys.

The bit combination or state value of a keyboard is mapped to one item of a line. The mapping is defined
by the line beginning with the %M control, which can contain only numbers. The first number after the %M
control is the item number. The numbers that follow the first number represent keyboard states, and they
are all mapped to the item. See “Examples.”

Flags
<InFile Specifies a source file to be compiled by the keycomp command.
>OutFile Specifies the name of the keymap file to be created.

Examples
1. The following is an example of a line for XK_a keysym input:
XK_a’a’ XK_A XK_A XK_a ’\x01’ U "hello"
A , (comma) can, but need not, follow each item. Regardless of whether a comma follows an item, a
space or tab must separate the items.

Alphabetical Listing of Commands 139

 Blank lines and lines beginning with the # character, except control statements, are ignored. All text
between the # and the following line is ignored unless the # is part of a string enclosed in single or
double quotation marks. Therefore, you can place comments at the end of a line that contains only a
single item.
2. The following line shows that the keyboard states Ctrl, Ctrl+Shift, and Ctrl+Shift+Lock are all mapped
to the third item:
%M 3 4 5 7

Files
/usr/include/x11/keysymdef.h Contains standard keysym definitions.
/usr/include/x11/aix_keysym.h Contains unique keysym definitions.
/usr/bin/keycomp Contains the keycomp command.
/usr/lib/nls/loc/*.[Link] Contains imkeymap source information.
/usr/lib/nls/loc/*.imkeymap Maps a keysym/modifier to a string.

Related Information
The IMInitializeKeymap subroutine.

The Input Method Overview in AIX 5L Version 5.3 National Language Support Guide and Reference.

The National Language Support Overview in AIX 5L Version 5.3 National Language Support Guide and
Reference.

keydelete Command

Purpose
Deletes an object (key, certificate, etc) identified by the label from a keystore. If the label is ALL, all objects
are deleted.

Syntax
keydelete [ -S ServiceName ] -l Label [ -p PrivateKeystore ] [ UserName ]

Description
The keydelete command deletes an object (key, certificate, etc) identified by the Label. If the Label is ALL,
all objects are deleted. The -S flag specifies which end-entity services and libraries to use while deleting
the objects from the keystore. Available services are defined in /usr/lib/security/pki/[Link]. When invoked
without -S, keydelete uses the default service, which is local. An error is returned if a ServiceName is
specified which does not have an entry in the /usr/ lib/security/pki/[Link] file.

The -l flag must be specified. The Label is a variable length text string that is used to map a key in the
keystore to the certificate which contains the matching public key. If the Label is ALL, all the objects in the
keystore are deleted.

If the -p flag is not given, the username’s default keystore file is used. The user’s default keystore location
is /var/pki/security/keys/<UserName>.

If no UserName is given, the current user’s user name is used. The user is prompted for the password of
the keystore.

140 Commands Reference, Volume 3

Flags
-S ServiceName Specifies which service module to use.
-l Label Specifies the label associated with the key to be added.
-p PrivateKeystore Species the location of the source destination keystore.

Arguments
username - Specifies the user whose key is going to be deleted.

Security
This is a privileged (set-UID root) command.

In order to list the contents of a keystore, the user must know the password of the private keystore.

root and invokers belonging to group security are allowed to list anybody’s keystore. However, they can
only successfully complete this operation if they know the password to the keystore. A non-privileged user
is only allowed to list the keystore that he owns.

Audit
This command records the following event information:

KEY_Delete <UserName>

Examples
1. To delete a keystore object with a label signcert from the invoker’s default keystore, type:
keydelete -l signcert
2. To delete all the objects from the invoker’s default keystore, type:
keydelete -l ALL
3. To delete a keystore object with a label signcert from the keystore /home/bob/ [Link], type:
keydelete -p /home/bob/[Link] -l signcert

Files
/usr/lib/security/pki/[Link]

Related Information
The keyadd, keylist, and keypasswd commands.

keyenvoy Command

Purpose
Acts as an intermediary between user processes and the keyserv daemon.

Syntax
/usr/sbin/keyenvoy

Description
The keyenvoy command acts as an intermediary by some Remote Procedure Call (RPC) programs
between their user processes and the keyserv daemon. An intermediary is necessary because the
keyserv daemon talks only to root processes. This program cannot be run interactively.

Alphabetical Listing of Commands 141

Files
/usr/sbin/keyenvoy Contains the keyenvoy command.

Related Information
The keyserv daemon.

Network File System (NFS) Overview for System Management in Networks and communication
management.

Network Information Services (NIS) Overview for System Management in AIX 5L Version 5.3 Network
Information Services (NIS and NIS+) Guide.

NIS Reference.

keylist Command

Purpose
keylist lists the keystore labels in a private keystore.

Syntax
keylist [-S servicename] [-v | -c] [-p privatekeystore] [username]

Description
The keylist command lists the keystore labels in a private keystore. The -S option specifies which
end-entity services and libraries to use while listing the labels in the keystore. Available services are
defined in /usr/lib/security/pki/[Link]. When invoked without -S, keylist will use the default service, which
is local. It is an error to specify a servicename which does not have an entry in the /usr/lib/security/pki/
[Link] file. The user optionally may provide the location of the private keystore. If not given, the default
location will be used. If the -c option is given, the type of the keystore object corresponding to the label will
be specified by one letter symbol. The following are the symbols denoting the keystore object types:

P = Public Key

p = Private Key

T = Trusted Key

S = Secret Key

C = Certificate

t = Trusted Certificate

U = Useful Certificate

If the -v option is used, the type of the object for a label will be given in non-abbreviated version ( for
example, Public Key, Secret Key).

If required, the user will be prompted for the password of the underlying service keystore.

142 Commands Reference, Volume 3

Flags
-S servicename Specifies which service module to use.
-p privatekeystore Specifies the location of the keystore.
-v Specifies that the output is in verbose mode.
-c Specifies a concise output.

Arguments
username Specifies the AIX user whose key labels is going to be queried.

Exit Status
0 Successful completion.
>0 An error occured.

Security
This is a privileged (set-UID root) command.

In order to list the contents of a keystore the user must know the password of the private keystore.

Root and invokers belonging to group security are allowed to list anybody’s keystore. However, they can
only successfully complete this operation if they have the knowledge of the password to the keystore.

A non-privileged user is only allowed to list the keystore that he owns.

Audit
This command records the following event information:

KEY_List <username>

Examples
1. To list the labels in keystore /var/security/pki/keys/bob, enter:
$ keylist -c -p /var/pki/security/keys/bob bob
PpC label1
PpC label2
2. To list labels/objects in verbose mode, enter:
$ keylist -v -p /var/pki/security/keys/bob bob

Files
/usr/lib/security/pki/[Link]

/usr/lib/security/pki/[Link]

Related Information
The certadd, certcreate, certdelete, certget, certlink, certlist, certrevoke, certverify, keyadd,
keydelete, keypasswd and mksecpki commands.

Alphabetical Listing of Commands 143

keylogin Command

Purpose
Decrypts and stores the user’s secret key.

Syntax
/usr/bin/keylogin

Description
The keylogin command prompts users for their passwords. Then, the keylogin program decrypts the
user’s secret key, which is stored in the /etc/publickey file. The decrypted key is then stored by the local
keyserv daemon to be used by any secure Remote Procedure Call (RPC) service, such as the Network
File System (NFS).

The decrypted key given to the local keyserv daemon may eventually reach a time out and become
invalid for that particular login session. The user can use the keylogin command again to refresh the key
held by the keyserv daemon.

Files
/etc/publickey Contains public or secret keys for NIS maps.

Related Information
The chkey command, newkey command.

The keyserv daemon.

How to Export a File System Using Secure NFS, How to Mount a File System Using Secure NFS in
Security.

List of NIS Commands.

Network File System (NFS) Overview for System Management in Operating system and device
management.

Network Information Services (NIS) Overview for System Management in AIX 5L Version 5.3 Network
Information Services (NIS and NIS+) Guide.

keylogout Command

Purpose
Deletes stored secret key.

Syntax
keylogout [ -f ]

Description
The keylogout command deletes the key stored by the key server process keyserv. Further access to the
key is revoked; however, current session keys may remain valid until they expire or are refreshed.

144 Commands Reference, Volume 3

Deleting the keys stored by keyserv will cause any background jobs or scheduled jobs that need secure
RPC services to fail. Since only one copy of the key is kept on a machine, do not place a call to this
command in your logout file since it will affect other sessions on the same machine.

Flags
-f Forces keylogout to delete the secret key for the superuser. By default, keylogout by the superuser
is disallowed because it would break all RPC services, such as NFS, that are started by the
superuser.

Related Information
The at command, chkey command, login command, keylogin command, newkey command.

The keyserv daemon.

keypasswd Command

Purpose
keypasswd manages the passwords which are used to access a user’s private keystore.

Syntax
keypasswd [-S servicename] [-p privatekeystore | -k username]

Description
The keypasswd command allows a user to change the password of a private keystore. The user will be
asked to enter the old and new password of the keystore. The -S option specifies which end-entity
services and libraries to use while changing the password. Available services are defined in the
/usr/lib/security/pki/[Link] file. When invoked without -S, keypasswd will use the local service. You will
get an error if you specify a servicename which does not have an entry in the /usr/lib/security/pki/[Link]
file. The -p option specifies the private keystore for which the password is going to be changed. The -k
option specifies the user’s default private keystore. You will get an error if you specify both the -k and -p
options.

Flags
-S servicename Specifies which service module to use.
-p privatekeystore Specifies the private keystore whose password is going to be changed.
-k Specifies that the keystore to be used is that of username.

Security
This is a privileged (set-UID root) command.

To change the password of a keystore one must know the password of the keystore.

Root and invokers belonging to group security are allowed to change the password of any keystore as long
as they know the password of the keystore. A non-privileged user is allowed to change only the keystore
file that they own.

Alphabetical Listing of Commands 145

Audit
This command records the following event information:

KEY_Password <username>

Examples
1. To change the password of the default private keystore that is owned by Bob, enter:
$ keypasswd

where the invoker is Bob.

2. To change the password of any other private keystore, enter:
$ keypasswd -p [Link]

Files
/usr/lib/security/[Link]

/usr/lib/security/[Link]

Related Information
The certadd, certcreate, certdelete, certget, certlink, certlist, certrevoke, certverify, keyadd,
keydelete, keylist, and mksecpki commands.

keyserv Daemon

Purpose
Stores public and private keys.

Syntax
/usr/sbin/keyserv [ -n ]

Description
The keyserv daemon stores the private encryption keys of each user logged into the system. When a user
types in a password during a keylogin, the secret key is decrypted. The decrypted key is then stored by
the keyserv daemon. These decrypted keys enable the user to access secure network services such as
secure Network File System (NFS).

When the keyserv daemon starts, it reads the key for the root directory from the /etc/.rootkey file. This
daemon keeps the secure network services operating normally. For instance, after a power failure, when
the system restarts itself, it gets the key for the root directory from the /etc/.rootkey file.

Flags
-n Prevents the keyserv daemon from reading the key for the root directory from the /etc/.rootkey file. Instead,
the keyserv daemon prompts the user for the password to decrypt the root directory’s key stored in the
network information service map and then stores the decrypted key in the /etc/.rootkey file for future use. This
option is useful if the /etc/.rootkey file ever goes out of date or is corrupted.

Examples
1. To start the keyserv daemon enabling the system to get the key for the root directory from the
/etc/.rootkey file, enter:

146 Commands Reference, Volume 3

 /usr/sbin/keyserv
2. A System Resource Controller (SRC) command can also enable the system to get the key for the root
directory from the /etc/.rootkey file as follows:
startsrc -s keyserv

This command sequence starts a script that contains the keyserv daemon.
3. To prevent the keyserv daemon from reading the key for the root directory from the /etc/rootkey file,
enter:
chssys -s keyserv -a ’-n’

This command passes the -n argument to the keyserv daemon if SRC is used to start the daemon.

Files
/etc/.rootkey Stores the encrypted key for the root directory.

Related Information
The chssys command, keyenvoy command, startsrc command.

How to Export a File System Using Secure NFS, How to Mount a File System Using Secure NFS in
Security.

Network File System in Networks and communication management.

Network Information Services (NIS) Overview for System Management in AIX 5L Version 5.3 Network
Information Services (NIS and NIS+) Guide.

NIS Reference.

System Resource Controller in Operating system and device management.

kill Command

Purpose
Sends a signal to running processes.

Syntax
To Send Signal to Processes
kill [ -s { SignalName | SignalNumber } ] ProcessID ...

kill [ - SignalName | - SignalNumber ] ProcessID ...

To List Signal Names

kill -l [ ExitStatus ]

Description
The kill command sends a signal (by default, the SIGTERM signal) to a running process. This default
action normally stops processes. If you want to stop a process, specify the process ID (PID) in the
ProcessID variable. The shell reports the PID of each process that is running in the background (unless

Alphabetical Listing of Commands 147

you start more than one process in a pipeline, in which case the shell reports the number of the last
process). You can also use the ps command to find the process ID number of commands.

A root user can stop any process with the kill command. If you are not a root user, you must have initiated
the process you want to stop.

SignalName is recognized in a case-independent fashion, without the SIG prefix.

If the specified SignalNumber is 0, the kill command checks the validity of the specified PID.

Flags
-s{SignalName | SignalNumber} Specifies the signal as a signal number or a signal name, such as -9 or
KILL for the SIGKILL signal.
-SignalName Specifies a signal name, such as SIGHUP.
-SignalNumber Specifies a signal number.

Note: To specify the negative PID with the default signal in this
syntax, you must specify - - as a signal. Otherwise the first
operand is interpreted as a SignalNumber.
ProcessID Specifies a decimal integer representing a process or process group to
be signaled. If PID is a positive value, the kill command sends the
process whose process ID is equal to the PID. If the PID value is 0, the
kill command sends the signal to all processes having a process group
ID equal to the process group ID of the sender. The signal is not sent to
processes with a PID of 0 or 1. If the PID is -1, the kill command sends
the signal to all processes owned by the effective user of the sender.
The signal is not sent to processes with a PID of 0 or 1. If it is a
negative number but not -1, the kill command sends the signal to all
processes that have a process group ID equal to the absolute value of
the PID.
-l Lists all signal names supported by the implementation
-lExitStatus Lists signal names stripped of the common SIG prefix. If ExitStatus is an
decimal integer value, the signal name corresponding to that signal is
displayed. If ExitStatus is a value of the exit status corresponding to a
process that was terminated by a signal, the signal name corresponding
to the signal that terminated the process is displayed.

Exit Status
This command returns the following exit values:

0 At least one matching process was found for each ProcessID operand, and the specified signal was
successfully processed for at least one matching process.
>0 An error occurred.

Examples
1. To stop a given process, enter:
kill 1095

This stops process 1095 by sending it the default SIGTERM signal. Note that process 1095 might not
actually stop if it has made special arrangements to ignore or override the SIGTERM signal.
2. To stop several processes that ignore the default signal, enter:
kill -kill 2098 1569

148 Commands Reference, Volume 3

 This sends signal 9, the SIGKILL signal, to processes 2098 and 1569. The SIGKILL signal is a special
signal that normally cannot be ignored or overridden.
3. To stop all of your processes and log yourself off, enter:
kill -kill 0

This sends signal 9, the SIGKILL signal, to all processes having a process group ID equal to the
senders process group ID. Because the shell cannot ignore the SIGKILL signal, this also stops the
login shell and logs you off.
4. To stop all processes that you own, enter:
kill -9 -1

This sends signal 9, the SIGKILL signal, to all processes owned by the effective user, even those
started at other work stations and that belong to other process groups. If a listing that you requested is
being printed, it is also stopped.
5. To send a different signal code to a process, enter:
kill -USR1 1103

The name of the kill command is misleading because many signals, including SIGUSR1, do not stop
processes. The action taken on SIGUSR1 is defined by the particular application you are running.

Note: To send signal 15, the SIGTERM signal with this form of the kill command, you must
explicitly specify -15 or TERM.

Files
/usr/include/sys/signal.h Specifies signal names.

Related Information
The csh command, ksh command, ps command, sh command.

The kill subroutine, sigaction subroutine.

killall Command

Purpose
Cancels all processes except the calling process.

Syntax
killall [ - ] [ -Signal ]

Description
The killall command cancels all processes that you started, except those producing the killall process.
This command provides a convenient means of canceling all processes created by the shell that you
control. When started by a root user, the killall command cancels all cancellable processes except those
processes that started it. If several Signals are specified, only the last one is effective.

If no signal is specified, the killall command sends a SIGKILL signal.

Alphabetical Listing of Commands 149

Flags
- Sends a SIGTERM signal initially and then sends a SIGKILL signal to all processes that survive for 30
seconds after receipt of the signal first sent. This gives processes that catch the SIGTERM signal an
opportunity to clean up. If both - and -Signal are set, the killall command sends the specified signal
initially and then sends a SIGKILL signal to all processes that survive for 30 seconds after receipt of
the signal first sent.
-Signal Sends the specified Signal number or SignalName.

Examples
1. To stop all background processes that have started, enter:
killall

This sends all background processes the kill signal 9 (also called the SIGKILL signal).
2. To stop all background processes, giving them a chance to clean up, enter:
killall -

This sends signal 15, the SIGTERM signal; waits 30 seconds, and then sends signal 9, the SIGKILL
signal.
3. To send a specific signal to the background processes, enter:
killall -2

This sends signal 2, the SIGINT signal, to the background processes.

Related Information
The kill command.

The signal subroutine.

kinit Command

Purpose
Obtains or renews the Kerberos ticket-granting ticket.

Syntax
kinit [ -l lifetime ] [ -r renewable_life ] [ -f ] [ -p ] [ -A ] [ -s start_time ] [ -S target_service ] [ -k [ -t
keytab_file ] ] [ -R ] [ -v ] [ -c cachename ] [ principal ]

Description
The kinit command obtains or renews a Kerberos ticket-granting ticket. The Key Distribution Center (KDC)
options specified by the [kdcdefault] and [realms] in the Kerberos configuration file ([Link]) are used if
you do not specify a ticket flag on the command line.

If you are not renewing an existing ticket, the command reinitializes the credentials cache and will contain
the new ticket-granting ticket received from the KDC. If you do not specify the Principal name on the
command line and you do specify the -s flag, the Principal name is obtained from the credentials cache.
The new credentials cache becomes the default cache unless you specify the cache name using the -c
flag.

The ticket Time value for the -l, -r and -s flags is expressed as ndnhnmns where:
n represents a number

150 Commands Reference, Volume 3

d represents days
h represents hours
m represents minutes
s represents seconds

You must specify the components in this order but you can omit any component, for example 4h5m
represents four hours and 5 minutes and 1d2s represents 1 day and 2 seconds.

Flags
-A Specifies that the ticket contain a list of client addresses. The ticket will contain the local host
address list if this option is not specified. When an initial ticket contains an address list, it can
be used only from one of the addresses in the the address list.
-c cachename Specifies the name of the credentials cache to use. The default credentials cache is used if
this flag is not specified. If the KRB5CCNAME environment variable is set, its value is used
to name the default ticket cache. Any existing contents of the cache i are destroyed by kinit.
-f Specifies that the ticket is to be forwardable. To forward the ticket, this flag must be specified.
-k Specifies to obtain the key for the ticket principal from a key table. If you do not specify this
flag, you are prompted to enter the password for the ticket principal.
-l lifetime Specifies the ticket end time interval. The ticket cannot be used after the interval expires
unless the ticket is renewed. The interval default time is 10 hours.
-p Specifies that the ticket is to be proxiable. To make the ticket proxiable, this flag must be
specified.
principal Specifies the ticket principal. The principal is obtained from the credentials cache if the
principal is not specified on the command line.
-r renewable_life Specifies the renew time interval for a renewable ticket. The ticket cannot be renewed after
the interval expires. The renew time must be greater than the end time. If this flag is not
specified, the ticket is not renewable, although you can still generate a renewable ticket if the
requested ticket lifetime exceeds the maximum ticket lifetime.
-R Specifies to renew an existing ticket. No other flags may be specified when renewing an
existing ticket.
-s start_time Specifies a request for a postdated ticket, valid starting at start_time.
-S target_service Specifies an alternate service name to use when getting initial tickets.
-t keytab_file Specifies the key table name. The default key table is used if this flag is not specified and the
-k flag is specified. The -t flag implies the -k flag.
-v Specifies that the ticket granting ticket in the cache be passed to the kdc for validation. If the
ticket is within its requested time range, the cache is replaced with the validated ticket.

Examples
1. To obtain a ticket-granting ticket with a lifetime of 10 hours, which is renewable for five days, type:
kinit -l 10h -r 5d my_principal
2. To renew an existing ticket, type:
kinit -R

Files
/usr/krb5/bin/kinit
/var/krb5/security/creds/krb5cc_[uid] default credentials cache ([uid] is the UID of the user.)
/etc/krb5/[Link] default location for the local host’s keytab file.
/var/krb5/krb5kdc/[Link] Kerberos KDC configuration file.

Alphabetical Listing of Commands 151

Related Information
The klist command, kdestroy command, and env command.

klist Command

Purpose
Displays the contents of a Kerberos credentials cache or key table.

Syntax
klist [[ -c] [ -f] [ -e] [ -s] [ -a] [ -n]] [ -k [ -t] [ -K]] [ name]

Description
The klist command displays the contents of a Kerberos credentials cache or key table.

Flags
-a Displays all tickets in the credentials cache, including expired tickets. Expired tickets are not listed if
this flag is not specified. This flag is valid only when listing a credentials cache.
-c Lists the tickets in a credentials cache. This is the default if neither the -c nor the -k flag is specified.
This flag is mutually exclusive with the -k flag.
-e Displays the encryption type for the session key and the ticket.
-f Displays the ticket flags using the following abbreviations:
F Forwardable ticket
f Forwarded ticket
P Proxiable ticket
p Proxy ticket
D Postdateable ticket
d Postdated ticket
R Renewable ticket
I Initial ticket
i Invalid ticket
H Hardware preauthentication used
A Preauthentication used
O Server can be a delegate
name Specifies the name of the credentials cache or key table. The default credentials cache or key table
is used if you do not specify a filename.

If you do not specify a name indicating a cache name or keytab name, klist displays the credentials
in the default credentials cache or keytab file as appropriate. If the KRB5CCNAME environment
variable is set, its value is used to name the default credentials (ticket) cache.
-k Lists the entries in a key table. This flag is mutually exclusive with the -c flag.
-K Displays the encryption key value for each key table entry. This flag is valid only when listing a key
table.
-n Displays the numerical internet address instead of the host name. The default without the -n is host
name. This command is used in conjunction with the -a flag.
-s Suppresses command output but sets the exit status to 0 if a valid ticket-granting ticket is found in
the credentials cache. This flag is valid only when listing a credentials cache.
-t Displays timestamps for key table entries. This flag is valid only when listing a key table.

152 Commands Reference, Volume 3

Examples
1. To list all of the entries in the default credentials cache, type:
klist
2. To list all of the entries in the etc/krb5/my_keytab key table with timestamps, type:
klist -t -k etc/krb5/my_keytab

Files
/usr/krb5/bin/klist
/var/krb5/security/creds/krb5cc_[uid] default credentials cache ([uid] is the UID of
the user.)
/etc/krb5/[Link] default location for the local host’s keytab
file.

Related Information
The kinit command, kdestroy command, and env command.

kmodctrl Command

Purpose
Loads or unloads the kernel extension /usr/lib/drivers/kmobip6.

Syntax
kmodctrl [ -k kextname ] [ -luq ]

Description
The kernel extension /usr/lib/drivers/kmobip6 contains support for the Mobile IPv6 functionality. This
kernel extension must be loaded in order to configure the system as a mobile IPv6 home agent or
correspondent node. Normally this command will be run automatically by the /etc/rc.mobip6 script if
mobile IPv6 has been enabled using system management.

Flags
-k Specifies an alternate path for the mobility kernel extension.
-l Loads the mobility kernel extension.
-q Checks whether the kernel extension is loaded.
-u Unloads the mobility kernel extension.

Exit Status
0 The command completed successfully.
>0 An error occurred.

Security
You must be the root user or a member of the system group to execute this command.

Examples
1. The following example loads the kmobip6 kernel extension:
kmodctrl -l

Alphabetical Listing of Commands 153

2. The following example unloads the kmobip6 kernel extension. This will disable all mobile IPv6
functionality on the system:
kmodctrl -u
3. The following example queries whether the kmobip6 kernel extension is loaded:
kmodctrl -q

Related Information
The mobip6ctrl command, mobip6reqd daemon, ndpd-router command, rc.mobip6 command.

The Mobile IPv6 in Networks and communication management.

kpasswd Command

Purpose
Changes the password for a Kerberos principal.

Syntax
kpasswd [ Principal]

Description
The kpasswd command changes the password for a specified Kerberos principal. It prompts for the
current principals password, which is used to obtain a changepw ticket from the KDC for the user’s
Kerberos realm. If kpasswd successfully obtains the changepw ticket, the user is prompted twice for the
new password and the password is changed.

If the principal is governed by a policy that specifies for example length and/or number of character
classes required in the new password, the new password must conform to the policy.

You may not change the password for a ticket-granting service principal (krbtgt/domain) using the
kpasswd command.

Parameters
Principal Specifies the principal for which password you want to change. If you do not specify the principal
on the command line, the principal is obtained from the default credentials cache.

Security
When requesting a password change, you must supply both the current password and the new password.

Files
/usr/krb5/bin/kpasswd
/var/krb5/security/creds/krb5cc_[uid] default credentials cache ([uid] is the UID of the user.)

krlogind Daemon

Purpose
Provides the server function for the rlogin command.

154 Commands Reference, Volume 3

Syntax
/usr/sbin/krlogind [ -n ] [ -s ]

Note: The krlogind daemon is normally started by the inetd daemon. It can also be controlled from
the command line, using SRC commands.

Description
The /usr/sbin/krlogind daemon is the server for the rlogin remote login command. The server provides a
remote login facility.

Changes to the krlogind daemon can be made by using Web-based System Manager, the System
Management Interface Tool (SMIT) or System Resource Controller (SRC), by editing the /etc/[Link] or
/etc/services file. Entering krlogind at the command line is not recommended. The krlogind daemon is
started by default when it is uncommented in the /etc/[Link] file.

The inetd daemon get its information from the /etc/[Link] file and the /etc/services file.

After changing the /etc/[Link] or /etc/services file, run the refresh -s inetd or kill -1 InetdPID
command to inform the inetd daemon of the changes to its configuration file.

Service Request Protocol

When the krlogind daemon receives a service request, the daemon initiates the following protocol:
1. The krlogind daemon checks the source port number for the request. If the port number is not in the
range 512 through 1023, the krlogind daemon terminates the connection.
2. The krlogind daemon uses the source address of the initial connection request to determine the name
of the client host. If the name cannot be determined, the krlogind daemon uses the dotted-decimal
representation of the client host address.
3. The krshd daemon attempts to validate the user using the following steps:
v makes sure that Kerberos 5 is a valid authentication method if the incoming ticket is a Kerberos 5
ticket. If the incoming ticket is a Kerberos 4 ticket, the connection fails. Kerberos 4 is not supported
for rlogin.
v calls kvalid_user with the local account name as well as the DCE principal.

Error Messages
The following error messages are associated with the krlogind daemon:

Try again A fork command made by the server has failed.

/usr/bin/shell: No shell. The shell specified for the shell variable cannot be started. The shell variable
may also be a program.

Flags
-n Disables transport-level keep-alive messages. The messages are enabled by default.
-s Turns on socket level debugging.

Manipulating the krshd Daemon

The krshd daemon is a subserver of the inetd daemon, which is a subsystem of the System Resource
Controller (SRC). The krshd daemon is a member of the tcpip SRC subsystem group. Using the
chauthent command will comment/uncomment the kshell line in the /etc/[Link] file and restart the

Alphabetical Listing of Commands 155

inetd daemon depending on whether Kerberos 5 or Kerberos 4 is configured/unconfigured. This daemon
should be manipulated using the chauthent/lsauthent commands. Direct modification of the [Link]
file’s kshell entry in not recommended.

Related Information
The rlogin command.

The inetd daemon, rshd daemon, syslogd daemon.

The pty special file.

The kvalid_user subroutine.

The /etc/[Link] file format.

For information on installing the Web-based System Manager, see Chapter 2: Installing Web-based
System Manager in AIX 5L Version 5.3 Web-based System Manager Administration Guide.

Communications and networks in Networks and communication management.

Authentication and the secure rcmds in Networks and communication management.

krshd Daemon

Purpose
Provides the server function for remote command execution.

Syntax
/usr/sbin/krshd

Note: The rshd daemon is normally started by the inetd daemon. It can also be controlled from the
command line, using SRC commands.

Description
The /usr/sbin/krshd daemon is the server for the rcp and rsh commands using Kerberos authentication.
The krshd daemon provides remote execution of shell commands. These commands are based on
requests from privileged sockets on trusted hosts. The shell commands must have user authentication.
The krshd daemon listens at the kshell socket defined in the /etc/services file.

Changes to the krshd daemon can be made using the System Management Interface Tool (SMIT) or
System Resource Controller (SRC), by editing the /etc/[Link] or /etc/services file. Entering krshd at
the command line is not recommended. The krshd daemon is started by default when it is uncommented
in the /etc/[Link] file.

The inetd daemon gets its information from the /etc/[Link] file and the /etc/services file.

After changing the /etc/[Link] or /etc/services file, run the refresh -s inetd or kill 1 InetdPID
command to inform the inetd daemon of the changes to its configuration file.

Service Request Protocol

When the krshd daemon receives a service request, it initiates the following protocol:
1. The krshd daemon checks the source port number for the request. If the port number is not in the
range 0 through 1023, the krshd daemon terminates the connection.
156 Commands Reference, Volume 3
2. The krshd daemon reads characters from the socket up to a null byte. The string read is interpreted
as an ASCII number (base 10). If this number is nonzero, the krshd daemon interprets it as the port
number of a secondary stream to be used as standard error. A second connection is created to the
specified port on the client host. The source port on the local host is also in the range 0 through 1023.
3. The krshd daemon uses the source address of the initial connection request to determine the name of
the client host. If the name cannot be determined, the krshd daemon uses the dotted decimal
representation of the client host’s address.
4. The krshd daemon retrieves the following information from the initial socket:
v A Kerberos service ticket.
v A null-terminated string of at most 16 bytes interpreted as the user name of the user on the client
host.
v Another null-terminated string interpreted as a command line to be passed to a shell on the local
server host.
v A null-terminated string of at most 16 bytes interpreted as the user name to be used on the local
server host.
v If the service ticket was a Kerberos 5 ticket, the daemon will expect either a Kerberos 5 TGT or a
null string.
5. The krshd daemon attempts to validate the user using the following steps:
v makes sure that Kerberos 5 is a valid authentication method if the incoming ticket is a Kerberos 5
ticket. Likewise, if the incoming ticket is a Kerberos 4 ticket, the Kerberos 4 authentication method
must be configured.
v calls kvalid_user with the local account name as well as the DCE Principal.
6. Once krshd validates the user, the krshd daemon returns a null byte on the initial connection. If the
connection is a Kerberos 5 ticket and the TGT is sent, the command line passes to the k5dcelogin
command, (which upgrades it to full DCE credentials). If the TGT is not sent or if the connection is a
Kerberos 4 ticket, the command line passes to the user’s local login shell. The shell then inherits the
network connections established by the krshd daemon.
The krshd daemon is controlled by using the System Management Interface Tool (SMIT) or by
changing the /etc/[Link] file. Entering krshd at the command line is not recommended.

Manipulating the krshd Daemon

The krshd daemon is a subserver of the inetd daemon, which is a subsystem of the System Resource
Controller (SRC). The krshd daemon is a member of the tcpip SRC subsystem group. Using the
chauthent command will comment/uncomment the kshell line in the /etc/[Link] file and restart the
inetd daemon depending on whether Kerberos 5 or Kerberos 4 is configured/unconfigured. This daemon
should be manipulated using the chauthent/lsauthent commands. Direct modification of the [Link]
file’s kshell entry in not recommended.

Related Information
The rsh command.

The inetd daemon.

The kvalid_user function.

The /etc/[Link] file format, /etc/[Link] file format, and /etc/services file format.

Communications and networks in Networks and communication management.

Authentication and the secure rcmds in Networks and communication management.

Alphabetical Listing of Commands 157

ksh Command

Purpose
Invokes the Korn shell.

Syntax
ksh [ -i ] [ { + | - } { a e f h k m n t u v x } ] [ -o Option ... ] [ -c String | -s | -r | File [ Parameter ] ]

Note: Preceding a flag with + (plus) rather than - (minus) turns off the flag.

Description
The ksh command invokes the Korn shell, which is an interactive command interpreter and a command
programming language. The shell carries out commands either interactively from a terminal keyboard or
from a file.

The Korn shell is backwardly compatible with the Bourne shell (invoked with the bsh command) and
contains most of the Bourne shell features as well as several of the best features of the C shell.

For more information about the Korn shell, refer to Korn shell or POSIX shell commands in Operating
system and device management.

Note: The ksh wait built in behaves in a manner similar to the parent wait() API.

An enhanced version of the Korn shell, called ksh93, is also available. The enhanced Korn shell has
additional features that are not available in the default Korn shell. For information regarding these
additional features, refer to Enhanced Korn shell (ksh93) in Operating system and device management.

Additionally, a restricted version of the Korn shell, called rksh, is available. The restricted Korn shell allows
administrators to provide a controlled execution environment for the users. For more information regarding
restricted Korn shell, refer to Restricted Korn shell in Operating system and device management.

Flags
-a Exports automatically all subsequent parameters that are defined.
-c String Causes the Korn shell to read commands from the String variable. This flag cannot be used with
the -s flag or with the File[Parameter] parameter.
-e Executes the ERR trap, if set, and exits if a command has a nonzero exit status. This mode is
disabled while reading profiles.
-f Disables file name substitution.
-h Designates each command as a tracked alias when first encountered.
-i Indicates that the shell is interactive. An interactive shell is also indicated if shell input and output
are attached to a terminal (as determined by the ioctl subroutine). In this case, the TERM
environment variable is ignored (so that the kill 0 command does not kill an interactive shell) and
the INTR signal is caught and ignored (so that a wait state can be interrupted). In all cases, the
QUIT signal is ignored by the shell.
-k Places all parameter assignment arguments in the environment for a command, not just those
arguments that precede the command name.
-m Runs background jobs in a separate process and prints a line upon completion. The exit status of
background jobs is reported in a completion message. On systems with job control, this flag is
turned on automatically for interactive shells.
-n Reads commands and checks them for syntax errors, but does not execute them. This flag is
ignored for interactive shells.

158 Commands Reference, Volume 3

-o Option Prints the current option settings and an error message if you do not specify an argument. You
can use this flag to enable any of the following options:
allexport
Same as the -a flag.
errexit Same as the -e flag.
bgnice Runs all background jobs at a lower priority. This is the default mode.
emacs Enters an emacs-style inline editor for command entry.
gmacs Enters a gmacs-style inline editor for command entry.
ignoreeof
Does not exit the shell when it encounters an end-of-file character. You must use the
exit command, or override the flag and exit the shell by pressing the Ctrl-D key
sequence more than 11 times.
keyword
Same as the -k flag.
markdirs
Appends a / (slash) to all directory names that are a result of filename substitution.
monitor
Same as the -m flag.
noclobber
Prevents redirection from truncating existing files. When you specify this option, use the
redirection symbol >| (right caret, pipe symbol) to truncate a file.
noexec
Same as the -n flag.
noglob Same as the -f flag.
nolog Prevents function definitions from being saved in the history file.
nounset
Same as the -u flag.
privileged
Same as the -p flag.
verbose
Same as the -v flag.
trackall
Same as the -h flag.
vi Enters the insert mode of a vi-style inline editor for command entry. Entering escape
character 033 puts the editor into the move mode. A return sends the line.
viraw Processes each character as it is typed in vi mode.
xtrace Same as the -x flag.

You can set more than one option on a single ksh command line.
-r Runs a restricted shell. With a restricted shell you cannot:
v Change the current working directory.
v Set the value of the SHELL, ENV, or PATH variable.
v Specify the pathname of a command that contains a / (slash).
v Redirect output of a command with > (right caret), >| (right caret, pipe symbol), <> (left caret,
right caret), or >> (two right carets).
Using this flag is the same as issuing the rksh command.

Alphabetical Listing of Commands 159

-s Causes the ksh command to read commands from the standard input. Shell output, except for
the output of the special commands, is written to file descriptor 2. This parameter cannot be used
with the -c flag or with the File[Parameter] parameter.
-t Exits after reading and executing one command.
-u Treats unset parameters as errors when substituting.
-v Prints shell input lines as they are read.
-x Prints executed commands and their arguments.

Files
/usr/bin/ksh Contains the path name to the Korn shell.
/tmp/sh* Contains temporary files that are created when a shell is opened.

Related Information
The env command.

The rksh command.

The profile file format.

Korn shell or POSIX shell commands and Enhanced Korn shell (ksh93) in Operating system and device
management.

The Restricted Korn shell section in Operating system and device management.

ksh93 Command

Purpose
Invokes the Enhanced Korn shell.

Syntax
ksh93 [ + | - a b c C e f h i k m n p r s t u v x ] [+-R file] [ +-o Option ] [arg...].

Note: Preceding a flag with + (plus) rather than - (minus) turns off the flag.

Description
The ksh93 command invokes the Enhanced Korn shell, which is an interactive command interpreter and a
command programming language. The shell carries out commands either interactively from a terminal
keyboard or from a file.

The Enhanced Korn shell has additional features that are not available in the default Korn shell. For
information regarding these additional features, refer to Enhanced Korn shell (ksh93) in Operating system
and device management.

For more information about the Korn shell, refer to Korn shell or POSIX shell commands in Operating
system and device management.

Note: The ksh93 built-in wait behaves in a manner similar to the parent wait subroutine.

160 Commands Reference, Volume 3

Flags
-a Exports automatically all subsequent parameters that are defined.
-b Job completion messages are printed as soon as a background job changes state rather than
waiting for the next prompt.
-c String Causes the Korn shell to read commands from the String variable. This flag cannot be used with
the -s flag or with the File[Parameter] parameter.
-C Prevents existing files from getting truncated when redirection > is used. O_EXCL mode is used
to create files. Requires >| to truncate a file when -C option is used.
-e Executes the ERR trap, if set, and exits if a command has a nonzero exit status. This mode is
disabled while reading profiles.
-f Disables file name substitution.
-h Designates each command as a tracked alias when first encountered.
-i Indicates that the shell is interactive. An interactive shell is also indicated if shell input and output
are attached to a terminal (as determined by the ioctl subroutine). In this case, the TERM
environment variable is ignored (so that the kill 0 command does not kill an interactive shell) and
the INTR signal is caught and ignored (so that a wait state can be interrupted). In all cases, the
QUIT signal is ignored by the shell.
-k Places all parameter assignment arguments in the environment for a command, not just those
arguments that precede the command name.
-m Runs background jobs in a separate process and prints a line upon completion. The exit status of
background jobs is reported in a completion message. On systems with job control, this flag is
turned on automatically for interactive shells.
-n Reads commands and checks them for syntax errors, but does not execute them. This flag is
ignored for interactive shells.
Note: ksh93 -n outputs a warning message for certain syntax. These messages are warnings.
Even though these warnings are issued, the execution of the scripts is unaltered. The following
are known warning messages:
`...` obsolete, use $(...).
-a obsolete, use -e.
’=’ obsolete, use ’==’.
%s within [[...]] obsolete, use ((...)).
set %s obsolete.
`{’ instead of `in’ is obsolete.
"obsolete -j must be 1 or 2.

Alphabetical Listing of Commands 161

-o Option Prints the current option settings and an error message if you do not specify an argument. You
can use this flag to enable any of the following options:
allexport
Same as the -a flag.
errexit Same as the -e flag.
bgnice
Runs all background jobs at a lower priority. This is the default mode.
emacs
Enters an emacs-style inline editor for command entry.
gmacs
Enters a gmacs-style inline editor for command entry.
ignoreeof
Does not exit the shell when it encounters an end-of-file character. You must use the exit
command, or override the flag and exit the shell by pressing the Ctrl-D key sequence
more than 11 times.
interactive
Same as the -i flag.
keyword
Same as the -k flag.
markdirs
Appends a / (slash) to all directory names that are a result of filename substitution.
monitor
Same as the -m flag.
noclobber
Same as the -C flag.
noexec
Same as the -n flag.
noglob
Same as the -f flag.
nolog Prevents function definitions from being saved in the history file.
notify Same as the -b flag.
nounset
Same as the -u flag.
privileged
Same as the -p flag.
restricted
Same as the -r flag.
verbose
Same as the -v flag.
trackall
Same as the -h flag.
vi Enters the insert mode of a vi-style inline editor for command entry. Entering escape
character 033 puts the editor into the move mode. A return sends the line.
viraw Processes each character as it is typed in vi mode.
xtrace Same as the -x flag.

You can set more than one option on a single ksh93 command line.

162 Commands Reference, Volume 3

-p Disables processing of the $HOME/.profile file and uses the /etc/suid_profile file instead of the
ENV file. This mode is on whenever the effective uid (gid) is not equal to the real uid (gid).
Turning this off causes the effective uid and gid to be set to the real uid and gid.
-r Runs a restricted shell. With a restricted shell you cannot:
v Change the current working directory.
v Set the value of the SHELL, ENV, or PATH variable.
v Specify the path name of a command that contains a / (slash).
v Redirect output of a command with > (right caret), >| (right caret, pipe symbol), <> (left caret,
right caret), or >> (two right carets).
-R File A cross reference database is generated when the -R File option is used. This can be used to find
definitions and references for variables and commands by a separate utility.
-s Causes the ksh93 command to read commands from the standard input. Shell output, except for
the output of the special commands, is written to file descriptor 2. This parameter cannot be used
with the -c flag or with the File[Parameter] parameter.
-t Exits after reading and executing one command.
-u Treats unset parameters as errors when substituting.
-v Prints shell input lines as they are read.
-x Prints executed commands and their arguments.

Exit Status
0 Successful completion.
>0 An error occurred.

Location
/usr/bin/ksh93

Related Information
The env command, the “ksh Command” on page 158.

The wait subroutine.

The profile file format.

Korn shell or POSIX shell commands and Enhanced Korn shell (ksh93) in Operating system and device
management.

kvno Command

Purpose
Displays the current key version number for a principal.

Syntax
kvno [ -e etype ] service 1 service2....

Description
The kvno command displays the current key version number for a principal (service 1 service2...). The
security policy must allow a service ticket to be obtained for the principal. The current network identity is
used when requesting the service ticket.

Alphabetical Listing of Commands 163

Flags
-e etype Specifies which encryption type to get the current key version.
service 1 service2... Specifies the principal for which you want to display the current key version number.

Security
The security policy must allow a service ticket to be obtained for the principal.

Files
/usr/krb5/bin/kvno

Related Information
The klist command.

last Command

Purpose
Displays information about previous logins.

Syntax
last [ -X ] [ -f FileName ] [ -t Time ] [ -n Number | -Number ] [ Name ... ] [ Terminal ... ]

Description
The last command displays, in reverse chronological order, all previous logins and logoffs still recorded in
the /var/adm/wtmp file. The /var/adm/wtmp file collects login and logout records as these events occur
and holds them until the records are processed by the acctcon1 and acctcon2 commands as part of the
daily reporting procedures. When the time daemon, timed, changes the system time, it logs entries in
wtmp under the pseudo-user ″date″. An entry starting with ″date |″ is logged before the change, and one
starting with ″date {″ is logged after the change. This allows for accurate accounting of logins that span a
time change.

The list can be restricted to:

v The number of lines specified either with the -Number parameter or with the -n flag.
v Logins or logoffs by the users specified by the Name parameter.
v Logins or logoffs from the terminals specified by the Terminal parameter.
v A terminal can be named fully or abbreviated as a tty. For example, you can specify either the tty0
terminal or the 0 terminal.

Note: If you specify both a Name and Terminal parameter, the last command displays all logins
and logoffs meeting either criterion.

For each process, the last command displays the:

v Time the session began
v Duration
v Terminal (tty) used

If applicable, the following information is included:

v Terminations due to rebooting
v Sessions that are still continuing

164 Commands Reference, Volume 3

If the last command is interrupted, it indicates how far the search has progressed in the /var/adm/wtmp
file. If interrupted with a quit signal, the command indicates how far the search has progressed and then
continues the search. The quit signal can be any one of the following:
#define SIGQUIT 3 /* (*) quit,
generated from terminal special char */

#define SIGKILL 9 /* kill (cannot be caught or ignored) */

#define SIGTERM 15 /* software termination signal */

The kill command sends the default SIGTERM signal when it is invoked without any option. If you want to
send the SIGQUIT signal, enter the following:
kill -3 (Process ID)

See the kill command for more information.

Flags
-f FileName Specifies an alternate file from which to read logins and logoffs.
-n Specifies the number of lines to be displayed on the list.
-t Time Displays users logged in at the given Time value. The Time variable is specified in the decimal
form [[CC]YY]MMDDhhmm[.SS] where:
CC Specifies the first two digits of the year.
YY Specifies the last two digits of the year.
MM Specifies the month of the year (01 to 12).
DD Specifies the day of the month (01 to 31).
hh Specifies the hour of the day (00 to 23).
mm Specifies the minute of the hour (00 to 59).
SS Specifies the second of the minute (00 to 59).
-X Prints all available characters of each user name instead of truncating to the first 8 characters.

Examples
1. To display all the recorded logins and logoffs by user root or from the console terminal, type:
last root console
2. To display the time between reboots of the system, type:
last reboot

The reboot pseudo-user logs in when the system starts again.

3. To display all the users still logged in at 10.30 am on April 15th, enter:
last -t 04151030
4. To display 10 lines in the list, type:
last -n 10
5. To display all the recorded logins and logoffs without truncating the user name, type:
last -X

Files
/usr/bin/last Contains the last command.
/var/adm/wtmp Contains connect-time accounting data, including login, logoff, and shutdown records.

Alphabetical Listing of Commands 165

Related Information
The acctcon1 , accton2 command, lastlogin command.

For more information about the Accounting System, the preparation of daily and monthly reports, and the
accounting files, see the System accounting in Operating system and device management.

Setting up an accounting subsystem in Operating system and device management describes the steps you
must take to establish an accounting system.

lastcomm Command

Purpose
Displays information about the last commands executed.

Syntax
lastcomm [ -X ][ Command ] [ Name ] [ Terminal ]

Description
The lastcomm command displays information, in reverse chronological order, about all previously
executed commands that are still recorded in the summary files in the /var/adm/pacct directory. You need
to run the /usr/sbin/acct/startup command before you can execute the lastcomm command.

The list the lastcomm command displays can be restricted to:

v Commands specified by the Command parameter.
v Commands executed by the user specified by the Name parameter.
v Commands from the terminal specified by the Terminal parameter.
A terminal can be named fully or abbreviated as a tty. For example, you can specify either the tty0
terminal or the 0 terminal.

For each process, the following information is displayed:

v The name of the user who ran the process.
v Any flags the accounting facilities collected when the command executed. The following are valid flags:

S The root user executed the command.

F The command ran after a fork, but without a following subroutine.
C The command ran in PDP-11 compatibility mode.
D The command terminated with the generation of a core file.
X The command was terminated with a signal.

v The name of the command under which the process was called.
v The seconds of CPU time used by the process.
v The time the process was started.

Flags
-X Prints all available characters of each user name instead of truncating to the first 8 characters.

Examples
1. To display information about all previously executed commands recorded in the /var/adm/pacct file,
enter:

166 Commands Reference, Volume 3

 lastcomm
2. To display information about commands named [Link] executed by the root user on the ttyd0 terminal,
enter:
lastcomm [Link] root ttyd0
3. To display information about all previously executed commands recorded in the /var/adm/pacct file
without truncating the user name, enter:
lastcomm -X

Files
/usr/bin/lastcomm Contains the lastcomm command.
/var/adm/pacct The directory that contains the current accounting summary files.

Related Information
The acctcms command.

For more information about the Accounting System, the preparation of daily and monthly reports, and the
accounting files, see the System accounting in Operating system and device management.

Setting up an accounting subsystem in Operating system and device management describes the steps you
must take to establish an accounting system.

lastlogin Command

Purpose
Reports the last login date for each user on the system.

Syntax
/usr/sbin/acct/lastlogin [ -X ]

Description
The lastlogin command updates the /var/adm/acct/sum/loginlog file to show the last date each user
logged in. Normally, the runacct command, running under the cron daemon, calls this command and adds
the information to the daily report. However, the lastlogin command can also be entered by a user who is
a member of the ADM group.

Note: You should not share accounting files among nodes in a distributed environment. Each node
should have its own copy of the various accounting files.

Flags
-X Processes all available characters for each user name instead of truncating to the first 8 characters.
This flag will also cause the lastlogin command to write to the /var/adm/acct/sumx/loginlog file
instead of the /var/adm/acct/sum/loginlog file.

Security
Access Control: This command should grant execute (x) access only to members of the ADM group.

Alphabetical Listing of Commands 167

Files
/usr/sbin/acct The path to the accounting commands.
/var/adm/wtmp The login and logout history file.
/var/adm/acct/sum Cumulative directory for daily accounting records.

Related Information
The runacct command.

The cron daemon.

For more information about the Accounting System, the preparation of daily and monthly reports, and the
accounting files, see the System accounting in Operating system and device management.

Setting up an accounting subsystem in Operating system and device management explains the steps you
must take to establish an accounting system.

lb_admin Command

Purpose
Administers the registration of NCS-based servers in location broker databases.

Syntax
lb_admin [ -nq ] [ -version ]

Description
The lb_admin tool administers the registrations of NCS-based servers in global location broker (GLB) or
local location broker (LLB) databases. A server registers universal unique identifiers (UUIDs) specifying an
object, a type, and an interface, along with a socket address specifying its location. A client can locate
servers by issuing lookup requests to GLBs and LLBs. The lb_admin tool can be used to look up
information, add new entries, and delete existing entries in a specified database.

The lb_admin tool is useful for inspecting the contents of location broker databases and for correcting
database errors. For example, if a server terminates abnormally without unregistering itself, use lb_admin
to manually remove its entry from the GLB database.

When accepting input or displaying output, lb_admin uses either character strings or descriptive textual
names to identify objects, types, and interfaces. A character string directly represents the data in a UUID in
the format

[Link]

where each x is a hexadecimal digit. Descriptive textual names are associated with UUIDs in the
[Link] file.

The lb_admin command examines or modifies only one database at a time. This is referred to as the
current database. The use_broker command selects the type of location broker database, GLB or LLB.
The set_broker command selects the host whose GLB or LLB database is to be accessed. If one replica
of a replicated GLB database is modified, the modifications are propagated to the other replicas of that
database.

168 Commands Reference, Volume 3

Flags
-nq Do not query for verification of wildcard expansions in unregister operations.
-version Display the version of NCS that this lb_admin belongs to, but do not start the tool.

Subcommands
In the lookup, register, and unregister commands, the object, type, and interface arguments can be
either character strings representing UUIDs or textual names corresponding to UUIDs, as described
earlier.

a[dd] Synonym for register.

c[lean] Finds and deletes obsolete entries in the current database. When issuing this
command, lb_admin attempts to contact each server registered in the
database. If the server responds, the entry for its registration is left intact in
the database. If the server does not respond, lb_admin tries to look up its
registration in the LLB database at the host where the server is located, tells
the result of this lookup, and asks if the entry is to be deleted. If a server
responds, but its UUIDs do not match the entry in the database, lb_admin
tells this result and asks if the entry is to be deleted.

There are two situations in which it is likely that a database entry should be
deleted:
v The server does not respond. lb_admin succeeds in contacting the LLB at
the host where the server is located, but the server is not registered with
that LLB. The server is probably no longer running.
v Server responds, but its UUIDs do not match the entry in the database.
The server that responded is not the one that registered the entry.

Entries that meet either of these conditions are probably safe to delete.

In other situations, it is best not to delete the entry unless it can be verified
directly that the server is not running (for example, by listing the processes
running on its host).

When lb_admin asks to delete an entry, there are four ways to respond. A
y[es] response deletes the entry. A n[o] response leaves the entry intact in
the database. After a yes or a no, lb_admin proceeds to check the next entry
in the current database. A g[o] response invokes automatic deletion, in which
all eligible entries are deleted and all ineligible entries are left intact, without
the user being queried, until all entries have been checked. A q[uit] response
terminates the clean operation.
d[elete] Synonym for unregister.
h[elp] [Command] or ? [Command] Displays a description of the specified Command or, if none is specified, list
all of the lb_admin commands.
l[ookup] Object Type Interface Looks up and displays all entries with matching Object, Type, and Interface
fields in the current database. An asterisk can be used as a wildcard for any
of the arguments. If all the arguments are wildcards, lookup displays the
entire database.
q[uit] Exits the lb_admin session.

Alphabetical Listing of Commands 169

r[egister] Object Type Interface Adds the specified entry to the current database. Use an asterisk to represent
Location Annotation [Flag] the nil UUID in the Object, Type, and Interface fields.

The location is a string in the format Family:Host[Port], where Family is an

address family, Host is a host name, and Port is a port number. Possible
values for Family include ip. A leading # can be used to indicate that a host
name is in the standard numeric form. For example, ip:vienna[1756] and
ip:#[Link][1791] are acceptable location specifiers.

The Annotation is a string of up to 64 characters annotating the entry. Use

double quotation marks to delimit a string that contains a space or contains
no characters. To embed a double quotation mark in the string, precede it with
a backslash.

The Flag is either local (the default) or global, indicating whether the entry
should be marked for local registration only or for registration in both the LLB
and GLB databases. The Flag is a field that is stored with the entry but does
not affect where the entry is registered. The set_broker and use_broker
commands select the particular LLB or GLB database for registration.
s[et_broker] [BrokerSwitch] Host Sets the host for the current LLB or GLB. If specifing global as the
BrokerSwitch, set_broker sets the current GLB; otherwise, it sets the current
LLB. The host is a string in the format Family:Host, where Family is an
address family and Host is a host name. Possible values for Family include
ip. A leading # can be used to indicate that a host name is in the standard
numeric form. For example, ip:prague and ip:#[Link] are acceptable
host specifiers.

Issue use_broker, not this command, to determine if subsequent operations

will access the LLB or the GLB.
set_t[imeout] [short | long] Sets the timeout period used by lb_admin for all of its operations. With an
argument of short or long, set_timeout sets the timeout accordingly. With no
argument, it displays the current timeout value.
u[nregister] Object Type Interface Deletes the specified entry from the current database.
Location
The location is a string in the format Family:Host[Port], where Family is an
address family, Host is a host name, and Port is a port number. Possible
values for Family include ip. A leading # can be used to indicate that a host
name is in the standard numeric form. For example, ip:vienna[1756] and
ip:#[Link][1791] are acceptable location specifiers.

An asterisk can be used as a wildcard in the Object, Type, And Interface

fields to match any value for the field. Unless queries have been suppressed
by invoking lb_admin with the -nq option, unregister allows deletion of each
matching entry. A y[es] response deletes the entry. A n[o] response leaves the
entry in the database. A g[o] response deletes all remaining database entries
that match, without querying. A q[uit] response terminates the unregister
operation, without deleting any additional entries.
us[e_broker] [BrokerSwitch] Selects the type of database that subsequent operations will access, GLB or
LLB. The BrokerSwitch is either global or local. If a BrokerSwitch is not
supplied, use_broker determines if the current database is global or local.

Use set_broker to select the host whose GLB or LLB is to be accessed.

Related Information
The drm_admin (NCS) command

The glbd (NCS) daemon, llbd (NCS) daemon, nrglbd (NCS) daemon.

170 Commands Reference, Volume 3

lb_find Command

Purpose
Gets a list of global location broker (GLB) server daemons and their attributes.

Syntax
lb_find [ -q ] [ -v ] [ -dl ]

Description
The lb_find command sends out inquiries to the NCS location broker daemons and gathers the
responses. The results are analyzed to determine whether the global location broker is replicatable, and
which cell each daemon serves. After ten seconds, the results are summarized, showing the GLB broker
type, the server host’s network address, a cell name of either default or alternate_N, and the cell’s UUID.

Flags
-q Queries for a GLB server, using the standard RPC mechanism. At most, one GLB server is printed, and only
servers in the current machine’s cell are searched. The program exits with a status of 0 if a GLB server is
found; otherwise the status is nonzero.
-v Prints out the NCS version string.
-dl Turns on RPC debugging while searching for GLB servers.

Examples
A network contains one glbd in each of two NCS cells and one nrglbd in a third cell.
/etc/ncs/lb_find

sent to broadcast address [Link]

waiting for replies

received response from glb daemon at ip:stimpy([Link])

port 1072.

received response from glb daemon at ip:oscar([Link]) port

1168.

received response from glb daemon at ip:vmess([Link]) port

1114.

.....

replicatable ip:stimpy default 333b91c50000.0d.0

[Link].00.00.00

replicatable ip:oscar alternate_1 54bdad9a4000.0d.0

0.01.83.0f.00.00.00

non_replicatable ip:vmess alternate_2 5c0e4acb8fa7.02.c

0.5c.6e.[Link]

Related Information
The lb_admin command.

The glbd (NCS) daemon, llbd (NCS) daemon, nrglbd (NCS) daemon.

Alphabetical Listing of Commands 171

lbxproxy Command

Purpose
Low BandWidth X proxy.

Syntax
lbxproxy [ :<display>] [ -help ] [ -display Display ] [ -motion Number ] [ -terminate | -reset ] [
-reconnect ] [ -I ] [ -nolbx ] [ -nocomp ] [ -nodelta ] [ -notags ] [ -nogfx ] [ -noimage ] [ -nosquish ] [
-nointernsc ] [ -noatomsfile ] [ -atomsfiles File ] [ -nowinattr ] [ -nograbcmap ] [ -norgbfile ] [ -rgbfile
Path ] [ -tagcachesize ] [ -zlevel Level ] [ -compstats ] [ -nozeropad ] [ -cheaterrors ] [ -cheatevents ]

Description
The lbxproxy command accepts client connections, multiplexes them over a single connection to the X
server, and performs various optimizations on the X protocol to make it faster over low bandwidth and/or
high latency connections. Applications that would like to take advantage of the Low Bandwidth extension to
X (LBX) must make their connections to an lbxproxy. These applications need to know nothing about LBX,
they simply connect to the lbxproxy as if were a regular server.

For authentication/authorization, lbxproxy passes the credentials presented by the client along to the
server. Since X clients connect to lbxproxy, it is important that the user’s .Xauthority file contain entries
with valid keys associated with the network ID of the proxy. lbxproxy does not get involved with how
these entries are added to the .Xauthority file. The user is responsible for setting it up.

The lbxproxy program has various flags, all of which are optional.

If :<Display> is specified, the proxy uses the Display port when listening for connections. The display port
is an offset from port 6000, identical to the way in which regular X display connections are specified. If no
port is specified on the command line, lbxproxy defaults to port 63. If the port that the proxy tries to listen
on is in use, the proxy exits with an error message.

At startup, lbxproxy pre-interns a configurable list of atoms. This allows lbxproxy to intern a group of
atoms in a single round trip and immediately store the results in its cache. While running, lbxproxy uses
heuristics to decide when to delay sending window property data to the server. The heuristics depend on
the size of the data, the name of the property, and whether a window manager is running through the
same lbxproxy. Atom control is specified in the AtomControl file, set up during installation of lbxproxy,
with command line overrides.

The file is a simple text file. There are three forms of lines: comments, length control, and name control.
Lines starting with a ! (exclamation point) are treated as comments. A line of the form z length specifies
the minimum length in bytes before property data is delayed. A line of the form options atomname controls
the given atom, where options is any combination of the following characters: i means the atom should be
pre-interned; and w means data for properties with this name should be delayed only if a window manager
is also running through the same lbxproxy.

Flags
-atomsfile File Overrides the default AtomControl file.
-cheaterrors Allows cheating on X protocol for the sake of improved performance. The X protocol
guarantees that any replies, events or errors generated by a previous request are sent before
those of a later request. This puts substantial restrictions on when lbxproxy can short circuit
a request. The -cheaterrors flag allows lbxproxy to violate X protocol rules with respect to
errors. Use at your own risk.
-cheatevents The -cheatevents flag allows lbxproxy to violate X protocol rules with respect to events as
well as errors. Use at your own risk.

172 Commands Reference, Volume 3

-compstats Reports stream compression statistics every time the proxy resets or receives a SIGHUP
signal.
-display Display Specifies the address of the X server supporting the LBX extension. If this flag is not
specified, the display is obtained by the DISPLAY environment variable.
-help Prints a brief help message about the command line flags.
-I Causes all remaining arguments to be ignored.
-motion Number Specifies the maximimum Number of events that can be in flight. A limited number of pointer
motion events are allowed to be in flight between the server and the proxy at any given time.
The default is 8.
-noatomsfile Disables reading of the AtomControl file.
-nocomp Disables stream compression.
-nodelta Disables delta request substitutions.
-nogfx Disables reencoding of graphics requests (not including image related requests).
-nograbcmap Disables colormap grabbing.
-noimage Disables image compression.
-nointernsc Disables short circuiting of InternAtom requests.
-nolbx Disables all LBX optimizations.
-norgbfile Disables color name to RGB resolution in proxy.
-nosquish Disables squishing of X events.
-notags Disables usage of tags.
-nowinattr Disables GetWindowAttributes/GetGeometry grouping into one round trip.
-nozeropad Indicates to not zero out unused pad bytes in X requests, replies, and events.
-reconnect Causes lbxproxy to reset (see -reset) and attempts to reconnect to the server when its
connection to the server is broken. The default behavior of lbxproxy is to exit.
-rgbfile Path Specifies an alternate RGB database Path for color name to RGB resolution.
-tagcachesize Sets the size of the proxy’s tag cache (in bytes).
-[terminate|reset] The default behavior of lbxproxy is to continue running as usual when it’s last client exits.
The -terminate option will cause lbxproxy to exit when the last client exits. The -reset option
will cause lbxproxy to reset itself when the last client exits. Resetting causes lbxproxy to
clean up it’s state and reconnect to the server.
-zlevel Level Set the Zlib compression level (used for stream compression). The default is 9.
1 = worst compression, fastest.
9 = best compression, slowest.

ld Command

Purpose
Links object files.

Syntax
ld [ -DNumber ] [ -eLabel ] [ -G ] [ -HNumber ] [ -K ] [ -m ] [ -M ] [ -oName ] [ -r ] [ -s ] [ -SNumber ] [
-TNumber ] [ -u Name ] ... [ -v ] [ -V ] [ -z ] [ -ZString ] ... [ -bOption ] ... [ -LDirectory ] ... { -fFileID ...
-lName ... InputFile ... }

or

ld -bsvr4 [ -d[y | n] ] [ -D Number ] [ -e Label ] [ -G ] [ -HNumber ] [ -K ] [ -m ] [ -M ] [ -oName ] [ -r ] [ -R

Path ] [ -s ] [ -SNumber ] [ -TNumber ] [ -u Name ] ... [ -v ] [ -V ] [ -z [defs | nodefs] ] [ -z multidefs ] [ -z
[text | nowarntext | warntext] ] ] [ -ZString ] ... [ -bOption ] ... [ -LDirectory ] ... { -fFileID ... -lName ...
InputFile ... }

Description
The ld command, also called the linkage editor or binder, combines object files, archives, and import files
into one output object file, resolving external references. It produces an executable object file that can be
Alphabetical Listing of Commands 173
run. In addition, if you specify the ld command without the -s flag, you can use the output file as an
InputFile parameter in another call to the ld command. By default, the ld command creates and places its
output in the [Link] file.

The ld command can relink a program without requiring that you list all input object files again. For
example, if one object file from a large program has changed, you can relink the program by listing the
new object file and the old program on the command line, along with any shared libraries required by the
program. See “Examples” on page 191.

The ld command links input files in the order you specify on the command line. If you specify a file more
than once, only the first occurrence of the file is processed. You must specify at least one input file, either
with the -bI (uppercase letter i), -bimport, -bkeepfile, -f, or -l (lowercase letter L) flag or as an InputFile
parameter. (The -bI, -bimport, or -bkeepfile flag is the -b flag used with the I, import, or keepfile option.)

Use the cc command to link files when you are producing programs that run under the operating system.
Because the cc command calls the ld command with common options and necessary support libraries,
you do not need to specify them on the command line. (This information is read from the /etc/[Link] or
/etc/[Link] configuration file.)

Linking Mode
The ld command can link 32-bit objects and programs as well as 64-bit objects and programs, but 32-bit
and 64-bit objects may not be linked together. To specify the mode for linking, you can use the
OBJECT_MODE environment variable or the -b32 or -b64 options.

Archive Files
Archive files are composite objects, which usually contain import files and object files, including shared
objects. If an archive file contains another archive file or a member whose type is not recognized, the ld
command issues a warning and ignores the unrecognized member. If an object file contained in an archive
file has the F_LOADONLY bit set in the XCOFF header, the ld command ignores the member. This bit is
usually used to designate old versions of shared objects that remain in the archive file to allow existing
applications to load and run. New applications link with the new version of the shared object, that is,
another member of the archive.

Shared Objects
A shared object, usually created by another call to the ld command, is an object file with the F_SHROBJ
bit set in the XCOFF header. A shared object defines external symbols that are resolved at run time. If you
specify the -bnso or -bnoautoimp option, the ld command processes a shared object as an ordinary
object file, and if the file is stripped, the link fails.

Ordinarily, a shared object used as input is only listed in the loader section of the output file if a symbol in
the shared object is actually referenced. When the run-time linker is used, however, you might want
shared objects to be listed even if there are no symbols referenced. When the -brtl option is used, all
shared objects listed on the command-line that are not archive members are listed in the output file. The
system loader loads all such shared objects when the program runs, and the symbols exported by these
shared objects may be used by the run-time linker. Shared objects that are archive members are not
loaded automatically unless automatic loading is enabled by an import file in the archive. To enable
automatic loading, see “Import and Export File Format (-bI: and -bE: Flags)” on page 188.

Import and Export Files

Import files are ASCII files that identify the external symbols to resolve at run time. An import file identifies
the shared object defining the imported symbols. The system loader finds and resolves those symbols at
run time. If the first line of an import file begins with #! (#, exclamation point), you can specify the file on
the command line as an ordinary InputFile. Otherwise, you must use the -bI or -bimport option to specify
the import file.

174 Commands Reference, Volume 3

Export files are ASCII files that identify external symbols that are made available for another executable
object file to import. The file format of an export file is the same as the file format of an import file.

Libraries
Libraries are files whose names end in .a, or possibly .so. To designate a library, you can specify an
absolute or relative path name or use the -l (lowercase letter L) flag in the form -lName. The last form
designates a libName.a file, or in dynamic mode, a [Link] file, to be searched for in several
directories. These search directories include any directories specified by -L flags and the standard library
directories /usr/lib and /lib.

Note: If you specify a shared object, or an archive file containing a shared object, with an absolute or
relative path name, instead of with the -lName flag, the path name is included in the import file ID
string in the loader section of the output file. You can override this behavior with the -bnoipath
option.

Processing
The ld command processes all input files in the same manner, whether they are archives or not. It
includes the symbol tables of all objects, discarding only symbol definitions that duplicate existing symbols.
Unlike some other versions of the ld command, you do not need to order archive files so references
precede definitions. Furthermore, you do not need to list an archive file more than once on the command
line.

The order of the ld command flags does not affect how they are processed, except for the flags used with
input object files, libraries, and import files. These flags are: -L, -f, -l (lowercase letter L), -bkeepfile, and
-bI (uppercase letter i). The flags are processed in the following order:
1. The -L flag adds a directory to the list of search directories to locate libraries specified by the -l
(lowercase letter L) flag. The directories are searched in the order specified. All -L flags are processed
before any -l flags are processed.
2. The ld command processes the InputFile parameters, the files specified by the -f flag and libraries
specified by the -l (lowercase letter L) flag in the order specified.
3. The ld command processes import files specified by the -bI (uppercase letter i) flag in the order
specified after processing all other object files and libraries. You can specify an import file as an input
file without the -bI flag if it is necessary to process the file before processing some object files. In this
case, the first line of the import file must begin with the #! (#, exclamation point) symbols, and the
import file is processed with other input files as described in step 2.
4. The -bkeepfile option names an input file on which the ld command does not perform garbage
collection. If the specified input file is also specified as an InputFile parameter or listed in a file
specified by the -f flag, the -bkeepfile option does not affect the order in which the file is processed.
Otherwise, the file is processed in order along with other input files, as described in step 2.

An output file produced by the ld command has execute permission set, unless you specify the -r flag or
-bnox option or errors were reported while linking. An existing output file is not overwritten if any severe
errors occurred, or if the output file was specified as an input file and any errors occurred.

Symbols
The ld command uses the following predefined symbols to provide special address locations and can be
declared in C syntax as extern char name[ ].The symbol names are:

_text Specifies the first location of the program.

_etext Specifies the first location after the program.
_data Specifies the first location of the data.
_edata Specifies the first location after the initialized data
_end or end Specifies the first location after all data.

Alphabetical Listing of Commands 175

The only way to use these symbols is to take their addresses. If an input file redefines any of these
symbols, there may be unpredictable results. An additional predefined symbol, _ptrgl, is used by compilers
to implement calls using function pointers.

Garbage Collection
By default, the ld command performs garbage collection, deleting control sections (CSECTs) that are not
referenced when generating the output file.

A CSECT is an indivisible unit of coding or data. A CSECT references another CSECT if it contains a
relocation entry (RLD) referring to a symbol contained in the other CSECT. A referenced CSECT causes
all CSECTs it references to be referenced as well. In addition, a CSECT is referenced if it contains
exported symbols, symbols specified with the -u flag, or the symbol designated as the entry point with the
-e flag.

If a symbol is not referenced but is needed in the output file, you can export the symbol, specify the
symbol with the -u flag, or suppress garbage collection. To suppress garbage collection, use the -r flag or
-bnogc option. To suppress garbage collection for individual object files, use the -bkeepfile option or the
-bgcbypass option. Even when garbage collection is suppressed, unreferenced internal symbols are
deleted.

Ignored and Unsupported Flags

For compatibility with other versions of the ld command, some flags are recognized but ignored. These
flags produce a message stating that the flag and its operand were ignored. An ignored flag does not
cause the ld command to stop without further processing. The following flags are ignored:
-ANumber -bnostrcmpct -n
-bfilelist -bstrcmpct -N
-bfl -BNumber -Q
-bforceimp -d -RNumber
-bi -i -VNumber
-binsert -j[Key:]Number -x
-bnoforceimp -kKey:Path -YNumber

Flags that the ld command does not support result in an error message. After all unsupported flags are
diagnosed, the ld command stops without further processing.

Flags
The ld command conforms to the XPG Utility Syntax Guidelines, except that the argument — only applies
to the next operand, not to the remaining operands on the command line. For example, in the command
line:
ld -- -s -v

The -s is treated as a filename and the -v is treated as a flag. To have -v treated as a filename, specify:
ld -- -s -- -v

Note: Enter a flag with an operand with or without a space between the flag and the operand. You can
specify numeric values in decimal, octal (with a leading 0), or hexadecimal (with a leading 0x or 0X)
format. If you specify conflicting flags on the command line, the ld command accepts the latest flag
and ignores earlier ones.

-bOption Sets special processing options. This flag can be repeated. For more information on
these options, see “Options (-bOptions)” on page 179.
-d [y | n] When -dy is specified, ld uses dynamic linking; this option is equivalent to the -b so
option. When -dn is specified, ld uses static linking; this option is equivalent to the -b
nso option. The default is -dy. This option is valid only when the -bsvr4 option is
specified.

176 Commands Reference, Volume 3

-DNumber Sets the starting address for the initialized data (the data section) of the output file to
Number. If the specified number is -1, the data section starts immediately after the text
section. By default, the data section begins at location 0.
Note: The system loader relocates the data section at run time, so the specified number
only affects addresses listed in address maps or printed by utilities such as the dump or
nm command.
-eLabel Sets the entry point of the executable output file to Label. The default entry point is
__start (double underscore start).
-fFileID Specifies a file containing a list of input files to process. FileID must contain a list of
input file names. Each line in FileID is treated as if it were listed separately on the ld
command line. Lines in the file can contain shell pattern characters * (asterisk), [ (left
bracket), ] (right bracket), and ? (question mark), which are expanded using the glob
subroutine and can designate multiple object files.
-G Produces a shared object enabled for use with the run-time linker. The -G flag is
equivalent to specifying the erok, rtl, nortllib, nosymbolic, noautoexp, and M:SRE
options with the -b flag. Subsequent options can override these options.
-HNumber Aligns the text, data, and loader sections of the output file so that each section begins
on a file offset that is a multiple of Number. If the specified number is 1, no alignment
occurs. If the specified number is 0, the loader section is aligned on a word boundary,
and the text and data sections are aligned on a boundary so as to satisfy the alignment
of all CSECTs in the sections. The default value is 0.

If the specified Number causes any CSECTS to be unaligned within the output file, the
ld command issues a warning and the output executable file may not load or run.
-K Aligns the header, text, data, and loader sections of the output file so that each section
begins on a page boundary. This flag is equivalent to specifying -HNumber, where
Number is the page size of the machine on which ld is running.
-lName In dynamic mode, processes the [Link] or libName.a file. In all cases, directories
specified by the -L flag or in the standard library directories (/usr/lib and /lib) are
searched to find the file. In dynamic mode, the first directory containing either
[Link] or libName.a satisfies the search. If both files are found in the same
directory, libName.a is used. To preference to [Link], you must specify the rtl
option as well. You can repeat this flag. For more information about dynamic mode, see
“Run-time Linking” on page 188.
Note: The first definition of a symbol is kept, even if no reference to the symbol has
been seen when the archive is read. In other versions of the ld command, a symbol
defined in an archive is ignored if no reference to the symbol has been seen when the
archive is read.
-LDirectory Adds Directory to the list of search directories used for finding libraries designated by the
-l (lowercase letter L) flag. The list of directories, including the standard library
directories, is also recorded in the output object file loader section for use by the system
loader unless you use the -blibpath or -bnolibpath option. You can repeat this flag.
-m or -M Lists to standard output the names of all files and archive members processed to create
the output file. Shared objects and import files are not listed.
-oName Names the output file Name. By default, the name of the output file is [Link].
-r Produces a nonexecutable output file to use as an input file in another ld command call.
This file may also contain unresolved symbols. The -r flag is equivalent to specifying the
erok, noglink, nox, and nogc options with the -b flag. (Subsequent options can
override these options.)
-R Path Valid only when the -bsvr4 option is present on the ld command line. It defines a
colon-separated list of directories used to specify library search directories to the runtime
linker. Path, if present and not NULL, is recorded in the output file’s loader section. Then
it is used when linking an executable with shared libraries at runtime. Multiple instances
of this option are concatenated together with each Path separated by a colon.
-s Strips the symbol table, line number information, and relocation information when
creating the output file. Stripping saves space but impairs the usefulness of the
debuggers. You can also strip an existing executable by using the strip command.
Note: Non-shared objects cannot be linked if they are stripped. A shared object can be
stripped, but a stripped, shared object cannot be used when linking statically.

Alphabetical Listing of Commands 177

-SNumber Sets the maximum size (in bytes) allowed for the user stack when the output executable
program is run. This value is saved in the auxiliary header and used by the system
loader to set the soft ulimit. The default value is 0.

For more information on large user stacks and 32-bit programs, see “Large Program
Support Overview” in AIX 5L Version 5.3 General Programming Concepts: Writing and
Debugging Programs.
-TNumber Sets the starting address of the text section of the output file to Number. The default
value is 0.
Note: The system loader relocates the text section at run time, so the specified number
affects only addresses listed in address maps or printed by utilities such as the nm or
the dump command.
-uName Prevents garbage collection of the external symbol Name. If the specified symbol does
not exist, a warning is reported. You can repeat this flag.
-v Writes additional information about binder command execution to the loadmap file.
-V Writes the version string of ld to standard error (stderr).
-z In the absence of the -b svr4 option, functions the same as the -K flag.
-z defs Forces a fatal error if any undefined symbols remain at the end of the link. This is the
default when an executable is built. It is also useful when building a shared library to
assure that the object is self-contained, that is, that all its symbolic references are
resolved internally. This option is valid only when the -b svr4 option is specified. It is
equivalent to -b ernotok option.
-z nodefs Allows undefined symbols. This is the default when a shared library is built. When used
with executables, the behavior of references to such undefined symbols is unspecified.
This option is valid only when the -b svr4 option is specified. It is equivalent to -b erok
option.
-z multidefs Allows multiple symbol definitions. By default, multiple symbol definitions occurring
between relocatable objects (.o files) will result in a fatal error condition. This option
suppresses the error condition and allows the first symbol definition to be taken. This
option is valid only when the -b svr4 option is specified.
-z text In dynamic mode only, forces a fatal error if any relocations against the .text section
remain. This option is valid only when the -b svr4 option is specified.
-z nowarntext In dynamic mode only, allows relocations against all mappable sections, including the
.text section. This is the default when building a shared library. This option is valid only
when the -b svr4 option is specified.
-z warntext In dynamic mode only, warns if any relocations against the .text section remain. This is
the default when building an executable. This option is valid only when the -b svr4
option is specified.
-ZString Prefixes the names of the standard library directories with String when searching for
libraries specified by the -l (lowercase letter L) flag. For example, with the -Z/test and
-lxyz flags, the ld command looks for the /test/usr/lib/libxyz.a and /test/lib/libxyz.a
files. When the -ZString flag is used, the standard library directories are not searched.
This flag has no effect on the library path information saved in the loader section of the
output file. This flag is useful when developing a new version of a library. You can repeat
this flag.

The Binder
The ld command verifies the command-line arguments and calls the binder (by default the
/usr/ccs/bin/bind file), passing a generated list of binder subcommands. The binder program actually links
the files. Although the binder is usually called by the ld command, you can start the binder directly. In this
case, the binder reads commands from standard input.

Two options affect the calling of the binder. The binder option specifies which binder to call, and the
nobind option prevents the ld command from calling a binder. Other binder options affect the binder
subcommands that are generated.

178 Commands Reference, Volume 3

If the ld command does not detect any errors in the options or command-line arguments, it calls the
binder. The binder is called with a command line of the form:
bind [quiet_opt] [loadmap_opt]

The default value for quiet_opt is quiet and the default value for the loadmap_opt is the null string, so the
default command line is:
/usr/ccs/bin/bind quiet

Options (-bOptions)
The following values are possible for the Options variable of the -b flag. You can list more than one option
after the -b flag, separating them with a single blank.
Notes:
1. In the following list of binder options, two option names separated by the word or are synonymous.
2. The FileID indicates a path name. You can use either a relative or a full path name.
3. For a non-repeatable option that is followed by an argument, you can negate the option using a null
argument. That is, specify only the option and the colon.
4. If you specify conflicting options, the last one takes precedence.

32 Specifies 32-bit linking mode. In this mode, all input object files must be XCOFF32 files, or
an error is reported. XCOFF64 archive members are ignored. For import or export files
specifying the mode of certain symbols, 64-bit symbols are ignored. If both -b32 and -b64
options are specified, the last specified option is used. If neither option is specified, the
mode is determined from the value of environment variable OBJECT_MODE.
64 Specifies 64-bit linking mode. In this mode, all input object files must be XCOFF64 files, or
an error will be reported. XCOFF32 archive members are ignored. For import or export
files specifying the mode of certain symbols, 32-bit symbols are ignored. If both -b32 and
-b64 options are specified, the last specified option is used. If neither option is specified,
the mode is determined from the value of environment variable OBJECT_MODE.
asis Processes all external symbols in mixed case. This is the default. To process all external
symbols in uppercase, see the caps option that follows.
autoexp Automatically exports some symbols from the output module without having to list them in
an export file. (This option does not export all symbols from the output module. Use the
-bexpall option to export all symbols.)This is the default. Use this option when linking a
main program. The linker assumes that you are linking a main program when you do not
specify a module type (with the M or modtype option) beginning with S and you do not
use the noentry option.

When you use the autoexp option, if any shared object listed on the command-line
imports a symbol from the special file . (dot), and the module being linked contains a local
definition of the symbol, the symbol is exported automatically.

Other symbols are also exported automatically when you link with the rtl option. If a
symbol defined in the module being linked has one or more additional definitions exported
from a shared object listed on the command-line, and if any of the definitions is a BSS
symbol, the symbol is exported automatically. If the definition in the module being linked is
a BSS symbol, the symbol is exported with the nosymbolic attribute. Otherwise, the
symbol is exported with the symbolic attribute. If the symbol is listed in an export file with
another export attribute, the explicit attribute is used.

If the autoexp option would automatically export a symbol, but the symbol is listed in an
export file with the list attribute, the symbol is not exported.
autoimp or so Imports symbols from any shared objects specified as input files. The shared objects are
referenced but not included as part of the output object file. This is the default.
autoload: Automatically load archive member when the -brtl option is used.
path/file(member)

Alphabetical Listing of Commands 179

bigtoc Generates extra code if the size of the table of contents (TOC) is greater than 64KB. Extra
code is needed for every reference to a TOC symbol that cannot be addressed with a
16-bit offset. Because a program containing generated code may have poor performance,
reduce the number of TOC entries needed by the program before using this option. The
default is the nobigtoc option.
bindcmds:FileID Writes a copy of the binder commands generated by the ld command to FileID. You can
redirect the resultant file as standard input to the binder program when the binder program
is called as a standalone program. By default, no file is produced.
binder:FileID Uses FileID as the binder called by the ld command. The default binder is the
/usr/ccs/bin/bind file.
bindopts:FileID Writes a copy of the binder program arguments to FileID. You can use the resultant file to
start the binder program as a standalone program. By default, no file is produced.
C:FileID or calls:FileID Writes an address map of the output object file to FileID. Symbols are sorted by section
and then by address. For each symbol listed in the map, references from the symbol to
other symbols are listed. By default, no file is produced. To learn more about the calls
option, see “Address Maps” on page 190.
caps Processes all external symbols in uppercase. The default is the asis option.
comprld or crld Combines multiple relocation entries (RLDs) at the same address into a single RLD when
possible. This is the default.
cror15 Uses the cror 15,15,15 (0x4def7b82) instruction as the special no-op instruction following a
call instruction. The default value is ori 0, 0, 0 (0x60000000). See the nop option.

Use this option when linking object files on the current level of the system that you intend
to relink on AIX 3.1.
cror31 Uses the cror 31,31,31 (0x4ffffb82) instruction as the special no-op instruction following a
call instruction. The default value is ori 0, 0, 0 (0x60000000). See the nop option.

Use this option when linking object files on the current level of the system that you intend
to relink on AIX 3.2.
D: Number [/dsa] or Sets the maximum size (in bytes) allowed for the user data area (or user heap) when the
maxdata:Number[/dsa] executable program is run. This value is saved in the auxiliary header and used by the
system loader to set the soft data ulimit. The default value is 0. When this option is used,
the specified number of bytes are reserved for the user data area. The program may not
explicitly map objects, using shmat or mmap functions, to virtual addresses that are
reserved for the user data area.

For 32-bit programs, the maximum value allowed by the system is 0x80000000 for
programs running under Large Program Support and 0xD0000000 for programs running
under Very Large Program Support. See “Large Program Support Overview” in AIX 5L
Version 5.3 General Programming Concepts: Writing and Debugging Programs. When a
non-zero value is specified, the user data area begins in segment 3, and the program uses
as many segments as neccessary to satisfy the maxdata value specified.

For 64-bit programs the maxdata option provides a guaranteed maximum size for the
programs data heap. Any value can be specified but the data area cannot extend past
0x06FFFFFFFFFFFFF8 regardless of the maxdata value specified.
datapsize:psize Requests psize page sizes in bytes for data. The value can be specified as a decimal,
hexadecimal, or octal number. The number specifications are the same as in C
programming language. Additionally, the page sizes can be specified as a number followed
by a one-character suffix:
v k or K for kilo or 0x400 bytes
v m or M for mega or 0x100000 bytes
v g or G for giga or 0x40000000 bytes
v t or T for tera or 0x10000000000 bytes
v p or P for peta or 0x4000000000000 bytes
v x or X for exo or 0x1000000000000000 bytes
For example, either -b datapsize:16k or -b datapsize:0x4000 will request 0x4000 for
data and set the F_VARPG bit in the XCOFF header.

180 Commands Reference, Volume 3

dbg:Option or Sets a special debugging or control option. By default, no debug option is set.
debugopt:Option
The dbg:loadabs or debugopt:loadabs option is used to indicate that the output program
is loaded at the same address as the address specified by the -T and -D flags. In this
case, a branch-absolute instruction is never changed to a (relative) branch instruction even
if its target is a relocatable symbol. Similarly, a branch instruction is never changed to a
branch-absolute instruction.
delcsect Deletes all symbols in a CSECT if any symbol in the CSECT was defined by a previously
read object file. This option prevents more than one instance of the same function from
existing in the same program. For example, if a.o defines function a() and b.o defines
functions a() and b(), linking a.o and b.o with the -bdelcsect option deletes symbols a()
and b() from b.o. Thus, two instances of a() do not exist. The default is the nodelcsect
option.
dynamic or shared Cause the linker to process subsequent shared objects in dynamic mode. This is the
default. In dynamic mode, shared objects are not statically included in the output file.
Instead, the shared objects are listed in the loader section of the output file. When you
specify the rtl option and dynamic mode is in effect, files ending in .so as well as .a satisfy
searches for libraries specified with the -l (lowercase L) flag. When both are in effect,
preference is given to .so instead of .a when present in same directory. Otherwise, if only
dynamic is set and not rtl; preference is given to .a instead of .so.s
E:FileID or export:FileID Exports the external symbols listed in the file FileID. Exported symbols are listed in the
loader section of the output file. There is no default export file.
ernotok or f Reports an error if there are any unresolved external references. This is the default.
erok Produces the output object file without errors even if there are unresolved external
references. The default is the ernotok option.
errmsg Writes error messages to standard error if the error level of the message is greater than or
equal to the value of the halt option and the quiet option is used or standard output is
redirected. This is the default.
ex1:FileID, ex2:FileID, Provide user exits in the typical binder subcommand sequence. Each file specified by
ex3:FileID, ex4:FileID, FileID must contain a list of binder subcommands, which will be run as follows:
and ex5:FileID
ex1:FileID
Before reading any InputFiles
ex2:FileID
Immediately before symbol resolution
ex3:FileID
Immediately after symbol resolution
ex4:FileID
Immediately before writing the output file
ex5:FileID
Immediately after writing the output file
expall Exports all global symbols, except imported symbols, unreferenced symbols defined in
archive members, and symbols beginning with an underscore (_). You can export
additional symbols by listing them in an export file. This option does not affect symbols
exported by the autoexp option.

When you use this option, you might be able to avoid using an export file. On the other
hand, using an export file provides explicit control over which symbols are exported, and
allows you to use other global symbols within your shared object without worrying about
conflicting with names exported from other shared objects. The default is noexpall.
export:FileID Functions the same as the E:FileID option.
f Functions the same as the ernotok option.
gc Performs garbage collection. Use the nogc, gcbypass, or keepfile option to prevent
garbage collection for some or all object files. This is the default.
gcbypass:Number Specifies the number of files to bypass when garbage collecting if the gc option is
specified. This option is ignored if the nogc option is used. If Number is 0, this option is
equivalent to the gc option and garbage collection is performed for all files. The default
value is 0.

Alphabetical Listing of Commands 181

glink:FileID Uses the global linkage prototype code specified by FileID. Global-linkage interface code is
generated for each imported or undefined function. In 32-bit mode, the default is the
/usr/lib/glink.o file. In 64-bit mode, the default is the /usr/lib/glink64.o file.
h:Number or halt:Number Specifies the maximum error level for binder command processing to continue. The default
value is 4. If any binder subcommand has a return value greater than Number, no
additional binder subcommands are processed. If the halt level value is 8 or greater, the
output file may not be executable if it is produced at all. Return values are:
0 No error
4 Warning
8 Error
12 Severe error
16 Internal program error
I:FileID or import:FileID (Uppercase i) Imports the symbols listed in FileID. There is no default import file.
initfini:[ Initial] Specifies a module initialization and termination function for a module, where Initial is an
[:Termination] [:Priority] initialization routine, Termination is a termination routine, and Priority is a signed integer,
with values from -2,147,483,648 to 2,147,483,647. You must specify at least one of Initial
and Termination, and if you omit both Termination and Priority, you must omit the colon
after Initial as well. If you do not specify Priority, 0 is the default. This option can be
repeated.

This option sorts routines by priority, starting with the routine with the smallest (most
negative) priority. It invokes initialization routines in order, and termination routines in
reverse order.

This option invokes routines with the same priority in an unspecified order, but if multiple
initfini options specify the same priority and both an initialization and termination routine, it
preserves the relative order of the routines. For example, if you specify the options
initfini:i1:f1 and initfini:i2:f2, then function i1 and i2 are invoked in an unspecified order,
but if i1 is invoked before i2 when the module is loaded, f2 will be invoked before f1 when
the module is unloaded.
Note: IBM will only use priorities in the following inclusive ranges:
-2,147,483,640 to -2,147,000,000
-1,999,999,999 to -1,000,000,000
-99,999,999 to -50,000,000
0
50,000,000 to 99,999,999
1,000,000,000 to 1,999,999,999
2,147,000,000 to 2,147,483,640
ipath For shared objects listed on the command-line, rather than specified with the -l flag, use
the path component when listing the shared object in the loader section of the output file.
This is the default.
keepfile:FileID Prevents garbage collection of FileID. By default, the binder deletes unreferenced
CSECTS in all files. You can repeat this option.

182 Commands Reference, Volume 3

lazy Enables lazy loading of a module’s dependent modules. This option adds a -lrtl option
following other flags and options. If the -brtl option is specified, the -blazy option is
ignored and lazy loading is not enabled.

When a module is linked, a list of its dependent modules is saved in the module’s loader
section. The system loader automatically loads the dependent modules after the module is
loaded. When lazy loading is enabled, loading is deferred for some dependents until a
function is called in the module for the first time.

A module is lazy loaded when all references to the module are function calls. If variables
in the module are referenced, the module is loaded in the typical way.
Note: Be careful while comparing function pointers if you are using lazy loading. Usually a
function has a unique address to compare two function pointers to determine whether they
refer to the same function. When using lazy loading to link a module, the address of a
function in a lazy loaded module is not the same address computed by other modules.
Programs that depend upon the comparison of function pointers should not use lazy
loading.

For more information about lazy loading, refer to “Shared Libraries and Lazy Loading” in
AIX 5L Version 5.3 General Programming Concepts: Writing and Debugging Programs.
l:FileID or (Lowercase L)Writes each binder subcommand and its results to FileID. By default, no file
loadmap:FileID is produced.
libpath:Path Uses Path as the library path when writing the loader section of the output file. Path is
neither checked for validity nor used when searching for libraries specified by the -l flag.
Path overrides any library paths generated when the -L flag is used.

If you do not specify any -L flags, or if you specify the nolibpath option, the default library
path information is written in the loader section of the output file. The default library path
information is the value of the LIBPATH environment variable if it is defined, and
/usr/lib:/lib, otherwise.
loadmap:FileID Functions the same as the l:FileID option.

m:UR Sets the SGETUREGS flag for the linker. When the SGETUREGS flag is set, the contents
of the registers are stored in a buffer. This option is used by coredump system call.
M:ModuleType or Sets the two-character module-type field and the shared object flag in the object file. The
modtype:ModuleType module type is not checked by the binder, but it should be set to one of the following
values:
1L Single use. Module requires a private copy of the data section for each load.
RE Reusable. Module requires a private copy of the data area for each process
dependent on the module.
RO Read only. Module is read-only, and can be used by several processes at one
time.
If an S prefix is used on any of the preceding options, the shared flag in the
object file is set. The system loader attempts to share a single instance of the
data section of an RO module. Otherwise, the module type is ignored by the
system loader. The default value is 1L.
map:FileID or R:FileID Writes an address map of the output object file to FileID. Symbols are sorted by section
and then by address. By default, no file is produced. To learn more about the map option,
see “Address Maps” on page 190.
maxdata:Number[/dsa] Functions the same as the D:Number[/dsa] option.
maxstack:Number or Functions the same as the -S flag.
S:Number
modtype:ModuleType Functions the same as the M:ModuleType option.
nl or noloadmap Does not write the binder subcommands and their results to a load map file. This is the
default.
noautoexp Prevents automatic exportation of any symbols. The default is the autoexp option.

Alphabetical Listing of Commands 183

noautoimp or nso Links any unstripped, shared objects as ordinary object files. When you use this option,
the loader section of shared objects is not used. The default is the autoimp or so option.
Note: By using either of these flags, you statically link a shared object file into an
application. Any application that is statically linked is not binary portable from any fix or
release level to any other fix or release level.
nobigtoc Generates a severe error message if the size of the TOC is greater than 64KB. If an
output file is produced, it will not execute correctly. This is the default.
nobind Omits calling the binder. Instead, the ld command writes the generated list of binder
subcommands to standard output. By default, the ld command calls the binder.
nocomprld or nocrld Does not combine multiple relocation entries (RLDs) at the same address into a single
RLD. The default is the comprld or crld option.
nodelcsect Allows all symbols in the CSECT to be considered during symbol resolution, even if some
symbol in the CSECT is defined in a previously read object file. For more information, see
the delcsect option. The nodelcsect option is the default.
noexpall Does not export symbols unless you list them in an export file or you export them with the
autoexp option. This is the default.
noentry Indicates that the output file has no entry point. To retain any needed symbols, specify
them with the -u flag or with an export file. You can also use the -r flag or the nogc or
gcbtpass options to keep all external symbols in some or all object files. If neither the
noentry nor the nox option is used and the entry point is not found, a warning is issued.
noerrmsg Does not write error messages to standard error. Use this option if you specify the noquiet
option and you pipe standard output to a command such as tee or pg.
nogc Prevents garbage collection. CSECTs in all object files that contain global symbols are
kept, whether they are referenced or not. The default is the gc option.
noglink Prevents the ld command from inserting global linkage code. By default, the binder inserts
the global linkage code.
noipath For shared objects listed on the command-line, rather than specified with the -l flag, use a
null path component when listing the shared object in the loader section of the output file.
A null path component is always used for shared objects specified with the -l flag. This
option does not affect the specification of a path component by using a line beginning with
#! in an import file. The default is the ipath option.
nolibpath Overrides any previous library path generated by the -L flag or specified by the libpath
option. Instead, the default library path information is written in the loader section of the
output file. The default library path information is the value of the LIBPATH environment
variable if it is defined, and /usr/lib:/lib otherwise.
noloadmap Functions the same as the nl option.
nom Does not list the object files used to create the output file. This option overrides the -m
flag. This is the default.
noobjreorder Does not use the depth-first CSECT reordering logic. The CSECTs in the output file are
arranged in the same order that the object files and library files were specified on the
command line, except as follows:
v CSECTs are placed in their correct text, data, or BSS section of the object file, based
on the storage-mapping class field of each CSECT.
v All CSECTs with a storage-mapping class of XMC_TC (TOC address constant) or
XMC_TD (TOC variable) are grouped together.

If both the noobjreorder and noreorder options are specified, the noreorder option takes
precedence. The default is the reorder option.

184 Commands Reference, Volume 3

nop:Nop Specifies the no-op instruction used after branches to local routines. Nop can be one of
the special values cror15, cror31, ori, or an eight-digit hexadecimal number. The ori
instruction is the default. Specifying the -bnop:cror15 option is equivalent to specifying the
-bcror15 option; specifying the -bnop:cror31 option is equivalent to specifying the
-bcror31 option. If you specify one of the special nop options, all previous nop options
are overridden

If Nop is an eight-digit hexadecimal number, it specifies an arbitrary machine instruction.

This machine instruction overrides any previously specified special value for Nop
instruction. When you use this form, you can repeat this option.

The last machine instruction specified is the instruction generated by the binder after
intramodule branches. Other specified machine instructions are recognized as no-op
instructions, but are converted to the preferred no-op instruction.
noquiet Writes each binder subcommand and its results to standard output. The default is the
quiet option.
noreorder Does not reorder CSECTs, except to combine all XMC_TC (TOC address constant) and
XMC_TD (TOC variable) CSECTs and place them in the data section, and combine all
BSS symbols and place them in the bss section. All other CSECTs are placed in the text
section, so text and data are mixed in the output file. When the noreorder option is used,
the text section of the output file may no longer be position-independent and the system
loader will not load a module if the text section is not position-independent. Therefore,
avoid using this option for programs and kernel extensions. If both noobjreorder and
noreorder options are specified, the noreorder option takes precedence. The default is
the reorder option.
nortl Disables run-time linking for the output file. This option implies the nortllib and
nosymbolic- options. Furthermore, additional actions described under the rtl option are
not taken. This is the default.
nortllib Does not include a reference to the run-time linker. If a main program is linked with this
option, no run-time linking will take place in the program, regardless of the way any shared
modules were linked that are used by the program. This is the default.
norwexec Specifies that if the system’s sed_config setting is not off, the process’ private data areas
will have non-execute permission.
nostrip Does not generate a stripped output file. Thus, the symbol table and relocation information
is written in the output file. This option overrides the -s flag. This is the default.
nosymbolic Assigns the nosymbolic attribute to most symbols exported without an explicit attribute.
For more information, see “Attributes of Exported Symbols” on page 189. The default is
the nosymbolic- option.
nosymbolic- Assigns the nosymbolic- attribute to most symbols exported without an explicit attribute.
For more information, see “Attributes of Exported Symbols.” This is the default.
notextro or nro Does not check to ensure that there are no load time relocation entries for the text section
of the output object file. This is the default.
notypchk Does not check function-parameter types between external functional calls. The default is
the typchk option.
nov Does not write additional information to the load map file. This option is the default and
overrides the -v flag.
nox Does not make the output file executable. Neither the auxiliary header nor the loader
section is written. Flags and options that specify values written in the auxiliary header or
loader section have no effect when this option is used. The default is the x option.
nro Functions the same as the notextro option.
nso Functions the same as the noautoimp option.
pD:Origin Specifies Origin as the address of the first byte of the file page containing the beginning of
the data section. For example, if the data section begins at offset 0x22A0 in th