Table of Contents

Major Differences: SunOS 4.x Versus SunOS 5.x Operating Systems

This appendix summarizes the major differences between the SunOS 4. x and SunOS 5. x operating systems in these areas:

  Installation and configuration
  Startup and shutdown
  File systems
  Printers, terminals, and modems
  Naming services
  Document tool differences

The last section in this appendix contains an alphabetical list of SunOS 4. x commands and shows the equivalent SunOS 5. x command, if one is available.

Installation and Configuration

Solaris 2. x software is distributed on compact disc (CD-ROM) only. You must have access to a CD drive before you can install the software. However, because you can set up a system to act as a remote server when installing the software on systems without local CD drives, you need access to only one CD drive on the network.

Solaris 2. x software is bundled into modules called packages. You can select packages that are relevant to your system and control the amount of space each installation requires. Sometimes packages are grouped into clusters so that you can install a set of packages for typical users, developers, or system administrators without selecting each package separately.

SunOS 5. x software includes architecture-specific kernels, rather than the generic kernel configuration provided in earlier SunOS software releases. You will find the installed kernel in /kernel/unix instead of /vmunix.

You no longer need to manually configure and build new kernels. When you install new device drivers and boot the system using the boot -r command, the kernel dynamically reconfigures itself.

When you boot the installation CD, a utility called sysidtool checks network databases for system configuration information. The sysidtool utility uses the information it finds and prompts you to enter other required information.

What Is Installed on a SunOS 5.x System

The /var/sadm/install/contents file lists every file that installation puts onto the system. To find out if a specific file was installed, look through /var/sadm/install/ contents to see if the file is listed. The file contains the complete path, the ownership and protection of the file, and the package from which the file was installed. For example, to display information about the printf file, type # grep printf /var/sadm /install /contents. Your screen will look like this:

# grep printf /var/sadm/install/contents
/usr/bin/printf f none 0555 bin bin 11628 1694 869027018
/usr/share/man/man1/printf.1 f none 0444 bin bin 10827 6685 867348047
/usr/share/man/man3b/fprintf.3b f none 0444 bin bin 57 3974 867349873
/usr/share/man/man3b/printf.3b f none 0444 bin bin 11825 25632 867349885
/usr/share/man/man3b/sprintf.3b f none 0444 bin bin 57 3987 867349912
/usr/share/man/man3b/vfprintf.3b f none 0444 bin bin 58 4092 867349923
/usr/share/man/man3b/vprintf.3b f none 0444 bin bin 57 3990 867349924
/usr/share/man/man3b/vsprintf.3b f none 0444 bin bin 58 4105 867349926
/usr/share/man/man3c/wsprintf.3c f none 0444 bin bin 1635 4399 867350689
/usr/share/man/man3s/fprintf.3s f none 0444 bin bin 57 4025 867352286
/usr/share/man/man3s/printf.3s f none 0444 bin bin 18972 20693 867352330
/usr/share/man/man3s/snprintf.3s f none 0444 bin bin 58 4145 867352353
/usr/share/man/man3s/sprintf.3s f none 0444 bin bin 57 4038 867352355
/usr/share/man/man3s/vfprintf.3s f none 0444 bin bin 59 4261 867352371
/usr/share/man/man3s/vprintf.3s f none 0444 bin bin 4365 34455 867352374
/usr/share/man/man3s/vsnprintf.3s f none 0444 bin bin 60 4381 867352376
/usr/share/man/man3s/vsprintf.3s f none 0444 bin bin 59 4274 867352376
/usr/share/man/man9f/sprintf.9f f none 0444 bin bin 3571 42682 867356508
/usr/share/man/man9f/vsprintf.9f f none 0444 bin bin 5193 43812 867356551

NOTE:  When you complete system installation, you may need to type the boot -r command to reconfigure the device names and modules so that they work with Solaris 2.x.

Startup and Shutdown

SunOS 5. x system software has eight initialization states (init states or run levels). The default init state is defined in the /etc/inittab file. See "Choosing an Init State" in Chapter 1 for a description of the initialization states.

The shutdown command works differently than in the SunOS 4. x version. The SunOS 4. x fastboot and fasthalt commands are available only on SunOS 5. x systems with BSD source compatibility package installed.

The halt and reboot commands (not found in AT&T SVR4 systems) have shutdown and init equivalents. It is recommended that you use them because halt and reboot do not run the rc scripts properly.

The init command uses a different script for each run level instead of grouping all the run levels together in the /etc /rc, /etc/rc.boot, and /etc /rc.local files. The files, named by run level, are located in the /sbin directory.

Here is a list of the default run control scripts in the /sbin directory:

castle% ls -l /sbin/rc*
-rwxr--r--   3 root     sys         1776 Jan  1  1970 /sbin/rc0
-rwxr--r--   1 root     sys         1159 Jan  1  1970 /sbin/rc1
-rwxr--r--   1 root     sys         1545 Jan  1  1970 /sbin/rc2
-rwxr--r--   1 root     sys          927 Jan  1  1970 /sbin/rc3
-rwxr--r--   3 root     sys         1776 Jan  1  1970 /sbin/rc5
-rwxr--r--   3 root     sys         1776 Jan  1  1970 /sbin/rc6
-rwxr--r--   1 root     sys         6919 Jan  1  1970 /sbin/rcS

NOTE:  The /sbin/rc directory now contains an rcS script used to bring the system to single-user mode. For more information, see "The rcS Script" later in this appendix.

Run control files are located in the /etc/init.d directory. These files are linked to corresponding run control files in the /etc/rc/etc and /etc /rc*.d directories. The files in the /etc directory define the sequence in which the scripts are performed within each run level. For example, /etc/rc2.d contains files used to start and stop processes for run level 2.

castle% ls /etc/rc2.d
K20spc           S47asppp           S74syslog        S89bdconfig
K60nfs.server    S69inet            S74xntpd         S91agaconfig
K76snmpdx        S70uucp            S75cron          S91leoconfig
K77dmi           S71rpc             S76nscd          S92rtvc-config
README           S71sysid.sys       S80PRESERVE      S92volmgt
S01MOUNTFSYS     S72autoinstall     S80lp            S93cacheos.finish
S05RMTMPFILES    S72inetsvc         S80spc           S99audit
S20sysetup       S73cachefs.daemon  S85power         S99dtlogin
S21perf          S73nfs.client      S88sendmail     S74autofs          S88utmpd

The scripts are always run in ASCII sort order. The names of the scripts are names of the forms [K,S][0 -9][A-Z][0 - 99]. Files beginning with K are run to terminate (kill) some system process. Files beginning with S are run to start up a system process. The actions of each run control level script are summarized in the following sections.

The rc0 Script

  Stops system services and daemons
  Terminates all running processes
  Unmounts all file systems
castle% ls /etc/rc0.d
K00ANNOUNCE    K47asppp       K66nfs.server  K73volmgt
K10dtlogin     K50utmpd       K69autofs      K75nfs.client
K20lp          K55syslog      K69xntpd       K76nscd
K42audit       K57sendmail    K70cron        K85rpc

The rc1 Script

  Runs the /etc/rc1.d scripts
  Stops system services and daemons
  Terminates all running processes
  Unmounts all file systems
  Brings the system up in single-user mode
castle% ls /etc/rc1.d
K00ANNOUNCE   K47asppp      K65nfs.server  K70cron        S01MOUNTFSYS
K10dtlogin    K50utmpd      K67rpc         K76nscd
K20lp         K55syslog     K68autofs      K80nfs.client
K42audit      K57sendmail   K69xntpd       K85power

The rc2 Script

  Sets the TIMEZONE variable
  Runs the /etc/rc2.d scripts
  Mounts all file systems
  Saves editing files in /usr/preserve
  Removes any files in the /tmp directory
  Creates device entries in /dev for new disks (only if boot -r is run)
  Updates device table
  Prints system configuration ( the default is not to save core)
  Configures system accounting
  Configures default router
  Sets NIS domain
  Sets ifconfig netmask
  Starts inetd
  Starts named, if appropriate
  Starts rpcbind
  Starts Kerberos client-side daemon, kerbd
  Starts NIS daemons ( ypbind) and NIS+ daemons (rpcnisd), depending on whether the system is configured for NIS or NIS+, and as a client or a server
  Starts keyserv
  Starts statd, lockd
  Mounts all NFS entries
  Starts automount
  Starts cron
  Starts the LP daemons
  Starts the sendmail daemon
castle% ls /etc/rc2.d
K20spc             S47asppp           S74syslog          S89bdconfig
K60nfs.server      S69inet            S74xntpd           S91agaconfig
K76snmpdx          S70uucp            S75cron            S91leoconfig
K77dmi             S71rpc             S76nscd            S92rtvc-config
README             S71sysid.sys       S80PRESERVE        S92volmgt
S01MOUNTFSYS       S72autoinstall     S80lp              S93cacheos.finish
S05RMTMPFILES      S72inetsvc         S80spc             S99audit
S20sysetup         S73cachefs.daemon  S85power           S99dtlogin
S21perf            S73nfs.client      S88sendmail       S74autofs          S88utmpd

The rc3 Script

  Runs the /etc /rc3.d scripts
  Starts syslogd
  Cleans up sharetab
  Starts nfsds
  Starts mountd
  If boot server, starts rarpd and rpc.bootparamd
  Starts nis_cachemanager
  Starts rpc.nisd
  Starts RFS services, if configured
castle% ls/etc/rc3.d
README         S15nfs.server  S76snmpdx      S77dmi

The rc5 Script

  Runs the /etc/rc0.d scripts
  Kills the printer daemons
  Unmounts local file systems
  Kills the syslog daemon
  Unmounts remote file systems
  Stops RFS services
  Stops NFS services
  Stops NIS services
  Stops rpc services
  Stops cron services
  Stops NFS client services
  Kills all active processes
  Initiates an interactive boot ( boot -a)

The rc6 Script

  Executes /etc /rc0.d/K*
  Kills all active processes
  Unmounts the file systems
  Executes the initdefault entries in /etc /inittab

The rcS Script

After the S30 scripts have executed, the /and/usr (if present) file systems are mounted read-only. Enough network plumbing has been established to perform an NFS mount of /usr.

The sequence range S31-S39 can depend upon these file systems being read-only. No other file systems are mounted by the Solaris product.

After the S60 scripts have executed, all system supplied device file names have been established. Therefore, the preferred range for the creation of file names for third-party devices is the range S61-S79, however, they may be done anywhere in the S61-S99 range. The environment symbol _INIT_RECONFIG is the key to a reconfiguration boot. Also, the base system mounts have been performed and those file systems are read/write if so specified. The base system mounts are:


The following file systems can be assumed to be writable:

/dev            (for logical name creation)
/devices        (for physical name creation)
/etc            (for mnttab and file administration)

After the S80 scripts have executed, any other file systems to be mounted in single-user mode are mounted. Currently these are /var and /var/adm.

castle% ls /etc/rcS.d
K65pcmcia             S60devlinks
README               S65pcmcia
S10initpcmcia         S41cachefs.root         S50drvconfig

File Systems

The following sections describe changes to the file systems.


Solaris 2. x software includes a common set of commands and files to administer both network file system (NFS) and remote file sharing (RFS) resources. This set of commands is called distributed file system ( DFS) administration. The common DFS commands replace the separate NFS and RFS commands required in SunOS 4. x systems, and simplify NFS and RFS resource sharing because it is necessary to remember only one set of commands. See Chapter 4, "Administering File Systems," for more information about file system commands.

Directory Changes

The directory structure is changed. The following sections provide an overview of file and directory information. If you cannot locate a familiar file or directory, it may not be available or its contents may be relocated.

Addition of the /opt Directory

The /opt directory contains optional add-on application software packages. These packages were installed in /usr on SunOS 4. x systems. Keeping them in /opt leaves the /usr directory stable as packages are installed and removed.

Addition of the /proc Directory

The /proc directory contains a numerical list of processes. Information in the /proc directory is used by commands such as ps. Debuggers and other development tools can also access the address space of the processes by using file system calls.

Addition of the /devices directory

The /devices directory contains character and block special device files. Here is an example of the contents of the /devices directory:

oak% ls -l /devices
total 12
crw-rw-rw-   1 root    sys       28,128 Aug  3 15:1Ø audio@1,f72Ø1ØØØ:

crw-------   1 root    sys       68, 11 Aug  3 13:56 eeprom@1,f2ØØØØØØ:
brw-rw-rw-   1 root    sys       36,  Ø Aug  3 13:56 fd@1,f72ØØØØØ:a
crw-rw-rw-   1 root    sys       36,  Ø Aug  3 13:56 fd@1,f72ØØØØØ:a,raw
brw-rw-rw-   1 root    sys       36,  1 Aug  3 13:56 fd@1,f72ØØØØØ:b
crw-rw-rw-   1 root    sys       36,  1 Aug  3 13:56 fd@1,f72ØØØØØ:b,raw
brw-rw-rw-   1 root    sys       36,  2 Aug  3 13:56 fd@1,f72ØØØØØ:c
crw-rw-rw-   1 root    sys       36,  2 Aug  3 13:56 fd@1,f72ØØØØØ:c,raw
drwxrwxrwx   2 root    sys         46Ø8 Aug  3 15:1Ø pseudo
drwxrwxrwx   3 root    sys          512 Aug  3 13:56 sbus@1,f8ØØØØØØ
crw-rw-rw-   1 root    sys       29,  Ø Aug  3 13:56 zs@1,f1ØØØØØØ:a
crw-rw-rw-   1 root    sys       29,131Ø72 Aug  3 13:56 zs@1,f1ØØØØØØ:a,cu
crw-rw-rw-   1 root    sys       29,  1 Aug  3 13:56 zs@1,f1ØØØØØØ:b
crw-rw-rw-   1 root    sys       29,131Ø73 Aug  3 13:56 zs@1,f1ØØØØØØ:b,cu

Addition of the /kernel Directory

The /kernel directory contains the UNIX kernel and kernel-level object modules.Table A-1 describes the subdirectories that have been added to the /kernel directory.

x86 systems also have a mach directory that contains x86 hardware support.

Table A-1 Contents of the / kernel Directory

Directory Description
drv Loadable device drivers
exec The modules that execute programs stored in various file formats
fs File system modules
misc Miscellaneous system-related modules
sched Operating system schedulers
strmod System V STREAMS loadable modules
sys Loadable system calls

Changes in the /dev Directory

The /dev directory is changed from a flat directory to a hierarchical one. Table A-2 shows the added subdirectories.

Table A-2 Additions to the /dev Directory

Directory Description
/dev/dsk Block disk devices
/dev/pts Pseudo terminal (pty) slave devices
/dev/rdsk Raw disk devices
/dev/rmt Raw tape devices
/dev/sad Entry points for the STREAMS administrative driver
/dev/term Terminal devices

Changes in the /etc Directory

The /etc directory contains system-specific configuration information. Several files and subdirectories are added, removed, or changed from the SunOS 4. x /etc directory:

  File system- specific commands, such as mount_rfs, are moved to the /usr/lib/fs directory.
  The /etc /fstab file is replaced with/etc /vfstab.
  Initialization scripts, such as rc, rc.boot, rc.local, and rc.single, are not available in the SunOS 5. x release.
  Mail commands that used to be in the /etc directory are moved into the new /etc/mail directory.

Table A-3 describes the subdirectories that have been added to the /etc directory.

Table A-3 Additions to the /etc Directory

Directory Description
/etc/default Default system configuration
/etc/inet Internet services configuration
/etc/lp LP system configuration
/etc/mail Mail files (aliases, sendmail, *.rc files)
/etc/opt Installed optional software
/etc/rcn.d Run-state transition operations
/etc/saf Service Access Facility (SAF ) configuration

Changes in the /sbin Directory

The /sbin directory contains the rc* scripts used to alter system run levels and the bcheckrc script used to initialize the system prior to mounting file systems.

Changes in the /sys Directory

The /sys directory has been retired. The files used to build the kernel that were stored in this directory are no longer needed because of the dynamic kernel.

Changes in the /usr Directory

The /usr directory contains sharable files and executables provided by the system.Table A-4 shows the added subdirectories.

Table A-4 Additions to the /usr Directory

Directory Description
/usr/ccs Compiler support systems
/usr/snadm Administration tool executables

Table A-5 shows files that have been moved from the /usr directory.

Table A-5 Files Moved from the /usr Director

SunOS 4.x Location SunOS 5.x Location
/usr/5bin /usr/bin
/usr/5include /usr/include
/usr/5lib /usr/lib
/usr/etc /usr/sbin
/usr/rfs /etc/rfs
/usr/old Contents removed
/usr/xpg2bin /usr/bin
/usr/xpg2lib /usr/lib
/usr/xpg2include /usr/include

Changes in the /var Directory

The /var directory contains files whose sizes change during normal operation. Several files and subdirectories in the /var directory are added, removed, or changed:

  The /var/opt/packagename directory contains software package objects whose sizes change, such as log and spool files.
  The /var/sadm directory contains databases that are maintained by the software package management utilities.
  The /var/saf directory contains SAF logging and accounting files.
  The /var/spool/mail directory has been moved to /var/mail.

Device-Naming Conventions

The SunOS 5. x release uses device-naming conventions that make it easier to infer certain characteristics of a device from its device name. The SunOS 5. x conventions are slightly different from AT&T SVR4 device names, because the SunOS 5. x release only allows eight partitions on a disk.

You must use SunOS 5. x device-naming conventions with SunOS 5. x commands. However, if the binary compatibility package is installed, it creates links from the old device-naming conventions to the new ones, and you can continue to use SunOS 4. x device names. See Chapter 3, "Administering Devices," for a description of device-naming conventions.

Table A-6 shows some examples that compare the SunOS 4. x and SunOS 5. x device-naming conventions.

Table A-6 SunOS 4.x and SunOS 5.x Device Names

Device Description SunOS 4.x SunOS 5.x
Disk devices /dev/sd0g /dev/dsk/c0t3d0s6
/dev/rsd3b /dev/rdsk/c0t0d0s1
/dev/rsd3a /dev/rdsk/c0t0d0s0
Tape devices /dev/nr mt8 /dev/r mt/8hn
/dev/rst0 /dev/r mt/0h
CD-ROM device /dev/sr0 /dev/dsk/c0t6d0s2

Printers, Terminals, and Modems

Solaris 2. x software includes the SAF , which is used to manage access to local and network system services (such as printers, modems, and terminals) in a similar way, whether they are on the network or attached only to local systems. SAF uses Service Access Control (SAC ) commands to set up and manage services.

Terminal and Modem Differences

The SAF controls access to system and network resources. It provides a common interface for managing a range of services, including the ability to:

  Log in (either locally or remotely)
  Access printers across the network
  Access files across the network

SAF provides two major commands: sacadm and pmadm. The sacadm command controls daemons called port monitors. The pmadm command controls the services associated with the port monitors. The SAF replaces /usr/etc/getty for controlling logins.

Printing Differences

The LP print service replaces the lpd daemon and lpr, lpq, lprm, and lpc commands. The services provided by the /etc/printcap file are handled by the terminfo database and by the files in the /etc/lp directory. SunOS 4. x printing commands are provided as part of the BSD compatibility package. However, the compatibility package provides only SunOS 4. x command names, which are actually an interface to the underlying LP print services.

The LP print service provides additional functionality not available in SunOS 4. x systems. This functionality allows you to control forms, printwheels, and interface programs, and to set up network print services.

Even though some SunOS 4. x printing commands are available, encourage users to learn the SunOS 5. x versions. Convert your own administration environments as soon as possible because support for compatibility mode may not be available in future releases.

Changes to the Solaris 2.6 printing software provide a better solution than the LP print software in previous Solaris releases. You can easily set up and manage print clients using the NIS or NIS+ name services to enable centralization of print administration for a network of systems and printers. New features include redesign of print packages, print protocol adapter, bundled SunSoft Print Client software, and network printer support.

Naming Services

A new naming service, NIS+, replaces NIS on previous SunOS releases. NIS+ supports the following combinations of systems:

  SunOS 5. x software installed on all servers and workstations
  SunOS 5. x software installed on one server, but combined with some SunOS 4. x servers
  SunOS 5. x software installed on some workstations, running with SunOS 4. x servers

NIS+ information is stored in tables instead of in NIS maps. You use NIS+ shell commands to set up an NIS+ service. To administer the service, you can use either NIS+ shell commands or the Administration Tool's Database Manager.

NIS+ responds to requests from NIS. SunOS 5. x clients can run either NIS or NIS+.


The user interface for TCP/ IP is the same, but you administer NIS+ tables using Solstice AdminSuite. Starting with the Solaris 2.5 release, Admintool can be used only to administer local systems.


The UNIX-to-UNIX Copy ( UUCP) is the same as the HoneyDanBer UUCP available with SunOS 4. x systems. It uses the same set of configuration files, scripts, and commands, so any changes you made in SunOS 4. x files and scripts should work with this release.

Table A-7 describes new files and commands that were not part of the SunOS 4. x implementation.

Table A-7 New SunOS 5.x UUCP Files and Commands

Command or File Function
D. data files
P. data files
These data files are created when a UUCP command line specifies copying the source file to a spool directory. All data files have the format systmxxxxyyy . systm is the first five characters in the name of the destination system, xxxx is a four-digit job sequence number, and yyy distinguishes between several data files created for one job.
/etc/uucp/Grades Maps text grade names to system names.
/etc/uucp/Limits Specifies the number of concurrent UUCP sessions that can occur. Replaces Maxuuscheds and Maxuuxqts files in previous versions.
/etc/uucp/Config Contains information to override tunable parameters in UUCP. The only tunable parameter currently available is Protocol, so system administrators normally will not have to modify this file.
uuglist Sets service grade permissions available.

UUCP includes a few additional features that can affect system administration:

  Checkpoint-restart facilities
  Job grades that control UUCP transmission
  Two new configuration files to limit the number of concurrent UUCP sessions that the system can run, and to override tunable UUCP parameters

Document Tool Differences

NOTE:  SunOS 5.x systems provide a set of PostScript filters and device-independent fonts. However, some SunOS 4.x TranScript filters have SunOS 5.x equivalents, and others do not. In SunOS 5.x systems, there is no TEX filter, no pscat (C /A / T) filter, and no raster image filter.

The SunOS 5.0 system provides device-independent troff, with these changes:

  SunOS 4. x troff input files work with SunOS 5.x troff.
  The troff default output goes to stdout instead of the printer. Therefore, you must specify a printer when you use troff formatting or scripts to print the output.


Security combines a number of features from SunOS 4.1 and AT&T SVR4 with functionality added specifically for the Solaris 2. x releases. Some of the SunOS 4. x security programs are packaged differently.

The following sections describe major security differences and highlight how those changes may affect system administration procedures. The security features are:

  SunOS 4. x security features available with SunOS 5. x software
  SunOS 5. x security features
  The Automated Security Enhancement Tool (ASET )
  Kerberos security

SunOS 4.x Security

Most of the security features from SunOS 4. x systems are available. These include:

  Internet security
  .rhosts and hosts.equiv files
  Secure RPC, NFS, and RFS

SunOS 5.x Local Security

Security for local systems includes storing encrypted passwords in a separate file, controlling login defaults, and providing restricted shells. Equivalent NIS+ security controls networkwide access to systems. The following sections summarize security features under local system control.

The /etc/passwd and /etc/shadow Files

The SunOS 5. x password command stores encrypted versions of passwords in a separate file, /etc/shadow, and allows root access to the shadow file only. General access to the encrypted passwords is thus restricted. The /etc/shadow file also includes entries that force password aging for individual user login accounts.

The /etc/default Files

Several files that control default system access are stored in the /etc/default directory. These files limit access to specific systems on a network. /xref> summarizes the files in the /etc/default directory.

Table A-8 Files in the /etc/default Directory

File Function
/etc/default/login Controls system login policies, including root access. The default is to limit root logins to the console.
/etc/default/passwd Controls default policy on password aging.
/etc/default/su Controls what root (su) access to system will be logged and where it is displayed.

Restricted Shells

System administrators can use restricted versions of the Korn shell (rksh) and Bourne shell (rsh) to limit the operations allowed for a particular user account. Restricted shells do not allow these operations:

  Changing directories
  Setting the $PATH variable
  Specifying path or command names containing /
  Redirecting output

Note that the restricted shell and the remote shell have the same command name, with different path names:

Restricted shell /usr/lib/rsh
Remote shell /usr/bin/rsh

ASET Security

The Automated Security Enhancement Tool (ASET ) is included with the Solaris 2. x system. It was available as an unbundled option with SunOS 4. x systems. ASET allows you to specify an overall system security level (low, medium, or high) and automatically maintain systems at those levels. It can be set up to run on a server and all of its clients or on individual clients.

ASET performs these tasks:

  Verifies system file permissions
  Verifies system file contents
  Checks integrity of group file entries
  Checks system configuration files
  Checks environment files (.profile, .login, and.cshrc)
  Verifies EEPROM settings to restrict console login access
  Allows establishment of a firewall or gateway system

Kerberos Security

The Solaris 2. x system introduces support for Kerberos authentication for secure RPC. Kerberos source code and administrative utilities are available from Massachusetts Institute of Technology.

Solaris 2. x Kerberos support includes:

  Client applications library that can use Kerberos
  Kerberos option to secure RPC
  NFS application with Kerberos
  Commands to administer user tickets on the client

Everything else is available in the MIT Kerberos release.

NOTE:  Solaris 2.6 provides the ability to connect to the Kerberos functionality. However, it does not provide the Kerberos package. You can ftp Kerberos 4 source from using anonymous as a username and your e-mail address as a password. The source is located in the pub/kerberos directory.

Table of Command Equivalents

Table A-9 lists SunOS 4. x commands and files in alphabetical order and describes the new SunOS 5. x command, equivalent, or unavailability. Commands that are not listed in this table are completely compatible with previous releases.

Table A-9 System Administration File and Command Equivalents

SunOS 4.x SunOS 5.x Comments
ac sar The System Accounting Resource package (SAR) provides most of the accounting functionality available in ac.
add_services pkgadd
analyze adb Use adb on core files to analyze crashes.
arch uname -m SunOS 4.x shell scripts used the arch command to determine system architecture. Use uname -m as a replacement in SunOS 5.x scripts.
at, atq, atrm at, atq, atrm The at, atq, and atrm commands behave slightly differently than they do in SunOS 4.x systems. Security for nonprivileged users is more restricted on SunOS 5.x systems.
audit, audit_warn, auditd Not available See your system vendor for information on this product.
automount automount The auto.master and auto.home files are renamed auto_master and auto_home. The default home directory path is /export/home/username. The -m option is not available. The SunOS 5.x automount program searches for Auto_master and Auto_home as the default. If these files are not found, it looks for Auto.master and Auto.home files. You do not need to rename these files on SunOS 4.x systems.
bar Not available Use the tar command to replace bar for most uses. You can use cpio -H bar to restore existing SunOS 4.x bar backups.
batch batch The c, s, and m options are not in the batch command. By default, the batch job queuename is not specified.
biff -y
biff -n
chmod o+x /dev/tty
chmod o-x /dev/tty
When users log on, start-up shell scripts often use the biff command to set default file protection for the user. Replace those commands to make SunOS 5.x scripts work correctly.
/bin/mail mail
biod Not available
C2conv Not available See your system vendor for information on this product.
C2unconv Not available See your systeSm vendor for information on this product.
cc Not available The C compiler is available only as an unbundled product.
change_login Not available
check4 Not available
chgrp Changed The -f option to suppress error reporting is not available.
chmod Changed
chown Changed The default behavior of symbolic links is changed. SunOS 4.x chown changed ownership of the symbolic link. SunOS 5.x chown follows the link. To change the ownership of the link, use chown -h. SunOS 5.x chown does not allow the group ID of a file to be changed.
client Not available
colldef colltbl
crash Changed The default file name in SunOS 5.x software is /kernel/genunix instead of / vmunix.
date Changed
dbxtool debugger See your system vendor for information on this product.
dcheck Not available
dd Changed The Sun OS 4.1 dd command uses 4-byte words. The SunOS 5.x dd command uses 2-byte words.
devinfo Changed
devnm Changed The name argument is required for SunOS 5.x devnm. The output format has also changed.
df df -k Output of the df command is changed. The SunOS 4.x df -t fstype command reSports on files of the specified type. The SunOS 5.x df -t command prints full listings with totals.
dkctl Not available
dkinfo prtvtoc
dorfs rfstart
du du -k The SunOS 4.x version of du reports disk usage in kilobytes, but the SunOS 5.x du command reports disk usage in 512-byte blocks (by default).
dump ufsdump The -a option dumps the archive header of each member of an archive. The -D option dumps debugging information. The -v option dumps information in symbolic form.
dumpfs Not available
etherfind Not available Similar functionality is available in the SunOS 5.x snoop command.
exportfs share
extract_files Not available
extract_patch Not available
extract_unbundled pkgadd
fastboot init 6
fasthalt init 0
file Changed The file command does not have the -L option.
find Changed The find command does not have the -n cpio option.
fmt_mail Not available
fsck Changed fsck specifies most options after the file system type. fsck -m does a quick file system check. The -w option is not available. New options include -f, -v, and -o.
fsirand Not available
hostid sysdef -h
hostname uname -n
init Changed See Chapter 1 for more information on init.
installtxt msgfmt
intr Not available
iostat Changed The -x and -c options are added: -x to provide disk statistics, and -c to report the Stime the system spends in user mode, system mode, and idle.
keyenvoy Not available
ldconfig (wrong) Not available
leave Not available Functionality in cron and at replace the leave command.
lint Not available Available with unbundled C compiler for SunOS 5.x systems.
loadc pkgadd Provides part of the functionality of the SunOS 4.x load command.
load_ package Not available
lpc lpsched
lpd lpadmin
lpq lpstat
lpr lp
lprm cancel
lptest Not available
ls Changed Default output for the ls command is changed. The ls -l command displays both user and group ownership.
mach uname -p
makekey Not available
man Changed The organization of man pages is changed. All system administration man pages are now located in section 1M. The man command now allows you to set an environment variable to specify a default order of directories and sections for man to search.
mkfs Changed mkfs supports different file system types.
mknod Changed Users other than root can now create character and block special files.
modstat modinfo
mount Changed Options must be specified after the file system is specified (unless the file system is in /etc/vfstab).
mount_tfs mount -F fstype Options to the mount command (instead of separate mount commands) are used to specify file system types.
ncheck Changed Allows use of specific file system types.
ndbootd Not available The -m option is not available. The -l option changes addr immediately. The variable addr S cannot be specified in hexadecimal format.
nulladm Not available
pac Not available
passwd Changed The -F filename option is not available. The -f and -s options have different meanings. The -f option forces the user to change the password at the next login. The -s option displays the password attributes for the user's login name.
pax cpio
paxcpio cpio
portmap rpcbind
praudit Not available Will be available when the unbundled C2 security product is released.
printenv env
ps Changed Many of the 4.x options to ps are not available or the meanings have changed. Instead of ps -aux, use ps -el for SunOS 5.x systems. See the ps(1) manual page for more information.
pstat sar
pstat -s swap -s Shows the total amount of swap space available on the system.
rc Not available The organization of rc files is changed. They are now divided into subdirectories by run levels.
rc.boot Not available
rc.local Not available
rdump ufsdump
reset -s Not available
restore ufsrestore
rmail Changed The rmail command in the SunOS 4.x system handles remote mail. The rmail command in the SunOS 5.x system is a link to mail and is used to read mail.
rm_client Not available Functionality of admintool replaces this command.
rm_services Not available
rpc.etherd Not available
rpc.lockd lockd
rpc.mountd mountd
rpc.rexd Not available
rpc.rquotad Not available
rpc.showfhd showfhd
rpc.statd statd
rpc.user_agentd Not available
rpc.yppasswdd Not available
rpc.ypupdated ypupdated
r restore ufsrestore
rusage Not available
rwall Changed The -f and -n optionsS are not available.
setsid Not available
shutdown Changed See Chapter 1 for more information on shutdown.
startup Not available
stty Changed
suninstall Changed Although the command name is the same, the installation procedure is changed completely.
swapon swap -a In general, options to the swap command replace functionality of individual swap-related commands, such as swapon, in SunOS 4.x systems.
sys-config Not available Functionality of solstice replaces this command.
tfsd Not available
trpt Not available
tset Changed The -S option is not available.
ttysoftcar Not available
tvconfig Not available
tzsetup Not available
umount Changed File-specific options may be required.
umount_tfs umount -F fstype
unlink Changed Any user can unlink a directory.
unload pkgrm
unset4 Not available
update fsflush
uptime Unchanged You can also use who -b to display the system boot time.
users who -q
uulog Changed The -u option, used to print information sorted by user, is not available.
uusend Not available
vipw Not available
vmstat Changed The -f option is not available.
vswap Not available
wall Not available
whereis Not available
whoami id The id command printsS the user name and user and group IDs, instead of just the user name.
ypbatchupd Not available
yppasswd nispasswd The yppasswd command is still available to access the password information on NIS servers. The equivalent command for NIS+ databases is nispasswd, and the equivalent command for systems with no name service is passwd.
ypserv Not available

Table of Contents