ECO NUMBER: VMS722_MANAGE-V0100 PRODUCT: OpenVMS Alpha OPERATING SYSTEM V7.2-2 UPDATE PRODUCT: OpenVMS Alpha OPERATING SYSTEM V7.2-2 COVER LETTER 1 KIT NAME: VMS722_MANAGE-V0100 2 KITS SUPERSEDED BY THIS KIT: None. 3 KIT DEPENDENCIES: 3.1 The following remedial kit(s), or later, must be installed BEFORE installation of this, or any required kit: None. 3.2 In order to receive all the corrections listed in this kit, the following remedial kits, or later, should also be installed: None. 4 KIT DESCRIPTION: 4.1 Version(s) of OpenVMS to which this kit may be applied: OpenVMS Alpha V7.2-2 4.2 Files patched or replaced: o [SYSLIB]SMI$OBJSHR.EXE (new image) o [SYSEXE]SMISERVER.EXE (new image) 5 PROBLEMS ADDRESSED IN VMS722_MANAGE-V0100 KIT o Customers have questioned why SYSMAN DO commands, issued from a local node, generate an ALTPRI audit alarm and set a priority of 7. For example: Message from user AUDIT$SERVER on NODE1 Security alarm (SECURITY) on NODE1, system id: 00000 Auditable event: Privilege failure Event information: ALTPRI not used to create process with elevated priority (RUN/PRIORITY, $CREPRC) -- COVER LETTER -- Page 2 28 March 2002 Event time: 9-JUL-2001 14:49:12.18 PID: 21A00427 Process name: pname Username: uname Process owner: [gname,uname] Terminal name: TNA4: Image name: $40$DKA0:[SYS0.SYSCOMMON.] [SYSEXE]SYSMAN.EXE New priority: 7 Privileges missing: ALTPRI Customers do not understand why there is a request to create the process at priority 7. The subprocess is created at the lower priority and functions properly for a client who does not have the ALTPRI privilege. This change provides the following priority settings: o If the requester has ALTPRI, use current behavior, i.e. create the subprocess at priority 7. o If the requester does not have ALTPRI, create the subprocess at the requester default priority. o If default priority is greater than 7, create the subprocess at priority 7. This maintains the current priority settings on the subprocess creation and eliminates the unnecessary audit alarm. Images Affected: - [SYSLIB]SMI$OBJSHR.EXE o The USERNAME of the SMISERVER process is not set back to the username of the starting process after a user exits SYSMAN. For example: Starting username: SYSTEM1>sho proc/id=20200218 9-MAR-2001 13:21:12.00 User: SYSTEM Process ID: 20200218 Node: SYSTEM1 Process name:"SMISERVER" SYSTEM1> >>> From another system: SYSTEM2> mc sysman set env/node=SYSTEM1/user=testusr Remote Password: %SYSMAN-I-ENV, current command environment: Individual nodes: SYSTEM1 At least one node is not in local cluster Username TESTUSR will be used on nonlocal nodes -- COVER LETTER -- Page 3 28 March 2002 SYSMAN> do sho proc %SYSMAN-I-OUTPUT, command execution on node SYSTEM1 9-MAR-2001 13:22:46.81 User: TESTUSR Process ID: 202002E7 Node: SYSTEM1 Process name:"SMI$TESTUSR_1" SYSMAN> >>> SMISERVER process on SYSTEM1 before exiting SYSMAN on SYSTEM2 SYSTEM1>sho proc/id=20200218 9-MAR-2001 13:24:02.82 User: TESTUSR Process ID: 20200218 Node: SYSTEM1 Process name:"SMISERVER" SYSTEM1> >>> SMISERVER process on SYSTEM1 after exiting SYSMAN on SYSTEM2: SYSTEM1>sho proc/id=20200218 9-MAR-2001 13:26:06.02 User: TESTUSR Process ID: 20200218 Node: SYSTEM1 Process name:"SMISERVER" The username should be "SYSTEM". Images Affected: - [SYSEXE]SMISERVER.EXE o This kit affects some tape devices (tape drives and robots) which are connected to Fibre Channel via an MDR (Modular Data Router). The affected tape devices have binary WWIDs that contain embedded byte values between 61h and 7Ah. For example, a WWID of 02000008:500E-09E0-0005-3072 (note the last byte value is 72h). These devices are detected during a SYSMAN IO FIND_WWID command, as verified by the WWID value recorded in SYS$SYSTEM:SYS$DEVICES.DAT. However, the devices do not configure if SYSMAN IO AUTOCONFIGURE is invoked immediately after the the SYSMAN IO FIND_WWID command. Only a reboot will result in configuring these devices. The purpose of this kit is to avoid this need for a reboot. Note: Similar issues can arise when using the SYSMAN IO REPLACE_WWID command. Images Affected: - [SYSLIB]SMI$OBJSHR.EXE -- COVER LETTER -- Page 4 28 March 2002 6 KIT INSTALLATION RATING: The following kit installation rating, based upon current CLD information, is provided to serve as a guide to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) INSTALLATION RATING: INSTALL_3 : To be installed by customers experiencing the problems corrected. 7 INSTALLATION INSTRUCTIONS: Install this kit with the POLYCENTER Software installation utility by logging into the SYSTEM account, and typing the following at the DCL prompt: PRODUCT INSTALL VMS722_MANAGE /SOURCE=[location of Kit] The kit location may be a tape drive, CD, or a disk directory that contains the kit. Additional help on installing PCSI kits can be found by typing HELP PRODUCT INSTALL at the system prompt This kit requires a system reboot. Compaq strongly recommends that a reboot is performed immediately after kit installation to avoid system instability If you have other nodes in your OpenVMS cluster, they must also be rebooted in order to make use of the new image(s). If it is not possible or convenient to reboot the entire cluster at this time, a rolling re-boot may be performed. 7.1 Special Installation Instructions: 7.1.1 Scripting of Answers to Installation Questions During installation, this kit will ask and require user response to several questions. If you wish to automate the installation of this kit and avoid having to provide responses to these questions, you must create a DCL command procedure that includes the following definitions and commands: - $ DEFINE/SYS NO_ASK$BACKUP TRUE - $ DEFINE/SYS NO_ASK$REBOOT TRUE -- COVER LETTER -- Page 5 28 March 2002 - Add the following qualifiers to the PRODUCT INSTALL command and add that command to the DCL procedure. /PROD=DEC/BASE=AXPVMS/VER=V1.0 - De-assign the logicals assigned For example, a sample command file to install the VMS722_MANAGE-V0100 kit would be: $ $ DEFINE/SYS NO_ASK$BACKUP TRUE $ DEFINE/SYS NO_ASK$REBOOT TRUE $! $ PROD INSTALL VMS722_MANAGE/PROD=DEC/BASE=AXPVMS/VER=V1.0 $! $ DEASSIGN/SYS NO_ASK$BACKUP $ DEASSIGN/SYS NO_ASK$REBOOT $! $ exit Copyright (c) Compaq Computer Corporation, 2002 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. COMPAQ, the Compaq logo, VAX, Alpha, VMS, and OpenVMS are registered in the U.S. Patent and Trademark Office. All other product names mentioned herein may be trademarks of their respective companies. Confidential computer software. Valid license from Compaq required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Compaq shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is provided as is without warranty of any kind and is subject to change without notice. The warranties for Compaq products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL COMPAQ BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.