Copyright Xerox Corporation 1982Inter-Office MemorandumToIFS AdministratorsDateOctober 3, 1982FromEd TaftLocationPalo AltoSubjectIFS Operation (version 1.37)OrganizationPARC/CSLLast edited 18 January 1985 by Ron WeaverXEROXFiled on: Operation1 & 2.bravo, Operation.pressThis memo describes operating procedures for the Interim File System software. It assumes thatyou are familiar with standard Alto software in general and with IFS from the user's point of view(HowToUse.bravo).A short summary of revisions to this document may be found at the end. Also, section 14 containsa summary of known bugs in the current release of the software and how to avoid them.The current release of IFS should be run under OS version 20 or later. For correct error reporting,you must have current versions of Swat and Sys.errors.1. Hardware requirements and organizationIFS requires a standard Alto with a Trident disk controller and one to eight Trident T-80 or T-300disk drives in any combination. A T-80 disk pack holds 36,675 pages of 1024 words each, while aT-300 holds 139,365 pages. Due to a software limitation, only 130,986 pages of a T-300 are accessible.The software deals with a primary file system consisting of one or more disk packs. A multiple-packIFS behaves logically as a single file system, and all packs must be present and on-line in order toaccess any files. Files created by IFS are not accessible to other Trident-based programs (e.g., TFU,FTP) or vice versa.Additionally, the software can deal with one or more secondary file systems that may be mountedand dismounted while IFS is running. An example of a secondary file system is a disk pack usedfor on-line, incremental backup.The number of disk drives needed to support a given size file system depends both on how backupis to be accomplished and what degree of redundancy is desired in case of disk drive failure.Backup procedures are discussed in a later section.Any Alto (Alto-I or Alto-II) with a Trident disk controller will run the IFS software; however, forperformance reasons, it is strongly recommended that an Alto-II with at least 128K words of memorybe used. See section 13.2 for details. Beginning with of IFS 1.36, we have abandoned the practice of packagingthe code to minimize working set in a 64K configuration. Certain common operations such as FTP Store now have aworking set greater than 64K, so a server with only 64K of memory is likely to thrash very badly even under light load.There is an Alto-II hardware modification that is recommended for machines that are to be IFSs (orother servers requiring high reliability). This modification corrects a design bug in the memorysingle-error correction. The memory chips are so reliable that the single-error correction is hardlyever invoked; but servers that run for months at a time eventually exercise even low-probabilitybugs. The modification is described in [Maxc2]MemECMod.press.î &ïpôXî]ïg~qôiî¶ïcrî]pôXî-¤rî7Bpî¶ï\›rî]pî-¤rî7Bpî¶ïV!rî]pî-¤rî7Bpî]ïTsôFð)î`ïOítîÙïK>pôð9îÙïEtô°ô±ðLîÙïCðô–ðZô—îÙïBlîÙï?‡ôŽð:ôð'îÙï>ô÷ð&ôøð/îÙï;ôŠðKô‹îÙï9šôð6îÙï5uð)îÙï2)pô”ô•ðKîÙï0¥ô™ð7ôšð)îÙï/!ôérð=ôêîÙï, directory on Maxc2. It consists of thefollowing files:IFS.Run, the program itself.IFS.Syms, for debugging by means of Swat.IFS.Errors, mapping error numbers to strings.IFSScavenger.Run, the IFS Scavenger.IFSScavenger.Syms, symbols for the IFS Scavenger.Versions of these files also exist on [Indigo], but in general these are development versions of the software that havenot been released. You should use only the versions on Maxc2 unless instructed otherwise.These files should be installed on a fairly clean Alto disk, along with standard Alto subsystems suchas FTP. Additionally, the following programs may be useful (obtained from the directory):TFU.Run, for formatting and testing Trident disk packs.Triex.Run, for checking out the Trident disk hardware.CopyDisk.Run, for copying disks.There exists a command file, [Maxc2]IFSOpDisk.cm, that constructs an IFS Operation diskwith all the necessary files. You should first do an Install, go through the long installation dialogue,and erase the disk. Then retrieve IFSOpDisk.cm and execute it. This command file gets all filesfrom Maxc2; you might want to edit it to get standard subsystems and the like from a local fileserver instead, if you are sure the file server has up-to-date versions.All announcements of new IFS releases are made to the distribution list IFSAdministrators^.PA. Ifyou operate an IFS, you should make sure you are included in this list (add yourself using theMaintain program, or send a message to Owners-IFSAdministrators^.PA). Such announcementsinclude the version number of the system (e.g., 1.03); this is the first number printed out in the IFSherald when you connect using FTP or Chat. Be sure to obtain all three of the IFS.* files listedabove.It is important that you use the version of IFSScavenger appropriate to the version of IFS you arerunning. The IFSScavenger has intimate knowledge of the file system format, which sometimeschanges in minor ways from one release to the next.ÿî·ïfñpôîGïîÙïbôÎð0ôÏð1îÙï`šô’ð"vpô“ð7îÙï_ôƒðBô„ð#îÙï]’ôÕð4ôÖð*îÙïZÐrôð.ôðOîÙïY“ôðAîÙïVôô”ô•ð`îÙïU·ôîÙïQNuîÙïNipôäôåðMîÙïLåôîÏïJîÏïGð)îÏïD7ð-îÏïARð$îÏï>mð1îÙï;«rôƒðbô„îÙï:nsrôðWîÙï7¬pô‹ð+ôŒð:îÙï6(ô™ðEôšîÏï3Côð7îÏï0_ð6îÏï-zîÙï*•ô½ð\îÙï)ô†ð"ô‡ðGîÙï'ô¢ð3ô£ð.îÙï& ô¯ð@ô°îÙï$…ôðHîÙï! ô’ðBô“îÙï ô»ð^îÙï˜ôÍôÎðHîÙïô‰ð(ôŠð>îÙïô¤ð.ô¥ð3îÙïîÙï'ô˜ô™ðFîÙï£ô½ð'ô¾ð5îÙïôð3 ö·Ø>/T3IFS Operation33. Testing disk hardware and disk packsA file system should be built on a set of disk packs that have been thoroughly tested using theCertify' command in the latest release of TFU. This procedure is essential for reliable operation.The procedure for each pack is as follows.Mount the pack on some drive, d. Then issue the command:TFU Drive d | CertifyTFU will display the message Confirm wiping the pack on drive d', to which you should respondOK'.TFU will now initialize the headers on the pack, then execute 10 passes of writing and readingrandom data on the entire surface of the pack. Any bad spots that it finds are recordedpermanently on the pack in a place that IFS and other Trident software can find. IFS will simply avoidusing pages known to contain bad spots. The running time for this test is 27 minutes for a T-80 pack and97 minutes for a T-300 pack. If possible, it is recommended that the test be run for more than 10 passes. This isaccomplished by the command TFU Drive d | Certify n' | BadSpots, where n is the desired number of passes. Therunning time is approximately 3 minutes per pass on a T-80 and 9 minutes per pass on a T-300.Before IFS is run in a new installation, it is a good idea to exercise the hardware thoroughly. TheTFU program has an Exercise' command that exercises the hardware thoroughly in a mannersimilar to IFS. The basic procedure is as follows.1.Mount scratch packs on all Trident disk drives (including backup and spare drives).2.If the packs haven't already been certified, use TFU Certify' to initialize the headers on allpacks, as described above.3.For each drive, issue the command TFU Drive d | Erase'. TFU will display the messageConfirm wiping the pack on drive d', to which you should respond OK'.4.For each T-300 drive (if any), issue the command TFU Drive 40d | Erase', and continue asin step 3. This initializes empty file systems on the second half of each T-300 disk.5.Issue the command TFU Exercise n'.This begins a lengthy exercise procedure that creates, reads, writes, and copies files on all packs. nis the number of passes to execute. Each pass takes about 20 minutes per T-80 and 60 minutes perT-300 being exercised. The display will flicker and tear while this test is running; do not be alarmed. TFUwrites a log file TFU.Log on the Diablo disk (which should be quite empty), at the end of whichshould appear the message There were 0 errors' when TFU is done.For further information on the operation of TFU, consult the Trident software documentation in theAlto Subsystems Manual or in TFS.tty.4. Initializing a file systemIFS is invoked by the commandIFS/switcheswhere the switches control the operation of the system in various ways. For a binary switch,preceding it with ' negates its action. Switches defined at present are:/AAllocator debug (every call to the storage allocator invokes some special consistencychecking; this debugging aid slows down system operation slightly.)/CCreate a new file system (see below)î·ïfñpôîGïîÙïbuð'îÙï_9pô¶ðUô· îÙï]µô¢ô£ðSîÙï\1ôð*îÙïYLvpîÏïVg vp îÙïS‚ôžð?vpôŸîÙïQþîÙïOô¼ð=ô½ð!îÙïM•ôöð(ô÷ð0îÙïLô‰ð(rpð%rôŠîÙïJôð'pôŽð0îÙïI ô†ô‡rðWîÙïG¨ô¤ð'sr srsrô¥îÙïFkôð]îÙïC©pô”ô•ðSîÙïB%ôÖðQô×îÙï@¡ôð3îÙï=¼îôúôûðFîÙï:Øîôô‘ðYî ï9TôîÙï6oîô£ð-vp ô¤î ï4ëôð"vpð$îÙï2îôŽôvpî ï0‚ôßð2ôàð$îÙï-îôvpîÙï*¸ô“ðIô”vîÙï)4pôŒôðGîÙï'°ô¯rô°ð@pîÙï&,ô ðVô¡îÙï$¨ôðAîÙï!ÃôƒðMô„îÙï ?ôð/îÙï³uîÙïÎpîÏïéîÙïôÑðUôÒîÙï€ôðKîÏï›î£ô‘ðAô’î€ï ôðCîÏï 3î£ð$ÿà· ì?/^CIFS Operation4/DDebug mode (various non-fatal errors call Swat rather than just continuing on)./FEach occurrence of this switch extends the directory file map by 100 words. This isnecessary only if the directory has become badly fragmented. The standard file map'scapacity is 40 runs; each occurrence of /F increases it by 50 runs./LRetain the Leaf server capability even if the server itself has not been enabled (seesection 9.4)./MEnable the miscellaneous' servers (name, time, and boot). They are ordinarilyenabled and disabled by means of the privileged Change System-parameterscommand (described later), but /M or /M will override the effects of thatcommand for one invocation of IFS. (See section 9.)/SCreate a buffer (spyBuffer) for use by the Swat Spy facility, for performancemeasurements./VVerify the structure of the directory B-Tree when the system is started (see section5). The default state of this switch is true./XUse extended memory, if present, to hold executable code overlays (rather thanswapping them from disk into bank zero when needed). This improves performancesubstantially. The default state of this switch is true./n(n is a number between 1 and 4) Use at most n*64K of memory, even if the Altohas more than that. This is useful primarily for debugging purposes.When IFS is started with the /C switch, it enters a dialogue in which you must supply various filesystem parameters. The dialogue takes the following form.Do you really want to create a file system?Answer y'.Number of disk units:Type in the number of disk units to be included in the file system, terminated byReturn. Maximum is 5. However, the file system can be extended to up to 7drives using the "Extend" command. See Section 10.Logical unit 0 = Disk drive:Type the physical unit number of the drive that is to be logical unit 0 in the filesystem. This question is repeated for each logical unit in the file system.File system name:Enter the name of the file system, followed by Return. This name is displayed asthe first part of the herald generated by the file server and Executive, and should besomething like Parc IFS'.Directory size (pages):This determines the number of disk pages to preallocate for the directory. IFS willsuggest a number (based on the number of disk units) which you may confirm bytyping Return; or you may type some other number followed by Return. To beconservative, you should specify 1000 times the number of disk packs you everexpect to include in the primary file system. (See section 10.)Ok? [Confirm]î·ïfñpôîGïîÏïbî£ôÎð?ôÏîÏï_9î£ôŠô‹ð=î€ï]µô¥ð*ô¦rî€ï\TôðCîÏïY“pî£ô—ô˜ð?î€ïXôîÏïU*î£ô×ð;ôØî€ïS¦ôðHî€ïR"ôòð6ôóî€ïPžôð4îÏïM¹î£ôéôêðEî€ïL5îÏïIPî£ôžð5ôŸî€ïGÌôð.îÏïDçî£ôÌðAôÍî€ïCcô…ð4ô†î€ïAßôð9îÏï>úvî£pvpô ô¡ð'vprpî€ï=vôðEîÙï:‘ô–ô—ðZîÙï9 ôð:îÏï6(ð+îÅï3C îÏï0_îÅï-zôŸô ðJîÅï+öô¿ð@ôÀ îÅï*rô€ð3îÏï'ôîÅï$¨ô¦ð8ô§îÅï#$ôðLîÏï ?îÅïZôœð7ôîÅïÖô ô‚ðHîÅïRôîÏïmîÅïˆôð(ôŽð,îÅïôžðMîÅï€ôô®ð6îÅïüôÊð%ôËð(îÅïxôð@îÏï“ ô·L>/\¿(IFS Operation5Answer y' if you want to go ahead, or n' if you made a mistake and wish to repeatthe dialogue.IFS now initializes the file system, an operation that takes about 2 minutes per T-80 and 7 minutesper T-300 in the system. When the screen turns black and the cursor changes from an hourglass toIFS', initialization is complete.The file system initially has only three directories defined: System, Default-User, and Mail. Thepassword for System is IFS. You should connect to the IFS using Chat, login as System (passwordIFS), create some other users (by means of the Create command, described below), and changeSystem's password for the sake of security.Before putting the system into service, there are various system parameters you must set; these aredescribed in later sections. They include:clock correction and server limit (section 7);switches to enable or disable Press printing and the Boot, Name, Time, Leaf, CopyDisk, andLookupFile servers (sections 7 and 9);switches, default registry, and group names for Grapevine authentication and access control(section 6);mail system parameters (section 8);backup system parameters (section 11).5. Normal operationThe system is normally started simply by invoking IFS with no switches. All file system packs mustbe mounted and on-line, and all Read-only switches must be turned off (including those on backupand spare drives). It is unimportant which packs are mounted on which drives, since the softwarereads each pack to discover what the system configuration is. (However, there must be no otherprimary IFS packs on-line. After copying an IFS pack with CopyDisk, you should be careful toremove the copy from the system.)If IFS fails to start up properly, it will call Swat with an appropriate error message. This will occur,for example, if all necessary disk drives are not on-line. While IFS is starting up, the cursorcontains an hourglass; this changes to IFS' when startup is complete and the system is in operation.During startup, IFS also runs a brief test of the Control RAM and S-registers, failure of which willcause IFS not to function even though a great deal of other Alto software works correctly. IFS willcall Swat with an appropriate message if this test fails.When IFS is started, it verifies the consistency of the directory B-Tree (unless inhibited by /V').Inconsistencies can result from crashes at inopportune moments when the B-Tree is in the process ofbeing modified, so the startup-time check is valuable in determining whether it is appropriate to runthe IFS Scavenger. The time required for the check is proportional to the number of files in thesystem; it has been observed to take 2 minutes for 20,000 files.If an inconsistency is detected, IFS will call Swat with an appropriate message. The messageRecord count disagrees' is relatively benign and it is reasonably safe to proceed from this (withcontrol-P). If you do so, it is likely that one or more files in the file system will become inaccessible and will remainso until the next time the IFS Scavenger is run. Other possible errors include Records out of order' andMalformed B-Tree record'; these are more serious and proceeding is not recommended.Immediately after IFS starts, it will perform some other initialization operations requiring a lot ofdisk activity, including obtaining and installing the network directory (name server data base) andboot files. IFS can service user requests during this time (5 minutes or more), but performance willÿî·ïfñpôîGïîÅïbô„ô…ð7îÅï`šôîÙï]µô‘ð1ô’ð2îÙï\1ôðLôŽîÙïZôð"îÙïWÈô±ð(ô²ð:îÙïVDôôðDîÙïTÀôÀð*ôÁð1îÙïS<ôð+îÙïPWô›ð9ôœð*îÙïNÓôð+îÏïKîð.îÏïI ô„ðVô…îÏïG…ôð&îÏïD ô—ð+ô˜ð0îÏïCôîÏï@7ð#îÏï=Sð&îÙï8ÆuîÙï5âpô‡ðHôˆîÙï4^ôžôŸvð)pîÙï2Úôð1ôžð0îÙï1UôðNô®îÙï/ÑôðHô®îÙï.Môð!îÙï+iô†ð<ô‡ð-îÙï)äôÏðUôÐ îÙï(`ôˆô‰ðOîÙï%|ô˜ð%ô™rpð'îÙï#øôŠô‹ðKîÙï"sôð9îÙïô–ð7ô—ð.îÙïôƒðQô„îÙï‡ô†ô‡ðVîÙïô¢ðaîÙï~ôð@îÙïšôÔôÕð=îÙïô¸ô¹ðGîÙï‘ rô‰ôŠð]îÙï ôžôŸð$pð:îÙï‰ôðDvpîÙï ¥ô¨ð^ô©îÙï ôªðcîÙï œô‰ðIôŠ ¾· U?/]¶DIFS Operation6be noticeably poorer than normal.While IFS is running, the entire screen is black except for the cursor. The position of the cursor isan indication of disk activity. The horizontal position indicates the disk unit most recently accessed(unit zero at the extreme left, unit seven at the right), and the vertical position is the cylinder atwhich the heads are currently positioned (zero at the top, 814 at the bottom). The cursor blinkseach time a page is transferred to or from a user file by the file server.You can tell whether IFS is running normally by pressing the space bar. If the Alto screen flashes,everything is in order; if not, the system has failed in some way.There are two ways to stop the system. The normal (and cleaner) way is to connect to IFS usingChat, log in, Enable, and issue the Halt command. The system will then refuse to admit furtherusers, will wait for all present users (including you) to log out or disconnect, and will return controlto the Alto Executive.The system may also be stopped by typing Shift-Swat on the IFS Alto keyboard (the Swat key mustbe pressed firmly). This aborts all active connections and returns control to the Executiveimmediately; however, it may leave partially-written files lying around so it is not recommended fornormal use.6. Directory and user group managementThis section assumes that you thoroughly understand IFS's use of Grapevine for authentication andaccess control, described in the How to use IFS' document. Additionally, before beginning tocreate IFS directories and groups, you should read Access Controls', file[Maxc]AccessControls.press, for a description of the policies and procedures required to ensureproper information security.6.1. Setting up user directoriesThe IFS Executive (accessed via Chat) has several privileged commands that are available only tousers with the wheel' capability, and only after enabling this capability with the Enable command.When you are so enabled, the Executive's prompt is !' rather than @'. While you are enabled, IFS willnot log you out automatically after three minutes of inactivity as it does normally.The following privileged commands are defined.! Create (directory) directory-name [new] (password) password!! sub-commandsCreates a directory with the supplied name and password. Capitalization of the nameshould be precisely as the user wants to see it. Capitalization of the password isunimportant.If Grapevine authentication is enabled, directory-name may or may not be a fully-qualifiedR-Name of the form simpleName.registry. For a local user whose registry is the same as theIFS's default registry, it is best to omit the .registry when creating the directory, and just usethe simpleName. However, for a user whose registry is different from the IFS's defaultregistry, the directory name must consist of the full R-Name, else Grapevine authenticationwon't work properly.In general, names for files-only directories should not be qualified by registry (and shouldn'tbe registered in Grapevine either).For a directory that corresponds to a Grapevine R-Name, the password you supply isirrelevant, since IFS consults Grapevine for authentication. For a non-Grapevine name, ifyou specify an empty password, then the password cannot be used to gain access to theî·ïfñpôîGïîÙïbð!îÙï_9ôôŽðZîÙï]µôôðRîÙï\1ô¬ðAôð%îÙïZô¬ðOôîÙïY)ôðJîÙïVDôôŽðPîÙïTÀôðBîÙïQÛôŸô ðMîÙïPWôªðNô«îÙïNÓôŒð=ôð+îÙïMOôîÙïJjô‡ ôˆðQîÙïHæôúôûðCîÙïGbôŒð4ôð0îÙïEÞô îÙïARuð&îÙï>mpô’ð=ô“ð$îÙï<éôÇð(ôÈð6îÙï;eô8ô9ð0îÙï9áôˆð]ô‰îÙï8]ôîÙï3ÐvîÙï0ìpô¨ô©ðYîÙï/hô›ð&ôœð=îÙï-äôŒð6ôrîÙï,ƒôðTîÙï)Ápð.îÙï&Üv pvîÙï%XpvîÏï"spôÔðOôÕîÏï ïôð%ôð.îÏïkîÏï‡ôð(v pôžð$îÏïô…ô† v pvpð5îÏï~ô„ô…ð"vpð*îÏïúô¿v pôÀðGîÏïvô”ð!ô•ð:îÏïòôîÏï ô„ ô…ð)vpð(îÏï‰ôð#îÏï ¥ôÝôÞð-vp îÏï ô ðWô¡îÏï œô¹ðGôº ÿô· U?/]¶MIFS Operation7directory. This is useless for a login directory; but it is useful for a files-only directory towhich access is granted solely on the basis of group membership rather than on usersknowing the directory's password.The sub-commands are used to change various parameters from their default values. Theseinclude all the sub-commands of the Change Directory-Parameters command, described inHow to use IFS', and additionally include:!! Files-only (owner) user-nameDeclares the directory to be a files-only (i.e., non-login) directory. Theuser-name is the person responsible for this directory; that user is permittedto connect to the directory without giving a password. User-name mustinclude a .registry part if the user's registry is different from the IFS'sdefault registry, but may be omitted if it is the same as the IFS's defaultregistry.Files Only directory "Owner" properties: In a Files-Only directory on an IFS, "Owner"means the name of the directory or the name of the person who is presently connected. Itallows the name of the user in the "Owner" field to connect without using the password ofthe directory. Even though the "Owner" has create permission, he must still connect tostore files on the directory. However, an access control group which has create permissiondoes NOT have to be connected in order to write new files to the directory.!! Disk-limit numberSpecifies the maximum number of disk pages that may be used in thisdirectory.!! WheelDeclares the user to have the wheel' capability, which permits issuingprivileged commands and bypasses all access checking and disk limits.!! MailCreates a mailbox, thereby enabling IFS to receive Laurel mail for this user.(More information about mail is presented in section 8.)!! Group Membership (in groups) groups!! Group Ownership (of groups) groups!! No Group Membership (in groups) groups!! No Group Ownership (of groups) groupsEstablishes the user's membership in or ownership of user groups. (TheGroup Membership sub-command duplicates the function of the top-levelChange Group-Membership command.) Use of these commands ismeaningful only for non-Grapevine members of non-Grapevine groups.Note that in an IFS that does not use Grapevine for access control, anyuser able to log into the IFS is automatically a member of World, regardlessof the setting of the directory's group membership. In an IFS that does useGrapevine for access control, a user whose names is registered in Grapevineis a member of World or not according to whether he is a member of theIFS's World' group, usually USRegistries^.Internet. A user whose name isnot registered in Grapevine but who is able to log into the IFS (because anIFS directory by that name exists) is a member of World only if sospecified by use of the Group Membership command.If directory-name already exists, you are not asked for a password but rather are sent directlyinto subcommand mode. This permits modifying parameters for an existing directory. Inî·ïfñpôîGïîÏïbôžðCôŸîÏï`šôÔð%ôÕð/îÏï_ôð!îÏï\1ô–vpô—ð-îÏïZô§ô¨ð9îÏïY)ôð+îÅïVDôXvî»ïS_pôËôÌð5î»ïQÛvpôŒð;ô î»ïPWôÇð6ôÈvpî»ïNÓô×ôØvpð8î»ïMOô¬ð'ôð$î»ïKËî»ïHærôªô«ð:î»ïG¨ô‰ôŠð:î»ïFkô‰ ôŠðOî»ïE-ô¬ðLô î»ïCðô”ðPô• î»ïBô€ðKîÅï?ªpôX vî»ï<ÆpôÍðCî»ï;A îÅï8]ôXî»ï5xôæôçð*î»ï3ôôðð+ôñîÅï1ôXî»ï.*ôô‚ðDî»ï,¦ôð8îÅï)ÁôXvîÅï(=pvîÅï&¹pð#vîÅï%5pð"vî»ï"Ppôºð!ô»ð&î»ï Ìô°ô±ð5î»ïHô.ð8ô/î»ïÄôéôêð/î»ïßô¹ôºð*î»ï[ôð:ô‚î»ï×ô„ð'ô…ð%î»ïSô†ô‡ð,î»ïÏô›ôœðBî»ïKô”ð<ô• î»ïÇvpôŒð!vpð%î»ïCôîð1ôïî»ï¿ôð1îÏïÚôv pô‚ð:îÏï Vô¢ðHô£²· 99]ü`IFS Operation8this context, the following additional subcommands are of interest:!! Password password!! Not Files-only!! Not Wheel!! Not MailNote that to make a non-Grapevine directory unusable for login purposes, you should issuethe Password sub-command with an empty password. The top-level Change Passwordcommand cannot be used for this purpose.The Create command is terminated by typing two Returns in response to the !!'subcommand prompt. You may cancel the entire command by typing control-C.The default values of all parameters for new directories are copied from a dummy directorycalled Default-User. When a file system is created, the default values are Not Files-only,Not Wheel, Not Mail, and Disk-limit 1000. To change the defaults, use the Createcommand to modify the parameters for the directory Default-User. Not Mail' is the default forfiles-only directories, even if Default-User specifies Mail'.! Destroy (directory) directory-name [Confirm]Destroys the specified directory. This operation includes deleting all the files containedwithin it, and destroying the associated mailbox if there is one.! Change Directory-Parameters (of directory) directory-name! Show Directory-Parameters (of directory) directory-nameThese commands work as described in the How to Use' document with the addition thatwhile you are enabled, you may access any directory, not just your own. Also, while youare enabled, Change Directory-Parameters has all the sub-commands described above underCreate.6.2. Setting up Grapevine authentication and groupsThe commands in this section are used to control IFS's use of Grapevine for authentication andaccess control.! Change System-Parameters!! sub-commandsPermits you to issue sub-commands to change one or more system operating parameters.Each sub-command takes effect immediately. Sub-command mode is terminated when youtype CR in response to the !!' prompt.!! Default-Registry registrySets the default Grapevine registry to be registrye.g., PA, ES, etc. Thisshould be the registry to which the majority of the local users of the IFSbelong. Names of directories belonging to these users need not be (andgenerally should not be) qualified by the registry name; but names ofdirectories belonging to users in other registries must be qualified byregistry name.You should set a default registry even if you are not using Grapevine forauthentication and access control. This is to permit local users to presentî·ïfñpôîGïîÏïbðCîÅï_9ôXvîÅï\TpîÅïYoîÅïVŠ îÏïS¦ôŽð>ôîÏïR"ôãôävpîÏïPžôð(îÏïM¹ôð#ôð+îÏïL5ôðJîÏïIPôŒðCôîÏïGÌô¨ð@ô©îÏïFHôëð)ôìð(îÏïDÄôð2ôŽ rîÏïCcôð>îÙï@¡pôXv p îÏï=¼ôÃð!ôÄð:îÏï<8ôðAîÙï9TôXð-v îÙï7Ðpð+v îÏï4ëpô§ô¨ð4îÏï3gô¢ô£ð:îÏï1ãôð0ôð'îÏï0_îÙï+Òvôð3îÙï(îpô´ð6ôµð(îÙï'iôîÙï$…ôXîÙï#vîÏï pô·ðTîÏï˜ô•ð*ô–ð)îÏïôrpîÅï/ôXvî»ïJpô©ð*vp ôªî»ïÆô¨ô©ð+î»ïBô¹ð*ôºî»ï¾ôßð"ôàð#î»ï:ôøð:ôùî»ï¶ô î»ïÑô¦ð-ô§î»ïMô©ð5ôªÿ ž·>/]"IFS Operation9their user names either with or without registry qualification.Note: if the mail server is enabled (section 8), registry must be the same asthe mail server registry specified by the Registry sub-command of the Mailcommand.!! Enable Grapevine Authentication!! Disable Grapevine AuthenticationEnables and disables IFS's use of Grapevine for authentication. When thisis enabled, any user whose name is registered in Grapevine and who is ableto supply the correct (Grapevine) password can log into IFS. When this isdisabled, only users who have personal directories on the IFS can log in,and they must present the password maintained by that IFS.Before enabling Grapevine authentication, you must specify a defaultregistry as described above.!! Enable Grapevine Groups!! Disable Grapevine GroupsEnables and disables IFS's use of Grapevine for access control (groupmembership checking). When this is enabled, users' access to files iscontrolled by membership in Grapevine groups, as discussed in How to useIFS'. When this is disabled, user group membership is maintained entirelywithin the IFS, and is controlled by the Change Group-Membership orChange Directory-Parameters commands.Before enabling Grapevine group checking, you must specify a defaultregistry as described above, and you must associate Grapevine group nameswith IFS group numbers as described below. It is probably not sensible toenable Grapevine group checking without also enabling Grapevineauthentication.!! Group (name of group) group-number (is) group-nameAssociates the Grapevine group-name with the IFS group-number, which is anumber in the range 0 to 61. The group-name must be a fully-qualifiedname acceptable to Grapevine as either a real group (e.g., CSL^.PA) or apseudo-group (e.g., *.PA).Caution: if you use this command to associate a name with a group numberthat already has a name, the meanings of all existing protections that referto that group will be changed. For example, suppose group 3 is originallyassociated with the name CSL^.PA, and some files' protections are set topermit reading by members of group CSL^.PA. If you then change group3 to associate it with the name PARC^.PA, those files will become readableby all members of PARC^.PA.It is permissible for a group to have a name that is not registered inGrapevine; however, such a group can only contain members whose namesare also not registered in Grapevine, and their membership must bemanaged by use of the IFS Change Group-Membership and ChangeDirectory-Parameters commands. Consequently, this mode of use is reallysuitable only for IFSs in which Grapevine group checking is disabled.To eliminate a group's name (i.e., make the group number no longer have aname), use the Group command as described above, but specify an emptygroup-name. That is, when IFS prompts you for the group-name andsuggests the existing one as a default, erase the existing name using CTRL-Wand then strike CR.î·ïfñpôîGïî»ïbð?î»ï_9ôô‘vpî»ï]µô”ð"ô•ð(î»ï\1îÅïYLôXð"î/àð#î»ïVgô‘ô’ð0î»ïTãô‡ ôˆð?î»ïS_ô“ðJî»ïQÛô°ð&ô±ð#î»ïPWôð:î»ïMrô ðDî»ïKîôîÅïI ôXî/àî»ïF$ôçôèð+î»ïD ôêôëð+î»ïCô„ð-ô…î»ïA˜ô“ô”ð:î»ï@ôÏð!ôÐð"î»ï>ôð%î»ï;«ôçôèð+î»ï:'ôŒð)ôî»ï8£ô‘ð1ô’î»ï7ôYð5ôZ î»ï5›îÅï2¶ôXvpv î»ï/Ñpôƒv pô„vpî»ï.Mô¶ð"v p ô·î»ï,Éô©ð(ôªî»ï+Eôî»ï(`ôƒô„ð0î»ï&Üôžð5ôŸî»ï%Xô˜ô™ðCî»ï#Ôôµô¶ð0î»ï"Pô˜ðEî»ï ÌôŒðJî»ïHôî»ïcôÝð1ôÞî»ïßô“ðEî»ï[ôð)ôî»ï×ôð5ôî»ïSô¤ð2ô¥î»ïÏôæôçð/î»ïêôƒ ô„ð;î»ïfô ô¡ð)î»ïâv pôçôèv pî»ï ^ôƒð'ô„rpî»ïÚôrpŒ·“/—\xaIFS Operation10!! World (group is) group-nameDefines the membership of the World' group for this IFS. An appropriatevalue of group-name for most IFSs at Xerox sites in the U.S. isUSRegistries^.Internet'. If this is unspecified or empty, any user able tolog into the IFS is considered a member of World'.Note: this restricted definition of World' is enforced only if Grapevinegroup membership checking is enabled.6.3. Converting an existing IFS to use GrapevineThis section outlines the procedure for converting an existing IFS to use Grapevine forauthentication and access control. The general idea is to extract the existing authenticationinformation and group structure from the IFS and then capture this state in the Grapevine database. Some of the information here is also relevant when starting up a new IFS.6.3.1. Use the Accountant program to obtain an accounts listing and a group membership summary,as described in section 12.6.3.2. Decide what the default registry is to be. This will usually be obvious: the Grapevine registryof the majority of the local users of the IFS. Set this by means of the Default-Registry sub-command of Change System-Parameters.6.3.3. For each login (non-files-only) directory in the IFS, make sure thatdirectoryName.defaultRegistry' is registered as an individual in Grapevine, and that the Grapevineentry indeed represents the same user as the IFS directory's owner. For most local users this willalready be the case, assuming that Grapevine is in regular use locally for mail service. (Note: youneed not take any action on the built-in directory names Default-User, Mail, and System.)In the case of a login directory belonging to a user in another registry, you may take one of threeactions:1.Most commonly, such a directory exists solely to give that user access to files in otherdirectories on the same IFS, and the user does not store any files at all on his own directory.In this case, simply destroy the directory and instruct the user to use his own full R-Namewhen logging in. If the user is a member of any IFS user groups, you should make surethat the user's full R-Name appears in the corresponding Grapevine groups (below).2.If the remote user actually uses his own directory for storage of files on the IFS, you shouldchange the directory name to include the registry qualification. For example, if the IFS'sdefault registry is PA, and user Jones.ES has a directory whose name is simply Jones' (orJohnJones' or something), then the directory's name should be changed to Jones.ES'.Unfortunately, the only way to do this is to create a new directory, move the files from theold directory to the new (using FTP or Brownie), and destroy the old directory.3.This alternative is not recommended, but is sometimes workable in desperate situations. Ifthe result of appending the IFS's default registry to the directory name yields an R-Namethat is not registered in Grapevine, then you can leave the directory as-is. Thedisadvantages of this alternative are that the user cannot gain access to files by virtue of hisR-Name being in Grapevine groups, and the directory name may conflict with a nameregistered in Grapevine in the future. Note: you may need to explicitly specifiy the directory'smembership in the World group, as discussed above in the description of the Group Membership sub-commandof Create.Since all registered users are able to log in under their full R-Names, Guest' accounts are no longerneeded and should be abolished. This will result in a substantial improvement in informationsecurity. Accounts that permit automatic access by programs using compiled-in credentials shouldlikewise be abolished; procedures for dealing with such situations are described in the Accessÿî·ïfñpôîG?îÅïbôXv î»ï_9pô‹ ôŒð>î»ï]µô-v pô.ð,î»ï\1ô²ô³ð/î»ïZôð3î»ïWÈôÑð7ôÒî»ïVDôð%îÙïQ¸vð0îÙïNÓpô&ð5ô'ð"îÙïMOôùð#ôúð;îÙïKËô¶ð,ô·ð2îÙïJGôðPîÙïGbô„ðFô…îÙïEÞôîÙïBùôðUô‚îÙïAuôÊôËðOîÙï?ñôð$îÙï=ôÞôßð<îÙï;ˆvpvpô¬ð2ôîÙï:ôŸô ðLîÙï8€ô™ôšðPîÙï6üôðYîÙï4ô›ôœðMîÙï2“î ï/®îôÍðRôÎîÏï.*ô€ðPôîÏï,¦ô—ð@ô˜îÏï+"ô¢ð4ô£ð"îÏï)žôùð8ôúî ï&¹îô‡ð^îÏï%5ô¦ðEô§îÏï#±ô¡ô¢ðCîÏï"-ôàôáð6îÏï ©ôð\îÏï%ôðOî ï@îôšð(ô›ð3îÏï¼ô¢ðYîÏï8ôvp ôð;îÏï´ôŽð*ôð6îÏï0ôÊð8ôËîÏï¬ôÐð&rð/ôÑîÏïKô„ô…ð[îÏï ô îÙïLpô‡ðfîÙï ÈôÍ ôÎðSîÙïDô¦ ô§ðWîÙï Àô×ð!ôØð>ÿ´· y>/]’gIFS Operation11Controls' memo.6.3.4. In general, the names of files-only directories should not be registered in Grapevine.Ordinarily, users gain access to a files-only directory by virtue of membership in user groupsreferenced by that directory's connect protection, not by presenting the directory's password.However, so long as the result of appending the IFS's default registry to the directory name yieldsan R-Name that is not registered as an individual in Grapevine, the directory may be left as it is;IFS will use local information to authenticate users' attempts to connect to it. (If you are sounfortunate as to encounter a files-only directory whose name is registered in Grapevine, then eitherusers must use the Grapevine password to connect or you must change the name of the directory.)6.3.5. Issue the Enable Grapevine Authentication sub-command of Change System-Parameters. IFSwill now use Grapevine for user authentication, while continuing to use local user group informationfor access control.6.3.6. You will need the cooperation of the Grapevine registry's maintainer to perform this step.Compare the IFS group membership information obtained in step 6.3.2 with the existing Grapevinegroups, using the Maintain program. In most cases you will find that some existing Grapevinegroup is substantially the same as the IFS group, and that any discrepancies are most likely mistakesor oversights. (This is particularly true of organization and project groups.) In such cases, adjustthe Grapevine group membership as necessary and use it for the IFS group. For the remaining IFSgroups, create new Grapevine groups with the same memberships as the IFS groups. Rememberthat each name in a Grapevine group must include a registry name, even when the registry name isthe same as the IFS's default registry.The groups used for IFS access control should be chosen with some care. The simplest groups thatwill do the job should be used. Grapevine takes a long time to check for membership in extremelylarge or complex groups (e.g., SDD^.ES, which is both large and complex); this has the potential forcausing severe performance bottlenecks. In this connection, it should be mentioned that pseudo-groups of the form *.registry' (e.g., *.PA, *.ES) can be checked extremely rapidly, in contrast withgroups such as AllPA^.PA which require lengthy enumerations.It is OK for a group to refer to other groups, but the simpleNames of those other groups must endin ^', else they won't be expanded by Grapevine when checking for group membership. (However,it is not required that the top-level group name contain ^'.)Now use the Group sub-command of Change System-Parameters to associate the chosen Grapevinegroup names with the in-use IFS group numbers. Again, each group name must be a full R-Name,including registry.You should do this step carefully to ensure that you have captured in Grapevine the existing IFSgroup structure, because step 6.3.8 will invalidate and destroy the IFS group structure.6.3.7. Decide on a definition of the World' group. This controls access to all files (both existingand new) whose protections specify World'which is to say, all files accessible to Guest in IFSsthat have had Guest accounts until now.World' is intended to be an all-encompassing group that permits limited access to public files by allauthentic users. The main reason for restricting World' membership is to satisfy U.S. technologyexport regulations. Several non-U.S. Grapevine registries are now being established, and foreignaccess to U.S. information is expected to be conducted through more formal and controlledchannels. (This topic is discussed in detail in the Access Controls' memo.)Therefore, the definition of World' appropriate for most IFSs in the U.S. is a special group calledUSRegistries^.Internet, which includes all members of all U.S. registries. Certain IFSs may chooseto adopt a more restricted group for World'. Note that a user who is not a member of an IFS's World' groupcan still be a member of other of that IFS's groups and can access files whose protections mention those groups.Use the World sub-command of Change System-Parameters to set the name of the IFS's World'group.ÿî·ïfñpôîG?îÙïbîÙï_9ôîôïð,vpîÙï]µôÝð-ôÞð1îÙï\1ôüðTôý îÙïZôšð!ô›ðBîÙïY)ô vpð?ô¡îÙïW¥ôÏðYôÐîÙïV!ô†ð>vpô‡ð%îÙïTô˜ð_îÙïQ¸ô†ðZô‡îÙïP4ôƒðMô„îÙïN°ôîÙïKËô¬ð%ôð=îÙïJGôðLôîÙïHÃôÀðEôÁîÙïG?ô†ð\ô‡îÙïE»ô¥ðXô¦ îÙïD7ô†ð`îÙïB²ô«ð@ô¬îÙïA.ô—ô˜ð%vîÙï?ªôð&pîÙï<ÆôðUôŽîÙï;Aô‹ð7ôŒð*îÙï9½ô„ð`ô…îÙï89ô±ð'ô²ð9îÙï6µô›vpôœð?îÙï51ôð<îÙï2Lô’ð7v pô“îÙï0Èô‰ôŠðSîÙï/Dôð>îÙï,_ô“ðFô”îÙï*ÛôŠðFô‹îÙï)WôîÙï&sô¤ðBô¥îÙï$îôðXîÙï" ôŸð!ô ðEîÙï †ôð\ô®îÙïôð'îÙïôˆð_ô‰îÙï™ô§ð%ô¨ð=îÙïô¹ð>ôºð#îÙï‘ôóðYîÙïôðMîÙï(ôšðWô›îÙï¤ôœðcîÙï ôƒð/rô„ð*îÙï¿ôÁôÂð[îÙïýpô¯ðHô°îÙï yŒ· 2?/]ÙtIFS Operation126.3.8. Issue the Enable Grapevine Groups sub-command of Change System-Parameters. Theconversion to Grapevine is complete.6.3.9. You may now delete all user directories that have disk limits of zero. Such directoriespresumably exist solely to give the users access to other directories on the IFS; since authenticationand access control are now done using Grapevine, these directories are no longer needed.Exception: directories that have special capabilities (Mail' or Wheel') should not be deleted, asthese capabilities are remembered only by the IFS and not by Grapevine.It is worth mentioning the measures IFS takes to prevent Grapevine from becoming a bottleneckand to enable continued service if all Grapevine servers become unavailable. When a user first logsin or first attempts to access a file in a way that requires membership in some group, IFS interactswith Grapevine in whatever ways are necessary and remembers the result. This means thatsubsequent logins or file accesses involving the same group membership do not require anyinteraction with Grapevine.The Grapevine information that IFS remembers locally is invalidated after 12 hours; this preventsIFS from getting more than 12 hours out of date with respect to Grapevine. Furthermore, IFSremembers only successful user accesses, not unsuccessful ones. This means that when a newGrapevine R-Name is created for a user, or a user is added to a Grapevine group used for accesscontrol by IFS, the changes have an immediate effect on the user's access to IFS. However, whenan R-Name or group member is removed, IFS may continue to allow access on the basis of theobsolete information for up to 12 hours.Finally, if Grapevine becomes inaccessible for an extended period, IFS will continue to use itsremembered Grapevine information indefinitely.7. Other privileged commands! DisableLeaves enabled mode (the Executive's prompt reverts to @').! HaltStops IFS and returns control to the Alto Executive as soon as all present users (includingyou) log out or disconnect. If any Leaf connections are active, there may be a delay ofseveral minutes before the connections are broken and IFS halts.! Show Printing-requests (for user) user! Cancel (printing requests) (for user) userIf you type just RETURN in place of user, these commands will run through all printingrequests for all users.! Change System-Parameters!! sub-commandsPermits you to issue sub-commands to change one or more system operating parameters.Each sub-command takes effect immediately. Sub-command mode is terminated when youtype CR in response to the !!' prompt.The following sub-commands have permanent effects that survive restarts of IFS. (Thepermanent information is kept in file Info!1 in the IFS's primary file system.)!! Clock-Correction correctionSets the software clock correction, which is specified as a sign (+ or )followed by a decimal number. This causes the Alto clock to run fasterÿî·ïfñpôîG?îÙïbôàðWîÙï`šôð$îÙï]µôÇð/ôÈð1îÙï\1ô“ð9ô”ð-îÙïZôð0ôð(îÙïY)v pôÄðFôÅvpîÙïW¥ôðGîÙïTÀô¬ ôðRîÙïS<ô‰ð0ôŠð4îÙïQ¸ô•ô–ðFîÙïP4ôëôìð>îÙïN°ôòôóðEîÙïM,ôîÙïJGô¥ðaîÙïHÃô¸ð<ô¹îÙïG?ôØv pðBîÙïE»ôŸô ðLîÙïD7ô˜ô™ð@îÙïB²ô±ô²ð>îÙïA.ôð(îÙï>JôÊð*ôËð5îÙï<Æôð.îÙï89uîÙï5UpôXîÏï2pôð<îÙï/‹ôXîÏï,¦ôœð$ôð7îÏï+"ô²ð@ô³îÏï)žôð@îÙï&¹ôXð$vîÙï%5pð(vîÏï"Ppô»rpvpô¼ð'îÏï ÌôîÙïçôXîÙïcvîÏï~pô·ðTîÏïúô•ð*ô–ð)îÏïvôrpîÏï‘ôÇð6ôÈîÏï ôÎôÏð?îÅï)ôXv î»ïDpô³ðFô´î»ï Àô·ð.ô¸–· y?/]’9IFS Operation13(+) or slower () than its nominal rate by that number of seconds per day.Alto clocks are quite stable but not particularly accurate, and softwarecorrection is desirable in a server that runs continuously for long periods oftime.The amount by which the clock should be corrected may be determined bycomparison with an accurate reference over a period of several days (usingthe IFS Executive's DayTime' command), or by use of an accuratefrequency counter to measure the Alto system clock (slot 5 pin 63 on anAlto-I, slot 13 pin 63 on an Alto-II) and computing the correction by theformulac = 86400 * (1 f / 5880000)where f is the frequency in Hz.!! Server-Limit nLimits the number of simultaneous server processes (FTP, Chat, and Mailcombined) to n. At present, n may be as high as 6 on an Alto with 64K ofmemory, 8 with 128K, and 10 with 192K or more; the default Server-Limitis one less than the absolute maximum. See section 13.2 for information onsetting this parameter properly.!! Enable Press-printing!! Disable Press-printing!! Enable CopyDisk-server!! Disable CopyDisk-server!! Enable Boot-server!! Disable Boot-server!! Enable Name-server!! Disable Name-server!! Enable Time-server!! Disable Time-server!! Enable LookupFile-server!! Disable LookupFile-serverEnables and disables the Press printing facility and various servers (the FTPserver is always enabled, and the mail system is controlled by subcommandsto the Mail command). When a file system is created, all the servers aredisabled.!! Enable New-boot-files!! Disable New-boot-filesThis controls the operation of the automatic boot file maintenancemechanisms, and is relevant only if the boot server is enabled. If New-boot-files is enabled, IFS will obtain and maintain copies of all boot filesavailable from any other boot servers on the same Ethernet. If New-boot-files is disabled, IFS will maintain only those boot files that it already has.When a file system is created, New-boot-files is enabled.!! Enable Leaf-server!! Disable Leaf-serverEnables and disables the Leaf page-level access server (see section 9.4). TheEnable command does not take effect until IFS is next restarted, unless IFSwas last restarted with the /L switch. Similarly, the Disable command doesnot free resources consumed by the Leaf server until IFS is next restarted.When a file system is created, the Leaf server is disabled.The following sub-commands have one-time-only effects.!! Disable LoginsDisallows further user access to the system. This is useful during debuggingand while reloading the file system from backup.î·ïfñpôîG?î»ïbôð*ô‚î»ï`šôåôæð(î»ï_ôŒôð7î»ï]’î»ïZôŽðFî»ïY)ôšð%ô›ð%î»ïW¥ôð1ôî»ïV!ô±ð8ô²î»ïTô¨ô©ð=î»ïSî±ïP4vpôvpvpî»ïMOvpîÅïJjôXvî»ïG…pô§ ô¨ð=î»ïFô‹vpvp ôŒrpî»ïD}ô˜rprpð"î»ïBùô„ô…ð7î»ïAuôîÅï>ôXî/àîÅï=î/àîÅï;ˆî/àîÅï:î/àîÅï8€î/àîÅï6üî/àî»ï4ô‡ôˆð/î»ï2“ô„ô…ð-î»ï1ô¨ô©ð3î»ï/‹îÅï,¦ôXî/àî»ï)Áô/ô0ð5î»ï(=ô¸ô¹ð-î»ï&¹ô¬ðLî»ï%5ô™ð,ôšî»ï#±ô™ôšð9î»ï"-ôð9îÅïHôXî/àî»ïcô‚ðNî»ïßôˆð5ô‰î»ï[ô‹ðKî»ï×ôœð'ôð$î»ïSôð;îÏïnð6îÅï‰ôXî»ï ¥ôô‚ð7î»ï ôð0ÿ ·Ù0M\2@IFS Operation14!! Enable LoginsCancels the effect of Disable Logins.!! Reset-TimeCauses IFS to reset its clock from a time server on the directly-connectedEthernet. This operation is performed once automatically, immediatelyafter IFS restarts.8. Mail systemIFS contains a mail server that is compatible with Laurel and the Grapevine message system. IFScan keep in-boxes for users of that system and can also forward mail to mail servers in otherGrapevine servers, IFSs, and Maxc.If your IFS is in the Xerox Research Internet and you wish to operate a mail server, you should firstconsult the network support organization to obtain useful advice. A mail servermust be assigned a registry name that is distinct from the name of the IFS Alto itself. An IFS canbe either a self-contained registry or an adjunct to a Grapevine registry.To enable a user to receive mail, issue the Mail subcommand of the Create command, as describedpreviously. Of course, if you turn on the Mail capability for Default-User, then all new useraccounts you create subsequently will have Mail capability automatically.When mail is received from a user mail program such as Laurel, it is queued briefly in files namedNew>Mail!*'. A process called MailJob then wakes up and distributes the messages toindividual in-boxes, which are files named Box>user-name!1'. When a user retrieves the mailfrom his in-box, the in-box file is reset to empty. If you disable the mail capability for a user who has mailpending in his in-box, the in-box file will be deleted next time it is read.The MailJob process also forwards mail to other mail server hosts. Specifically, messages addressedto user.registry, where registry is the name of some other mail server, will get forwarded to thatserver by the Mailer process. While being forwarded, such messages are queued in files namedFwd>registry'. If registry maps to multiple addresses, as does GV' and other Grapevine registries, then theMailer will try each of those addresses, closest first, until it succeeds in delivering the messages.When a file system is first created, the mail system is disabled. You should set the enable switchesand configure the mail system using the commands below.8.1. Mail system commandsThe mail system is controlled by a command processor which is entered via the privileged Mailcommand to the IFS Executive. The commands that change parameters take effect immediately andsurvive restarts of IFS.* Enable (mail) System* Disable (mail) System* Enable (mail) Forwarding* Disable (mail) ForwardingEnables and disables the mail system. The first command turns on and off the mailsystem as a whole; the second command enables or disables forwarding of mail toother mail servers.* Dead-letter (recipient name) nameSpecifies the name of the in-box to which notification of mail system problems (e.g.,undeliverable messages with no return address) should be directed. Name may bethe name of an in-box on this IFS or (if forwarding is enabled) the fully-qualifiedî·ïfñpôîG?îÅïbôXî»ï_9ôð%îÅï\TôXî»ïYoô§ð$ô¨ð&î»ïWëôæôçð-î»ïVgôîÙïQÛu îÙïNöpôšô›ðFîÙïMrôËôÌðHîÙïKîôð"îÙïI ô€ð1ôð4îÙïG…ôƒô„rpð)îÙïFô’vpô“ð-îÙïD}ôðJîÙïA˜ô’ð0ô“ð/îÙï@ôÐð>ôÑîÙï>ôðIîÙï;«ôð&ôð<îÙï:'ôÒð8ôÓð#îÙï8£ô†ð6vpô‡îÙï7ô“ð3rð*ô”îÙï5¾ôðLîÙï2ýpôðZô îÙï1yôºvpvpvpð=ô»îÙï/õô¸ô¹ðPîÙï.q vprô˜srð$ô™ð.îÙï-ôðeîÙï*NpôðFô‘îÙï(Êôð7îÙï$>vîÙï!YpôºðEô»îÙïÕô„ ô…ðPîÙïQôîÏïlôXî*€îÏïèî*€îÅïô„ô…ð>îÅïôŸðGô îÅïûôîÏïôXvîÅï2pô‚ð#ôƒð2îÅï®ôŸð5ô vpîÅï*ôð6ôžÿê· ã>/](DIFS Operation15name (user.registry') of a recipient on some other server. If the IFS has access to aGrapevine server, DeadLetter.MS' is a good value for name.* Distribution-lists (directory name) nameSpecifies the name of the directory that holds distribution lists (extension .dl') thatare to be remotely accessible via the mail server. Name must not be enclosed by <'and >'; that is, if you keep distribution lists as DLs>*.dl', you shouldspecify Distribution-lists System>DLs'.This mechanism is used to keep distribution lists only for non-Grapevine registries.For Grapevine registries, distribution lists (groups) are maintained exclusively byGrapevine, even if IFS keeps some of the mailboxes for that registry.If name is empty, the distribution list retrieval mechanism is disabled.* Grapevine (server name) nameSpecifies the name of a Grapevine server (ordinarily GV'). Mail to a user at aremote registry is forwarded to name. Mail to a user whose registry maps to thisIFS or matches the registry system parameter, but for which no local mailbox exists,is forwarded to name. If name is empty, mail for a remote user is forwarded to itsregistry, and in the second case is returned as undeliverable.* Registry (we are part of) nameSpecifies the name of a Grapevine registry to which this IFS belongs. Mail to auser whose registry matches name is treated as if the recipient's mailbox is local. Ifno local mailbox exists and a Grapevine name has been specified, then the mail isforwarded there. If name is empty then this IFS's registry name is determined bylooking up its machine address (mail server socket 7). Note: if Grapevineauthentication is enabled, name must be the same as the default registry establishedby the Default-Registry sub-command of Change System-Parameters.* StatusGives the current status of the mail system, and a summary of mail server operatingstatistics covering the interval since the file system was created or last reloaded.Statistics are kept on five items; for each item three things are recorded: Samples',the total number of times a statistic for that item was recorded; Avg', the averagevalue of the statistic; and Histogram', an eight slot, logarithmically scaled histogramof the values.Length (characters)This is the length of a message received by the mail server, includingheader text. A message with multiple recipients is counted once in thisstatistic.RecipientsThis is the number of recipients (To:' plus cc:') of a message received bythe mail server.Sort delay (sec)This is the time between receiving a message and appending copies to localin-boxes or queueing copies for forwarding. It is recorded once for eachlocal recipient and once for each remote mail site.î·ïfñpôîG?îÅïbô‰vpð(ôŠîÅï`šôð6vpîÏï]µôXð&vîÅïZÐpô—ð.ô˜ð*îÅïYLô‡ð4vpvpôˆîÅïWÈôÈôÉðEîÅïVDôð(îÅïS_ô—ð:ô˜îÅïQÛôÆðPôÇîÅïPWôðEîÅïMrvpðAîÏïJôXvîÅïG¨pô·ð;ô¸îÅïF$ô§vpð-îÅïD ô…ô†ðBîÅïCô‘vpô’vpð5îÅïA˜ôð>îÏï>³ôXvîÅï;ÏpôðFô® îÅï:Kôvpð!ôŽîÅï8Æô›ôœð4îÅï7Bôžvp ôŸð*îÅï5¾ô ôð<îÅï4:ôvpôð-îÅï2¶ôð@îÏï/ÑôXîÅï,íô†ð0ô‡ð#îÅï+iôÈðTîÅï)äô“ð6ô”îÅï(`ôžðTîÅï&Üô‰ðXîÅï%Xô îÅï"sôXî»ïôÞð(ôßî»ïôÂðCôÃî»ï‡ îÅï¢ î»ï½ô›ð3ôœî»ï9ôîÅïTôXî»ïoôŽôð2î»ï ëô¯ô°ð.î»ïgôð3ÿ ¶· 5C[ë?IFS Operation16Fwd delay (sec)This is the time between queueing a message for a remote mail server andsuccessfully delivering it to that server. The statistic is recorded once foreach message forwarded, even if the message is addressed to multiplerecipients at the given remote server.Retrieve delay (min)This is the time between the mail system's appending a copy of a messageto a local in-box and the owner's retrieving it.If any messages have been discarded by the mail system, the number of occurrenceswill be displayed. A message is discarded when it can't be delivered to a recipientand it can't be returned to its sender and it can't be delivered to the dead letterdestination. This is an indication of serious trouble.* Reset (mail statistics)Resets the mail statistics, which are kept continuously and ordinarily survive restartsof IFS.î·ïfñpôîG?îÅïbôXî»ï_9ô˜ ô™ð=î»ï]µô®ô¯ð4î»ï\1ôïð+ôðî»ïZôð&îÅïWÈôXî»ïTãô›ð4ôœî»ïS_ôð0îÅïPzô†ð#ô‡ð.îÅïNöô•ô–ð?îÅïMrô°ô±ð;îÅïKîôð7îÏïI ôXîÅïF$ô‹ðNôŒîÅïD ôÿP·DY4C#²u TIMESROMAN TIMESROMAN TIMESROMAN TIMESROMANLOGO TIMESROMAN TIMESROMAN Ñ½Ø ¼' ³0 8Þ?ŸG ™QŒ\ÇdÀl¼tÁ|‹ÿÿj/‚€žê,ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿOperation1.Bravo RWeaver.PAJanuary 18, 1985 8:43 AM