To familiarize yourself with using USB drives on AIX, take a look at the following article at IBM developerWorks:

http://www.ibm.com/developerworks/aix/library/au-flashdrive/

Before you start using it, make sure you DLPAR the USB controller to your LPAR, if not done so already. You should see the USB devices on your system:

# lsconf | grep usb
+ usbhc0 U78C0.001.DBJX589-P2          USB Host Controller
+ usbhc1 U78C0.001.DBJX589-P2          USB Host Controller
+ usbhc2 U78C0.001.DBJX589-P2          USB Enhanced Host Controller
+ usbms0 U78C0.001.DBJX589-P2-C8-T5-L1 USB Mass Storage

After you plug in the USB drive, run cfgmgr to discover the drive, or if you don't want the run the whole cfgmgr, run:

# /etc/methods/cfgusb -l usb0

Some devices may not be recognized by AIX, and may require you to run the lquerypv command:

# lquerypv -h /dev/usbms0

To create a 2 TB file system on the drive, run:

# mkfs -olog=INLINE,ea=v2 -s2000G -Vjfs2 /dev/usbms0

To mount the file system, run:

# mount -o log=INLINE /dev/usbms0 /usbmnt

Then enjoy using a 2 TB file system:

# df -g /usbmnt
Filesystem    GB blocks      Free %Used    Iused %Iused Mounted on
/dev/usbms0     2000.00   1986.27    1%     3182     1% /usbmnt

To create a printer queue that dumps its contents to /dev/null, simply run the following command:

# /usr/lib/lpd/pio/etc/piomkpq -A file -p generic -d null -D asc -q lpnull

This will create a printer queue called lpnull and it will write any print jobs to /dev/null.

It's quite easy to generate a PDF file from a text file on AIX. What you need to do that, are both Enscript and Ghostscript installed. Both of them are RPMs that can be found in the AIX Toolbox for Linux Applications. Download the enscript and ghostscript RPMs, along with the RPMs ghostscript-fonts, libpng and urw-fonts, which are required by Ghostscript to run. Put the 5 RPMs in a single folder on your AIX system and run the following command to install all five:

# rpm -ihv *rpm

Now that it is installed, you can easily generate a PDF file. For example, if you wish to generate a PDF file from /etc/motd, run the following command:

# /opt/freeware/bin/enscript -B -p - /etc/motd \
| /usr/bin/gs -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite \
-sOutputFile=/tmp/motd.pdf -f -

The PDF file is written to /tmp/motd.pdf, and can be viewed with any PDF viewer.

Here are some very useful commands for the Hardware Management Console (HMC): Show vital product data, such as the serial number:

# lshmc -v

Show the release of the HMC:

# lshmc -V

Show network information of the HMC:

# lshmc -n

Reboot the HMC:

# hmcshutdown -r -t now

Show the connected managed systems:

# lssysconn -r all

Change the password of user hscpe:

# chhmcusr -u hscpe -t passwd -v abc1234

List the users of the HMC:

# lshmcusr

These are intersting log files of the HMC:

# ls -al /var/hsc/log/hmclogger.log
# ls -al /var/hsc/log/cimserver.log

Monitor the disk space:

# monhmc -r disk

This can be used to view the file systems of the HMC. Try using "proc", "mem" and "swap as well. By default this command will loop forever and update the screen every 4 seconds. You can run it only once, with the following command:

# monhmc -r disk -n 0

Zero out log files:

# chhmcfs -o f -d 0

This will delete any temporary files. Extremely useful if the HMC calls home to IBM about high usage of one of its file systems. Open a virtual console from the HMC:

# vtmenu

Exit by typing "~." (tilde dot) or "~~." (tilde tilde dot). Force the closure of a virtual terminal session:

# rmvterm -m SYSTEM-9117-570-SN10XXXXX -p name

Change the state of a partition:

# chsysstate -m SYSTEM-9131-52A-SN10XXXXX -r lpar -o on -n name
-f default_profile
# chsysstate -m SYSTEM-9131-52A-SN10XXXXX -r lpar -o shutdown 
-n name --immed

To start all partitions of one managed server:

# chsysstate -m Prd2-Server-8233-E8B-SN0XXXXXX -r lpar -o on --all

List partition profiles for a managed system:

# lssyscfg -r prof -m SYSTEM-9117-570-SN10XXXXX

List partition information:

# lspartition

At some times it may be necessary to create a dummy disk device, for example when you need a disk to be discovered while running cfgmgr with a certain name on multiple hosts.

For example, if you need the disk to be called hdisk2, and only hdisk0 exists on the system, then running cfgmgr will discover the disk as hdisk1, not as hdisk2. In order to make sure cfgmgr indeed discovers the new disk as hdisk2, you can fool the system by temporarily creating a dummy disk device.

Here are the steps involved:

First: remove the newly discovered disk (in the example below known as hdisk1 - we will configure this disk as hdisk2):

# rmdev -dl hdisk1

Next, we create a dummy disk device with the name hdisk1:

# mkdev -l hdisk1 -p dummy -c disk -t hdisk -w 0000

Note that running the command above may result in an error. However, if you run the following command afterwards, you will notice that the dummy disk device indeed has been created:

# lsdev -Cc disk | grep hdisk1
hdisk1 Defined    SSA Logical Disk Drive

Also note that the dummy disk device will not show up if you run the lspv command. That is no concern.

Now run the cfgmgr command to discover the new disk. You'll notice that the new disk will now be discovered as hdisk2, because hdisk0 and hdisk1 are already in use.

# cfgmgr
# lsdev -Cc disk | grep hdisk2

Finally, remove the dummy disk device:

# rmdev -dl hdisk1

During a system decommission process, it is advisable to format or at least erase all drives. There are 2 ways of accomplishing that:

If you have time:

AIX allows disks to be erased via the Format media service aid in the AIX diagnostic package. To erase a hard disk, run the following command:

# diag -T format

This will start the Format media service aid in a menu driven interface. If prompted, choose your terminal. You will then be presented with a resource selection list. Choose the hdisk devices you want to erase from this list and commit your changes according to the instructions on the screen.

Once you have committed your selection, choose Erase Disk from the menu. You will then be asked to confirm your selection. Choose Yes. You will be asked if you want to Read data from drive or Write patterns to drive. Choose Write patterns to drive. You will then have the opportunity to modify the disk erasure options. After you specify the options you prefer, choose Commit Your Changes. The disk is now erased. Please note, that it can take a long time for this process to complete.

If you want to do it quick-and-dirty:

For each disk, use the dd command to overwrite the data on the disk. For example:

for disk in $(lspv | awk '{print $1}') ; do
   dd if=/dev/zero of=/dev/r${disk} bs=1024 count=10
   echo $disk wiped
done

This does the trick, as it reads zeroes from /dev/zero and outputs 10 times 1024 zeroes to each disk. That overwrites anything on the start of the disk, rendering the disk useless.

When removing a device on AIX, you may run into a message saying that a child device is not in a correct state. For example:

# rmdev -dl fcs3
Method error (/usr/lib/methods/ucfgcommo):
0514-029 Cannot perform the requested function because a
child device of the specified device is not in a correct state.

To determine what the child devices are, use the -p option of the lsdev command. From the man page of the lsdev command:

-p Parent
     Specifies the device logical name from the Customized Devices
     object class for the parent of devices to be displayed. The 
     -p Parent flag can be used to show the child devices of the 
     given Parent. The Parent argument to the -p flag may contain
     the same wildcard charcters that can be used with the odmget 
     command. This flag cannot be used with the -P flag.

For example:

# lsdev -p fcs3          
fcnet3 Defined   07-01-01 Fibre Channel Network Protocol Device
fscsi3 Available 07-01-02 FC SCSI I/O Controller Protocol Device

To remove the device, and all child devices, use the -R option. From the man page for the rmdev command:

-R
     Unconfigures the device and its children.
     When used with the -d or -S flags, the 
     children are undefined or stopped, respectively.

The command to remove adapter fcs3 and all child devices, will be:

# rmdev -Rdl fcs3

An interesting open source project is Expect. It's a tool that can be used to automate interactive applications.

You can download the RPM for Expect can be downloaded from http://www.perzl.org/aix/index.php?n=Main.Expect, and the home page for Expect is http://www.nist.gov/el/msid/expect.cfm.

A very interesting tool that is part of the Expect RPM is "mkpasswd". It is a little Tcl script that uses Expect to work with the passwd program to generate a random password and set it immediately. A somewhat adjusted version of "mkpasswd" can be downloaded here. The adjusted version of mkpasswd will generate a random password for a user, with a length of 8 characters (the maximum password length by default for AIX), if you run for example:

# /usr/local/bin/mkpasswd username
sXRk1wd3

To see the interactive work performed by Expect for mkpasswd, use the -v option:

# /usr/local/bin/mkpasswd -v username
spawn /bin/passwd username
Changing password for "username"
username's New password:
Enter the new password again:
password for username is s8qh1qWZ

By using mkpasswd, you'll never have to come up with a random password yourself again, and it will prevent Unix system admins from assigning new passwords to accounts that are easily guessible, such as "changeme", or "abc1234".

Now, what if you would want to let "other" users (non-root users) to run this utility, and at the same time prevent them from resetting the password of user root?

Let's say you want user pete to be able to reset other user's passwords. Add the following entries to the /etc/sudoers file by running visudo:

# visudo

Cmnd_Alias MKPASSWD = /usr/local/bin/mkpasswd, \
                      ! /usr/local/bin/mkpasswd root
pete ALL=(ALL) NOPASSWD:MKPASSWD

This will allow pete to run the /usr/local/bin/mkpasswd utility, which he can use to reset passwords.

First, to check what he can run, use the "sudo -l" command:

# su - pete
$ sudo -l
User pete may run the following commands on this host:
(ALL) NOPASSWD: /usr/local/bin/mkpasswd, !/usr/local/bin/mkpasswd root

Then, an attempt, using pete's account, to reset another user's password (which is successful):

$ sudo /usr/local/bin/mkpasswd mark
oe09'ySMj

Then another attempt, to reset the root password (which fails):

$ sudo /usr/local/bin/mkpasswd root
Sorry, user pete is not allowed to execute 
'/usr/local/bin/mkpasswd root' as root.

Since the files involved in the following procedure are flat ASCII files and their format has not changed from V4 to V5, the users can be migrated between systems running the same or different versions of AIX (for example, from V4 to V5).

Files that can be copied over:

• /etc/group
• /etc/passwd
• /etc/security/group
• /etc/security/limits
• /etc/security/passwd
• /etc/security/.ids
• /etc/security/environ
• /etc/security/.profile

NOTE: Edit the passwd file so the root entry is as follows:

root:!:0:0::/:/usr/bin/ksh

When you copy the /etc/passwd and /etc/group files, make sure they contain at least a minimum set of essential user and group definitions.

Listed specifically as users are the following:
root, daemon, bin, sys, adm, uucp, guest, nobody, lpd

Listed specifically as groups are the following:
system, staff, bin, sys, adm, uucp, mail, security, cron, printq, audit, ecs, nobody, usr

If the bos.compat.links fileset is installed, you can copy the /etc/security/mkuser.defaults file over. If it is not installed, the file is located as mkuser.default in the /usr/lib/security directory. If you copy over mkuser.defaults, changes must be made to the stanzas. Replace group with pgrp, and program with shell. A proper stanza should look like the following:

    user: 
            pgrp = staff 
            groups = staff 
            shell = /usr/bin/ksh 
            home = /home/$USER 

The following files may also be copied over, as long as the AIX version in the new machine is the same:

• /etc/security/login.cfg
• /etc/security/user

NOTE: If you decide to copy these two files, open the /etc/security/user file and make sure that variables such as tty, registry, auth1 and so forth are set properly with the new machine. Otherwise, do not copy these two files, and just add all the user stanzas to the new created files in the new machine.

Once the files are moved over, execute the following:

# usrck -t ALL 
# pwdck -t ALL 
# grpck -t ALL 

This will clear up any discrepancies (such as uucp not having an entry in /etc/security/passwd). Ideally this should be run on the source system before copying over the files as well as after porting these files to the new system.

NOTE: It is possible to find user ID conflicts when migrating users from older versions of AIX to newer versions. AIX has added new user IDs in different release cycles. These are reserved IDs and should not be deleted. If your old user IDs conflict with the newer AIX system user IDs, it is advised that you assign new user IDs to these older IDs.

From: http://www-01.ibm.com/support/docview.wss?uid=isg3T1000231

This error can occur if the fibre channel adapter is extremely busy. The AIX FC adapter driver is trying to map an I/O buffer for DMA access, so the FC adapter can read or write into the buffer. The DMA mapping is done by making a request to the PCI bus device driver.

The PCI bus device driver is saying that it can't satisfy the request right now. There was simply too much IO at that moment, and the adapter couldn't handle them all. When the FC adapter is configured, we tell the PCI bus driver how much resource to set aside for us, and it may have gone over the limit. It is therefore recommended to increase the max_xfer_size on the fibre channel devices.

It depends on the type of fibre channel adapter, but usually the possible sizes are:

0x100000, 0x200000, 0x400000, 0x800000, 0x1000000

To view the current setting type the following command:

# lsattr -El fcsX -a max_xfer_size

Replace the X with the fibre channel adapter number.

You should get an output similar to the following:

max_xfer_size 0x100000 Maximum Transfer Size True

The value can be changed as follows, after which the server needs to be rebooted:

# chdev -l fcsX -a max_xfer_size=0x1000000 -P