OS/400 provides a lot of default values for variables (affecting the run-time environment) and program options. Some of these make sense, some of them are kept consistent with earlier versions of the OS because of compatibility reasons by IBM.
Some of these recommendations might not be appropriate for you by various reasons. Don't apply blindly. Know what you do, use the online help to retrieve background information on the topic in question.
The findings below are based on V4R5 with annotated exceptions for newer releases.
These are settings and scheduled jobs to keep your system uncluttered.
Change unneeded programs to not run
We most likely don't need to run lpd and smtpd to run per default.
CHGLPDA AUTOSTART(*NO) CHGSMTPA AUTOSTART(*NO)
You can easily check all settings at once by using
STRDFU OPTION(5) on the file QUSRSYS/QATOCSTART. These are not needed in general. Depending on OS version, not all entries may be available.
Change uninstalled programs to not run
If you did not install the Ultimedia package, you can remove the pre started job from the QSYSWRK subsystem description to make it not generate an error message at IPL time.
RMVPJE SBSD(QSYSWRK) PGM(QUMEDIA/QUMBPJTC)
If you did not install the Directory Services package (aka LDAP), you can remove the auto started jobs from the QSYSWRK subsystem description to make them not generate an error message at IPL time.
RMVAJE SBSD(QSYSWRK) JOB(QGLDPUBA) RMVAJE SBSD(QSYSWRK) JOB(QGLDPUBE)
Both is valid and tested for V4R5.
Cleanup unneeded stuff
These objects come by default at OS install time, are not needed to my knowledge, and thus can be safely deleted:
DLTOUTQ OUTQ(QDKT) DLTOUTQ OUTQ(QPFROUTQ) DLTOUTQ OUTQ(QPRINTS) DLTF FILE(QPRINTS) DLTOUTQ OUTQ(QPRINT2) DLTF FILE(QPRINT2) DLTOUTQ OUTQ(QTPPPOUTQ) DLTDEVD DEVD(QESPAP) DLTDEVD DEVD(QIADSP) DLTDEVD DEVD(QIAPRT) DLTDEVD DEVD(QQAHOST) DLTDEVD DEVD(QTIDA) DLTDEVD DEVD(QTIDA2) DLTCTLD CTLD(QESCTL) DLTCTLD CTLD(QTICTL) DLTLIND LIND(QESLINE) DLTLIND LIND(QTILINE)
System values are like environment variables as known from common operating systems. They influence system operation. I recommend the following changes.
- Change work environment to separate subsystems for different kind of jobs.
CHGSYSVAL SYSVAL(QCTLSBSD) VALUE('QCTL QSYS')
- Set automatic DST adjustment, and UTC offset. This value is valid for Central Europe (Berlin, Paris, …) and not available in V4R5.
CHGSYSVAL SYSVAL(QTIMZON) VALUE('QP0100CET2')
- Lessen time to automatically end disconnected interactive jobs (sessions).
CHGSYSVAL SYSVAL(QDSCJOBITV) VALUE('60')
- Adjust automatic performance values only at runtime, not at IPL.
CHGSYSVAL SYSVAL(QPFRADJ) VALUE('3')
- Make sure, database tasks can use system resources as needed.
CHGSYSVAL SYSVAL(QQRYDEGREE) VALUE(*OPTIMIZE)
- Match jobs running in total with reservations at IPL time. See
WRKACTJOBand set to slightly more than the Active Jobs value to be seen there.
CHGSYSVAL SYSVAL(QTOTJOB) VALUE(80)
- Allow memory pools to self adjust depending on jobs running. You can adjust the maximum active jobs per pool in the
CHGSHRPOOL POOL(*BASE) PAGING(*CALC) CHGSHRPOOL POOL(*INTERACT) PAGING(*CALC) CHGSHRPOOL POOL(*SPOOL) PAGING(*CALC)
- Maximize TCP buffers for maximum performance, especially on faster links.
CHGTCPA TCPRCVBUF(8388608) TCPSNDBUF(8388608)
- Allow immediate deletion of problem reports.
CHGSYSVAL SYSVAL(QPRBHLDITV) VALUE(0)
- Do not log software errors. We can't do much about these anyway, seen from a hobbyist viewpoint.
CHGSYSVAL SYSVAL(QSFWERRLOG) VALUE(*NOLOG)
- Maximize Central Syslog (viewable with
DSPLOGsize to lessen rotation frequency. Depending on OS version only VALUE(32767) may be valid.
CHGSYSVAL SYSVAL(QHSTLOGSIZ) VALUE(*DAILY)
- Raise allowed unsuccessful sign on tries before taking action.
CHGSYSVAL SYSVAL(QMAXSIGN) VALUE('15')
- Minimize logging for sessions disconnected beause of device errors.
CHGSYSVAL SYSVAL(QDEVRCYACN) VALUE(*ENDJOBNOLIST)
Security System Values
- Unrestrict automatic creation of system objects triggered by external (network) requests.
CHGSYSVAL SYSVAL(QAUTOVRT) VALUE(*NOMAX)
- Allow restore with all security relevant flags.
CHGSYSVAL SYSVAL(QALWOBJRST) VALUE(*ALL)
- For TCP connections to work, we need encrypted passwords.
- Allow QSYSOPR signon to all devices.
CHGSYSVAL SYSVAL(QLMTSECOFR) VALUE('0')
- Raise maximum password length to maximum value.
CHGSYSVAL SYSVAL(QPWDMAXLEN) VALUE(10)
- Raise minimum passsword length for security reasons.
CHGSYSVAL SYSVAL(QPWDMINLEN) VALUE(8)
- PTF install shall be done on unattended IPL time.
- Provide European style formatting.
CHGSYSVAL SYSVAL(QCURSYM) VALUE('€') CHGSYSVAL SYSVAL(QDECFMT) VALUE('J') CHGSYSVAL SYSVAL(QSRTSEQ) VALUE(*LANGIDUNQ)
- Allow background compiling in PDM as ordinary user, and submitting batch jobs in general.
GRTOBJAUT OBJ(QGPL/QBATCH) OBJTYPE(*JOBD) USER(*PUBLIC) AUT(*USE)
- Tweaking automatic cleanup (like logrotate).
CHGCLNUP ALWCLNUP(*YES) STRTIME('02:22:22') USRMSG(7) SYSMSG(3) SYSPRT(7) SYSLOG(14) CALITM(*KEEP)
- Change general SNA networking attributes. This is one long line. Take care to get it completely.
CHGNETA ALRSTS(*ON) ALRLOGSTS(*LOCAL) ALRPRIFP(*NO) ALRDFTFP(*NO) ALRBCKFP(*NONE) ALRRQSFP(*NONE) ALRCTLD(*NONE) ALRHLDCNT(0) ALRFTR(*NONE) JOBACN(*SEARCH) VRTAUTODEV(254) MDMCNTRYID(DE)
In addition, OS/400 has a default value of 65535 for
QCCSID. It should be set to a value being dependent on the installed language, to enable automatic translation of data on disk to the display device, and back. For Germany, the correct value is 273, and for US, it's 37. A good hint is to check your 5250 emulator program for possible values.
With this procedure, the current startup program for the OS can be retrieved for easy customization.
RTVCLSRC PGM(QSTRUP) SRCFILE(QCLSRC) WRKMBRPDM FILE(QCLSRC) MBR(QSTRUP) MBRTYPE(CLP) CRTCLPGM PGM(QSYS/QSTRUP)
Change Program Defaults
- File creation and change defaults.
CHGCMDDFT CMD(CRTPF) NEWDFT('SIZE(*NOMAX *N *N) WAITFILE(*IMMED) WAITRCD(*IMMED) REUSEDLT(*YES)') CHGCMDDFT CMD(CHGPF) NEWDFT('DLTDEPLF(*YES) SIZE(*NOMAX *N *N) WAITFILE(*IMMED) WAITRCD(*IMMED) REUSEDLT(*YES)') CHGCMDDFT CMD(CRTLF) NEWDFT('WAITFILE(*IMMED) WAITRCD(*IMMED)') CHGCMDDFT CMD(CHGLF) NEWDFT('WAITFILE(*IMMED) WAITRCD(*IMMED)')
- No unnecessary wait for power down.
CONFIRM(*NO)can be added for newer releases to suppress prompting.
CHGCMDDFT CMD(PWRDWNSYS) NEWDFT('OPTION(*IMMED) ENDSBSOPT(*NOJOBLOG)')
Regular Cleanup jobs
See job comment TEXT for details. These are long lines. Take care to get it completely.
ADDJOBSCDE JOB(PRGPRB) CMD(DLTPRB STATUS(*CLOSED)) FRQ(*WEEKLY) SCDDATE(*NONE) SCDDAY(*ALL) SCDTIME('13:22:00') MSGQ(*LIBL/QSYSOPR) TEXT('Purge closed and deletable problem entries') ADDJOBSCDE JOB(RCLTMPSTG) CMD(RCLTMPSTG DAYS(30)) FRQ(*MONTHLY) SCDDATE(*MONTHSTR) SCDDAY(*NONE) SCDTIME('13:24:00') MSGQ(*LIBL/QSYSOPR) TEXT('Reclaim temporary storage') ADDJOBSCDE JOB(RTVDSKINF) CMD(RTVDSKINF) FRQ(*MONTHLY) SCDDATE(*MONTHSTR) SCDDAY(*NONE) SCDTIME('13:34:00') MSGQ(*LIBL/QSYSOPR) TEXT('Retrieve disk space stats')
Additional Steps for at least V7R2 and probably newer
After trying to enter SST, one gets the message that the password has expired. But the password cannot be changed. Re-IPL in manual mode, or force DST display via control panel.
- Choose 5. Work with DST environment and 3. Service tools user IDs.
- Disable the "backdoor" profile 11111111,
- Change password for QSECOFR, Set password to expired to 2=No.
- Press F12 and choose 5. Work with DST environment and 6. Service tools security data.
- Enter 0 into the field 8. Password expiration interval in days, 8 into the Selection field, and press return.
- Enter a high number (like 12) into the field 9. Maximum sign-on attempts allowed, 9 into the Selection field, and press return.
- Enter 0 into the field 10. Duplicate password control, 10 into the Selection field, and press return.
Now exit DST.
You may choose to enter SST, enter 7 for Work with system security, and set Allow a service tools user ID with a default and expired password to change its own password to 1=Yes. Since we changed password expiry to never, this step is entirely optional.
- If you change the mount of memory for the machine, could be wise to adjust the value to '1', make the memory change and then change the value back to '3'.
F21to switch to view 2 or 3 to have adjustment possibilities.
- In newer OS versions, an additional variable QPWDLVL allows even longer passwords.
- This value isn't available with V4R5. You can use *LANGIDSHR there.