HP OpenVMS Systems Documentation |
HP OpenVMS System Management Utilities Reference Manual
September 2003
This document describes reference information for System Management utilities used with the OpenVMS Alpha operating system.
Revision/Update Information:
This manual supersedes the HP OpenVMS System Management Utilities Reference Manual,
Software Version: OpenVMS Alpha Version 7.3-2
© Copyright 2003 Hewlett-Packard Development Company, L.P. Microsoft®, MS-DOS®, Visual C++®, Windows®, and Windows NT® are U.S. registered trademarks of Microsoft Corporation. Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and other countries and are used under license. Pentium® is a U.S. registered trademark of Intel Corporation. Motif and OSF/1 are trademarks of The Open Group in the U.S. and other countries. UNIX® is a registered trademark of The Open Group. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Proprietary computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
ZK6048 The HP OpenVMS documentation set is available on CD-ROM.
PrefaceThe HP OpenVMS System Management Utilities Reference Manual contains reference information about the utilities that are used to manage both the OpenVMS VAX and OpenVMS Alpha operating systems. This manual describes each system management utility and provides examples for frequently used commands and qualifiers. In addition to system management utilities, a description and usage summary of the AUTOGEN command procedure is presented in this reference manual. All commands follow the standard rules of grammar as specified in the HP OpenVMS DCL Dictionary. For information on how to use these system management utilities and AUTOGEN, please refer to the HP OpenVMS System Manager's Manual. Intended AudienceThis manual is intended for system managers and users of the system management utilities for the OpenVMS VAX and OpenVMS Alpha operating systems. Document StructureEach part of this manual, with the exception of the section on the AUTOGEN command procedure, provides reference information for a system management utility. Related DocumentsFor more information on the system management utilities, refer to the following documents:
For additional information about HP OpenVMS products and services, visit the following World Wide Web address:
Reader's CommentsHP welcomes your comments on this manual. Please send comments to either of the following addresses:
How To Order Additional DocumentationFor information about how to order additional documentation, visit the following World Wide Web address:
ConventionsVMScluster systems are now referred to as OpenVMS Cluster systems. Unless otherwise specified, references to OpenVMS Clusters or clusters in this document are synonymous with VMSclusters. The contents of the display examples for some utility commands described in this manual may differ slightly from the actual output provided by these commands on your system. However, when the behavior of a command differs significantly between OpenVMS VAX and OpenVMS Alpha, that behavior is described in text and rendered, as appropriate, in separate examples. The following conventions are also used in this manual:
Chapter 1
|
$ EDIT/ACL INVENTORY.DAT |
You can use either the EDIT/ACL command or the SET SECURITY/EDIT command to invoke the ACL editor. For more information about the SET SECURITY command, refer to the HP OpenVMS DCL Dictionary and the HP OpenVMS Guide to System Security.
By default, the ACL editor creates and modifies ACLs for files. To create an ACL for an object other than a file (for example, to create an ACL for a queue), you must specify the object class when you invoke the ACL editor. For example, the following command invokes the ACL editor to create an ACL for the disk DAPR:
$ EDIT/ACL/CLASS=DEVICE DAPR |
If an ACL for the object you specify already exists, the ACL editor displays the ACL. You can then use keypad editing commands to add, replace, or delete one or more ACEs in the ACL (see Section A.1). To exit from a completed editing session, press Ctrl/Z. To end an editing session without incorporating any of your edits, press the GOLD key (PF1) and then press Ctrl/Z.
For a description of keypad editing commands supplied by the ACL editor, see Appendix A. For information about how to modify the ACL editor by modifying ACL section files, see Appendix B.
In addition to invoking the ACL editor directly or by entering commands at the DCL prompt ($), you can modify an ACL by using the callable interface to the ACL editor (the ACLEDIT$EDIT routine). For information about how to use the ACLEDIT$EDIT routine, refer to the OpenVMS Utility Routines Manual. |
This section describes the entry and display format for the following access control entries (ACEs):
The HP OpenVMS Guide to System Security describes how to use each of these ACEs. You can also
use other types of ACEs. For example, applications can use an
Application ACE to store application-specific information associated
with a file. For a description of the internal format used to store an
ACE, refer to the OpenVMS Programming Concepts Manual.
Alarm ACE
Specifies the access criteria that cause an alarm message to be sent to all security operator terminals.ACL alarms are enabled by default; however, alarms are not written to the system security audit log file. If you have existing files or resources protected by Alarm ACEs and you want messages to be recorded in the log file, replace the Alarm ACEs with Audit ACEs.
(ALARM=SECURITY [,OPTIONS=attributes], ACCESS=access-type[+access-type...])
options
Specify any of the following attributes:
Default Indicates that an ACE is to be included in the ACL of any files created within a directory. When the entry is propagated, the Default attribute is removed from the ACE of the created file. This attribute is valid for directory files only. Hidden Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command. Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.
Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
- By using the ACL editor
- By specifying the ACE explicitly when deleting it
Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.
- By deleting all ACEs, both protected and unprotected
Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.
The following commands do not delete protected ACEs:
SET SECURITY/ACL/DELETE
SET SECURITY/LIKE
SET SECURITY/DEFAULTNopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands. None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field. access
Specify any access that is valid for the object class. refer to the HP OpenVMS Guide to System Security for a listing of valid access types. For an Alarm ACE to have any effect, you must include the keywords SUCCESS, FAILURE, or both with the access types. For example, if the auditing criterion is a failure to obtain write access to an object, specify the following Alarm ACE:
(ALARM=SECURITY, ACCESS=WRITE+FAILURE)
Specifies the access criteria that cause an audit message to be written to the system security audit log file. A message is recorded by default. A message is recorded only if ACL audits are enabled with the DCL command SET AUDIT/AUDIT/ENABLE=ACL.
(AUDIT=SECURITY [,OPTIONS=attributes], ACCESS=access-type[+access-type...])
options
Specify one of the following attributes:
Default Indicates that an ACE is to be included in the ACL of any files created within a directory. When the entry is propagated, the Default attribute is removed from the ACE of the created file. This attribute is valid for directory files only. Hidden Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command. Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.
Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
- By using the ACL editor
- By specifying the ACE explicitly when deleting it
Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.
- By deleting all ACEs, both protected and unprotected
Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.
The following commands do not delete protected ACEs:
SET SECURITY/ACL/DELETE
SET SECURITY/LIKE
SET SECURITY/DEFAULTNopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands. None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field. access
Specify any access that is valid for the object class. Refer to the HP OpenVMS Guide to System Security for a listing of valid access types. For an Audit ACE to have any effect, you must include the keywords SUCCESS, FAILURE, or both with the access types. For example, if the auditing criterion is a failure to obtain write access to an object, specify the following Audit ACE:
(AUDIT=SECURITY,ACCESS=WRITE+FAILURE)
Adds an extra ACE to the ACL for a file created within the directory to which you assign the Creator ACE. The Creator ACE applies only when the following conditions exist:
- The file being created is not owned by the user identification code (UIC) of the process creating the file.
- The process creating the file does not have system privileges.
For example, both of these conditions exist when a process holding a general identifier with the Resource attribute creates a file in a directory owned by that identifier. In this situation, the system adds an extra ACE at the top of the new file's ACL. If a Creator ACE exists in the ACL for the parent directory, the system propagates the access specified in the Creator ACE to the new ACE. If a directory lacks a Creator ACE, the system assigns an extra ACE with a combination of control access and ownership access. A Creator ACE with ACCESS=None suppresses the addition of the extra ACE.
The Creator ACE applies to directory files only.
Refer to the HP OpenVMS Guide to System Security for more information.
(CREATOR [,OPTIONS=attribute[+attribute...]],ACCESS=access-type[+access-type...])
options
Specify any of the following attributes:
Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
- By using the ACL editor
- By specifying the ACE explicitly when deleting it
Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.
- By deleting all ACEs, both protected and unprotected
Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.
The following commands do not delete protected ACEs:
SET SECURITY/ACL/DELETE
SET SECURITY/LIKE
SET SECURITY/DEFAULTNopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands. None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field. access
Specify access types that are valid for files (read, write, execute, delete, and control).
Defines a UIC-based protection to be propagated to new files throughout a directory tree. The protection code in the ACE is assigned to new files created in the directory. The Default Protection ACE applies to directory files only. Although the system propagates the Default Protection ACE to new subdirectories, the protection code is not assigned to the subdirectories. Instead, the subdirectories receive a modified copy of the parent directory's protection code in which delete access is not granted.An example of a Default Protection ACE is as follows:
(DEFAULT_PROTECTION,S:RWED,O:RWED,G,W)The ACE grants read, write, execute, and delete access to users in the system (S) and owner (O) categories but no access to users in the group and world categories. For more information, refer to the HP OpenVMS Guide to System Security.
(DEFAULT_PROTECTION[,OPTIONS=attribute[+attribute...]],access)
options
Specify any of the following attributes:
Hidden Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command. Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.
Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
- By using the ACL editor
- By specifying the ACE explicitly when deleting it
Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.
- By deleting all ACEs, both protected and unprotected
Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.
The following commands do not delete protected ACEs:
SET SECURITY/ACL/DELETE
SET SECURITY/LIKE
SET SECURITY/DEFAULTNopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands. None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field. access
Specify access in the format of a UIC-based protection code, which is as follows:
[category: list of access allowed (, category: list of access allowed,...)]
- User categories include system (S), owner (O), group (G), and world (W). Refer to the HP OpenVMS Guide to System Security for a definition of these categories. Access types for files include read (R), write (W), execute (E), and delete (D). The access type is assigned to each ownership category and is separated from its access types with a colon (:).
- A null access list means no access, so when you omit an access type for a user category, that category of user is denied that type of access. To deny all access to a user category, specify the user category without any access types. Omit the colon after the user category when you deny access to a category of users.
- When you omit a user category from a protection code, the current access allowed that category of user is set to no access.
Controls the type of access allowed to a particular user or group of users. An example of an Identifier ACE is as follows:
(IDENTIFIER=SALES,ACCESS=READ+WRITE)A system manager can use the Authorize utility (AUTHORIZE) to grant the SALES identifier to a specific group of users. Read and write access to the file INVENTORY.DAT is then granted to users who hold the SALES identifier.
For more information, refer to the HP OpenVMS Guide to System Security.
(IDENTIFIER=identifier[+identifier...] [,OPTIONS=attributes[+attributes...]] ,ACCESS=access-type[+access-type...])
identifier
Specifies a user or groups of users whose access to an object is defined in the ACE. A system manager creates or removes identifiers and assigns users to hold these identifiers.Types of identifiers are as follows:
UIC Identifiers in alphanumeric format that are based on the user identification codes (UICs) and that uniquely identify each user on the system. Users with accounts on the system automatically receive a UIC identifier, for example, [GROUP1,JONES] or [JONES]. Thus, each UIC identifier specifies a particular user. General Identifiers defined by the security administrator in the rights list to identify groups of users on the system. A general identifier is an alphanumeric string of 1 to 31 characters, containing at least one alphabetic character. It can include the letters A to Z, dollar signs ($), underscores (_), and the numbers 0 to 9, for example, 92SALES$, ACCOUNT_3, or PUBLISHING. Environmental Identifiers describing different types of users based on their initial entry into the system. Environmental identifiers are also called system-defined identifiers. Environmental identifiers correspond directly to the login classes described in the HP OpenVMS Guide to System Security. They include batch, network, interactive, local, dialup, and remote. For more information, refer to the HP OpenVMS Guide to System Security.
options
Specify any of the following attributes:
Default Indicates that an ACE is to be included in the ACL of any files created within a directory. When the entry is propagated, the Default attribute is removed from the ACE of the created file. This attribute is valid for directory files only. Note that an Identifier ACE with the Default attribute has no effect on access.
Hidden Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command. Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.
Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
- By using the ACL editor
- By specifying the ACE explicitly when deleting it
Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.
- By deleting all ACEs, both protected and unprotected
Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.
The following commands do not delete protected ACEs:
SET SECURITY/ACL/DELETE
SET SECURITY/LIKE
SET SECURITY/DEFAULTNopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands. None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field. access
Specify access types that are valid for the object class. Refer to the HP OpenVMS Guide to System Security for a listing of valid access types.
Grants additional identifiers to a process while it is running the image to which the Subsystem ACE applies. Users with execute access to the image can access objects that are in the protected subsystem, such as data files and printers, but only when they run the subsystem images. The Subsystem ACE applies to executable images only.An example of a Subsystem ACE is as follows:
(SUBSYSTEM, IDENTIFIER=ACCOUNTING)
(SUBSYSTEM,[OPTIONS=attribute[+attribute...],]IDENTIFIER=identifier [,ATTRIBUTES=attribute[+attribute...]] [,IDENTIFIER=identifier [,ATTRIBUTES=attribute[+attribute...]],...])
options
Specify any of the following attributes:
Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
- By using the ACL editor
- By specifying the ACE explicitly when deleting it
Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.
- By deleting all ACEs, both protected and unprotected
Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.
The following commands do not delete protected ACEs:
SET SECURITY/ACL/DELETE
SET SECURITY/LIKE
SET SECURITY/DEFAULTNopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands. None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field. identifier
A general identifier specifying the users or groups of users who are allowed or denied access to an object. It is an alphanumeric string of 1 through 31 characters, containing at least one alphabetic character. It can include the letters A to Z, dollar signs ($), underscores (_), and the numbers 0 to 9. For more information, refer to the HP OpenVMS Guide to System Security.A Subsystem ACE can have multiple pairs of identifiers, with special attributes assigned to the identifiers. A subsystem might require several identifiers to work properly. For example:
(SUBSYSTEM,IDENTIFIER=MAIL_SUBSYSTEM,ATTRIBUTE=NONE,IDENTIFIER=BLDG5,ATTRIBUTE=NONE)attribute
The identifier characteristics you specify when you add identifiers to the rights list or grant identifiers to users. You can specify the following attribute:
Resource Allows holders of the identifier to charge disk space to the identifier. Used only for file objects.
1.4 ACL Editor Qualifiers
When you invoke the ACL editor, you can include qualifiers on the
command line that identify the object class and the editing mode
(prompt or noprompt).
You can also use qualifiers to name a journaling file or to recover an
ACL editing session. This section describes the qualifiers listed in
the following table:
Qualifier | Description |
---|---|
/CLASS | Specifies the class of object whose ACL is being edited |
/JOURNAL | Controls whether a journal file is created for the editing session |
/MODE | Specifies the use of prompting during the editing session |
/OBJECT_TYPE | Superseded by the /CLASS qualifier |
/RECOVER | Restores an ACL from a journal file at the beginning of an editing session |
All of the qualifiers described in this section also apply to the SET
SECURITY/EDIT command. You can substitute the SET SECURITY/EDIT command
wherever the EDIT/ACL command is shown; the syntax is the same for both
commands.
/CLASS
Specifies the class of the object whose ACL is being edited. Unless the object is a file, you must specify the object class.
/CLASS =object-class
To edit the ACL for an object other than a file, specify the object class with the /CLASS qualifier. Specify one of the following classes:
CAPABILITY A system capability, such as the ability to process vector instructions. Currently, the only defined object name for the CAPABILITY class is VECTOR, which governs the ability of a subject to access a vector processor on the system. Note that you must supply the capability name as the object name parameter. COMMON_EVENT_CLUSTER A common event flag cluster. DEVICE A device, such as a disk or tape drive. FILE A file or a directory file. This is the default. GROUP_GLOBAL_SECTION A group global section. LOGICAL_NAME_TABLE A logical name table. QUEUE A batch queue or a device (printer, server, or terminal) queue. RESOURCE_DOMAIN A resource domain. SECURITY_CLASS A security class. SYSTEM_GLOBAL_SECTION A system global section. VOLUME A disk or tape volume.
#1 |
---|
$ EDIT/ACL/CLASS=DEVICE WORK1 |
The command in this example specifies that the object WORK1 is a device.
#2 |
---|
$ EDIT/ACL/CLASS=QUEUE FAST_BATCH |
The command in this example creates an ACL for the queue FAST_BATCH. Note that if you create an ACL for a generic queue, you must create identical ACLs for all execution queues to which jobs can be directed.
Controls whether a journal file is created for the editing session.
/JOURNAL [=file-spec]/NOJOURNAL
By default, the ACL editor keeps a journal file containing a copy of modifications made during an editing session. The journal file is given the name of the object and a .TJL file type. If you specify a different name for the file, do not include any wildcard characters.To prevent the ACL editor from creating a journal file, specify /NOJOURNAL.
If your editing session ends abnormally, you can recover the changes made during the aborted session by invoking the ACL editor with the /RECOVER qualifier.
#1 |
---|
$ EDIT/ACL/JOURNAL=COMMONACL.SAV MECH1117.DAT |
With this command, you create a journal file named COMMONACL.SAV. The file contains a copy of the ACL and the editing commands used to create the ACL for the file MECH1117.DAT.
If the editing session is interrupted, you can recover your edits by specifying the name COMMONACL.SAV with the /RECOVER qualifier.
#2 |
---|
$ EDIT/ACL/CLASS=RESOURCE/JOURNAL=ZERO_RESOURCE.TJL [0] |
If you edit an ACL for the resource domain [0], the ACL editor attempts to create the file [0].TJL on the default device and fails. To create an ACL for the resource [0], you must specify a different name for the journal file (as shown in this example) or suppress the creation of a journal file with the /NOJOURNAL qualifier.
Specifies the use of prompting during the editing session.
/MODE =option
By default, the ACL editor prompts you for each ACE and provides values for some of the fields within an ACE (/MODE=PROMPT). To disable prompting, specify /MODE=NOPROMPT on the command line.
#1 |
---|
$ EDIT/ACL/MODE=NOPROMPT WEATHERTBL.DAT |
With this command, you initiate an ACL editing session to create an ACL for the file WEATHERTBL.DAT. The /MODE=NOPROMPT qualifier specifies that no assistance is required in entering the ACL entries.
The /OBJECT_TYPE qualifier is superseded by the /CLASS qualifier.
Restores an ACL from a journal file at the beginning of an editing session.
/RECOVER [=file-spec]/NORECOVER
The /RECOVER qualifier specifies that the ACL editor must restore the ACL from a journal file. The ACL editor restores the ACL to the state it was in when the last ACL editing session ended abnormally.By default the journal file is given the name of the object and a .TJL file type. If you specify a more meaningful name for the journal file when you invoke the ACL editor (by using /JOURNAL), specify that file name with the /RECOVER qualifier.
#1 | |
---|---|
$ EDIT/ACL/JOURNAL=SAVEACL MYFILE.DAT
|
The first command in this example starts the ACL editing session and specifies that the ACL editor must save the journal file SAVEACL.TJL if the session ends abnormally. The session proceeds until it is aborted by a system crash.
The next command restores the lost session with the journal file SAVEACL.TJL. To end the session, press Ctrl/Z. The ACL editor saves the edits and deletes the journal file.
2.1 ACCOUNTING Description
The Accounting utility (ACCOUNTING) produces reports of system resource
use.
You can use ACCOUNTING qualifiers to:
You can use the reports to learn more about how the system is used and
how it performs.
2.2 ACCOUNTING Usage Summary
Produces reports of resource use.
ACCOUNTING [filespec[,...]]
filespec[,...]
Specifies the accounting files you want to process.Each file specification can include the percent (%) and asterisk (*) wildcard characters. If it does not include the device or directory, your current default device or directory is used. If it does not include the file name or file type, the values ACCOUNTNG and DAT are used respectively.
If you do not specify a file, the command processes the file SYS$MANAGER:ACCOUNTNG.DAT.
Use this DCL command to run the Accounting utility:
$ ACCOUNTING [filespec[,...]]
You are returned to DCL level when the command has finished processing the specified accounting files.
By default, the command directs its output to the current SYS$OUTPUT device. If you want to direct the output to a file, use the /OUTPUT qualifier.
Requires READ access to the accounting files you specify, and to the directories containing them.
This section describes and provides examples of each ACCOUNTING qualifier. The following table summarizes the ACCOUNTING qualifiers:
Qualifier | Description |
---|---|
/ACCOUNT | Selects or rejects records for the specified account names |
/ADDRESS | Selects or rejects records for DECnet for OpenVMS requests made by the specified nodes |
/BEFORE | Selects all records time-stamped before the specified time |
/BINARY | Copies the selected records to a new file in binary format |
/BRIEF | Produces a brief report of the selected records |
/ENTRY | Selects or rejects records for print and batch jobs with the specified queue entry numbers |
/FULL | Produces a full report of the selected records |
/IDENT | Selects or rejects records for the specified processes |
/IMAGE | Selects or rejects records for the specified images |
/JOB | Selects or rejects records for print and batch jobs with the specified job names |
/LOG | Outputs informational messages |
/NODE | Selects or rejects records for DECnet for OpenVMS requests made by the specified nodes |
/OUTPUT | Specifies the output file (Alpha only) |
/OWNER | Selects or rejects records for subprocesses created by the specified processes |
/PRIORITY | Selects or rejects records for the specified priority |
/PROCESS | Selects or rejects records for the specified types of process |
/QUEUE | Selects or rejects records for print or batch jobs executed by the specified queues |
/REJECTED | Copies the rejected records to a new file |
/REMOTE_ID | Selects or rejects records for DECnet for OpenVMS requests made by the specified remote IDs |
/REPORT | Specifies the resources that you want to summarize in a summary report |
/SINCE | Selects all records time-stamped at or after the specified time |
/SORT | Sorts the selected records |
/STATUS | Selects or rejects records with the specified final exit status codes |
/SUMMARY | Produces a summary report of the selected records |
/TERMINAL | Selects or rejects records for interactive sessions at the specified terminals |
/TITLE | Specifies the title shown on the first line of a summary report |
/TYPE | Selects or rejects the specified types of record |
/UIC | Selects or rejects records for the specified UICs |
/USER | Selects or rejects records for the specified user names |
/WIDE | Changes the width of Buffered I/O and Direct I/O fields in a report from 8 to 10 characters |
Selects or rejects records for the specified account names.
/ACCOUNT= ([-]account[,...])
The /ACCOUNT qualifier uses the value of the account field to select records for processing. This field is present in all records except file backward link and file forward link records.The /ACCOUNT qualifier selects only records that have the specified values in the account field. If you precede the values with a minus sign, it selects all records except those with the specified values.
The following table shows the values stored in the account field of login failure and system initialization records:
Value Description <batch> Batch job login failure <det> Detached process login failure <login> Interactive login failure <net> Network login failure <start> System startup Note that when you specify these account field values as qualifier values, you must enclose them in quotes. Like all DCL commands, the ACCOUNTING command converts strings to uppercase unless they are enclosed in quotes.
#1 |
---|
$ ACCOUNTING /ACCOUNT=(SALES, QA) |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for the account names SALES and QA.
#2 |
---|
$ ACCOUNTING /ACCOUNT=(-SALES, QA) /FULL |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of all records except for the account names SALES and QA.
Selects or rejects records for DECnet for OpenVMS requests made by the specified nodes.
/ADDRESS= ([-]node_address[,...])
The /ADDRESS qualifier uses the value of the remote node address field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about DECnet for OpenVMS requests, it contains the address of the node that made the request.The /ADDRESS qualifier selects only records with the specified values in the remote node address field. If you precede the values with a minus sign, it selects all records except those with the specified values.
See also the /NODE and /REMOTE_ID qualifiers, which select or reject records for DECnet for OpenVMS requests made by specified node names and remote IDs respectively.
$ ACCOUNTING /ADDRESS=19656 |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for DECnet for OpenVMS requests made by the node with the address 19656. (The decimal equivalent of this address is 19.200.)
Selects all records time-stamped before the specified time.
/BEFORE [=time]
All records in an accounting file are time-stamped with the time the record was logged in the file.The /BEFORE qualifier selects only the records time-stamped before the specified time. You can specify an absolute time, a delta time, or a combination of the two. If you omit the time, 00:00 hours on the current day is used.
See also the /SINCE qualifier, which selects records time-stamped at or after a specified time.
$ ACCOUNTING /SINCE=1-NOV-2002 /BEFORE=1-DEC-2002 |
This example produces a brief report of all records time-stamped in the file SYS$MANAGER:ACCOUNTNG.DAT during November 2002.
Copies the selected records to a new file in binary format.
/BINARY
The /BINARY qualifier specifies that records are output in binary format to the file specified by the /OUTPUT qualifier. (/OUTPUT is Alpha-only, however.) Use the Accounting utility to process this file later.See also the /BRIEF, /FULL, and /SUMMARY qualifiers, which process the selected records to produce a report.
You cannot use the /BINARY qualifier with the /BRIEF, /FULL, or /SUMMARY qualifiers.
#1 |
---|
$ ACCOUNTING /USER=SMITH /BINARY /OUTPUT=MYDISK:[ACCOUNTING]MYACC.DAT |
This example creates the file MYDISK:[ACCOUNTING]MYACC.DAT. It processes the file SYS$MANAGER:ACCOUNTNG.DAT, copying all records for the user SMITH to the new file in binary format.
#2 |
---|
$ ACCOUNTING /TYPE=PRINT - _$ /BINARY /OUTPUT=PRINT_INFO.DAT /REJECTED=NOT_PRINT_INFO.DAT |
This example creates two files in the default directory, PRINT_INFO.DAT and NOT_PRINT_INFO.DAT. It processes the file SYS$MANAGER:ACCOUNTNG.DAT, copying print records to PRINT_INFO.DAT and other records to NOT_PRINT_INFO.DAT. These records are in binary format.
Produces a brief report of the selected records.
/BRIEF (default)
The /BRIEF qualifier is the default. It produces a brief report of the selected records. The report is directed to the current SYS$OUTPUT device, unless you use the /OUTPUT qualifier to write it to a file. (Note that /OUTPUT is Alpha-only.)Each line of a brief report corresponds to a record in the accounting file. It does not show resources used, but gives the information shown in the following table about each record in the accounting file:
Column Description Date/Time When the record was logged in the accounting file. Type The type of the record. Subtype For records of type IMAGE, this is the name of the image (the file name portion of its file specification). For records of type PROCESS, it is the type of the process (BATCH, DETACHED, INTERACTIVE, NETWORK, or SUBPROCESS). User name The user name. For login failures where the user did not give a valid user name, this is shown as <login>. ID The process identifier (PID). For print jobs, this is the PID of the process that submitted the job. Source The terminal associated with an interactive process or, for DECnet for OpenVMS requests, the name of the node that issued the request. Status The final exit status code, expressed as a hexadecimal value. To translate the final exit status code into the equivalent message text, use the F$MESSAGE lexical function, and precede the status code with %X, as in this example:
$ MESSAGE = F$MESSAGE(%X00000001) $ SHOW SYMBOL MESSAGE MESSAGE = "%SYSTEM-S-NORMAL, normal successful completion"See also the /BINARY qualifier, which copies the selected records to a file, and the /FULL and /SUMMARY qualifiers, which produce full and summary reports of the selected records.
You cannot use the /BRIEF qualifier with the /BINARY, /FULL, or /SUMMARY qualifiers.
$ ACCOUNTING |
This example produces a brief report of all records in the file SYS$MANAGER:ACCOUNTNG.DAT.
This is an example of the report that is produced:
Date / Time Type Subtype Username ID Source Status -------------------------------------------------------------------------- 7-JAN-2002 17:20:08 FILE_BL 00000000 00000000 7-JAN-2002 17:22:05 PROCESS DETACHED JONES 516000E1 02DBA002 7-JAN-2002 17:22:10 PROCESS INTERACTIVE JONES 516000DD TWA10: 00000001 7-JAN-2002 17:22:16 PROCESS INTERACTIVE JONES 51600104 TWA11: 0001C0F4 7-JAN-2002 17:22:20 PROCESS DETACHED JONES 51600103 12DB821C 8-JAN-2002 01:06:36 PROCESS SUBPROCESS SYSTEM 51600106 10000001 8-JAN-2002 03:09:59 PROCESS BATCH SYSTEM 5160010F 10030001 8-JAN-2002 09:13:15 LOGFAIL 51600105 00D3803C 8-JAN-2002 09:14:40 IMAGE LOGINOUT JONES 51600110 00000000 8-JAN-2002 09:28:57 PROCESS SUBPROCESS SMITH 51600119 10000001 8-JAN-2002 09:50:18 PROCESS SUBPROCESS SMITH 5160011A 00000001 |
Selects or rejects records for print and batch jobs with the specified queue entry numbers.
/ENTRY= ([-]entry_number[,...])
The /ENTRY qualifier uses the value of the queue entry number field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about print or batch jobs, it contains the unique entry number assigned to the job in the print or batch queue.The /ENTRY qualifier selects only records that have the specified values in the queue entry number field. If you precede the values with a minus sign, it selects all records except those with the specified values.
See also the /JOB and /QUEUE qualifiers, which select or reject records for print and batch jobs with specified job and queue names.
#1 |
---|
$ ACCOUNTING /ENTRY=(211,212,213) |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for print or batch jobs with a queue entry number of 211, 212, or 213.
#2 |
---|
$ ACCOUNTING /ENTRY=(-25,50) |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for print or batch jobs with a queue entry number of 25 or 50.
Produces a full report of the selected records.
/FULL
The /FULL qualifier produces a full report of the selected records. The report is directed to the current SYS$OUTPUT device, unless you use the /OUTPUT qualifier to write it to a file. (Note that /OUTPUT is Alpha-only.)Full reports display one screen of information for each selected record. The information displayed, and the way that it is laid out, depend on the type of the record and the data it contains.
The first line shows the event that caused the record to be logged in the accounting file. For example, for a record that was logged when an interactive process terminated, the first line shows INTERACTIVE Process Termination.
For subprocesses, the Owner ID field shows the process identifier (PID) of the parent process.
For records that contain information about DECnet for OpenVMS requests, the three Remote fields identify the remote user and remote node.
The Processor time field shows the total CPU time used. This includes any vector CPU time used. The Vector CPU time field is shown only if vector CPU time has been used.
Vector CPU time is the time that the process was scheduled on a vector-present CPU while that process was a vector consumer. Note that:
- When a process is a vector consumer, it accrues vector CPU time when it is scheduled, even if it does not issue any vector instructions.
- Processes that are scalar consumers or marginal vector consumers do not accrue vector CPU time, even when they are scheduled on vector-present CPUs.
The privilege is shown as two hexadecimal numbers that represent the first and last 32 bits of the 64-bit privilege mask. To translate the privilege bit mask into privileges, refer to the definitions of the symbols that begin PRV$V_ in the $PRVDEF macro in the STARLET library. For example, the $PRVDEF macro defines the PRV$V_READALL symbol to equate to 35. This means that READALL privilege is represented by bit 35 set in the privilege mask.
If you are processing only one file and you are displaying it on your screen, when you do not want to look at any more records, press Ctrl/Z to return to the DCL prompt.
See also the /BINARY qualifier, which copies the selected records to a file, and the /BRIEF and /SUMMARY qualifiers, which produce brief and summary reports of the selected records.
You cannot use the /FULL qualifier with the /BINARY, /BRIEF, or /SUMMARY qualifiers.
#1 |
---|
$ ACCOUNTING /FULL |
This example displays a full report of all the records in the file SYS$MANAGER:ACCOUNTNG.DAT. This example screen shows a record that was logged when an interactive process terminated. The interactive process was created when the user JONES at the node HQ222 entered a SET HOST command to connect to the local node.
INTERACTIVE Process Termination ------------------------------- Username: FISH UIC: [DOC,FISH] Account: DOC Finish time: 23-JAN-2002 15:21:23.83 Process ID: 20A0029B Start time: 23-JAN-2002 15:19:08.28 Owner ID: Elapsed time: 0 00:02:15.55 Terminal name: RTA2: Processor time: 0 00:00:04.14 Remote node addr: 63576 Priority: 4 Remote node name: HQ222 Privilege <31-00>: 00108000 Remote ID: JONES Privilege <63-32>: 00000000 Queue entry: Final status code: 00000001 Queue name: Job name: Final status text: %SYSTEM-S-NORMAL, normal successful completion Page faults: 2043 Direct IO: 159 Page fault reads: 68 Buffered IO: 228 Peak working set: 852 Volumes mounted: 0 Peak page file: 5512 Images executed: 10 Vector CPU time: 0 00:00:0.54 Press RETURN for Next Record >
#2 |
---|
$ ACCOUNTING /FULL /OUTPUT=MYACC |
This example creates the output file MYACC.LIS in the default directory. It processes the file SYS$MANAGER:ACCOUNTNG.DAT, writing a full report of all records to the new output file.
Selects or rejects records for the specified processes.
/IDENT= ([-]pid[,...])
The /IDENT qualifier uses the value of the process identifier (PID) field to select records for processing. This field is present in all records except file backward link and file forward link records. For print job records, it contains the PID of the process that submitted the job.The /IDENT qualifier selects only records that have the specified values in the PID field. If you precede the values with a minus sign, it selects all records except those with the specified values.
See also the /OWNER qualifier, which selects or rejects records for subprocesses created by specified processes.
#1 |
---|
$ ACCOUNTING /IDENT=(25634,045A6B) |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for processes with a PID of 25634 or 045A6B.
#2 |
---|
$ ACCOUNTING /IDENT=(-25634,045A6B) |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for processes with a PID of 25634 or 045A6B.
Selects or rejects records for the specified images.
/IMAGE= ([-]image_name[,...])
The /IMAGE qualifier uses the value of the image name field to select records for processing. This field is present only in records of type IMAGE, and contains the name of the image.Note that the system does not track records of type IMAGE by default. To enable the tracking of IMAGE records, use the SET ACCOUNTING command.
The /IMAGE qualifier selects only records that have the specified values in the image name field. If you precede the values with a minus sign, it selects all records except those with the specified values.
Each image name is a string that gives the file name portion of the image file specification. Do not include the device, directory, or file type.
#1 |
---|
$ ACCOUNTING /IMAGE=DIRECTORY |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for the DIRECTORY.EXE image.
#2 |
---|
$ ACCOUNTING /IMAGE=-DIRECTORY |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for the DIRECTORY.EXE image.
Selects or rejects records for print and batch jobs with the specified job names.
/JOB= ([-]job_name[,...])
The /JOB qualifier uses the value of the job name field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about print and batch jobs, it contains the name of the job.The /JOB qualifier selects only records that have the specified values in the job name field. If you precede the values with a minus sign, it selects all records except those with the specified values.
See also the /QUEUE and /ENTRY qualifiers, which select or reject records for print and batch jobs with specified queue names and queue entry numbers.
#1 |
---|
$ ACCOUNTING /JOB=(MYJOB1,MYJOB2) |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for print or batch jobs named MYJOB1 or MYJOB2.
#2 |
---|
$ ACCOUNTING /JOB=(-MYJOB1,MYJOB2) /FULL |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of all records except those for print or batch jobs named MYJOB1 or MYJOB2.
Outputs informational messages.
/LOG
The /LOG qualifier outputs these informational messages to the current SYS$OUTPUT device:
- For each file processed, the name of the file and the number of records selected and rejected from that file
- If you use the /SORT qualifier, the total number of records merged in the sort (this is the total number of records selected from all the files that were processed)
- If you process more than one file, the total number of files that were processed, and the total number of records selected and rejected
$ ACCOUNTING MYFILE1.DAT,MYFILE2.DAT /TYPE=PRINT /SORT=USER /OUTPUT=OUTFILE
|
This example processes two accounting files. It writes a brief report of all the records for print jobs, sorted in user name order, to an output file and displays informational messages that tell you which files were processed and how many records were selected and rejected.
Selects or rejects records for DECnet for OpenVMS requests made by the specified nodes.
/NODE= ([-]node_name[,...])
The /NODE qualifier uses the value of the remote node name field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about DECnet for OpenVMS requests, it contains the name of the node that made the request.The /NODE qualifier selects only records that have the specified values in the remote node name field. If you precede the values with a minus sign, it selects all records except those with the specified values.
Do not include the double colon (::) after the name of the node.
See also the /ADDRESS and /REMOTE_ID qualifiers, which select or reject records for DECnet for OpenVMS requests made by specified node addresses and remote IDs respectively.
#1 |
---|
$ ACCOUNTING /NODE=HQ291 /FULL |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of all records for DECnet for OpenVMS requests made by the node HQ291.
#2 |
---|
$ ACCOUNTING /NODE=(-HQ222,HQ223) |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for DECnet for OpenVMS requests made by the nodes HQ222 or HQ223.
Specifies the output file.Requires read and write access to the directory in which the output file is created.
/OUTPUT [=filespec]
The /OUTPUT qualifier creates the specified output file and writes the report or copies the selected records to that file.If you omit the /OUTPUT qualifier, or you use the /OUTPUT qualifier and omit the file specification, the report or selected records are output to the current SYS$OUTPUT device.
If the file specification does not include the device or directory name, your current default device or directory is used. If you omit the file name, the file name of the first input file is used (the first file listed in the parameter to the ACCOUNTING command). If you omit the file type, the default file type is .LIS if you are producing reports, and .DAT if you are copying records.
#1 |
---|
$ ACCOUNTING MYFILE1.DAT,MYFILE2.DAT /SORT=USER /BINARY /OUTPUT=.NEW |
This example creates the output file MYFILE1.NEW in the default directory. It processes two accounting files, MYFILE1.DAT and MYFILE2.DAT, sorting their records in user name order, then copies these records to the new output file.
#2 |
---|
$ ACCOUNTING MYFILE1.NEW /FULL /OUTPUT=MYDISK:[ACCOUNTING]STAT |
This example creates the output file MYDISK:[ACCOUNTING]STAT.LIS, and writes a full report of all the records in MYFILE1.NEW to the new output file.
Selects or rejects records for subprocesses created by the specified processes.
/OWNER= ([-]owner_pid[,...])
The /OWNER qualifier uses the value of the process owner field to select records for processing. This field is present in all records except file backward link and file forward link records. For a subprocess, this field contains the process identifier (PID) of the process that created it.The /OWNER qualifier selects only records that have the specified values in the process owner field. If you precede the values with a minus sign, it selects all records except those with the specified values.
See also the /IDENT qualifier, which selects or rejects records for specified processes.
$ ACCOUNTING /OWNER=(25634,045A6B) |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for subprocesses created by processes with a PID of 25634 or 045A6B.
Selects or rejects records for the specified priority.
/PRIORITY= ([-]priority[,...])
The /PRIORITY qualifier uses the value of the priority field to select records for processing. This field is present in all records except file backward link and file forward link records. For print and batch job records, this field contains the priority of the job in the print or batch queue. For other records, it contains the base process priority.The /PRIORITY qualifier selects only records that have the specified values in the priority field. If you precede the values with a minus sign, it selects all records except those with the specified values.
$ ACCOUNTING /PRIORITY=3 |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for processes with a base priority of 3 and for print and batch jobs with a queue priority of 3.
Selects or rejects records for the specified types of process.
/PROCESS= ([-]process_type[,...])
process_type[,...]
Specifies which types of process you want to select or reject. The following table shows the keywords available:
Keyword Type of Process BATCH Batch process DETACHED Detached process INTERACTIVE Interactive process NETWORK Network process SUBPROCESS Subprocess of any of the other process types
The /PROCESS qualifier uses the value of the process type field to select records for processing. This field is present only in records of type IMAGE and type PROCESS. For records of type IMAGE, this field contains the type of the process in which the image was executed.The /PROCESS qualifier selects only records that match the specified types of process. If you precede the list with a minus sign, it selects all records except those for the specified types of process.
See also the /TYPE qualifier, which selects or rejects specified types of record.
$ ACCOUNTING /TYPE=IMAGE /PROCESS=INTERACTIVE /FULL |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of the resources used by images running in interactive processes.
Selects or rejects records for print or batch jobs executed by the specified queues.
/QUEUE= ([-]queue_name[,...])
The /QUEUE qualifier uses the value of the queue name field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about print or batch jobs, it contains the name of the queue that executed the job.The /QUEUE qualifier selects only records that have the specified values in the queue name field. If you precede the values with a minus sign, it selects all records except those with the specified values.
See also the /JOB and /ENTRY qualifiers.
$ ACCOUNTING /QUEUE=SYS$MYNODE_BATCH |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for jobs executed by the SYS$MYNODE_BATCH queue.
Copies the rejected records to a new file.Requires read and write access to the directory in which the specified file is created.
/REJECTED =filespec
The /REJECTED qualifier creates the specified file, then copies the records that do not match your selection criteria to this file in binary format. Use the Accounting utility to process this file later.If the file specification does not include the device or directory name, your current default device or directory is used. If you omit the file name, the file name of the first input file is used (the first file listed in the parameter to the ACCOUNTING command). If you omit the file type, .REJ is used.
$ ACCOUNTING /TYPE=PRINT /BINARY /OUTPUT=PRINT_INFO.DAT - _$ /REJECTED=NOT_PRINT_INFO.DAT |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It creates two files, PRINT_INFO.DAT and NOT_PRINT_INFO.DAT, in the default directory. It copies print job records to PRINT_INFO.DAT and all other records to NOT_PRINT_INFO.DAT.
Selects or rejects records for DECnet for OpenVMS requests made by the specified remote IDs.
/REMOTE_ID= ([-]remote_id[,...])
The /REMOTE_ID qualifier uses the value of the remote ID field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about DECnet for OpenVMS requests, this field contains a string that identifies the user who made the request. If the remote process was on an OpenVMS node, this is the user name of the user at the remote node.The /REMOTE_ID qualifier selects only records that have the specified values in the remote ID field. If you precede the values with a minus sign, it selects all records except those with the specified values.
See also the /NODE and /ADDRESS qualifiers, which select or reject records for DECnet for OpenVMS requests made by nodes with specified names and addresses respectively.
$ ACCOUNTING /NODE=HQ223 /REMOTE_ID=SMITH /FULL |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of all the records for DECnet for OpenVMS requests made by user SMITH at the node HQ223.
Specifies the resources that you want to summarize in a summary report.
/REPORT [=(resource[,...])]
resource[,...]
Specifies the resources that you want to summarize in the report. The following table shows the keywords available:
Keyword Description How Summarized BUFFERED_IO 2 Number of buffered I/Os Total DIRECT_IO 2 Number of direct I/Os Total ELAPSED 1, 2 Elapsed time Total EXECUTION 2 Number of images run by the process Total FAULTS 2 Number of hard and soft page faults Total GETS 1 Number of GETs from the file that was printed Total PAGE_FILE 2 Page file usage Maximum PAGE_READS 2 Number of hard page faults Total PAGES 1 Number of pages printed Total PROCESSOR 2 Total CPU time used Total QIOS 1 Number of QIOs to the printer Total RECORDS Number of accounting file records processed Total VECTOR_PROCESSOR 2 Vector CPU time used (see the description of the /FULL qualifier for further details) Total VOLUMES 2 Number of volumes mounted Total WORKING_SET 2 Working set size Maximum
The RECORDS keyword is the default if you omit either the keywords or the /REPORT qualifier. It gives the total number of records for each summary key value.
The /REPORT qualifier specifies the resources that you want to summarize in a summary report. The resources are summarized, either as totals or maximum values, for each summary key value specified by the /SUMMARY qualifier.When a record is processed that does not contain the specified resource field, a default value of 0 is used. For example, if you use the PAGES keyword to summarize the total pages printed, the value of 0 is used for each record that is not of type PRINT.
Note that the resource usage data stored in records of type IMAGE is a subset of the data stored in records of type PROCESS. For example, the CPU time stored in a record of type PROCESS includes the CPU time used by the images executed by that process. To make sure that you do not count the same resource data twice when you are summarizing process resources by totals, use the /TYPE qualifier to exclude records of type IMAGE.
You cannot use the /REPORT qualifier without the /SUMMARY qualifier.
#1 |
---|
$ ACCOUNTING /SUMMARY=IMAGE /REPORT=(RECORDS,PROCESSOR) |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a summary report that shows for each image the number of times it was executed and the total CPU time consumed.
#2 |
---|
$ ACCOUNTING /TYPE=-IMAGE /SUMMARY=USER /REPORT=EXECUTION |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a summary report that shows the total number of images executed by each user. Notice the use of the /TYPE qualifier to exclude records of type IMAGE to avoid double counting.
Selects all records time-stamped at or after the specified time.
/SINCE [=time]
All records in an accounting file are time-stamped with the time the record was logged in the file.The /SINCE qualifier selects only the records time-stamped on or after the specified time. You can specify an absolute time, delta time, or a combination of the two. If you omit the time, 00:00 hours on the current day is used.
See also the /BEFORE qualifier, which selects records time-stamped before a specified time.
$ ACCOUNTING /SINCE=5-JAN-2002 |
This example produces a brief report of all records time-stamped at or after 5-JAN-2002 in the file SYS$MANAGER:ACCOUNTNG.DAT.
Sorts the selected records.
/SORT [=([-]sort_field[,...])]
sort_field[,...]
Specifies the sort key.The following table shows the keywords available. You can specify up to ten sort fields.
Keyword Sorts on This Field ACCOUNT Account ADDRESS Address of the node that made the DECnet for OpenVMS request BUFFERED_IO Number of buffered I/Os DIRECT_IO Number of direct I/Os ELAPSED Elapsed time ENTRY Print or batch job queue entry number EXECUTION Number of images run by the process FAULTS Number of hard and soft page faults FINISHED Time record was logged in the accounting file GETS Number of GETs from the file that was printed IDENT Process identifier (PID) IMAGE Image name (sorts only on file name portion of the image file specification) JOB Name of print or batch job NODE Name of the node that made the DECnet for OpenVMS request OWNER PID of parent process PAGE_FILE Peak page file usage PAGE_READS Number of hard page faults PAGES Number of pages printed PRIORITY Base process priority, or print or batch queue priority PROCESS Type of process PROCESSOR Total CPU time used QIOS Number of QIOs to the printer QUEUE Name of print or batch queue QUEUED Time print job was queued STARTED Start time STATUS Final exit status code TERMINAL Terminal name TYPE Type of record UIC User identification code USER User name at local node VECTOR_PROCESSOR Vector CPU time (see the description of the /FULL qualifier for further details) VOLUMES Number of volumes mounted WORKING_SET Peak working set size For each keyword, see the description of the corresponding Accounting utility qualifier or the table in the /TYPE qualifier section for details of the types of record in which the corresponding field is present.
The /SORT qualifier merges the selected records from each input file (each file listed in the parameter to the ACCOUNTING command) and sorts them using the specified sort key. The records are sorted according to the value of the first sort field in the list, and when two or more records have the same value in this field, they are sorted by the value of the second sort field in the list, and so on.The records are sorted in ascending order of the sort field value. If the keyword is preceded by a minus sign, the records are sorted in descending order.
When you use the /SORT qualifier, records are rejected if they do not contain the sort field. For example, /SORT=IMAGE rejects all records that are not of type IMAGE, because the image name field is only present in records of type IMAGE. Similarly, /SORT=PAGES rejects all records except those for print jobs.
You cannot use the /SORT qualifier with the /SUMMARY qualifier.
#1 |
---|
$ ACCOUNTING /TYPE=PRINT /SORT=USER |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all the records for print jobs and displays them in user name order.
The following example shows the report that is produced:
Date / Time Type Subtype Username ID Source Status ------------------------------------------------------------------------- 14-JAN-2002 09:53:05 PRINT BROWN 20A00193 00040001 13-JAN-2002 13:36:04 PRINT BROWN 20A00442 00000001 13-JAN-2002 12:42:37 PRINT BROWN 20A00442 00000001 13-JAN-2002 14:43:56 PRINT DECNET_MAIL 20A00456 00000001 14-JAN-2002 19:39:01 PRINT DECNET_MAIL 20A00265 00000001 14-JAN-2002 20:09:03 PRINT DECNET_MAIL 20A00127 00000001 14-JAN-2002 20:34:45 PRINT DECNET_MAIL 20A00127 00000001 14-JAN-2002 11:23:34 PRINT FISH 20A0032E 00040001 14-JAN-2002 16:43:16 PRINT JONES 20A00070 00040001 14-JAN-2002 09:30:21 PRINT SMITH 20A00530 00040001
#2 |
---|
$ ACCOUNTING MYFILE1.DAT,MYFILE2.DAT /SORT=IMAGE - _$ /FULL /REJECTED=NON_IMAGE.DAT |
This example processes two files, MYFILE1.DAT and MYFILE2.DAT, to produce a full report of records of type IMAGE, sorted in image name order. It creates the file NON_IMAGE.DAT, and copies all records except those of type IMAGE to that file. Notice that no selection qualifiers are used, and so all records are selected for processing. When the records are sorted, records that do not contain an image name are rejected.
Selects or rejects records with the specified final exit status codes.
/STATUS= ([-]status_code[,...])
The /STATUS qualifier uses the value of the final status code field to select records for processing. This field is present in all records except records of type USER, file backward link records, and file forward link records.The /STATUS qualifier selects only records that have the specified values in the final status code field. If you precede the values with a minus sign, it selects all records except those with the specified values.
See the description of the /BRIEF qualifier for details of how to convert a final exit status code to the equivalent message text.
$ ACCOUNTING /STATUS=10D38064 |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records with a final exit status code of 10D38064.
Produces a summary report of the selected records.
/SUMMARY [=(summary_item[,...])]
summary_item[,...]
Specifies the summary key. The following table lists keywords:
Keyword Description ACCOUNT Account DATE Date DAY Day of month (1--31) HOUR Hour of day (0--23) IMAGE Image name (file name portion of image file specification) JOB Name of print or batch job MONTH Month of year (1--12) NODE Name of the node that issued the DECnet for OpenVMS request PROCESS Process type QUEUE Print or batch job queue name TERMINAL Terminal name TYPE Record type UIC User identification code USER User name WEEKDAY Day of week (0=Sunday, 1=Monday, and so on) YEAR Year If you omit these keywords, the user name is used as the summary key.
The /SUMMARY qualifier produces a summary report of the selected records. The report is directed to the current SYS$OUTPUT device, unless you use the /OUTPUT qualifier to write it to a file.Summary reports give statistical summaries of the resources specified by the /REPORT qualifier for each value of the summary key specified by the /SUMMARY qualifier. If you omit the /REPORT qualifier, the summary report gives the total number of records processed for each summary key value.
The first line of the summary report shows the time span of the data processed (when the first and last records processed were logged in the input files), with a title in the middle. You can use the /TITLE qualifier to specify your own title.
The next few lines of the report are column headings. There is one column for each summary_item, then one column for each resource specified by the /REPORT qualifier. The columns are laid out in the same left-to-right sequence as the equivalent keywords in the /SUMMARY and /REPORT qualifiers.
The rest of the report uses one line for each summary key value. It gives a summary of the resources associated with that summary key value. The data is sorted in ascending order of the summary key value.
See also the /BINARY qualifier, which copies the selected records to a file, and the /BRIEF and /FULL qualifiers, which produce brief and full reports of the selected records.
You cannot use the /SUMMARY qualifier with the /BINARY, /BRIEF, or /FULL qualifiers.
#1 |
---|
$ ACCOUNTING /TYPE=PRINT /SUMMARY=USER /REPORT=(PAGES,RECORDS) |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It processes all the print job records and produces a summary report that shows, for each user, the total number of pages printed and the number of records that were added together to produce this total. This is an example of the report that is produced:
From: 12-JAN-2002 15:55 VAX/VMS Accounting Report To: 15-JAN-2002 15:17 Username Pages Total Printed Records ------------------------------- BROWN 115 2 CROW 3 1 CUTHBERT 20 4 FOSTER 46 1 SMITH 50 3 WHITE 50 7
#2 |
---|
$ ACCOUNTING /SUMMARY=IMAGE /REPORT=(PROCESSOR,RECORDS) |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a summary report that shows the total CPU time used by each image. This is an example of the report that is produced:
From: 12-JAN-2002 15:55 VAX/VMS Accounting Report To: 15-JAN-2002 15:17 Image name Processor Total Time Records ------------------------------------- 0 00:09:09.83 51 ACC 0 00:01:36.72 99 AUTHORIZE 0 00:00:04.17 8 CDU 0 00:00:33.25 21 COPY 0 00:00:05.97 30 DELETE 0 00:00:02.79 12 DIRECTORY 0 00:00:09.67 38 DUMP 0 00:00:04.51 3 EDT 0 00:00:05.85 7 LOGINOUT 0 00:04:03.48 75 NETSERVER 0 00:00:00.63 23 SHOW 0 00:00:04.80 22
Selects or rejects records for interactive sessions at the specified terminals.
/TERMINAL= ([-]terminal_name[,...])
The /TERMINAL qualifier uses the value of the terminal name field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about interactive sessions, this field contains the name of the terminal associated with the session.The /TERMINAL qualifier selects only records that have the specified values in the terminal name field. If you precede the values with a minus sign, it selects all records except those with the specified values.
Give the terminal name as the standard device name and include the colon (:).
$ ACCOUNTING /TERMINAL=TTB3: |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for interactive sessions at the terminal TTB3.
Specifies the title shown on the first line of a summary report.
/TITLE= title
The /TITLE qualifier specifies the title shown in the center of the first line of summary reports. The title is truncated if it is too long. For reports displayed on your screen, the title is truncated if it is longer than (W--56) characters, where W is the width (in characters) of your screen.
$ ACCOUNTING /SUMMARY=IMAGE /TITLE="June Accounting Report" |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a summary report that shows the number of times each image was executed. The title "June Accounting Report" appears at the top of the report.
Selects or rejects the specified types of record.
/TYPE= ([-]record_type[,...])
record_type[,...]
Specifies the types of record that you want to select or reject. The following table shows the keywords available:
Keyword Type of Record Description of Record FILE FILE_BL File backward link. This is the first record in the accounting file. It is logged when the file is created, and contains the name of the previous accounting file. FILE_FL File forward link. This is the last record in the file. It is logged when the file is closed, and contains the name of the next accounting file. IMAGE IMAGE Image termination. It contains details of the resources used by the image. LOGFAIL LOGFAIL Failed attempt to log in. It contains details of the resources used by the login attempt. Print job termination. It contains details of the resources used by the print job. PROCESS PROCESS Process termination. It contains details of the resources used by the process. Note that this includes the resources used by the images executed by that process. SYSINIT SYSINIT System booted. It contains details of resources used to boot the system. UNKNOWN Record not recognized as one of the other types in this table. USER USER Record logged by a program calling the $SNDJBC system service to send an accounting message.
All records in an accounting file contain a type field that contains the type of the record.The /TYPE qualifier selects the specified types of record. If you precede the list with a minus sign, it selects all records except those specified.
See also the /PROCESS qualifier, which selects or rejects records for particular types of process.
#1 |
---|
$ ACCOUNTING /TYPE=PRINT |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for print jobs.
#2 |
---|
$ ACCOUNTING /TYPE=-PRINT |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for print jobs.
Selects or rejects records for the specified UICs.
/UIC= ([-]uic[,...])
The /UIC qualifier uses the value of the UIC field to select records for processing. This field is present in all records except file backward link and file forward link records. It contains the value [SYSTEM] for login failure records where the user did not give a valid user name.The /UIC qualifier selects only records that have the specified values in the UIC field. If you precede the values with a minus sign, it selects all records except those with the specified values.
You can specify the UIC in numeric or alphanumeric format, and can use the asterisk (*) wildcard character.
$ ACCOUNTING /UIC=([360,*],[ADMIN,COTTON]) |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for users in group number 360 or users whose UIC is [ADMIN,COTTON].
Selects or rejects records for the specified user names.
/USER= ([-]user name[,...])
The /USER qualifier uses the value of the user name field to select records for processing. This field is present in all records except file backward link and file forward link records. It contains the value <login> for login failure records where the user did not give a valid user name.The /USER qualifier selects only records that have the specified values in the user name field. If you precede the values with a minus sign, it selects all records except those with the specified values.
#1 |
---|
$ ACCOUNTING /USER=SMITH |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for the user SMITH.
#2 |
---|
$ ACCOUNTING /USER=(-SMITH,JONES) |
This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all the records except for those of the users SMITH and JONES.
Changes the width of Buffered I/O and Direct I/O fields in a report from 8 to 10 characters.
/WIDE
The /WIDE qualifier corrects a problem that users have had with ACCOUNTING reports: the Buffered I/O and Direct I/O fields were too small and displayed asterisks (*) when numbers exceeded 8 characters.The /WIDE qualifier changes the widths of the Buffered I/O and Direct I/O fields in reports to 10 characters.
$ ACCOUNTING /PROC=BATCH /TYP=PROC - /REPORT=(RECORDS,PROCESSOR,DIRECT_IO,BUFFER) - /SUMM=MONTH /SIN=1-JAN /WIDE
|
Without the /WIDE qualifier, the Direct I/O or Buffered I/O fields print ***** if the field overflows. With the /WIDE qualifier, these fields print correctly.
3.1 ANALYZE/DISK_STRUCTURE Description
You can use the Analyze/Disk_Structure utility (ANALYZE/DISK_STRUCTURE)
in two important ways:
These two uses are explained in the following sections.
ANALYZE/DISK_STRUCTURE detects problems on On-Disk Structure (ODS) Levels 1, 2, and 5 Files--11 disks; hardware errors, system errors, or user errors can cause these problems. By using ANALYZE/DISK_STRUCTURE to identify and delete lost files and files marked for deletion, you can reclaim disk space.
ANALYZE/DISK_STRUCTURE performs the verification of a volume or volume set in eight distinct stages. During these stages, ANALYZE/DISK_STRUCTURE collects information used in reporting errors or performing repairs. However, ANALYZE/DISK_STRUCTURE repairs volumes only when you specify the /REPAIR qualifier. For a complete description of each of the eight stages, and an annotated example of an ANALYZE/DISK_STRUCTURE session, refer to Appendix D.
ANALYZE/DISK_STRUCTURE allocates virtual memory to hold copies of the index file and storage bitmaps. With larger bitmaps introduced in OpenVMS Version 7.2, the virtual memory requirements increase correspondingly. To use this utility on volumes with large bitmaps, you might need to increase your page file quota. On OpenVMS VAX systems, you might also need to increase the system parameter VIRTUALPAGECNT.
Virtual memory size requirements for the bitmaps are in VAX pages (or Alpha 512-byte pagelets) per block of bitmap. Note that the size of the index file bitmap in blocks is the maximum number of files divided by 4096. For ANALYZE/DISK_STRUCTURE, this requirement is the sum of the following across the entire volume set:
The ANALYZE/DISK_STRUCTURE/SHADOW command is especially useful if a shadow set was initialized with the INITIALIZE/SHADOW command but without the /ERASE qualifier.
Another use of the ANALYZE/DISK_STRUCTURE/SHADOW command is if an error is logged on a member device, and you do not know whether the error was caused by a disk error or by some other hardware component such as a disk controller or cable. When you use the ANALYZE/DISK_STRUCTURE/SHADOW command, every block of every member is read and compared.
Refer to the Section 3.1.2 and to the /SHADOW qualifier documentation
for further details.
3.1.1 Disk Error Reporting and Repair
You can invoke the Analyze/Disk_Structure utility to operate in any of the following three modes for disks errors:
By default, ANALYZE/DISK_STRUCTURE reports errors, but does not make repairs. For example, use the following command to report all errors on device DBA1:
$ ANALYZE/DISK_STRUCTURE DBA1: |
When you issue this command, ANALYZE/DISK_STRUCTURE runs through eight stages of data collection, then, by default, prints a list of all errors and lost files to your terminal. One type of problem that ANALYZE/DISK_STRUCTURE locates is an invalid directory backlink; a backlink is a pointer to the directory in which a file resides. If your disk has a file with an invalid directory backlink, ANALYZE/DISK_STRUCTURE displays the following message and the file specification to which the error applies:
%VERIFY-I-BACKLINK, incorrect directory back link [SYSEXE]SYSBOOT.EXE;1 |
To instruct ANALYZE/DISK_STRUCTURE to repair the errors that it detects, use the /REPAIR qualifier. For example, the following command reports and repairs all errors on the DBA1 device:
$ ANALYZE/DISK_STRUCTURE DBA1:/REPAIR |
To select which errors ANALYZE/DISK_STRUCTURE repairs, use both the /REPAIR and /CONFIRM qualifiers:
$ ANALYZE/DISK_STRUCTURE DBA1:/REPAIR/CONFIRM |
When you issue this command, ANALYZE/DISK_STRUCTURE displays a description of each error and prompts you for confirmation before making a repair. For example, the previous command might produce the following messages and prompts:
%VERIFY-I-BACKLINK, incorrect directory back link [SYS0]SYSMAINT.DIR;1 |
Repair this error? (Y or N): Y |
%VERIFY-I-BACKLINK, incorrect directory back link [SYSEXE]SYSBOOT.EXE;1] |
Repair this error? (Y or N): N |
Consider running ANALYZE/DISK_STRUCTURE twice for each volume. First, invoke the utility to report all errors. Evaluate the errors and decide on an appropriate action. Then invoke the utility again with the /REPAIR qualifier to repair all errors, or with the /REPAIR and /CONFIRM qualifiers to repair selected errors.
For message descriptions, use the online Help Message (MSGHLP) utility or refer to the OpenVMS system messages documentation.
A lost file is a file that is not linked to a directory. Under normal circumstances, files do not become lost. However, files occasionally become lost because of disk corruption, hardware problems, or user error. For example, in cleaning up files and directories, you might inadvertently delete directories that still point to files. When you delete a directory file (a file with the file type .DIR) without first deleting its subordinate files, the files referred to by that directory become lost files. Though lost, these files remain on the disk and consume space.
When you run ANALYZE/DISK_STRUCTURE specifying the /REPAIR qualifier, the utility places lost files in SYSLOST.DIR.
For example, to report and repair all errors and lost files found on the device DDA0, issue the following command:
$ ANALYZE/DISK_STRUCTURE/REPAIR/CONFIRM DDA0: |
If it discovers lost files on your disk, ANALYZE/DISK_STRUCTURE issues messages similar to those that follow:
%VERIFY-W-LOSTHEADER, file (16,1,1) []X.X;1 not found in a directory %VERIFY-W-LOSTHEADER, file (17,1,1) []Y.Y;1 not found in a directory %VERIFY-W-LOSTHEADER, file (18,1,1) []Z.Z;1 not found in a directory %VERIFY-W-LOSTHEADER, file (19,1,1) []X.X;2 not found in a directory %VERIFY-W-LOSTHEADER, file (20,1,1) []Y.Y;2 not found in a directory %VERIFY-W-LOSTHEADER, file (21,1,1) []Z.;1 not found in a directory %VERIFY-W-LOSTHEADER, file (22,1,1) []Z.;2 not found in a directory %VERIFY-W-LOSTHEADER, file (23,1,1) LOGIN.COM;163 not found in a directory %VERIFY-W-LOSTHEADER, file (24,1,1) MANYACL.COM;1 not found in a directory |
All lost files in this example are automatically moved to SYSLOST.DIR.
When you initialize a volume, the initialize operation might not erase old home blocks. These are blocks that were created by previous initialize operations. If a volume that has old home blocks is damaged, you may not be able to recover the volume without erasing the blocks.
You can erase old home blocks manually by using the /HOMEBLOCKS qualifier on the ANALYZE/DISK_STRUCTURE command as follows:
$ ANALYZE/DISK_STRUCTURE/REPAIR/HOMEBLOCKS |
Note that this operation can take up to 30 minutes to complete.
By default, the Analyze/Disk_Structure utility directs all output to your terminal. If you prefer, you can use the /LIST qualifier to generate a file containing the following information for each file on the disk:
To generate a disk usage accounting file, use the /USAGE qualifier. The first record of the file, called the identification record, contains a summary of disk and volume characteristics. The identification record is followed by a series of summary records; one summary record is created for each file on the disk. A summary record contains the owner, size, and name of the file.
For more information about the disk usage accounting file, see
Appendix E.
3.1.2 Detecting Shadow Set Errors
When you enter the ANALYZE/DISK_STRUCTURE/SHADOW command, the system checks for shadow set discrepancies---to ensure that every block on the disk is identical. A discrepancy is a block that should be the same on all members but is not. For example, when a WRITE is executed, it might not be written to all of the members when the ANALYZE/DISK/SHADOW processes it.
If a discrepancy is found, a clusterwide WRITE lock is taken on the shadow set, and the questionable blocks are reread. Then either one of two actions occurs:
The Analyze/Disk_Structure utility checks the readability and validity of Files--11 Structure Levels 1, 2, and 5 disk volumes, and reports errors and inconsistencies. You can detect most classes of errors by invoking the utility once and using its defaults.
ANALYZE/DISK_STRUCTURE device-name:[/qualifier]
Usage Summary Use the following command to invoke the utility:device-name
Specifies the disk volume or volume set to be verified. If you specify a volume set, all volumes of the volume set must be mounted as Files--11 volumes. For information about the Mount utility, refer to the MOUNT documentation in this manual.
ANALYZE/DISK_STRUCTURE device-name: /qualifiers |
To terminate an ANALYZE/DISK_STRUCTURE session, press Ctrl/C or Ctrl/Y while the utility executes. You cannot resume a session by using the DCL command CONTINUE.
By default, ANALYZE/DISK_STRUCTURE directs all output to your terminal. Use the /USAGE or /LIST qualifiers to direct output to a file.
To repair a disk effectively, you must have read, write, and delete access to all files on the disk. To effectively scan a disk (/NOREPAIR), you must have read access to all files on the disk. You must also have write access to INDEXF.SYS to force the flushing of the caches for this file. You must also have write access to BITMAP.SYS for the same reason: to force the flushing of the caches for this file. (You need write access to QUOTA.SYS only if the volume is running disk quotas.)
For a complete explanation of file access, refer to the HP OpenVMS Guide to System Security.
You can safely use ANALYZE/DISK_STRUCTURE on a disk that is concurrently being used for other file operations. If you specify /REPAIR, the utility locks the volume before performing any operations; this blocks volume modification. Because other users cannot create, delete, extend, or truncate files, repair operations are unimpeded and the volume is left in a consistent state.
If you specify /NOREPAIR, the volume is not locked; the utility does
not attempt to write to the disk. However, if users perform file
operations while you run the utility, you may receive error messages
that incorrectly indicate file damage. To avoid this problem, HP
recommends that you run ANALYZE/DISK_STRUCTURE when the disk is in a
quiescent state.
3.3 ANALYZE/DISK_STRUCTURE Qualifiers
This section describes and provides examples of each ANALYZE/DISK_STRUCTURE qualifier. The following table summarizes the qualifiers:
Qualifier | Description |
---|---|
/CONFIRM | Determines whether ANALYZE/DISK_STRUCTURE prompts you to confirm each repair |
/HOMEBLOCKS | Erases damaged home blocks on an initialized volume |
/LIST[=filespec] | Determines whether ANALYZE/DISK_STRUCTURE produces a listing of the index file |
/LOCK_VOLUME | (Alpha only) Prevents updates to a volume while you are analyzing it |
/OUTPUT[=filespec] | Specifies the output file to which ANALYZE/DISK_STRUCTURE writes the disk structure errors |
/READ_CHECK | Determines whether ANALYZE/DISK_STRUCTURE performs a read check of all allocated blocks on the specified disk |
/RECORD_ATTRIBUTES | Determines whether ANALYZE/DISK_STRUCTURE repairs files containing erroneous settings in the record attributes section of their associated file attribute block (FAT) |
/REPAIR | Determines whether ANALYZE/DISK_STRUCTURE repairs errors that are detected in the file structure of the specified device |
/SHADOW | Causes the entire contents of a shadow set or a specified range of blocks in a shadow set to be checked for discrepancies. |
/STATISTICS | Produces statistical information about the volume under verification and creates a file, STATS.DAT, which contains per-volume statistics |
/USAGE[=filespec] | Specifies that a disk usage accounting file should be produced, in addition to the other specified functions of ANALYZE/DISK_STRUCTURE |
Determines whether the Analyze/Disk_Structure utility prompts you to confirm each repair. If you respond with Y or YES, the utility performs the repair. Otherwise, the repair is not performed.
/CONFIRM/NOCONFIRM
You can use the /CONFIRM qualifier only with the /REPAIR qualifier. The default is /NOCONFIRM.
$ ANALYZE/DISK_STRUCTURE DBA0:/REPAIR/CONFIRM %VERIFY-I-BACKLINK, incorrect directory back link [SYS0]SYSMAINT.DIR;1 Repair this error? (Y or N): Y %VERIFY-I-BACKLINK, incorrect directory back link [SYSEXE]SYSBOOT.EXE;1 Repair this error? (Y or N): N |
The command in this example causes the Analyze/Disk_Structure utility to prompt you for confirmation before performing the indicated repair operation.
Erases home blocks from a volume whose home blocks were not deleted during previous initialization operations.
/HOMEBLOCKS
You can use the /HOMEBLOCKS qualifier only with the /REPAIR qualifier. The operation can take 30 minutes to complete.
$ ANALYZE/DISK_STRUCTURE DBA0:/REPAIR/HOMEBLOCKS |
The command in this example causes the Analyze/Disk_Structure utility to erase home blocks on DBA0.
Determines whether the Analyze/Disk_Structure utility produces a listing of the index file.
/LIST
[=filespec]/NOLIST
If you specify /LIST, the utility produces a file that contains a listing of all file identifications (FIDs), file names, and file owners. If you omit the file specification, the default is SYS$OUTPUT. If you include a file specification without a file type, the default type is .LIS. You cannot use wildcard characters in the file specification.The default is /NOLIST.
$ ANALYZE/DISK_STRUCTURE DLA2:/LIST=INDEX $ TYPE INDEX Listing of index file on DLA2: 31-OCT-2002 20:54:42.22 (00000001,00001,001) INDEXF.SYS;1 [1,1] (00000002,00002,001) BITMAP.SYS;1 [1,1] (00000003,00003,001) BADBLK.SYS;1 [1,1] (00000004,00004,001) 000000.DIR;1 [1,1] (00000005,00005,001) CORIMG.SYS;1 [1,1] . . . $ |
In this example, ANALYZE/DISK_STRUCTURE did not find errors on the device DLA2. Because the file INDEX was specified without a file type, the system assumes a default file type of .LIS. The subsequent TYPE command displays the contents of the file INDEX.LIS.
Prevents updates to a volume while you are analyzing it.
/LOCK_VOLUME/NOLOCK_VOLUME
/LOCK_VOLUME provides a way to prevent file system activity on a volume while you are using the ANALYZE/DISK_STRUCTURE utility on that volume. This qualifier operates the same way as /REPAIR does: it software write-locks the file structure while the utility is running. (The qualifier does not, however, affect any repairs on the volume.) The default is /NOLOCK_VOLUME.Using this qualifier reduces the number of false error messages that might occur when you run the utility on an active volume. /LOCK_VOLUME stops the activity of applications that open, close, or modify files on the target volume for the period the utility is running.
Note
Be careful about using this qualifier, especially for volumes that contain active system files such as SYSUAF or RIGHTSLIST.
$ ANALYZE/DISK_STRUCTURE DBA1:/LOCK_VOLUME |
The command in this example stops file system activity on DBA1: while ANALYZE/DISK_STRUCTURE is running.
Specifies the output file to which the Analyze/Disk_Structure utility is to write the disk structure errors.
/OUTPUT[=filespec]/NOOUTPUT[=filespec]
Specifies the output file for the disk structure errors. If you omit the /OUTPUT file specification, output is directed to SYS$OUTPUT. If /NOOUTPUT is specified, no disk structure errors are displayed. If the /CONFIRM qualifier is specified, output is forced to SYS$OUTPUT regardless of whether this qualifier is used.
Determines whether the Analyze/Disk_Structure utility performs a read check of all allocated blocks on the specified disk. When the Analyze/Disk_Structure utility performs a read check, it reads the disk twice; this ensures that it reads the disk correctly. The default is /NOREAD_CHECK.
/READ_CHECK/NOREAD_CHECK
$ ANALYZE/DISK_STRUCTURE DMA1:/READ_CHECK |
The command in this example directs ANALYZE/DISK_STRUCTURE to perform a read check on all allocated blocks on the device DMA1.
Determines whether the Analyze/Disk_Structure utility repairs files containing erroneous settings in the record attributes section of their associated file attribute block (FAT).
/RECORD_ATTRIBUTES
You can use the /RECORD_ATTRIBUTES qualifier with the /REPAIR qualifier. If attribute repair is enabled during the repair phase, erroneous bits are cleared from a file's record attributes. This action might not correctly set a file's record attributes as it is beyond the scope of this utility to determine their correct values.HP recommends that system managers not perform an attribute repair; instead, they should notify the owners of the files about the inconsistencies and have the owners reset the files' attributes using the SET FILE/RECORD_ATTRIBUTES=({record-attributes}) command.
$ ANALYZE/DISK_SYS$SYSDEVICE: %ANALDISK-I-BAD_RECATTR, file (2930,1,1) [USER]ATTRIBUTES.DAT;13 file record format: Variable inconsistent file attributes: Bit 5 %ANALDISK-I-BAD_RECATTR, file (2931,1,1) [USER]ATTRIBUTES.DAT;14 file record format: Variable inconsistent file attributes: FORTRAN carriage control, Bit 5 %ANALDISK-I-BAD_RECATTR, file (2932,1,1) [USER]ATTRIBUTES.DAT;15 file record format: Variable inconsistent file attributes: Implied carriage control, Bit 5 %ANALDISK-I-BAD_RECATTR, file (2933,1,1) [USER]ATTRIBUTES.DAT;16 file record format: Variable inconsistent file attributes: Non-spanned, Bit 5 %ANALDISK-I-BAD_RECATTR, file (2934,1,1) [USER]ATTRIBUTES.DAT;17 file record format: Variable inconsistent file attributes: FORTRAN carriage control, Non-spanned, Bit 5 |
Determines whether the Analyze/Disk_Structure utility repairs errors that are detected in the file structure of the specified device.
/REPAIR/NOREPAIR
The Analyze/Disk_Structure utility does not perform any repair operation unless you specify the /REPAIR qualifier. The file structure is software write-locked during a repair operation. The default is /NOREPAIR.To effectively scan a disk (/NOREPAIR), you must have read access to all files on the disk. You must also have write access to INDEXF.SYS to force the flushing of the caches for this file. You must also have write access to BITMAP.SYS for the same reason: to force the flushing of the caches for this file. (You need write access to QUOTA.SYS only if the volume is running disk quotas.)
$ ANALYZE/DISK_STRUCTURE DBA1:/REPAIR |
The command in this example causes ANALYZE/DISK_STRUCTURE to perform a repair on all errors found in the file structure of device DBA1.
Examines the entire contents of a shadow set or a specified range of blocks in a shadow set for discrepancies.
/SHADOW
None.
/BLOCKS={(START:n, COUNT:x, END:y,) FILE_SYSTEM, ALL}
Directs the system to compare only the range specified. The options are the following:
START: n Number of the first block to be analyzed. The default is the first block. COUNT: x Number of blocks to be analyzed. You can use this option in combination with or instead of the END option. END: y Number of the last block to be analyzed. The default is the last block of the volume. FILE_SYSTEM Blocks currently in use by valid files on the disk. This is the default. ALL All blocks on the disk. You can specify START,END,COUNT and either ALL or FILE_SYSTEM. For example, if you specify /BLOCKS=(START,END,COUNT:100,ALL), the software checks the first 100 blocks on the disk, whether or not the file system is using them.
If you specify /BLOCKS=(START,END,COUNT:100,FILE_SYSTEM), the software checks only those blocks that valid files on the disk are using.
/BRIEF
Displays only the logical block number (LBN) if the data in a block is found to be different. Without this qualifier, if differences exist for an LBN, the hexadecimal data of that block will be displayed for each member./IGNORE
[NO]IGNORE
Ignore "special" files that are likely to have some blocks with different data. These differences, however, are not unusual and can, therefore, be ignored.Other special files are the following:
SWAPFILE*.*
PAGEFILE*.*
SYSDUMP.DMP
SYS$ERRLOG.DMPIGNORE is the default.
/OUTPUT=filename
Output the information to the specified file./STATISTICS
Display only the file header and footer. The best use of this qualifier is with the /OUTPUT qualifier.
When you enter the ANALYZE/DISK_STRUCTURE/SHADOW command, the system checks for shadow set discrepancies. If a discrepancy is found, a clusterwide WRITE lock is taken on the shadow set, and the questionable blocks are reread. Then either one of two actions occurs:
- If a discrepancy is still present on the second read, the system displays the file name on the screen. The system also dumps the data block containing the discrepancy to the screen or to a file if you specify the /OUTPUT qualifier.
- If no discrepancy is found on the second read, the system considers the error to be a transient one (for example, a WRITE to that disk block was in progress).
See Section 3.1.2 for more details.
$ ANALYZE/DISK_STRUCTURE/SHADOW/BRIEF/BLOCKS=COUNT:1000 dsa716: Starting to check _DSA716: at 14-MAY-2002 13:42:52.43 Members of shadow set _DSA716: are _$252$MDA0: _$252$DUA716: and the number of blocks to be compared is 1000. Checking LBN #0 (approx 0%) Checking LBN #127 (approx 12%) Checking LBN #254 (approx 25 %) Checking LBN #381 (approx 38%) Checking LBN #508 (approx 50%) Checking LBN #635 (approx 63%) Checking LBN #762 (approx 76%) Checking LBN #889 (approx 88%) Run statistics for _DSA716: are as follows: Finish Time = 14-MAY-2002 13:42:52.73 ELAPSED TIME = 0 00:00:00.29 CPU TIME = 0:00:00.02 BUFFERED I/O COUNT = 10 DIRECT I/O COUNT = 16 Failed LBNs = 0 Transient LBN compare errors = 0 $ |
The command in this example causes ANALYZE/DISK_STRUCTURE/SHADOW to examine the first 1000 blocks of the DSA716: virtual unit to ensure that the device $252$MDAO: and $252$DUA716: have identical data in those blocks.
Produces statistical information about the volume under verification and creates a file, STATS.DAT, which contains per-volume statistics.
/STATISTICS
The following information is placed in the STATS.DAT file:
- The number of ODS-2 and ODS-5 headers on the volume
- The number of special headers on ODS-5 volumes
- The distribution of file name lengths
- The distribution of extension header chain lengths
- The distribution of header identification area free space
- The distribution of header map area and ACL area free space
- The totals of header space that is in use and header space that is not in use
$ ANALYZE/DISK_STRUCTURE MDA2000: /STATISTICS |
The OpenVMS Alpha volume in this example, which is on device MDA2000:, has been converted from ODS-2 to ODS-5 using the SET VOLUME command. The STATS.DAT file created contains the following information:
********** Statistics for volume 001 of 001 ********** Volume is ODS level 5. Volume has 00000004 ODS-2 primary headers. Volume has 00000003 ODS-5 primary headers. Volume has 00000000 ODS-5 -1 segnum headers. 00000001 filenames of length 009 bytes. 00000002 filenames of length 011 bytes. 00000001 filenames of length 013 bytes. 00000002 filenames of length 015 bytes. 00000001 filenames of length 073 bytes. 00000007 extension header chains of length 00000. 00000001 ODS-2 headers have 071 ident area free bytes. 00000001 ODS-2 headers have 073 ident area free bytes. 00000001 ODS-2 headers have 075 ident area free bytes. 00000001 ODS-2 headers have 077 ident area free bytes. Total ODS-2 ident area free bytes is 00000296. 00000001 ODS-5 headers have 001 ident area free bytes. 00000001 ODS-5 headers have 029 ident area free bytes. 00000001 ODS-5 headers have 033 ident area free bytes. Total ODS-5 ident area free bytes is 00000063. 00000001 headers have 277 free bytes in total. 00000001 headers have 335 free bytes in total. 00000001 headers have 339 free bytes in total. 00000001 headers have 377 free bytes in total. 00000001 headers have 379 free bytes in total. 00000001 headers have 381 free bytes in total. 00000001 headers have 383 free bytes in total. Total header area in bytes is 00003584. Total header area free bytes is 00002791. Total header area used bytes is 00000793.
Specifies that a disk usage accounting file should be produced, in addition to the other specified functions of the Analyze/Disk_Structure utility.
/USAGE
[=filespec]
If all or part of the file specification is omitted, ANALYZE/DISK_STRUCTURE assumes a default file specification of USAGE.DAT. The file is placed in the current default directory.
$ ANALYZE/DISK_STRUCTURE DBA1:/USAGE $ DIRECTORY USAGE Directory DISK$DEFAULT:[ACCOUNT] USAGE.DAT;1 Total of 1 file. |
The first command in this example causes ANALYZE/DISK_STRUCTURE to produce a disk usage accounting file. Because a file specification was not provided in the command line, ANALYZE/DISK_STRUCTURE uses both the default file name and directory [ACCOUNT]USAGE.DAT. The DIRECTORY command instructs the system to display all files with a file name of usage in the current directory. The OpenVMS Alpha device in this example, MDA2000:, has been converted from ODS-2 to ODS-5 using the SET VOLUME command.
4.1 ANALYZE/AUDIT Description
The Audit Analysis utility (ANALYZE/AUDIT) is a system management tool
that enables system managers or site security administrators to produce
reports from security audit log files.
The OpenVMS operating system automatically audits a limited number of events, such as changes to the authorization database and use of the SET AUDIT command. Depending on your site's requirements, you may want to enable other forms of reporting. However, collecting security audit messages is useful only if you develop and implement a procedure to periodically review the audit log file for suspicious activity. Use ANALYZE/AUDIT to examine the data in security audit log files or security archive files.
The ANALYZE/AUDIT command's different qualifiers allow you to specify the type of information the utility extracts from the security audit log file. The utility can produce an audit report in a variety of formats and direct a report to a file or a terminal.
A description of the format of the auditing messages written to the security auditing file appears in Appendix F.
In a mixed-version cluster, an audit log file contains entries from systems running different versions of the operating system. To analyze the log file, you must invoke the Audit Analysis utility (ANALYZE/AUDIT) from a node running Version 6.1 or later.
For information about how to generate audit messages records and how to
use ANALYZE/AUDIT, refer to the HP OpenVMS Guide to System Security.
4.2 ANALYZE/AUDIT Usage Summary
The Audit Analysis utility (ANALYZE/AUDIT) processes event messages in security audit log files to produce reports of security-related events on the system.
ANALYZE/AUDIT [file-spec[,...]]
file-spec[,...]
Specifies one or more security audit log files as input to ANALYZE/AUDIT. If you specify more than one file name, separate the names with commas.If you omit the file-spec parameter, the utility searches for the default audit log file SECURITY.AUDIT$JOURNAL.
The default audit log file is created in the SYS$COMMON:[SYSMGR] directory. To use the file, specify SYS$MANAGER on the ANALYZE/AUDIT command line. If you do not specify a directory, the utility searches for the file in the current directory.
You can include wildcard characters, such as the asterisk (*) or percent sign (%), in the file specification.
The audit log file can be located in any directory. To display the current location, use the DCL command SHOW AUDIT/ALL.
Use the DCL command ANALYZE/AUDIT to analyze security audit log files or security archive files. An ANALYZE/AUDIT command line can specify the name of one or more log files, as follows:
ANALYZE/AUDIT [file-spec,...]You can also use the ANALYZE/AUDIT command to extract security event messages from security archive files or from binary files (created with previous ANALYZE/AUDIT commands).
Each ANALYZE/AUDIT request runs until the log file is completely processed. You can interrupt the processing to modify the display or to change position in the report if you activate command mode by pressing Ctrl/C. To terminate an ANALYZE/AUDIT request before completion, press Ctrl/Z.
You can direct ANALYZE/AUDIT output to any supported terminal device or to a disk or tape file by specifying the file specification as an argument to the /OUTPUT qualifier. By default, the output is directed to SYS$OUTPUT.
Use of ANALYZE/AUDIT requires no special privileges other than access to the files specified in the command line.
This section describes ANALYZE/AUDIT and provides examples of each qualifier. The following table summarizes the ANALYZE/AUDIT qualifiers:
Qualifier | Description |
---|---|
/BEFORE | Controls whether records dated earlier than the specified time are selected |
/BINARY | Controls whether output is a binary file |
/BRIEF | Controls whether a brief, single-line record format is used in ASCII displays |
/EVENT_TYPE | Selects the classes of events to be extracted from the security log file |
/FULL | Controls whether a full format is used in ASCII displays |
/IGNORE | Excludes records from the report that match the specified criteria |
/INTERACTIVE | Controls whether interactive command mode is enabled when ANALYZE/AUDIT is invoked |
/OUTPUT | Specifies where to direct output from ANALYZE/AUDIT |
/PAUSE | Specifies the length of time each record is displayed in a full format display |
/SELECT | Specifies the criteria for selecting records |
/SINCE | Indicates that the utility must operate on records dated with the specified time or after the specified time |
/SUMMARY | Specifies that a summary of the selected records be produced after all records are processed |
Controls whether records dated earlier than the specified time are selected.
/BEFORE [=time]/NOBEFORE
time
Specifies the time used to select records. Records dated earlier than the specified time are selected. You can specify an absolute time, delta time, or a combination of the two. Observe the syntax rules for date and time described in the OpenVMS User's Manual.
By default, all records in the security audit log file may be examined. You must specify /BEFORE to exclude records created after a specific point in time.
#1 |
---|
$ ANALYZE/AUDIT /BEFORE=25-NOV-2002 - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example selects all records dated earlier than November 25, 2002.
#2 |
---|
$ ANALYZE/AUDIT /BEFORE=14:00/SINCE=12:00 - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example selects all records generated between noon and 2 P.M. today.
Controls whether output is a binary file.
/BINARY/NOBINARY
None.
When you use /BINARY, the output file you specify with the /OUTPUT qualifier contains image copies of the selected input records. If you specify /NOBINARY or omit the qualifier, the output file contains ASCII records.By default, if you specify /BINARY and do not include the /OUTPUT qualifier, an output file named AUDIT.AUDIT$JOURNAL is created.
The /BINARY, /BRIEF, and /FULL qualifiers cannot be used in combination.
$ ANALYZE/AUDIT /BINARY/SINCE=TODAY/OUTPUT=25OCT00.AUDIT - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example selects all audit records generated today and writes the records in binary format to 25OCT00.AUDIT.
Controls whether a brief, single-line record format is used in ASCII displays.
/BRIEF (default)
None.
By default, records are displayed in the brief format. You must specify /FULL to have the full contents of each selected audit event record displayed.The /BINARY, /BRIEF, and /FULL qualifiers cannot be used in combination.
$ ANALYZE/AUDIT /OUTPUT=AUDIT.LIS - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example produces an ASCII file in brief format by default. The report is written to the AUDIT.LIS file.
Selects the classes of events to be extracted from the security log file. If you omit the qualifier or specify the ALL keyword, the utility includes all enabled event classes in the report.
/EVENT_TYPE=(event-type[,...])
event type[,...]
Specifies the classes of events used to select records. You can specify any of the following event types:
[NO]ACCESS Access to an object, such as a file [NO]ALL All event types [NO]AUDIT Use of the SET AUDIT command [NO]AUTHORIZATION Change to the authorization database (SYSUAF.DAT, RIGHTSLIST.DAT, NETPROXY.DAT, or NET$PROXY.DAT) [NO]BREAKIN Break-in detection [NO]CONNECTION Establishment of a network connection through the System Management utility (SYSMAN), DECwindows, or interprocess communication (IPC) software or DECnet Phase IV (VAX only) [NO]CREATE Creation of an object [NO]DEACCESS Completion of access to an object [NO]DELETE Deletion of an object [NO]INSTALL Modification of the known file list with the Install utility (INSTALL) [NO]LOGFAIL Unsuccessful login attempt [NO]LOGIN Successful login [NO]LOGOUT Successful logout [NO]MOUNT Execution of DCL commands MOUNT or DISMOUNT [NO]NCP Modification of the DECnet network configuration databases [NO]NETPROXY Modification of the network proxy authorization file (NETPROXY.DAT or NET$PROXY.DAT) [NO]PRIVILEGE Privilege auditing [NO]PROCESS Use of one or more of the process control system services: $CREPRC, $DELPRC, $SCHDWK, $CANWAK, $WAKE, $SUSPND, $RESUME, $GRANTID, $REVOKID, $GETJPI, $FORCEX, $SETPRI [NO]RIGHTSDB Modification of the rights database (RIGHTSLIST.DAT) [NO]SYSGEN Modification of system parameters through the System Generation utility (SYSGEN) or AUTOGEN [NO]SYSUAF Modification of the system user authorization file (SYSUAF.DAT) [NO]TIME Change in system or cluster time Specifying the negated form of an event class (for example, NOLOGFAIL) excludes the specified event class from the audit report.
#1 |
---|
$ ANALYZE/AUDIT/EVENT_TYPE=LOGFAIL - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example extracts all records of unsuccessful login attempts, which match the LOGFAIL class, and compiles a brief report.
#2 |
---|
$ ANALYZE/AUDIT/EVENT_TYPE=(NOLOGIN,NOLOGOUT) - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example builds a report in brief format of all audit records except those in the LOGIN and LOGOUT event classes.
Controls whether a full format is used in ASCII displays. If you specify /NOFULL or omit the qualifier, records are displayed in the brief format.
/FULL/NOFULL (default)
None.
By default, records are displayed in the brief format. You must specify /FULL (or enter command mode by pressing Ctrl/C) to have the full contents of each selected record displayed.The /BINARY, /BRIEF, and /FULL qualifiers cannot be used in combination.
$ ANALYZE/AUDIT /FULL - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example displays the full contents of each selected record.
Excludes records from the report that match the specified criteria.
/IGNORE= criteria[,...]
criteria[,...]
Specifies that all records are selected except those matching any of the specified exclusion criteria. See the /SELECT qualifier description for a list of the possible criteria to use with the /IGNORE qualifier.
Use the /IGNORE qualifier to exclude specific groups of audit records from the audit report. When more than one keyword from the list of possible exclusion criteria are specified, records that meet any of these criteria are excluded by default.
#1 |
---|
$ ANALYZE/AUDIT/IGNORE=(SYSTEM=NAME=WIPER,USERNAME=MILANT) - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example excludes from the audit analysis report all records in the audit log file generated from node WIPER or from user MILANT (on any node).
#2 |
---|
$ ANALYZE/AUDIT/IGNORE=SUBTYPE=(DIALUP,REMOTE) |
The command in this example excludes dialup and remote processes.
Controls whether interactive command mode is enabled when ANALYZE/AUDIT is invoked.
/INTERACTIVE (default)/NOINTERACTIVE
None.
Interactive command mode, which is enabled by default, allows you to interrupt the audit report being displayed on the terminal and to enter commands either to modify the criteria used to select records for the report or to reposition the display.To interrupt a full or brief audit report, press Ctrl/C and enter commands at the COMMAND> prompt. Once in command mode, the utility displays the current record in full format. Note that the record might not match the selection or exclusion criteria specified in the previous ANALYZE/AUDIT command.
The NEXT RECORD command is the default when you enter command mode. When ANALYZE/AUDIT reaches the end of the log file, it prompts for the next command. To verify the current log file name and your position within the file, press Ctrl/T.
Enter the CONTINUE command to leave interactive command mode and to resume display of the audit report. Enter the EXIT command to terminate the session. See the ANALYZE/AUDIT Commands section for a description of each interactive command.
To disable interactive mode, specify /NOINTERACTIVE. In this mode, the utility displays audit records one at a time and prompts you to advance the display by pressing the Return key.
#1 |
---|
$ ANALYZE/AUDIT/FULL - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example produces a full format display of the selected records. New records are displayed every 3 seconds. (See the /PAUSE qualifier description to find how to modify the duration of each record display.) Press Ctrl/C to interrupt the display and to enter interactive commands.
#2 |
---|
$ ANALYZE/AUDIT/FULL/NOINTERACTIVE - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example invokes the utility in noninteractive mode. It displays the first record selected and prompts you to press the Return key to display each additional selected record. Control returns to the DCL command level when all selected records have been displayed.
Specifies where to direct output from ANALYZE/AUDIT. If you omit the qualifier, the report is sent to SYS$OUTPUT.
/OUTPUT [=file-spec]/NOOUTPUT
file-spec[,...]
Specifies the name of the file that is to contain the selected records. If you omit the device and directory specification, the utility uses the current device and directory specification. If you omit the file name and type, the default file name AUDIT.LIS is used. If the output is binary (/BINARY) and you omit the /OUTPUT qualifier, the binary information is written to the file AUDIT.AUDIT$JOURNAL.
$ ANALYZE/AUDIT /BINARY/OUTPUT=BIN122588.DAT - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example selects audit records from the system audit log file and writes them to the binary file BIN122588.DAT.
Specifies the length of time each record is displayed in a full-format display.
/PAUSE =seconds
seconds
Specifies the duration (in seconds) of the full-screen display. A value of 0 specifies that the system should not pause before displaying the next record. By default, the utility displays a record for 3 seconds.
The /PAUSE qualifier can be used only with full-format (/FULL) displays to specify the length of time each record is displayed. By default, each record is displayed for a period of 3 seconds. A value of 0 results in a continuous display of audit records.
$ ANALYZE/AUDIT /FULL/PAUSE=1 - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example displays a selected record in full format every second. You can interrupt the display and enter interactive commands at any time by pressing Ctrl/C. (See the ANALYZE/AUDIT Commands section for more information.)
Specifies the criteria for selecting records from the audit log file. Refer to the HP OpenVMS Guide to System Security for a description of how to generate audit records.
/SELECT= criteria[,...]/NOSELECT
criteria[,...]
Specifies the criteria for selecting records. For each specified criterion, ANALYZE/AUDIT has two selection requirements:
- The packet corresponding to the criterion must be present in the record.
- One of the specified values must match the value in that packet.
For example, if you specify (USER=(PUTNAM,WU),SYSTEM=DBASE) as the criteria, ANALYZE/AUDIT selects an event record containing the SYSTEM=DBASE packet and a USER packet with either the PUTNAM value or the WU value.
If you omit the /SELECT qualifier, all event records selected through the /EVENT_TYPE qualifier are extracted from the audit log file and included in the report.
You can specify any of the following criteria:
ACCESS=(type,...)
Specifies the type of object access upon which the selection is based. Access is object-specific and includes the following types:
Associate Execute Read Control Lock Submit Create Logical Use Delete Manage Write Physical The HP OpenVMS Guide to System Security describes each of these types.
ACCOUNT=(name,...)
Specifies the account name upon which selection is based. You can use wildcards, such as an asterisk (*) or percent sign (%), to represent all or part of the name.ALARM_NAME=(alarm-name,...)
Specifies the alarm journal name on which selection is based. You can use wildcards to represent all or part of the alarm name.ASSOCIATION_NAME=(IPC-name,...)
Specifies the name of the interprocess communication (IPC) association.AUDIT_NAME=(journal-name,...)
Specifies the audit journal name on which selection is based. You can use wildcards to represent all or part of the audit journal name.COMMAND_LINE=(command,...)
Specifies the command line that the user entered.CONNECTION_IDENTIFICATION=(IPC-name,...)
Specifies the name for the interprocess communication (IPC) connection.DECNET_LINK_IDENTIFICATION=(value,...)
Specifies the number of the DECnet logical link.DECNET_OBJECT_NAME=(object-name,...)
Specifies the name of the DECnet object.DECNET_OBJECT_NUMBER=(value,...)
Specifies the number of the DECnet object.DEFAULT_USERNAME=(username,...)
Specifies the default local user name for incoming network proxy requests.DEVICE_NAME=(device-name,...)
Specifies the name of a device in audit records that have a DEVICE_NAME packet. Note that this does not select the device name when it occurs in other packet types, such as in a file name or in the TARGET_DEVICE_NAME packet.DIRECTORY_ENTRY=(directory,...)
Specifies the directory entry associated with file system operation.DIRECTORY_NAME=(directory,...)
Specifies the name of the directory file.DISMOUNT_FLAGS=(flag-name,...)
Identifies the names of the volume dismounting flags to be used in selecting records. Specify one or more of the following flag names: Abort, Cluster, Nounload, and Unit.EVENT_CLUSTER_NAME=(event-flag-cluster-name,...)
Specifies the name of the event flag cluster.FACILITY=(facility-name,...)
Specifies that only events audited by the named facility be selected. Provide a name or a number but, in either case, the facility has to be defined through the logical AUDSERV$FACILITY_NAME as a decimal number; the system uses the number 0.FIELD_NAME=(field-name,...)
Specifies the name of the field that was modified. ANALYZE/AUDIT uses the FIELD_NAME criterion with packets containing the original data and the new data (specified by the NEW_DATA criterion).A FIELD_NAME is a character string that describes the content of the field. A search for "NEW:" in a full audit report will display records that contain the FIELD_NAME values that can be specified for this option. Examples of FIELD_NAME values are Account, Default Directory, Flags, and Password Date.
For sensitive information, see SENSITIVE_FIELD_NAME.
FILE_NAME=(file-name)
Specifies the name of the file that caused the audit. Describes audit records for the specified file by using a slightly different display format than is provided by the /OBJECT=NAME=object-name keyword.FILE_IDENTIFICATION=(identification-value)
Specifies the value of the file's identification. To calculate the value, start with the value listed for File ID when you use the FILE_NAME keyword. For example, the display lists the File ID as:
Use the following formula to calculate the value:
File ID: (3024,5,0)
((0 * 65536) + 5 * 65536) + 3024 = 330704FLAGS=(flag-name,...)
Identifies the names of the audit event flags associated with the audited event. These names should be used in selecting records. Specify one or more of the following flags: ACL, Alarm, Audit, Flush, Foreign, Internal, and Mandatory. (For a description of these flags, see Table F-3.)HOLDER=keyword(,...)
Specifies the characteristics of the identifier holder to be used when selecting event records. Choose from the following keywords:
NAME=username Specifies the name of the holder. You can represent all or part of the name with a wildcard. OWNER=uic Specifies the user identification code (UIC) of the holder. IDENTIFIER=keyword(,...)
Identifies which attributes of an identifier should be used when selecting event records. Choose from the following keywords:
ATTRIBUTES=name Specifies the name of the particular attribute. Valid attribute names are as follows: Dynamic, Holder_Hidden, Name_Hidden, NoAccess, Resource, and Subsystem. NAME=identifier Specifies the original name of the identifier. You can represent all or part of the name with a wildcard. NEW_NAME=identifier Specifies the new name of the identifier. You can represent all or part of the name with a wildcard. NEW_ATTRIBUTES=name Specifies the name of the new attribute. Valid attribute names are Dynamic, Holder_Hidden, Name_Hidden, NoAccess, Resource, and Subsystem. VALUE=value Specifies the original value of the identifier. NEW_VALUE=value Specifies the new value of the identifier. IDENTIFIERS_MISSING=(identifier,...)
Specifies the identifiers missing in a failure to access an object.IDENTIFIERS_USED=(identifier,...)
Specifies the identifiers used to gain access to an object. An event record matches if the specified list is a subset of the identifiers recorded in the event record.IMAGE_NAME=(image-name,...)
Identifies the name of the image to be used when selecting event records. You can represent all or part of the image name with a wildcard.INSTALL=keyword(,...)
Specifies that installation event packets are to be considered when selecting event records. Choose from the following keywords:
FILE=filename Specifies the name of the installed file. You can represent all or part of the name with a wildcard. Note that on Alpha systems prior to Version 6.1 and on VAX systems prior to Version 6.0, audit log files record the installed file name within an object name packet. To select the installed file, you must use the expression OBJECT=(NAME=object-name) instead of FILE=filename.
FLAGS=flag-name Specifies the names of the flags, which correspond to qualifiers of the Install utility (INSTALL); for example, OPEN corresponds to /OPEN. PRIVILEGES=privilege-name Specifies the names of the privileges with which the file was installed. LNM_PARENT_NAME=(table-name,...)
Specifies the name of the parent logical name table.LNM_TABLE_NAME=(table-name,...)
Specifies the name of the logical name table.LOCAL=(characteristic,...)
Specifies the characteristics of the local (proxy) account to be used when selecting event records. The following characteristic is supported:
USERNAME=username Specifies the name of the local account. You can represent all or part of the name with a wildcard. LOGICAL_NAME=(logical-name,...)
Specifies the logical name of the mounted (or dismounted) volume upon which selection is based. You can represent all or part of the logical name with a wildcard.MAILBOX_UNIT=(number,...)
Specifies the number of the mailbox unit.MOUNT_FLAGS=(flag-name,...)
Specifies the names of the volume mounting flags upon which selection is based. Possible flag names include the following names:CACHE=(NONE,WRITETHROUGH)
CDROM
CLUSTER
COMPACTION
DATACHECK=(READ,WRITE)
DSI
FOREIGN
GROUP
INCLUDE
INITIALIZATION=(ALLOCATE,CONTINUATION)
MESSAGE
NOASSIST
NOAUTOMATIC
NOCOMPACTION
NOCOPY
NOHDR3
NOJOURNAL
NOLABEL
NOMOUNT_VERIFICATION
NOQUOTA
NOREBUILD
NOUNLOAD
NOWRITE
OVERRIDE=(options[,...])
- ACCESSIBILITY
- EXPIRATION
- IDENTIFICATION
- LIMITED_SEARCH
- LOCK
- NO_FORCED_ERROR
- OWNER_IDENTIFIER
- SECURITY
- SETID
POOL
QUOTA
SHARE
SUBSYSTEM
SYSTEM
TAPE_DATA_WRITE
XARThe names NOLABEL and FOREIGN each point to the FOREIGN flag. The reason for this is that the MOUNT/NOLABEL and MOUNT/FOREIGN commands each set the FOREIGN flag. Therefore, if you used MOUNT/NOLABEL, and you use ANALYZE/AUDIT/SELECT/MOUNT_FLAGS=NOLABEL, the audit record will display the FOREIGN flag.
NEW_DATA=(value,...)
Specifies the value to use after the event occurs. Use this criterion with the FIELD_NAME criterion.For sensitive information, see SENSITIVE_NEW_DATA.
NEW_IMAGE_NAME=(image-name,...)
Specifies the name of the image to be activated in the newly created process, as supplied to the $CREPRC system service.NEW_OWNER=(uic,...)
Specifies the user identification code (UIC) to be assigned to the created process, as supplied to the $CREPRC system service.OBJECT=keyword(,...)
Specifies which characteristics of an object should be used when selecting event records. Choose any of the following keywords:
CLASS=class-name Specifies the general object class as one of the following classes: Capability
Device
Event_cluster
File
Group_global_section
Logical_name_table
Queue
Resource_domain
Security_class
System_global_section
VolumeYou must enter the full class name (for example, CLASS=logical_name_table) or use wildcard characters to supply a portion of the class name (for example, CLASS=log*). NAME=object-name Specifies the name of the object. You can represent all or part of the name with a wildcard. If you do not use a wildcard, specify the full object name (for example, BOSTON$DUA0:[RWOODS]MEMO.MEM;1). OWNER=value Specifies the UIC or general identifier of the object. TYPE=type Specifies the general object class (type of object). The available classes are as follows: Capability
Device
File
Group_global_section
Logical_name_table
Queue
System_global_sectionThe CLASS keyword supersedes the TYPE keyword. However, TYPE is required to select audit records in files created prior to OpenVMS Alpha Version 6.1 and OpenVMS VAX Version 6.0. PARENT=keyword(,...)
Specifies which characteristics of the parent process are used when selecting event records generated by a subprocess. Choose from the following keywords:
IDENTIFICATION=value Specifies the process identifier (PID) of the parent process. NAME=process-name Specifies the name of the parent process. You can represent all or part of the name with a wildcard. OWNER=value Specifies the owner (identifier value) of the parent process. USERNAME=username Specifies the user name of the parent process. You can represent all or part of the name with a wildcard. PASSWORD=(password,...)
Specifies the password used when the system detected a break-in attempt.PRIVILEGES_MISSING=(privilege-name,...)
Specifies privileges the caller needed to perform the operation successfully. Specify any of the system privileges, as described in the HP OpenVMS Guide to System Security.PRIVILEGES_USED=(privilege-name,...)
Specifies the privileges of the process to be used when selecting event records. Specify any of the system privileges, as described in the HP OpenVMS Guide to System Security. Also include the STATUS keyword in the selection criteria so the report can demonstrate whether the privilege was involved in a successful or an unsuccessful operation.PROCESS=(characteristic,...)
Specifies the characteristics of the process to be used when selecting event records. Choose from the following characteristics:
IDENTIFICATION=value Specifies the PID of the process. NAME=process-name Specifies the name of the process. You can represent all or part of the name with a wildcard. REMOTE=keyword(,...)
Specifies that some characteristic of the network request is to be used when selecting event records. Choose from the following keywords:
ASSOCIATION_NAME=IPC-name Specifies the interprocess communication (IPC) association name. LINK_IDENTIFICATION=value Specifies the number of the DECnet logical link. IDENTIFICATION=value Specifies the DECnet node address. NODENAME=node-name Specifies the DECnet node name. You can represent all or part of the name with a wildcard. USERNAME=username Specifies the remote user name. You can represent all or part of the remote user name with a wildcard. REQUEST_NUMBER=(value,...)
Specifies the request number associated with the DCL command REQUEST/REPLY.SECTION_NAME=(global-section-name,...)
Specifies the name of the global section.SENSITIVE_FIELD_NAME=(field-name,...)
Specifies the name of the field that was modified. ANALYZE/AUDIT uses the SENSITIVE_FIELD_NAME criterion, such as PASSWORD, with packets containing the original data and the new data (specified by the SENSITIVE_NEW_DATA criterion).SENSITIVE_NEW_DATA=(value,...)
Specifies the value to use after the event occurs. Use this criterion with the SENSITIVE_FIELD_NAME criterion.SNAPSHOT_BOOTFILE=(filename,...)
Specifies the name of the file containing a snapshot of the system.SNAPSHOT_SAVE_FILENAME=(filename,...)
Specifies the name of the system snapshot file for a save operation that is in progress.STATUS=type(,...)
Specifies the type of success status to be used when selecting event records. Choose from the following status types:
SUCCESSFUL Specifies any success status. FAILURE Specifies any failure status. CODE=(value,...) Specifies a specific completion status. SUBJECT_OWNER=(uic,...)
Specifies the owner (UIC) of the process causing the event.SUBTYPE=(subtype,...)
Specifies that the criteria be limited to the value or values specified as a subtype.Refer to Table F-2 for valid subtype values.
SYSTEM=keyword(,...)
Specifies the characteristics of the system to be used when selecting event records. Choose from the following keywords:
IDENTIFICATION=value Specifies the numeric identification of the system. NAME=nodename Specifies the node name of the system. SYSTEM_SERVICE_NAME=(service-name,...)
Specifies the name of the system service associated with the event.TARGET_DEVICE_NAME=(device-name,...)
Specifies the target device name used by a process control system service.TARGET_PROCESS_IDENTIFICATION=(value,...)
Specifies the target process identifier (PID) used by a process control system service.TARGET_PROCESS_NAME=(process-name,...)
Specifies the target process name used by a process control system service.TARGET_PROCESS_OWNER=(uic,...)
Specifies the target process owner (UIC) used by a process control system service.TARGET_USERNAME=(username,...)
Specifies the target user name used by a process control system service.TERMINAL=(device-name,...)
Specifies the name of the terminal to be used when selecting event records. You can represent all or part of the terminal name with a wildcard.TRANSPORT_NAME=(transport-name,...)
Specifies the name of the transport: interprocess communication (IPC) or System Management Integrator (SMI), which handles requests from the System Management utility.On VAX systems, it also can specify the DECnet transport name (NSP).
USERNAME=(username,...)
Specifies the user name to be used when selecting event records. You can represent all or part of the user name with a wildcard.VOLUME_NAME=(volume-name,...)
Specifies the name of the mounted (or dismounted) volume to be used when selecting event records. You can represent all or part of the volume name with a wildcard.VOLUME_SET_NAME=(volume-set-name,...)
Specifies the name of the mounted (or dismounted) volume set to be used when selecting event records. You can represent all or part of the volume set name with a wildcard.
#1 |
---|
$ ANALYZE/AUDIT /FULL/SELECT=USERNAME=JOHNSON - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example selects all records written to the security audit log file that were generated by user JOHNSON.
#2 |
---|
$ ANALYZE/AUDIT/FULL/SELECT=PRIVILEGES_USED=(SYSPRV,- _$ BYPASS) SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example selects all records written to the security audit log file that were generated by events through the use of either SYSPRV or BYPASS privilege.
#3 |
---|
$ ANALYZE/AUDIT/FULL/EVENT=SYSUAF/SELECT= - _$ IMAGE=("*:[SYS*SYSEXE]SETP0.EXE","*:[SYS*SYSEXE]LOGINOUT.EXE") - _$ SYS$MANAGER:SECURITY |
The command in this example selects all records that involve password changes written to the security audit log file.
The following example is a command procedure that you could run at midnight to select all SYSUAF, AUDIT, and BREAKIN events (excluding password changes) and mail the result to the system manager:
$! DAILY_AUDIT.COM $ $ mail_list = "SYSTEM" $ audsrv$_noselect = %X003080A0 $ audit_events = "SYSUAF,BREAKIN,AUDIT" $ $ analyze /audit /full - /event=('audit_events') - /output=audit.tmp - /ignore=image=("*:[SYS*SYSEXE]SETP0.EXE","*:[SYS*SYSEXE]LOGINOUT.EXE") - sys$manager:SECURITY.AUDIT$JOURNAL $ $ status = $status $ if (status.and.%XFFFFFFF) .eq. audsrv$_noselect then goto no_records $ if .not. status then goto error_analyze $ if f$file("audit.tmp","eof") .eq. 0 then goto no_records $ mail /subject="''audit_events' listing from ''f$time()'" - audit.tmp 'mail_list' $ goto new_log $ $ no_records: $ mail /subject="No interesting security events" nl: 'mail_list' $ $ new_log: $ if f$search("audit.tmp") .nes. "" then delete audit.tmp;* $ set audit /server=new_log $ rename sys$manager:SECURITY.AUDIT$JOURNAL;-1 - sys$common:[sysmgr]'f$element(0," ",f$edit(f$time(),"TRIM"))' $ exit $ $ error_analyze: $ mail/subj="Error analyzing auditing information" nl: 'mail_list' $ exit
Indicates the utility must operate on records dated with the specified time or after the specified time.
/SINCE [=time]/NOSINCE
time
Specifies the time used to select records. Records dated the same or later than the specified time are selected. You can specify an absolute time, a delta time, or a combination of the two. Observe the syntax rules for date and time described in the OpenVMS User's Manual.If you specify /SINCE without the time, the utility uses the beginning of the current day.
#1 |
---|
$ ANALYZE/AUDIT /SINCE=25-NOV-2002 - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example selects records dated later than November 25, 2002.
#2 |
---|
$ ANALYZE/AUDIT /SINCE=25-NOV-2002:15:00 - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example selects records written after 3 P.M. on November 25, 2002.
Specifies that a summary of the selected records be produced after all records are processed.You can use the /SUMMARY qualifier alone or in combination with the /BRIEF, the /BINARY, or the /FULL qualifier.
/SUMMARY =presentation/NOSUMMARY
presentation
Specifies the presentation of the summary. If you do not specify a presentation criterion, ANALYZE/AUDIT summarizes the number of audits.You can specify either of the following presentations:
COUNT
Lists the total number of audit messages for each class of security event that have been extracted from the security audit log file. This is the default.PLOT
Displays a plot showing the class of the audit event, the time of day when the audit was generated, and the name of the system where the audit was generated.
#1 |
---|
$ ANALYZE/AUDIT/SUMMARY SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example generates a summary report of all records processed.
Total records read: 9701 Records selected: 9701 Record buffer size: 1031 Successful logins: 542 Object creates: 1278 Successful logouts: 531 Object accesses: 3761 Login failures: 35 Object deaccesses: 2901 Breakin attempts: 2 Object deletes: 301 System UAF changes: 10 Volume (dis)mounts: 50 Rights db changes: 8 System time changes: 0 Netproxy changes: 5 Server messages: 0 Audit changes: 7 Connections: 0 Installed db changes: 50 Process control audits: 0 Sysgen changes: 9 Privilege audits: 91 NCP command lines: 120
#2 |
---|
$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
The command in this example generates a full format listing of all logged audit messages that match the break-in or log failure event classes. A summary report is included at the end of the listing.
#3 |
---|
$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY=PLOT - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL |
This command generates a histogram that you can display on a character-cell terminal.
4.4 ANALYZE/AUDIT Commands
This section describes the interactive commands available with the
Audit Analysis utility (ANALYZE/AUDIT). The qualifiers for this section
follow the standard rules of DCL grammar.
The utility runs interactively by default; you disable the feature with
the /NOINTERACTIVE qualifier to the ANALYZE/AUDIT command. To enter
interactive commands, press Ctrl/C at any time during the processing of
a full or brief interactive display. At the COMMAND> prompt, you can
enter any command listed in this section. Use the CONTINUE command to
resume processing of the event records, or use the EXIT command to
terminate the session.
CONTINUE
Resumes processing of event records.
CONTINUE
None.
None.
COMMAND> DISPLAY/SINCE=25-JAN-2002/SELECT=USERNAME=JOHNSON COMMAND> CONTINUE |
The first command in this example selects only event records generated by user JOHNSON after January 25, 2002. The second command in the example displays a report based on the new selection criteria.
Changes the criteria used to select event records.
DISPLAY
None.
For a more complete description of any one of the following qualifiers, refer to the description of the qualifier in the preceding ANALYZE/AUDIT Qualifiers section.
/BEFORE=time
Controls whether only those records dated earlier than the specified time are selected./BRIEF
Controls whether a brief (one-line-per-record) format is used in ASCII displays./EVENT_TYPE=event-type[,...]
Controls whether only those records matching the specified event type are selected./FULL
Controls whether a full format for each record is used in ASCII displays./IGNORE=criteria[,...]
Controls whether records matching the specified criteria are excluded. If you specify /IGNORE two or more times, the criteria are combined. To specify a new set of exclusion criteria, include the /REMOVE qualifier with the /IGNORE qualifier./PAUSE=seconds
For full-format displays (/FULL), specifies the length of time each record is displayed./REMOVE
Controls whether the criteria specified by the /IGNORE and the /SELECT qualifiers are no longer to be used to select event records to be displayed./SELECT=criteria[,...]
Controls whether only those records matching the specified criteria are selected. If you specify /SELECT two or more times, the criteria are combined. To specify a new set of selection criteria, include the /REMOVE qualifier with the /SELECT qualifier./SINCE[=time]
Controls whether only those records dated the same or later than the specified time are selected.
#1 |
---|
COMMAND> DISPLAY/EVENT_TYPE=SYSUAF COMMAND> CONTINUE |
The first command in this example selects records that were generated as a result of a modification to the system user authorization file (SYSUAF). The second command displays the selected records.
#2 |
---|
COMMAND> DISPLAY/SELECT=USERNAME=CRICK COMMAND> CONTINUE . . . [Ctrl/C] COMMAND> DISPLAY/SELECT=USERNAME=WATSON COMMAND> CONTINUE |
The first DISPLAY command in this example selects records that were generated by user CRICK. The second command displays the selected records. The next DISPLAY command selects records that were generated by user WATSON. The last command in the example displays all records generated by users CRICK and WATSON.
Terminates the session.
EXIT
None.
None.
Provides online help information for using ANALYZE/AUDIT commands.
HELP [topic]
topic
Specifies the command for which help information is to be displayed. If you omit the keyword, HELP displays a list of available help topics and prompts you for a particular keyword.
None.
COMMAND> HELP DISPLAY |
The command in this example displays help information about the DISPLAY command.
Changes the criteria used to select event records. The LIST command is synonymous with the DISPLAY command.
LIST
None.
See the description of the DISPLAY command.
COMMAND> LIST/EVENT_TYPE=SYSUAF COMMAND> CONTINUE |
The first command in this example selects records that were generated as a result of a modification to the system user authorization file (SYSUAF). The second command displays the selected records.
Controls whether the current security audit log file is closed and the next log file opened. The command is useful when you supply a wildcard file specification to the ANALYZE/AUDIT command; for example *.AUDIT$JOURNAL. If there are no other audit log files to open, the audit analysis session terminates and control returns to DCL.
NEXT FILE
None.
None.
Controls whether the next audit record is displayed. The NEXT RECORD command is the default for interactive mode.This command is synonymous with the POSITION command.
NEXT RECORD
None.
None.
Moves the full-format display forward or backward the specified number of event records.
POSITION number
number
For positive numbers, displays the record that is the specified number of records after the current record. For negative numbers, displays the record that is the specified number of records before the current record.
None.
#1 |
---|
COMMAND> POSITION 100 |
The command in this example moves the display forward 100 event records.
#2 |
---|
COMMAND> POSITION -100 |
The command in this example moves the display back 100 event records.
Displays information about the selection or exclusion criteria currently being used to select event records.
SHOW option[,...]
option[,...]
Displays information about selection or exclusion criteria currently being used to select records. Specify one or more of the following options:
ALL Displays all criteria being used to select event records. EXCLUSION_CRITERIA Displays the criteria being used to exclude event records. SELECTION_CRITERIA Displays the criteria being used to select event records.
None.
COMMAND> SHOW SELECTION_CRITERIA |
The command in this example displays the selection criteria currently in use to select records.
5.1 AUTHORIZE Description
The Authorize utility (AUTHORIZE) is a system management tool used to
control access to the system and to allocate resources to users.
AUTHORIZE creates new records or modifies existing records in the following files:
$ DEFINE/PROCESS/EXEC SYSUAF DISK$USER:[MYPROCESSTABLE]SYSUAF.DAT |
%UAF-E-NAOFIL, unable to open SYSUAF.DAT -RMS-E-FNF, file not found Do you want to create a new file? |
$ DEFINE/PROCESS/EXEC NETPROXY DISK$USER:[MYPROCESSTABLE]NETPROXY.DAT |
$ DEFINE/PROCESS/EXEC RIGHTSLIST DISK$USER:[MYPROCESSTABLE]RIGHTSLIST.DAT |
These files store system authorization information. By default, they are owned by the system (UIC of [SYSTEM]) and are created with the following protection:
SYSUAF.DAT S:RWED, O:RWED, G, W NETPROXY.DAT S:RWED, O:RWED, G, W NET$PROXY.DAT S, O, G, W RIGHTSLIST.DAT S:RWED, O:RWED, G, W: |
To use AUTHORIZE, you must have write access to all three of these files (you must have an account with the user identification code (UIC) of [SYSTEM] or the SYSPRV privilege).
Note that you must have read access to the RIGHTSLIST.DAT file (or sufficient privileges) to display the rights identifiers held by other users.
Because certain images (such as MAIL and SET) require access to the system user authorization file (UAF) and are normally installed with the SYSPRV privilege, ensure that you always grant system access to SYSUAF.DAT.
When you install a new system, the software distribution kit provides the following records in the system user authorization file in SYS$SYSTEM:
On VAX systems:
DEFAULT
FIELD
SYSTEM
SYSTEST
SYSTEST_CLIG
On Alpha systems:
DEFAULT
SYSTEM
If the SYSUAF.DAT becomes corrupted or is accidentally deleted, you can use the template file SYSUAF.TEMPLATE in the SYS$SYSTEM directory to recreate the file, as follows:
$ SET DEFAULT SYS$SYSTEM $ COPY SYSUAF.TEMPLATE SYSUAF.DAT |
The file SYSUAF.TEMPLATE contains records that are identical to those defined when the system was installed.
To make an emergency backup for the system SYSUAF file, you can create a private copy of SYSUAF.DAT. To affect future logins, copy a private version of SYSUAF.DAT to the appropriate directory, as shown in the following example:
$ COPY MYSYSUAF.DAT SYS$COMMON:[SYSEXE]:SYSUAF.DAT- _$ /PROTECTION=(S:RWED,O:RWED,G,W) |
The Authorize utility (AUTHORIZE) is a system management tool that enables you to control access to the system and to allocate resources to users.
RUN SYS$SYSTEM:AUTHORIZE
None.
To invoke AUTHORIZE, set your default device and directory to SYS$SYSTEM and enter RUN AUTHORIZE at the DCL command prompt.At the UAF> prompt, you can enter any AUTHORIZE command described in the following section.
To exit from AUTHORIZE, enter the EXIT command at the UAF> prompt or press Ctrl/Z.
This section describes the AUTHORIZE commands and provides examples of their use. You can abbreviate any command, keyword, or qualifier as long as the abbreviation is not ambiguous. The asterisk (*) and the percent sign (%) can be used as wildcard characters to specify user names, node names, and UICs.
AUTHORIZE commands fall into the following four categories:
The following table summarizes the AUTHORIZE commands according to these categories:
Command | Description |
---|---|
Managing System Resources and User Accounts with SYSUAF | |
ADD | Adds a user record to the SYSUAF and corresponding identifiers to the rights database. |
COPY | Creates a new SYSUAF record that duplicates an existing record. |
DEFAULT | Modifies the default SYSUAF record. |
LIST | Writes reports for selected UAF records to a listing file, SYSUAF.LIS. |
MODIFY | Changes values in a SYSUAF user record. Qualifiers not specified in the command remain unchanged. |
REMOVE | Deletes a SYSUAF user record and corresponding identifiers in the rights database. The DEFAULT and SYSTEM records cannot be deleted. |
RENAME | Changes the user name of the SYSUAF record (and, if specified, the corresponding identifier) while retaining the characteristics of the old record. |
SHOW | Displays reports for selected SYSUAF records. |
Managing Network Proxies with NETPROXY.DAT or NET$PROXY.DAT | |
ADD/PROXY | Adds proxy access for the specified user. |
CREATE/PROXY | Creates a network proxy authorization file. |
LIST/PROXY | Creates a listing file of all proxy accounts and all remote users with proxy access to the accounts. |
MODIFY/PROXY | Modifies proxy access for the specified user. |
REMOVE/PROXY | Deletes proxy access for the specified user. |
SHOW/PROXY | Displays proxy access allowed for the specified user. |
Managing Identifiers with RIGHTSLIST.DAT | |
ADD/IDENTIFIER | Adds an identifier name to the rights database. |
CREATE/RIGHTS | Creates a new rights database file. |
GRANT/IDENTIFIER | Grants an identifier name to a UIC identifier. |
LIST/IDENTIFIER | Creates a listing file of identifier names and values. |
LIST/RIGHTS | Creates a listing file of all identifiers held by the specified user. |
MODIFY/IDENTIFIER | Modifies the named identifier in the rights database. |
REMOVE/IDENTIFIER | Removes an identifier from the rights database. |
RENAME/IDENTIFIER | Renames an identifier in the rights database. |
REVOKE/IDENTIFIER | Revokes an identifier name from a UIC identifier. |
SHOW/IDENTIFIER | Displays identifier names and values on the current output device. |
SHOW/RIGHTS | Displays on the current output device the names of all identifiers held by the specified user. |
General Commands | |
EXIT | Returns the user to DCL command level. |
HELP | Displays HELP text for AUTHORIZE commands. |
MODIFY/SYSTEM_PASSWORD | Sets the system password (equivalent to the DCL command SET PASSWORD/SYSTEM). |
Adds a user record to the SYSUAF and corresponding identifiers to the rights database.
Note
ADD/IDENTIFIER and ADD/PROXY are documented as separate commands.
ADD newusername
newusername
Specifies the name of the user record to be included in the SYSUAF. The newusername parameter is a string of 1 to 12 alphanumeric characters and can contain underscores. Although dollar signs are permitted, they are usually reserved for system names.Avoid using fully numeric user names (for example, 89560312). A fully numeric user name cannot receive a corresponding identifier because fully numeric identifiers are not permitted.
/ACCESS[=(range[,...])]
/NOACCESS[=(range[,...])]
Specifies hours of access for all modes of access. The syntax for specifying the range is:
/[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])
Specify hours as integers from 0 to 23, inclusive. You can specify single hours (n) or ranges of hours (n-m). If the ending hour of a range is earlier than the starting hour, the range extends from the starting hour through midnight to the ending hour. The first set of hours after the keyword PRIMARY specifies hours on primary days; the second set of hours after the keyword SECONDARY specifies hours on secondary days. Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour.
By default, a user has full access every day. See the DCL command SET DAY in the HP OpenVMS DCL Dictionary for information about overriding the defaults for primary and secondary day types.
All the list elements are optional. Unless you specify hours for a day type, access is permitted for the entire day. By specifying an access time, you prevent access at all other times. Adding NO to the qualifier denies the user access to the system for the specified period of time. See the following examples.
/ACCESS Allows unrestricted access /NOACCESS=SECONDARY Allows access on primary days only /ACCESS=(9-17) Allows access from 9 A.M. to 5:59 P.M. on all days /NOACCESS=(PRIMARY, 9-17, SECONDARY, 18-8) Disallows access between 9 A.M. to 5:59 P.M. on primary days but allows access during these hours on secondary days To specify access hours for specific types of access, see the /BATCH, /DIALUP, /INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.
Refer to HP OpenVMS Guide to System Security for information about the effects of login class restrictions.
/ACCOUNT=account-name
Specifies the default name for the account (for example, a billing name or number). The name can be a string of 1 to 8 alphanumeric characters. By default, AUTHORIZE does not assign an account name./ADD_IDENTIFIER (default)
/NOADD_IDENTIFIER
Adds a user (user name and account name) to the rights database. The /NOADD_IDENTIFIER does not create a rights list identifier (user name and account name). The AUTHORIZE command ADD/IDENTIFIER is quite different: it adds a record to the AUTHORIZE database UAF file./ALGORITHM=keyword=type [=value]
Sets the password encryption algorithm for a user. The keyword VMS refers to the algorithm used in the operating system version that is running on your system, whereas a customer algorithm is one that is added through the $HASH_PASSWORD system service by a customer site, by a layered product, or by a third party. The customer algorithm is identified in $HASH_PASSWORD by an integer in the range of 128 to 255. It must correspond with the number used in the AUTHORIZE command MODIFY/ALGORITHM. By default, passwords are encrypted with the VMS algorithm for the current version of the operating system.
Keyword Function BOTH Set the algorithm for primary and secondary passwords. CURRENT Set the algorithm for the primary, secondary, both, or no passwords, depending on account status. CURRENT is the default value. PRIMARY Set the algorithm for the primary password only. SECONDARY Set the algorithm for the secondary password only. The following table lists password encryption algorithms:
Type Definition VMS The algorithm used in the version of the operating system that is running on your system. CUSTOMER A numeric value in the range of 128 to 255 that identifies a customer algorithm. The following example selects the VMS algorithm for Sontag's primary password:
UAF> MODIFY SONTAG/ALGORITHM=PRIMARY=VMSIf you select a site-specific algorithm, you must give a value to identify the algorithm, as follows:
UAF> MODIFY SONTAG/ALGORITHM=CURRENT=CUSTOMER=128/ASTLM=value
Specifies the AST queue limit, which is the total number of asynchronous system trap (AST) operations and scheduled wake-up requests that the user can have queued at one time. The default is 40 on VAX systems and 250 on Alpha systems./BATCH[=(range[,...])]
Specifies the hours of access permitted for batch jobs. For a description of the range specification, see the /ACCESS qualifier. By default, a user can submit batch jobs any time./BIOLM=value
Specifies a buffered I/O count limit for the BIOLM field of the UAF record. The buffered I/O count limit is the maximum number of buffered I/O operations, such as terminal I/O, that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems./BYTLM=value
Specifies the buffered I/O byte limit for the BYTLM field of the UAF record. The buffered I/O byte limit is the maximum number of bytes of nonpaged system dynamic memory that a user's job can consume at one time. Nonpaged dynamic memory is used for operations such as I/O buffering, mailboxes, and file-access windows. The default is 32768 on VAX systems and 64000 on Alpha systems./CLI=cli-name
Specifies the name of the default command language interpreter (CLI) for the CLI field of the UAF record. The cli-name is a string of 1 to 31 alphanumeric characters and should be DCL, which is the default. This setting is ignored for network jobs./CLITABLES=filespec
Specifies user-defined CLI tables for the account. The filespec can contain 1 to 31 characters. The default is SYS$LIBRARY:DCLTABLES. Note that this setting is ignored for network jobs to guarantee that the system-supplied command procedures used to implement network objects function properly./CPUTIME=time
Specifies the maximum process CPU time for the CPU field of the UAF record. The maximum process CPU time is the maximum amount of CPU time a user's process can take per session. You must specify a delta time value. For a discussion of delta time values, refer to the OpenVMS User's Manual. The default is 0, which means an infinite amount of time./DEFPRIVILEGES=([NO]privname[,...])
Specifies default privileges for the user; that is, those enabled at login time. A NO prefix removes a privilege from the user. By specifying the keyword [NO]ALL with the /DEFPRIVILEGES qualifier, you can disable or enable all user privileges. The default privileges are TMPMBX and NETMBX. Privname is the name of the privilege./DEVICE=device-name
Specifies the name of the user's default device at login. The device-name is a string of 1 to 31 alphanumeric characters. If you omit the colon from the device-name value, AUTHORIZE appends a colon. The default device is SYS$SYSDISK.If you specify a logical name as the device-name (for example, DISK1: for DUA1:), you must make an entry for the logical name in the LNM$SYSTEM_TABLE in executive mode by using the DCL command DEFINE/SYSTEM/EXEC.
/DIALUP[=(range[,...])]
Specifies hours of access permitted for dialup logins. For a description of the range specification, see the /ACCESS qualifier. The default is full access./DIOLM=value
Specifies the direct I/O count limit for the DIOLM field of the UAF record. The direct I/O count limit is the maximum number of direct I/O operations (usually disk) that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems./DIRECTORY=directory-name
Specifies the default directory name for the DIRECTORY field of the UAF record. The directory-name can be 1 to 39 alphanumeric characters. If you do not enclose the directory name in brackets, AUTHORIZE adds the brackets for you. The default directory name is [USER]./ENQLM=value
Specifies the lock queue limit for the ENQLM field of the UAF record. The lock queue limit is the maximum number of locks that can be queued by the user at one time. The default is 200 on VAX systems and 2000 on Alpha systems./EXPIRATION=time (default)
/NOEXPIRATION
Specifies the expiration date and time of the account. The /NOEXPIRATION qualifier removes the expiration date on the account. If you do not specify an expiration time when you add a new account, AUTHORIZE copies the expiration time from the DEFAULT account. (The expiration time on the DEFAULT account is "none" by default.)/FILLM=value
Specifies the open file limit for the FILLM field of the UAF record. The open file limit is the maximum number of files that can be open at one time, including active network logical links. The default is 300 on VAX systems and 100 on Alpha systems./FLAGS=([NO]option[,...])
Specifies login flags for the user. The prefix NO clears the flag. The options are as follows:
AUDIT Enables or disables mandatory security auditing for a specific user. By default, the system does not audit the activities of specific users (NOAUDIT). AUTOLOGIN Restricts the user to the automatic login mechanism when logging in to an account. When set, the flag disables login by any terminal that requires entry of a user name and password. The default is to require a user name and password (NOAUTOLOGIN). CAPTIVE Prevents the user from changing any defaults at login, for example, /CLI or /LGICMD. It prevents the user from escaping the captive login command procedure specified by the /LGICMD qualifier and gaining access to the DCL command level. Refer to "Guidelines for Captive Command Procedures" in the HP OpenVMS Guide to System Security. The CAPTIVE flag also establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. By default, an account is not captive (NOCAPTIVE).
DEFCLI Restricts the user to the default command interpreter by prohibiting the use of the /CLI qualifier at login. By default, a user can choose a CLI (NODEFCLI). DISCTLY Establishes an environment where Ctrl/Y interrupts are initially turned off and are invalid until a SET CONTROL=Y is encountered. This could happen in SYLOGIN.COM or in a procedure called by SYLOGIN.COM. Once a SET CONTROL=Y is executed (which requires no privilege), a user can enter a Ctrl/Y and reach the DCL prompt ($). If the intent of DISCTLY is to force execution of the login command files, then SYLOGIN.COM should issue the DCL command SET CONTROL=Y to turn on Ctrl/Y interrupts before exiting. By default, Ctrl/Y is enabled (NODISCTLY). DISFORCE_PWD_CHANGE Removes the requirement that a user must change an expired password at login. By default, a person can use an expired password only once (NODISFORCE_PWD_CHANGE) and then is forced to change the password after logging in. If the user does not select a new password, the user is locked out of the system. To use this feature, set a password expiration date with the /PWDLIFETIME qualifier.
DISIMAGE Prevents the user from executing RUN and foreign commands. By default, a user can execute RUN and foreign commands (NODISIMAGE). DISMAIL Disables mail delivery to the user. By default, mail delivery is enabled (NODISMAIL). DISNEWMAIL Suppresses announcements of new mail at login. By default, the system announces new mail (NODISNEWMAIL). DISPWDDIC Disables automatic screening of new passwords against a system dictionary. By default, passwords are automatically screened (NODISPWDDIC). DISPWDHIS Disables automatic checking of new passwords against a list of the user's old passwords. By default, the system screens new passwords (NODISPWDHIS). DISPWDSYNCH Suppresses synchronization of the external password for this account. See bit 9 in the SECURITY_POLICY system parameter for systemwide password synchronization control. DISRECONNECT Disables automatic reconnection to an existing process when a terminal connection has been interrupted. By default, automatic reconnection is enabled (NODISRECONNECT). DISREPORT Suppresses reports of the last login time, login failures, and other security reports. By default, login information is displayed (NODISREPORT). DISUSER Disables the account so the user cannot log in. For example, the DEFAULT account is disabled. By default, an account is enabled (NODISUSER). DISWELCOME Suppresses the welcome message (an informational message displayed during a local login). This message usually indicates the version number of the operating system that is running and the name of the node on which the user is logged in. By default, a system login message appears (NODISWELCOME). EXTAUTH Considers user to be authenticated by an external user name and password, not by the SYSUAF user name and password. (The system still uses the SYSUAF record to check a user's login restrictions and quotas and to create the user's process profile.) GENPWD Restricts the user to generated passwords. By default, users choose their own passwords (NOGENPWD). LOCKPWD Prevents the user from changing the password for the account. By default, users can change their passwords (NOLOCKPWD). PWD_EXPIRED Marks a password as expired. The user cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not expired after login (NOPWD_EXPIRED). PWD2_EXPIRED Marks a secondary password as expired. Users cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not set to expire after login (NOPWD2_EXPIRED). PWDMIX Enables case-sensitive and extended-character passwords. After PWDMIX is specified, you can then use mixed-case and extended characters in passwords. Be aware that before the PWDMIX flag is enabled, the system stores passwords in all upper-case. Therefore, until you change passwords, you must enter your pre-PWDMIX passwords in upper-case.
To change the password after PWDMIX is enabled:
- You (the user) can use the DCL command SET PASSWORD, specifying the new mixed-case password (omitting quotation marks).
- You (the system manager) can use the AUTHORIZE command MODIFY/PASSWORD, and enclose the user's new mixed-case password in quotation marks " " .
RESTRICTED Prevents the user from changing any defaults at login (for example, by specifying /LGICMD) and prohibits user specification of a CLI with the /CLI qualifier. The RESTRICTED flag establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. Typically, this flag is used to prevent an applications user from having unrestricted access to the CLI. By default, a user can change defaults (NORESTRICTED). VMSAUTH Allows account to use standard (SYSUAF) authentication when the EXTAUTH flag would otherwise require external authentication. This depends on the application. An application specifies the VMS domain of interpretation when calling SYS$ACM to request standard VMS authentication for a user account that normally uses external authentication. /GENERATE_PASSWORD[=keyword]
/NOGENERATE_PASSWORD (default)
Invokes the password generator to create user passwords. Generated passwords can consist of 1 to 10 characters. Specify one of the following keywords:
BOTH Generate primary and secondary passwords. CURRENT Do whatever the DEFAULT account does (for example, generate primary, secondary, both, or no passwords). This is the default keyword. PRIMARY Generate primary password only. SECONDARY Generate secondary password only. When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, users are forced to change their passwords (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).
Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.
/INTERACTIVE[ =(range[,...])]
/NOINTERACTIVE
Specifies the hours of access for interactive logins. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on interactive logins./JTQUOTA=value
Specifies the initial byte quota with which the jobwide logical name table is to be created. By default, the value is 4096 on VAX systems and 4096 on Alpha systems./LGICMD=filespec
Specifies the name of the default login command file. The file name defaults to the device specified for /DEVICE, the directory specified for /DIRECTORY, a file name of LOGIN, and a file type of .COM. If you select the defaults for all these values, the file name is SYS$SYSTEM:[USER]LOGIN.COM./LOCAL[=(range[,...])]
Specifies hours of access for interactive logins from local terminals. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on local logins./MAXACCTJOBS=value
Specifies the maximum number of batch, interactive, and detached processes that can be active at one time for all users of the same account. By default, a user has a maximum of 0, which represents an unlimited number./MAXDETACH=value
Specifies the maximum number of detached processes with the cited user name that can be active at one time. To prevent the user from creating detached processes, specify the keyword NONE. By default, a user has a value of 0, which represents an unlimited number./MAXJOBS=value
Specifies the maximum number of processes (interactive, batch, detached, and network) with the cited user name that can be active simultaneously. The first four network jobs are not counted. By default, a user has a maximum value of 0, which represents an unlimited number./NETWORK[=(range[,...])]
Specifies hours of access for network batch jobs. For a description of how to specify the range, see the /ACCESS qualifier. By default, network logins have no access restrictions./OWNER=owner-name
Specifies the name of the owner of the account. You can use this name for billing purposes or similar applications. The owner name is 1 to 31 characters. No default owner name exists./PASSWORD=(password1[,password2])
/NOPASSWORD
Specifies up to two passwords for login. Passwords can be from 0 to 32 alphanumeric characters in length. The dollar sign ($) and underscore (_) are also permitted.Uppercase and lowercase characters are equivalent. All lowercase characters are converted to uppercase before the password is encrypted. Avoid using the word password as the actual password.
Use the /PASSWORD qualifier as follows:
- To set only the first password and clear the second, specify /PASSWORD=password.
- To set both the first and second password, specify /PASSWORD=(password1, password2).
- To change the first password without affecting the second, specify /PASSWORD=(password, "").
- To change the second password without affecting the first, specify /PASSWORD=("", password).
- To set both passwords to null, specify /NOPASSWORD.
When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, the user is forced to change the password (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).
Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.
By default, the ADD command assigns the password USER. When you create a new UAF record with the COPY or RENAME command, you must specify a password. Avoid using the word password as the actual password.
/PBYTLM
This flag is reserved for HP./PGFLQUOTA=value
Specifies the paging file limit. This is the maximum number of pages that the person's process can use in the system paging file. By default, the value is 32768 pages on VAX systems and 50000 pagelets on Alpha systems.If decompressing libraries, make sure to set PGFLQUOTA to twice the size of the library.
/PRCLM=value
Specifies the subprocess creation limit. This is the maximum number of subprocesses that can exist at one time for the specified user's process. By default, the value is 2 on VAX systems and 8 on Alpha systems./PRIMEDAYS=([NO]day[,...])
Defines the primary and secondary days of the week for logging in. Specify the days as a list separated by commas, and enclose the list in parentheses. To specify a secondary day, prefix the day with NO (for example, NOFRIDAY). To specify a primary day, omit the NO prefix.By default, primary days are Monday through Friday and secondary days are Saturday and Sunday. If you omit a day from the list, AUTHORIZE uses the default value. (For example, if you omit Monday from the list, AUTHORIZE defines Monday as a primary day.)
Use the primary and secondary day definitions in conjunction with such qualifiers as /ACCESS, /INTERACTIVE, and /BATCH.
/PRIORITY=value
Specifies the default base priority. The value is an integer in the range of 0 to 31 on VAX systems and 0 to 63 on Alpha systems. By default, the value is set to 4 for timesharing users./PRIVILEGES=([NO]privname[,...])
Specifies which privileges the user is authorized to hold, although these privileges are not necessarily enabled at login. (The /DEFPRIVILEGES qualifier determines which ones are enabled.) A NO prefix removes the privilege from the user. The keyword NOALL disables all user privileges. Many privileges have varying degrees of power and potential system impact (see the HP OpenVMS Guide to System Security for a detailed discussion). By default, a user holds TMPMBX and NETMBX privileges. Privname is the name of the privilege./PWDEXPIRED (default)
/NOPWDEXPIRED
Specifies the password is valid for only one login. A user must change a password immediately after login or be locked out of the system. The system warns users of password expiration. A user can either specify a new password, with the DCL command SET PASSWORD, or wait until expiration and be forced to change. By default, a user must change a password when first logging in to an account. The default is applied to the account only when the password is being modified./PWDLIFETIME=time (default)
/NOPWDLIFETIME
Specifies the length of time a password is valid. Specify a delta time value in the form [dddd-] [hh:mm:ss.cc]. For example, for a lifetime of 120 days, 0 hours, and 0 seconds, specify /PWDLIFETIME="120-". For a lifetime of 120 days 12 hours, 30 minutes and 30 seconds, specify /PWDLIFETIME="120-12:30:30". If a period longer than the specified time elapses before the user logs in, the system displays a warning message. The password is marked as expired.To prevent a password from expiring, specify the time as NONE. By default, a password expires in 90 days.
/PWDMINIMUM=value
Specifies the minimum password length in characters. Note that this value is enforced only by the DCL command SET PASSWORD. It does not prevent you from entering a password shorter than the minimum length when you use AUTHORIZE to create or modify an account. By default, a password must have at least 6 characters. The value specified by the /PWDMINIMUM qualifier conflicts with the value used by the /GENERATE_PASSWORD qualifier or the DCL command SET PASSWORD/GENERATE, the operating system chooses the lesser value. The maximum value for generated passwords is 10./QUEPRIO=value
Reserved for future use./REMOTE[=(range[,...])]
Specifies hours during which access is permitted for interactive logins from network remote terminals (with the DCL command SET HOST). For a description of the range specification, see the /ACCESS qualifier. By default, remote logins have no access restrictions./SHRFILLM=value
Specifies the maximum number of shared files that the user can have open at one time. By default, the system assigns a value of 0, which represents an infinite number./TQELM
Specifies the total number of entries in the timer queue plus the number of temporary common event flag clusters that the user can have at one time. By default, a user can have 10./UIC=value
Specifies the user identification code (UIC). The UIC value is a group number in the range from 1 to 37776 (octal) and a member number in the range from 0 to 177776 (octal), which are separated by a comma and enclosed in brackets. HP reserves group 1 and groups 300--377 for its own use.Each user must have a unique UIC. By default, the UIC value is [200,200].
/WSDEFAULT=value
Specifies the default working set limit. This represents the initial limit to the number of physical pages the process can use. (The user can alter the default quantity up to WSQUOTA with the DCL command SET WORKING_SET.) By default, a user has 256 pages on VAX systems and 2000 pagelets on Alpha systems.The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSDEFAULT.
/WSEXTENT=value
Specifies the working set maximum. This represents the maximum amount of physical memory allowed to the process. The system provides memory to a process beyond its working set quota only when it has excess free pages. The additional memory is recalled by the system if needed.The value is an integer equal to or greater than WSQUOTA. By default, the value is 1024 pages on VAX systems and 16384 pagelets on Alpha systems. The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSEXTENT.
/WSQUOTA=value
Specifies the working set quota. This is the maximum amount of physical memory a user process can lock into its working set. It also represents the maximum amount of swap space that the system reserves for this process and the maximum amount of physical memory that the system allows the process to consume if the systemwide memory demand is significant.The value cannot be greater than the value of WSMAX and cannot exceed 64K pages. This quota value replaces smaller values of PQL_MWSQUOTA.
When you do not specify a value for a field, AUTHORIZE uses values from the DEFAULT record (excluding the default password, which is always USER). The DEFAULT account serves as a template for creating user records in the system user authorization file.On Alpha systems, the DEFAULT account is as follows:
Username: DEFAULT Owner: Account: UIC: [200,200] ([FIELD,USERP]) CLI: DCL Tables: DCLTABLES Default: SYS$SYSDEVICE:[USER] LGICMD: LOGIN Flags: DisUser Primary days: Mon Tue Wed Thu Fri Secondary days: Sat Sun No access restrictions Expiration: (none) Pwdminimum: 6 Login Fails: 0 Pwdlifetime: 90 00:00 Pwdchange: (pre-expired) Last Login: (none) (interactive), (none) (non-interactive) Maxjobs: 0 Fillm: 100 Bytlm: 64000 Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0 Maxdetach: 0 BIOlm: 150 JTquota: 4096 Prclm: 8 DIOlm: 150 WSdef: 2000 Prio: 4 ASTlm: 250 WSquo: 4000 Queprio: 0 TQElm: 10 WSextent: 16384 CPU: (none) Enqlm: 2000 Pgflquo: 50000 Authorized Privileges: TMPMBX NETMBX Default Privileges: TMPMBX NETMBXOn VAX systems, the DEFAULT account is as follows:
Username: DEFAULT Owner: Account: UIC: [200,200] ([DEFAULT]) CLI: DCL Tables: DCLTABLES Default: SYS$SYSDEVICE:[USER] LGICMD: LOGIN Flags: DisUser Primary days: Mon Tue Wed Thu Fri Secondary days: Sat Sun No access restrictions Expiration: (none) Pwdminimum: 6 Login Fails: 0 Pwdlifetime: 90 00:00 Pwdchange: (pre-expired) Last Login: (none) (interactive) (none) (non-interactive) Maxjobs: 0 Fillm: 300 Bytlm: 32768 Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0 Maxdetach: 0 BIOlm: 40 JTquota: 4096 Prclm: 2 DIOlm: 40 WSdef: 256 Prio: 4 ASTlm: 40 WSquo: 512 Queprio: 0 TQElm: 10 WSextent: 1024 CPU: (none) Enqlm: 200 Pgflquo: 32768 Authorized Privileges: TMPMBX NETMBX Default Privileges: TMPMBX NETMBXWhen you add a new account, specify values for fields that you want to be different. Typically, changing the default values for limits priority, privileges, or the command interpreter is not necessary. As a result, you enter only the password, UIC, directory, owner, account, and device.
Note
Limits are also set by system parameters. To be effective, the limits you set through AUTHORIZE must be within the minimum limits determined by the corresponding system parameters (particularly those beginning with the PQL prefix).When you add a record to the UAF, create a directory for the new user. Specify the device name, directory name, and UIC in the UAF record. The following DCL command creates a directory for user ROBIN:
$ CREATE/DIRECTORY SYS$USER:[ROBIN] /OWNER_UIC=[ROBIN]
#1 |
---|
UAF> ADD ROBIN /PASSWORD=SP0152/UIC=[014,006] - _/DEVICE=SYS$USER/DIRECTORY=[ROBIN]/OWNER="JOSEPH ROBIN" /ACCOUNT=INV %UAF-I-ADDMSG, user record successfully added %UAF-I-RDBADDMSGU, identifier ROBIN value: [000014,000006] added to RIGHTSLIST.DAT %UAF-I-RDBADDMSGU, identifier INV value: [000014,177777] added to RIGHTSLIST.DAT |
This example illustrates the typical ADD command and qualifiers. The resulting record from this command appears in the description of the SHOW command.
#2 |
---|
UAF> ADD WELCH /PASSWORD=SP0158/UIC=[014,051] - _/DEVICE=SYS$USER/DIRECTORY=[WELCH]/OWNER="ROB WELCH"/FLAGS=DISUSER - _/ACCOUNT=INV/LGICMD=SECUREIN %UAF-I-ADDMSG, user record successfully added %UAF-I-RDBADDMSGU, identifier WELCH value: [000014,000051] added to RIGHTSLIST.DAT UAF> MODIFY WELCH/FLAGS=(RESTRICTED,DISNEWMAIL,DISWELCOME, - _NODISUSER,EXTAUTH)/NODIALUP=SECONDARY/NONETWORK=PRIMARY - /CLITABLES=DCLTABLES/NOACCESS=(PRIMARY, 9-16, SECONDARY, 18-8) %UAF-I-MDFYMSG, user records updated |
The commands in this example add a record for a restricted account. Because of the number of qualifiers required, a MODIFY command is used in conjunction with the ADD command. This helps to minimize the possibility of typing errors.
In the ADD command line, setting the DISUSER flag prevents the user from logging in until all the account parameters are set up. In the MODIFY command line, the DISUSER flag is disabled (by specifying NODISUSER) to allow access to the account. The EXTAUTH flag causes the system to consider the user as authenticated by an external user name and password, not by the SYSUAF user name and password.
The record that results from these commands and an explanation of the restrictions the record imposes appear in the description of the SHOW command.
Adds only an identifier to the rights database. It does not add a user account.
ADD/IDENTIFIER [id-name]
id-name
Specifies the name of the identifier to be added to the rights database. If you omit the name, you must specify the /USER qualifier. The identifier name is a string of 1 to 31 alphanumeric characters. The name can contain underscores and dollar signs. It must contain at least one nonnumeric character.
/ATTRIBUTES=(keyword[,...])
Specifies attributes to be associated with the new identifier. The following keywords are valid:
DYNAMIC Allows unprivileged holders of the identifier to remove and to restore the identifier from the process rights list by using the DCL command SET RIGHTS_LIST. HOLDER_HIDDEN Prevents people from getting a list of users who hold an identifier, unless they own the identifier themselves. NAME_HIDDEN Allows holders of an identifier to have it translated, either from binary to ASCII or from ASCII to binary, but prevents unauthorized users from translating the identifier. NOACCESS Makes any access rights of the identifier null and void. If a user is granted an identifier with the No Access attribute, that identifier has no effect on the user's access rights to objects. This attribute is a modifier for an identifier with the Resource or Subsystem attribute. RESOURCE Allows holders of an identifier to charge disk space to the identifier. Used only for file objects. SUBSYSTEM Allows holders of the identifier to create and maintain protected subsystems by assigning the Subsystem ACE to the application images in the subsystem. Used only for file objects. By default, none of these attributes is associated with the new identifier.
/USER=user-spec
Scans the UAF record for the specified user and creates the corresponding identifier. Specify user-spec by user name or UIC. You can use the asterisk wildcard to specify multiple user names or UICs. Full use of the asterisk and percent wildcards is permitted for user names; UICs must be in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard user name specification (*) creates identifiers alphabetically by user name; a wildcard UIC specification ([*,*]) creates them in numerical order by UIC./VALUE=value-specifier
Specifies the value to be attached to the identifier. The following formats are valid for the value-specifier:
IDENTIFIER:n An integer value in the range of 65,536 to 268,435,455. You can also specify the value in hexadecimal (precede the value with %X) or octal (precede the value with %O). The system displays this type of identifier in hexadecimal. To differentiate general identifiers from UIC identifiers, the system adds %X80000000 to the value you specify.
GID:n GID is the POSIX group identifier. It is an integer value in the range 0 to 16,777,215 (%XFFFFFF). The system will add %XA400.0000 to the value you specify and then enter this new value into the system RIGHTSLIST as an identifier. UIC:uic A UIC value in standard UIC format consists of a member name and, optionally, a group name enclosed in brackets. For example, [360,031]. In numeric UICs, the group number is an octal number in the range of 1 to 37776; the member number is an octal number in the range of 0 to 177776. You can omit leading zeros when you are specifying group and member numbers.
Regardless of the UIC format you use, the system translates a UIC to a 32-bit numeric value.
Alphanumeric UICs are not allowed.
Typically, system managers add identifiers as UIC values to represent system users; the system applies identifiers in integer format to system resources.
#1 |
---|
UAF> ADD/IDENTIFIER/VALUE=UIC:[300,011] INVENTORY %UAF-I-RDBADDMSGU, identifier INVENTORY value: [000300,000011] added to RIGHTSLIST.DAT |
The command in this example adds an identifier named INVENTORY to the rights database. By default, the identifier is not marked as a resource.
#2 |
---|
UAF> ADD/IDENTIFIER/ATTRIBUTES=(RESOURCE) - _/VALUE=IDENTIFIER:%X80011 PAYROLL %UAF-I-RDBADDMSGU, identifier PAYROLL value: %X80080011 added to RIGHTSLIST.DAT |
This command adds the identifier PAYROLL and marks it as a resource. To differentiate identifiers with integer values from identifiers with UIC values, %X80000000 is added to the specified code.
Adds an entry to the network proxy authorization files, NETPROXY.DAT and NET$PROXY.DAT, and signals DECnet to update its volatile database. Proxy additions take effect immediately on all nodes in a cluster that share the proxy database.
ADD/PROXY node::remote-user local-user[,...]
node
Specifies a DECnet node name. If you provide a wildcard character (*), the specified remote user on all nodes is served by the account defined as local-user.remote-user
Specifies the user name of a user at a remote node. If you specify an asterisk, all users at the specified node are served by the local user.For systems that are not OpenVMS and that implement DECnet, specifies the UIC of a user at a remote node. You can specify a wildcard character (*) in the group and member fields of the UIC.
local-user
Specifies the user names of 1 to 16 users on the local node. If you specify an asterisk, a local-user name equal to remote-user name will be used.
/DEFAULT
Establishes the specified user name as the default proxy account. The remote user can request proxy access to an authorized account other than the default proxy account by specifying the name of the proxy account in the access control string of the network operation.
The ADD/PROXY command adds an entry to the network proxy authorization files, NETPROXY.DAT and NET$PROXY.DAT, and signals DECnet to update its volatile database. Proxy additions take effect immediately on all nodes in a cluster that share the proxy database.You can grant a remote user access to one default proxy account and up to 15 other local accounts. To access proxy accounts other than the default proxy account, remote users specify the requested account name in an access control string. To change the default proxy account, use the AUTHORIZE command MODIFY/PROXY.
Proxy login is an effective way to avoid specifying (and, possibly, revealing) passwords in command lines. However, you must use caution in granting access to remote users. While logged in to the local system, remote users can apply the full DCL command set (with the exception of SET HOST). A remote user receives the default privileges of the local user and, therefore, becomes the owner of the local user's files when executing any DCL commands.
To avoid potential security compromises, HP recommends that you create proxy accounts on the local node that are less privileged than a user's normal account on the remote node. By adding an extension such as _N, you can identify the account as belonging to a remote user, while distinguishing it from a native account with the same name on the local node. For example, the following command creates a JONES_N proxy account on the local node that allows the user JONES to access the account from the remote node SAMPLE:
UAF> ADD/PROXY SAMPLE::JONES JONES_N/DEFAULT %UAF-I-NAFADDMSG, record successfully added to NETPROXY.DATFor more information about creating proxy accounts, refer to the HP OpenVMS Guide to System Security.
#1 |
---|
UAF> ADD/PROXY SAMPLE::WALTER ROBIN/DEFAULT %UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT |
Specifies that user WALTER on remote node SAMPLE has proxy access to user ROBIN's account on local node AXEL. Through proxy login, WALTER receives the default privileges of user ROBIN when he accesses node AXEL remotely.
#2 |
---|
UAF> ADD/PROXY MISHA::* MARCO/DEFAULT, OSCAR %UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT |
Specifies that any user on the remote node MISHA can, by default, use the MARCO account on the local node for DECnet tasks such as remote file access. Remote users can also access the OSCAR proxy account by specifying the user name OSCAR in the access control string.
#3 |
---|
UAF> ADD/PROXY MISHA::MARCO */DEFAULT %UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT |
Specifies that user MARCO on the remote node MISHA can use only the MARCO account on the local node for remote file access.
#4 |
---|
UAF> ADD/PROXY TAO::MARTIN MARTIN/D,SALES_READER %UAF-I-NAFADDMSG, proxy from TAO:.TWA.RAN::MARTIN to MARTIN added %UAF-I-NAFADDMSG, proxy from TAO:.TWA.RAN::MARTIN to SALES_READER added |
Adds a proxy from TAO::MARTIN to the local accounts MARTIN (the default) and SALES_READER on a system running DECnet-Plus.
Creates a new SYSUAF record that duplicates an existing UAF record.
COPY oldusername newusername
oldusername
Name of an existing user record to serve as a template for the new record.newusername
Name for the new user record. The user name is a string of 1 to 12 alphanumeric characters.
/ACCESS[=(range[,...])]
/NOACCESS[=(range[,...])]
Specifies hours of access for all modes of access. The syntax for specifying the range is:
/[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])
Specify hours as integers from 0 to 23, inclusive. You can specify single hours (n) or ranges of hours (n-m). If the ending hour of a range is earlier than the starting hour, the range extends from the starting hour through midnight to the ending hour. The first set of hours after the keyword PRIMARY specifies hours on primary days; the second set of hours after the keyword SECONDARY specifies hours on secondary days. Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour.
By default, a user has full access every day. See the DCL command SET DAY in the HP OpenVMS DCL Dictionary for information about overriding the defaults for primary and secondary day types.
All the list elements are optional. Unless you specify hours for a day type, access is permitted for the entire day. By specifying an access time, you prevent access at all other times. Adding NO to the qualifier denies the user access to the system for the specified period of time. See the following examples.
/ACCESS Allows unrestricted access /NOACCESS=SECONDARY Allows access on primary days only /ACCESS=(9-17) Allows access from 9 A.M. to 5:59 P.M. on all days /NOACCESS=(PRIMARY, 9-17, SECONDARY, 18-8) Disallows access between 9 A.M. to 5:59 P.M. on primary days but allows access during these hours on secondary days To specify access hours for specific types of access, see the /BATCH, /DIALUP, /INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.
Refer to HP OpenVMS Guide to System Security for information about the effects of login class restrictions.
/ACCOUNT=account-name
Specifies the default name for the account (for example, a billing name or number). The name can be a string of 1 to 8 alphanumeric characters. By default, AUTHORIZE does not assign an account name./ADD_IDENTIFIER (default)
/NOADD_IDENTIFIER
Adds a user (user name and account name) to the rights database. The /NOADD_IDENTIFIER does not create a rights list identifier (user name and account name). The AUTHORIZE command ADD/IDENTIFIER is quite different: it adds a record to the AUTHORIZE database UAF file./ALGORITHM=keyword=type [=value]
Sets the password encryption algorithm for a user. The keyword VMS refers to the algorithm used in the operating system version that is running on your system, whereas a customer algorithm is one that is added through the $HASH_PASSWORD system service by a customer site, by a layered product, or by a third party. The customer algorithm is identified in $HASH_PASSWORD by an integer in the range of 128 to 255. It must correspond with the number used in the AUTHORIZE command MODIFY/ALGORITHM. By default, passwords are encrypted with the VMS algorithm for the current version of the operating system.
Keyword Function BOTH Set the algorithm for primary and secondary passwords. CURRENT Set the algorithm for the primary, secondary, both, or no passwords, depending on account status. CURRENT is the default value. PRIMARY Set the algorithm for the primary password only. SECONDARY Set the algorithm for the secondary password only. The following table lists password encryption algorithms:
Type Definition VMS The algorithm used in the version of the operating system that is running on your system. CUSTOMER A numeric value in the range of 128 to 255 that identifies a customer algorithm. The following example selects the VMS algorithm for Sontag's primary password:
UAF> MODIFY SONTAG/ALGORITHM=PRIMARY=VMSIf you select a site-specific algorithm, you must give a value to identify the algorithm, as follows:
UAF> MODIFY SONTAG/ALGORITHM=CURRENT=CUSTOMER=128/ASTLM=value
Specifies the AST queue limit, which is the total number of asynchronous system trap (AST) operations and scheduled wake-up requests that the user can have queued at one time. The default is 40 on VAX systems and 250 on Alpha systems./BATCH[=(range[,...])]
Specifies the hours of access permitted for batch jobs. For a description of the range specification, see the /ACCESS qualifier. By default, a user can submit batch jobs any time./BIOLM=value
Specifies a buffered I/O count limit for the BIOLM field of the UAF record. The buffered I/O count limit is the maximum number of buffered I/O operations, such as terminal I/O, that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems./BYTLM=value
Specifies the buffered I/O byte limit for the BYTLM field of the UAF record. The buffered I/O byte limit is the maximum number of bytes of nonpaged system dynamic memory that a user's job can consume at one time. Nonpaged dynamic memory is used for operations such as I/O buffering, mailboxes, and file-access windows. The default is 32768 on VAX systems and 64000 on Alpha systems./CLI=cli-name
Specifies the name of the default command language interpreter (CLI) for the CLI field of the UAF record. The cli-name is a string of 1 to 31 alphanumeric characters and should be DCL, which is the default. This setting is ignored for network jobs./CLITABLES=filespec
Specifies user-defined CLI tables for the account. The filespec can contain 1 to 31 characters. The default is SYS$LIBRARY:DCLTABLES. Note that this setting is ignored for network jobs to guarantee that the system-supplied command procedures used to implement network objects function properly./CPUTIME=time
Specifies the maximum process CPU time for the CPU field of the UAF record. The maximum process CPU time is the maximum amount of CPU time a user's process can take per session. You must specify a delta time value. For a discussion of delta time values, refer to the OpenVMS User's Manual. The default is 0, which means an infinite amount of time./DEFPRIVILEGES=([NO]privname[,...])
Specifies default privileges for the user; that is, those enabled at login time. A NO prefix removes a privilege from the user. By specifying the keyword [NO]ALL with the /DEFPRIVILEGES qualifier, you can disable or enable all user privileges. The default privileges are TMPMBX and NETMBX. Privname is the name of the privilege./DEVICE=device-name
Specifies the name of the user's default device at login. The device-name is a string of 1 to 31 alphanumeric characters. If you omit the colon from the device-name value, AUTHORIZE appends a colon. The default device is SYS$SYSDISK.If you specify a logical name as the device-name (for example, DISK1: for DUA1:), you must make an entry for the logical name in the LNM$SYSTEM_TABLE in executive mode by using the DCL command DEFINE/SYSTEM/EXEC.
/DIALUP[=(range[,...])]
Specifies hours of access permitted for dialup logins. For a description of the range specification, see the /ACCESS qualifier. The default is full access./DIOLM=value
Specifies the direct I/O count limit for the DIOLM field of the UAF record. The direct I/O count limit is the maximum number of direct I/O operations (usually disk) that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems./DIRECTORY=directory-name
Specifies the default directory name for the DIRECTORY field of the UAF record. The directory-name can be 1 to 39 alphanumeric characters. If you do not enclose the directory name in brackets, AUTHORIZE adds the brackets for you. The default directory name is [USER]./ENQLM=value
Specifies the lock queue limit for the ENQLM field of the UAF record. The lock queue limit is the maximum number of locks that can be queued by the user at one time. The default is 200 on VAX systems and 2000 on Alpha systems./EXPIRATION=time (default)
/NOEXPIRATION
Specifies the expiration date and time of the account. The /NOEXPIRATION qualifier removes the expiration date on the account. If you do not specify an expiration time when you add a new account, AUTHORIZE copies the expiration time from the DEFAULT account. (The expiration time on the DEFAULT account is "none" by default.)/FILLM=value
Specifies the open file limit for the FILLM field of the UAF record. The open file limit is the maximum number of files that can be open at one time, including active network logical links. The default is 300 on VAX systems and 100 on Alpha systems./FLAGS=([NO]option[,...])
Specifies login flags for the user. The prefix NO clears the flag. The options are as follows:
AUDIT Enables or disables mandatory security auditing for a specific user. By default, the system does not audit the activities of specific users (NOAUDIT). AUTOLOGIN Restricts the user to the automatic login mechanism when logging in to an account. When set, the flag disables login by any terminal that requires entry of a user name and password. The default is to require a user name and password (NOAUTOLOGIN). CAPTIVE Prevents the user from changing any defaults at login, for example, /CLI or /LGICMD. It prevents the user from escaping the captive login command procedure specified by the /LGICMD qualifier and gaining access to the DCL command level. Refer to "Guidelines for Captive Command Procedures" in the HP OpenVMS Guide to System Security. The CAPTIVE flag also establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. By default, an account is not captive (NOCAPTIVE).
DEFCLI Restricts the user to the default command interpreter by prohibiting the use of the /CLI qualifier at login. By default, a user can choose a CLI (NODEFCLI). DISCTLY Establishes an environment where Ctrl/Y interrupts are initially turned off and are invalid until a SET CONTROL=Y is encountered. This could happen in SYLOGIN.COM or in a procedure called by SYLOGIN.COM. Once a SET CONTROL=Y is executed (which requires no privilege), a user can enter a Ctrl/Y and reach the DCL prompt ($). If the intent of DISCTLY is to force execution of the login command files, then SYLOGIN.COM should issue the DCL command SET CONTROL=Y to turn on Ctrl/Y interrupts before exiting. By default, Ctrl/Y is enabled (NODISCTLY). DISFORCE_PWD_CHANGE Removes the requirement that a user must change an expired password at login. By default, a person can use an expired password only once (NODISFORCE_PWD_CHANGE) and then is forced to change the password after logging in. If the user does not select a new password, the user is locked out of the system. To use this feature, set a password expiration date with the /PWDLIFETIME qualifier.
DISIMAGE Prevents the user from executing RUN and foreign commands. By default, a user can execute RUN and foreign commands (NODISIMAGE). DISMAIL Disables mail delivery to the user. By default, mail delivery is enabled (NODISMAIL). DISNEWMAIL Suppresses announcements of new mail at login. By default, the system announces new mail (NODISNEWMAIL). DISPWDDIC Disables automatic screening of new passwords against a system dictionary. By default, passwords are automatically screened (NODISPWDDIC). DISPWDHIS Disables automatic checking of new passwords against a list of the user's old passwords. By default, the system screens new passwords (NODISPWDHIS). DISPWDSYNCH Suppresses synchronization of the external password for this account. See bit 9 in the SECURITY_POLICY system parameter for systemwide password synchronization control. DISRECONNECT Disables automatic reconnection to an existing process when a terminal connection has been interrupted. By default, automatic reconnection is enabled (NODISRECONNECT). DISREPORT Suppresses reports of the last login time, login failures, and other security reports. By default, login information is displayed (NODISREPORT). DISUSER Disables the account so the user cannot log in. For example, the DEFAULT account is disabled. By default, an account is enabled (NODISUSER). DISWELCOME Suppresses the welcome message (an informational message displayed during a local login). This message usually indicates the version number of the operating system that is running and the name of the node on which the user is logged in. By default, a system login message appears (NODISWELCOME). EXTAUTH Considers user to be authenticated by an external user name and password, not by the SYSUAF user name and password. (The system still uses the SYSUAF record to check a user's login restrictions and quotas and to create the user's process profile.) GENPWD Restricts the user to generated passwords. By default, users choose their own passwords (NOGENPWD). LOCKPWD Prevents the user from changing the password for the account. By default, users can change their passwords (NOLOCKPWD). PWD_EXPIRED Marks a password as expired. The user cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not expired after login (NOPWD_EXPIRED). PWD2_EXPIRED Marks a secondary password as expired. Users cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not set to expire after login (NOPWD2_EXPIRED). PWDMIX Enables case-sensitive and extended-character passwords. After PWDMIX is specified, you can then use mixed-case and extended characters in passwords. Be aware that before the PWDMIX flag is enabled, the system stores passwords in all upper-case. Therefore, until you change passwords, you must enter your pre-PWDMIX passwords in upper-case.
To change the password after PWDMIX is enabled:
- You (the user) can use the DCL command SET PASSWORD, specifying the new mixed-case password (omitting quotation marks).
- You (the system manager) can use the AUTHORIZE command MODIFY/PASSWORD, and enclose the user's new mixed-case password in quotation marks " " .
RESTRICTED Prevents the user from changing any defaults at login (for example, by specifying /LGICMD) and prohibits user specification of a CLI with the /CLI qualifier. The RESTRICTED flag establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. Typically, this flag is used to prevent an applications user from having unrestricted access to the CLI. By default, a user can change defaults (NORESTRICTED). VMSAUTH Allows account to use standard (SYSUAF) authentication when the EXTAUTH flag would otherwise require external authentication. This depends on the application. An application specifies the VMS domain of interpretation when calling SYS$ACM to request standard VMS authentication for a user account that normally uses external authentication. /GENERATE_PASSWORD[=keyword]
/NOGENERATE_PASSWORD (default)
Invokes the password generator to create user passwords. Generated passwords can consist of 1 to 10 characters. Specify one of the following keywords:
BOTH Generate primary and secondary passwords. CURRENT Do whatever the DEFAULT account does (for example, generate primary, secondary, both, or no passwords). This is the default keyword. PRIMARY Generate primary password only. SECONDARY Generate secondary password only. When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, users are forced to change their passwords (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).
Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.
/INTERACTIVE[ =(range[,...])]
/NOINTERACTIVE
Specifies the hours of access for interactive logins. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on interactive logins./JTQUOTA=value
Specifies the initial byte quota with which the jobwide logical name table is to be created. By default, the value is 4096 on VAX systems and 4096 on Alpha systems./LGICMD=filespec
Specifies the name of the default login command file. The file name defaults to the device specified for /DEVICE, the directory specified for /DIRECTORY, a file name of LOGIN, and a file type of .COM. If you select the defaults for all these values, the file name is SYS$SYSTEM:[USER]LOGIN.COM./LOCAL[=(range[,...])]
Specifies hours of access for interactive logins from local terminals. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on local logins./MAXACCTJOBS=value
Specifies the maximum number of batch, interactive, and detached processes that can be active at one time for all users of the same account. By default, a user has a maximum of 0, which represents an unlimited number./MAXDETACH=value
Specifies the maximum number of detached processes with the cited user name that can be active at one time. To prevent the user from creating detached processes, specify the keyword NONE. By default, a user has a value of 0, which represents an unlimited number./MAXJOBS=value
Specifies the maximum number of processes (interactive, batch, detached, and network) with the cited user name that can be active simultaneously. The first four network jobs are not counted. By default, a user has a maximum value of 0, which represents an unlimited number./NETWORK[=(range[,...])]
Specifies hours of access for network batch jobs. For a description of how to specify the range, see the /ACCESS qualifier. By default, network logins have no access restrictions./OWNER=owner-name
Specifies the name of the owner of the account. You can use this name for billing purposes or similar applications. The owner name is 1 to 31 characters. No default owner name exists./PASSWORD=(password1[,password2])
/NOPASSWORD
Specifies up to two passwords for login. Passwords can be from 0 to 32 alphanumeric characters in length. The dollar sign ($) and underscore (_) are also permitted.Uppercase and lowercase characters are equivalent. All lowercase characters are converted to uppercase before the password is encrypted. Avoid using the word password as the actual password.
Use the /PASSWORD qualifier as follows:
- To set only the first password and clear the second, specify /PASSWORD=password.
- To set both the first and second password, specify /PASSWORD=(password1, password2).
- To change the first password without affecting the second, specify /PASSWORD=(password, "").
- To change the second password without affecting the first, specify /PASSWORD=("", password).
- To set both passwords to null, specify /NOPASSWORD.
When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, the user is forced to change the password (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).
Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.
When you create a new UAF record with the COPY command, you must specify a password.
/PBYTLM
This flag is reserved for HP./PGFLQUOTA=value
Specifies the paging file limit. This is the maximum number of pages that the person's process can use in the system paging file. By default, the value is 32768 pages on VAX systems and 50000 pagelets on Alpha systems.If decompressing libraries, make sure to set PGFLQUOTA to twice the size of the library.
/PRCLM=value
Specifies the subprocess creation limit. This is the maximum number of subprocesses that can exist at one time for the specified user's process. By default, the value is 2 on VAX systems and 8 on Alpha systems./PRIMEDAYS=([NO]day[,...])
Defines the primary and secondary days of the week for logging in. Specify the days as a list separated by commas, and enclose the list in parentheses. To specify a secondary day, prefix the day with NO (for example, NOFRIDAY). To specify a primary day, omit the NO prefix.By default, primary days are Monday through Friday and secondary days are Saturday and Sunday. If you omit a day from the list, AUTHORIZE uses the default value. (For example, if you omit Monday from the list, AUTHORIZE defines Monday as a primary day.)
Use the primary and secondary day definitions in conjunction with such qualifiers as /ACCESS, /INTERACTIVE, and /BATCH.
/PRIORITY=value
Specifies the default base priority. The value is an integer in the range of 0 to 31 on VAX systems and 0 to 63 on Alpha systems. By default, the value is set to 4 for timesharing users./PRIVILEGES=([NO]privname[,...])
Specifies which privileges the user is authorized to hold, although these privileges are not necessarily enabled at login. (The /DEFPRIVILEGES qualifier determines which ones are enabled.) A NO prefix removes the privilege from the user. The keyword NOALL disables all user privileges. Many privileges have varying degrees of power and potential system impact (see the HP OpenVMS Guide to System Security for a detailed discussion). By default, a user holds TMPMBX and NETMBX privileges. Privname is the name of the privilege./PWDEXPIRED (default)
/NOPWDEXPIRED
Specifies the password is valid for only one login. A user must change a password immediately after login or be locked out of the system. The system warns users of password expiration. A user can either specify a new password, with the DCL command SET PASSWORD, or wait until expiration and be forced to change. By default, a user must change a password when first logging in to an account. The default is applied to the account only when the password is being modified./PWDLIFETIME=time (default)
/NOPWDLIFETIME
Specifies the length of time a password is valid. Specify a delta time value in the form [dddd-] [hh:mm:ss.cc]. For example, for a lifetime of 120 days, 0 hours, and 0 seconds, specify /PWDLIFETIME="120-". For a lifetime of 120 days 12 hours, 30 minutes and 30 seconds, specify /PWDLIFETIME="120-12:30:30". If a period longer than the specified time elapses before the user logs in, the system displays a warning message. The password is marked as expired.To prevent a password from expiring, specify the time as NONE. By default, a password expires in 90 days.
/PWDMINIMUM=value
Specifies the minimum password length in characters. Note that this value is enforced only by the DCL command SET PASSWORD. It does not prevent you from entering a password shorter than the minimum length when you use AUTHORIZE to create or modify an account. By default, a password must have at least 6 characters. The value specified by the /PWDMINIMUM qualifier conflicts with the value used by the /GENERATE_PASSWORD qualifier or the DCL command SET PASSWORD/GENERATE, the operating system chooses the lesser value. The maximum value for generated passwords is 10./QUEPRIO=value
Reserved for future use./REMOTE[=(range[,...])]
Specifies hours during which access is permitted for interactive logins from network remote terminals (with the DCL command SET HOST). For a description of the range specification, see the /ACCESS qualifier. By default, remote logins have no access restrictions./SHRFILLM=value
Specifies the maximum number of shared files that the user can have open at one time. By default, the system assigns a value of 0, which represents an infinite number./TQELM
Specifies the total number of entries in the timer queue plus the number of temporary common event flag clusters that the user can have at one time. By default, a user can have 10./UIC=value
Specifies the user identification code (UIC). The UIC value is a group number in the range from 1 to 37776 (octal) and a member number in the range from 0 to 177776 (octal), which are separated by a comma and enclosed in brackets. HP reserves group 1 and groups 300--377 for its own use.Each user must have a unique UIC. By default, the UIC value is [200,200].
/WSDEFAULT=value
Specifies the default working set limit. This represents the initial limit to the number of physical pages the process can use. (The user can alter the default quantity up to WSQUOTA with the DCL command SET WORKING_SET.) By default, a user has 256 pages on VAX systems and 2000 pagelets on Alpha systems.The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSDEFAULT.
/WSEXTENT=value
Specifies the working set maximum. This represents the maximum amount of physical memory allowed to the process. The system provides memory to a process beyond its working set quota only when it has excess free pages. The additional memory is recalled by the system if needed.The value is an integer equal to or greater than WSQUOTA. By default, the value is 1024 pages on VAX systems and 16384 pagelets on Alpha systems. The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSEXTENT.
/WSQUOTA=value
Specifies the working set quota. This is the maximum amount of physical memory a user process can lock into its working set. It also represents the maximum amount of swap space that the system reserves for this process and the maximum amount of physical memory that the system allows the process to consume if the systemwide memory demand is significant.The value cannot be greater than the value of WSMAX and cannot exceed 64K pages. This quota value replaces smaller values of PQL_MWSQUOTA.
The COPY command creates a new SYSUAF record that duplicates an existing SYSUAF record. The command requires the /PASSWORD qualifier. If you do not specify additional qualifiers to the COPY command, the fields in the record you create are the same as those in the record being copied.For example, you could add a record for a new user named Thomas Sparrow that is identical to that of Joseph Robin (but presumably different from the default record), as follows:
UAF> COPY ROBIN SPARROW /PASSWORD=SP0152However, to add a record for Thomas Sparrow that differs from Joseph Robin's in the UIC, directory name, password, and owner, specify the following command:
UAF> COPY ROBIN SPARROW /UIC=[200,13]/DIRECTORY=[SPARROW] - _/PASSWORD=THOMAS/OWNER="THOMAS SPARROW"You can also use the COPY command to create a set of template records to meet the specific needs of various user groups. For example, if you have programmers, administrators, and data entry personnel working on the same system, you can create records such as PROGRAMMER, ADMINISTRATOR, and DATA_ENTRY, each tailored to the needs of a particular group. To add an account for a new user in one of these groups, copy the appropriate template record and specify a new user name, password, UIC, directory, and owner.
If you omit the /PASSWORD qualifier when you create an account, AUTHORIZE displays the following error message:
%UAF-W-DEFPWD, copied or renamed records must receive new passwordTo specify a password for the account, use the MODIFY command with the /PASSWORD qualifier.
#1 |
---|
UAF> COPY ROBIN SPARROW /PASSWORD=SP0152 %UAF-I-COPMSG, user record copied %UAF-E-RDBADDERRU, unable to add SPARROW value: [000014,00006] to RIGHTSLIST.DAT -SYSTEM-F-DUPIDENT, duplicate identifier |
The command in this example adds a record for Thomas Sparrow that is identical, except for the password, to that of Joseph Robin. Note that because the UIC value has no change, no identifier is added to RIGHTSLIST.DAT. AUTHORIZE issues a "duplicate identifier" error message.
#2 |
---|
UAF> COPY ROBIN SPARROW /UIC=[200,13]/DIRECTORY=[SPARROW] - _/PASSWORD=THOMAS/OWNER="THOMAS SPARROW" %UAF-I-COPMSG, user record copied %UAF-I-RDBADDMSGU, identifier SPARROW value: [000200,000013] added to RIGHTSLIST.DAT |
The command in this example adds a record for Thomas Sparrow that is the same as Joseph Robin's except for the UIC, directory name, password, and owner. Note that you could use a similar command to copy a template record when adding a record for a new user in a particular user group.
Creates and initializes the network proxy authorization files. The primary network proxy authorization file is NET$PROXY.DAT. The file NETPROXY.DAT is maintained for compatibility.
Note
Do not delete NETPROXY.DAT because DECnet Phase IV and many layered products still use it.
CREATE/PROXY
None.
None.
NETPROXY.DAT is created with no records and is assigned the following protection:
(S:RWED,O:RWED,G,W)NET$PROXY.DAT is created with no records and is assigned the following protection:
(S:RWED,O,G,W)If NETPROXY.DAT or NET$PROXY.DAT already exist, AUTHORIZE reports the following error message:
%UAF-W-NAFAEX, NETPROXY.DAT already existsTo create a new file, you must either delete or rename the old one.
UAF> CREATE/PROXY UAF> |
The command in this example creates and initializes the network proxy authorization file.
Creates and initializes the rights database, RIGHTSLIST.DAT.
CREATE/RIGHTS
None.
None.
RIGHTSLIST.DAT is created with no records and is assigned the following protection:
(S:RWED,O:RWED,G:R,W:)Note that the file is created only if the file does not already exist.
UAF> CREATE/RIGHTS %UAF-E-RDBCREERR, unable to create RIGHTSLIST.DAT -RMS-E-FEX, file already exists, not superseded |
You can use the command in this example to create and initialize a new rights database. Note, however, that RIGHTSLIST.DAT is created automatically during the installation process. Thus, you must delete or rename the existing file before creating a new one. For more information about rights database management, refer to the HP OpenVMS Guide to System Security.
Modifies the SYSUAF's DEFAULT record.
DEFAULT
None.
/ACCESS[=(range[,...])]
/NOACCESS[=(range[,...])]
Specifies hours of access for all modes of access. The syntax for specifying the range is:
/[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])
Specify hours as integers from 0 to 23, inclusive. You can specify single hours (n) or ranges of hours (n-m). If the ending hour of a range is earlier than the starting hour, the range extends from the starting hour through midnight to the ending hour. The first set of hours after the keyword PRIMARY specifies hours on primary days; the second set of hours after the keyword SECONDARY specifies hours on secondary days. Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour.
By default, a user has full access every day. See the DCL command SET DAY in the HP OpenVMS DCL Dictionary for information about overriding the defaults for primary and secondary day types.
All the list elements are optional. Unless you specify hours for a day type, access is permitted for the entire day. By specifying an access time, you prevent access at all other times. Adding NO to the qualifier denies the user access to the system for the specified period of time. See the following examples.
/ACCESS Allows unrestricted access /NOACCESS=SECONDARY Allows access on primary days only /ACCESS=(9-17) Allows access from 9 A.M. to 5:59 P.M. on all days /NOACCESS=(PRIMARY, 9-17, SECONDARY, 18-8) Disallows access between 9 A.M. to 5:59 P.M. on primary days but allows access during these hours on secondary days To specify access hours for specific types of access, see the /BATCH, /DIALUP, /INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.
Refer to HP OpenVMS Guide to System Security for information about the effects of login class restrictions.
/ACCOUNT=account-name
Specifies the default name for the account (for example, a billing name or number). The name can be a string of 1 to 8 alphanumeric characters. By default, AUTHORIZE does not assign an account name./ALGORITHM=keyword=type [=value]
Sets the password encryption algorithm for a user. The keyword VMS refers to the algorithm used in the operating system version that is running on your system, whereas a customer algorithm is one that is added through the $HASH_PASSWORD system service by a customer site, by a layered product, or by a third party. The customer algorithm is identified in $HASH_PASSWORD by an integer in the range of 128 to 255. It must correspond with the number used in the AUTHORIZE command MODIFY/ALGORITHM. By default, passwords are encrypted with the VMS algorithm for the current version of the operating system.
Keyword Function BOTH Set the algorithm for primary and secondary passwords. CURRENT Set the algorithm for the primary, secondary, both, or no passwords, depending on account status. CURRENT is the default value. PRIMARY Set the algorithm for the primary password only. SECONDARY Set the algorithm for the secondary password only. The following table lists password encryption algorithms:
Type Definition VMS The algorithm used in the version of the operating system that is running on your system. CUSTOMER A numeric value in the range of 128 to 255 that identifies a customer algorithm. The following example selects the VMS algorithm for Sontag's primary password:
UAF> MODIFY SONTAG/ALGORITHM=PRIMARY=VMSIf you select a site-specific algorithm, you must give a value to identify the algorithm, as follows:
UAF> MODIFY SONTAG/ALGORITHM=CURRENT=CUSTOMER=128/ASTLM=value
Specifies the AST queue limit, which is the total number of asynchronous system trap (AST) operations and scheduled wake-up requests that the user can have queued at one time. The default is 40 on VAX systems and 250 on Alpha systems./BATCH[=(range[,...])]
Specifies the hours of access permitted for batch jobs. For a description of the range specification, see the /ACCESS qualifier. By default, a user can submit batch jobs any time./BIOLM=value
Specifies a buffered I/O count limit for the BIOLM field of the UAF record. The buffered I/O count limit is the maximum number of buffered I/O operations, such as terminal I/O, that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems./BYTLM=value
Specifies the buffered I/O byte limit for the BYTLM field of the UAF record. The buffered I/O byte limit is the maximum number of bytes of nonpaged system dynamic memory that a user's job can consume at one time. Nonpaged dynamic memory is used for operations such as I/O buffering, mailboxes, and file-access windows. The default is 32768 on VAX systems and 64000 on Alpha systems./CLI=cli-name
Specifies the name of the default command language interpreter (CLI) for the CLI field of the UAF record. The cli-name is a string of 1 to 31 alphanumeric characters and should be DCL, which is the default. This setting is ignored for network jobs./CLITABLES=filespec
Specifies user-defined CLI tables for the account. The filespec can contain 1 to 31 characters. The default is SYS$LIBRARY:DCLTABLES. Note that this setting is ignored for network jobs to guarantee that the system-supplied command procedures used to implement network objects function properly./CPUTIME=time
Specifies the maximum process CPU time for the CPU field of the UAF record. The maximum process CPU time is the maximum amount of CPU time a user's process can take per session. You must specify a delta time value. For a discussion of delta time values, refer to the OpenVMS User's Manual. The default is 0, which means an infinite amount of time./DEFPRIVILEGES=([NO]privname[,...])
Specifies default privileges for the user; that is, those enabled at login time. A NO prefix removes a privilege from the user. By specifying the keyword [NO]ALL with the /DEFPRIVILEGES qualifier, you can disable or enable all user privileges. The default privileges are TMPMBX and NETMBX. Privname is the name of the privilege./DEVICE=device-name
Specifies the name of the user's default device at login. The device-name is a string of 1 to 31 alphanumeric characters. If you omit the colon from the device-name value, AUTHORIZE appends a colon. The default device is SYS$SYSDISK.If you specify a logical name as the device-name (for example, DISK1: for DUA1:), you must make an entry for the logical name in the LNM$SYSTEM_TABLE in executive mode by using the DCL command DEFINE/SYSTEM/EXEC.
/DIALUP[=(range[,...])]
Specifies hours of access permitted for dialup logins. For a description of the range specification, see the /ACCESS qualifier. The default is full access./DIOLM=value
Specifies the direct I/O count limit for the DIOLM field of the UAF record. The direct I/O count limit is the maximum number of direct I/O operations (usually disk) that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems./DIRECTORY=directory-name
Specifies the default directory name for the DIRECTORY field of the UAF record. The directory-name can be 1 to 39 alphanumeric characters. If you do not enclose the directory name in brackets, AUTHORIZE adds the brackets for you. The default directory name is [USER]./ENQLM=value
Specifies the lock queue limit for the ENQLM field of the UAF record. The lock queue limit is the maximum number of locks that can be queued by the user at one time. The default is 200 on VAX systems and 2000 on Alpha systems./EXPIRATION=time (default)
/NOEXPIRATION
Specifies the expiration date and time of the account. The /NOEXPIRATION qualifier removes the expiration date on the account. If you do not specify an expiration time when you add a new account, AUTHORIZE copies the expiration time from the DEFAULT account. (The expiration time on the DEFAULT account is "none" by default.)/FILLM=value
Specifies the open file limit for the FILLM field of the UAF record. The open file limit is the maximum number of files that can be open at one time, including active network logical links. The default is 300 on VAX systems and 100 on Alpha systems./FLAGS=([NO]option[,...])
Specifies login flags for the user. The prefix NO clears the flag. The options are as follows:
AUDIT Enables or disables mandatory security auditing for a specific user. By default, the system does not audit the activities of specific users (NOAUDIT). AUTOLOGIN Restricts the user to the automatic login mechanism when logging in to an account. When set, the flag disables login by any terminal that requires entry of a user name and password. The default is to require a user name and password (NOAUTOLOGIN). CAPTIVE Prevents the user from changing any defaults at login, for example, /CLI or /LGICMD. It prevents the user from escaping the captive login command procedure specified by the /LGICMD qualifier and gaining access to the DCL command level. Refer to "Guidelines for Captive Command Procedures" in the HP OpenVMS Guide to System Security. The CAPTIVE flag also establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. By default, an account is not captive (NOCAPTIVE).
DEFCLI Restricts the user to the default command interpreter by prohibiting the use of the /CLI qualifier at login. By default, a user can choose a CLI (NODEFCLI). DISCTLY Establishes an environment where Ctrl/Y interrupts are initially turned off and are invalid until a SET CONTROL=Y is encountered. This could happen in SYLOGIN.COM or in a procedure called by SYLOGIN.COM. Once a SET CONTROL=Y is executed (which requires no privilege), a user can enter a Ctrl/Y and reach the DCL prompt ($). If the intent of DISCTLY is to force execution of the login command files, then SYLOGIN.COM should issue the DCL command SET CONTROL=Y to turn on Ctrl/Y interrupts before exiting. By default, Ctrl/Y is enabled (NODISCTLY). DISFORCE_PWD_CHANGE Removes the requirement that a user must change an expired password at login. By default, a person can use an expired password only once (NODISFORCE_PWD_CHANGE) and then is forced to change the password after logging in. If the user does not select a new password, the user is locked out of the system. To use this feature, set a password expiration date with the /PWDLIFETIME qualifier.
DISIMAGE Prevents the user from executing RUN and foreign commands. By default, a user can execute RUN and foreign commands (NODISIMAGE). DISMAIL Disables mail delivery to the user. By default, mail delivery is enabled (NODISMAIL). DISNEWMAIL Suppresses announcements of new mail at login. By default, the system announces new mail (NODISNEWMAIL). DISPWDDIC Disables automatic screening of new passwords against a system dictionary. By default, passwords are automatically screened (NODISPWDDIC). DISPWDHIS Disables automatic checking of new passwords against a list of the user's old passwords. By default, the system screens new passwords (NODISPWDHIS). DISPWDSYNCH Suppresses synchronization of the external password for this account. See bit 9 in the SECURITY_POLICY system parameter for systemwide password synchronization control. DISRECONNECT Disables automatic reconnection to an existing process when a terminal connection has been interrupted. By default, automatic reconnection is enabled (NODISRECONNECT). DISREPORT Suppresses reports of the last login time, login failures, and other security reports. By default, login information is displayed (NODISREPORT). DISUSER Disables the account so the user cannot log in. For example, the DEFAULT account is disabled. By default, an account is enabled (NODISUSER). DISWELCOME Suppresses the welcome message (an informational message displayed during a local login). This message usually indicates the version number of the operating system that is running and the name of the node on which the user is logged in. By default, a system login message appears (NODISWELCOME). EXTAUTH Considers user to be authenticated by an external user name and password, not by the SYSUAF user name and password. (The system still uses the SYSUAF record to check a user's login restrictions and quotas and to create the user's process profile.) GENPWD Restricts the user to generated passwords. By default, users choose their own passwords (NOGENPWD). LOCKPWD Prevents the user from changing the password for the account. By default, users can change their passwords (NOLOCKPWD). PWD_EXPIRED Marks a password as expired. The user cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not expired after login (NOPWD_EXPIRED). PWD2_EXPIRED Marks a secondary password as expired. Users cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not set to expire after login (NOPWD2_EXPIRED). PWDMIX Enables case-sensitive and extended-character passwords. After PWDMIX is specified, you can then use mixed-case and extended characters in passwords. Be aware that before the PWDMIX flag is enabled, the system stores passwords in all upper-case. Therefore, until you change passwords, you must enter your pre-PWDMIX passwords in upper-case.
To change the password after PWDMIX is enabled:
- You (the user) can use the DCL command SET PASSWORD, specifying the new mixed-case password (omitting quotation marks).
- You (the system manager) can use the AUTHORIZE command MODIFY/PASSWORD, and enclose the user's new mixed-case password in quotation marks " " .
RESTRICTED Prevents the user from changing any defaults at login (for example, by specifying /LGICMD) and prohibits user specification of a CLI with the /CLI qualifier. The RESTRICTED flag establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. Typically, this flag is used to prevent an applications user from having unrestricted access to the CLI. By default, a user can change defaults (NORESTRICTED). VMSAUTH Allows account to use standard (SYSUAF) authentication when the EXTAUTH flag would otherwise require external authentication. This depends on the application. An application specifies the VMS domain of interpretation when calling SYS$ACM to request standard VMS authentication for a user account that normally uses external authentication. /GENERATE_PASSWORD[=keyword]
/NOGENERATE_PASSWORD (default)
Invokes the password generator to create user passwords. Generated passwords can consist of 1 to 10 characters. Specify one of the following keywords:
BOTH Generate primary and secondary passwords. CURRENT Do whatever the DEFAULT account does (for example, generate primary, secondary, both, or no passwords). This is the default keyword. PRIMARY Generate primary password only. SECONDARY Generate secondary password only. When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, users are forced to change their passwords (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).
Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.
/INTERACTIVE[ =(range[,...])]
/NOINTERACTIVE
Specifies the hours of access for interactive logins. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on interactive logins./JTQUOTA=value
Specifies the initial byte quota with which the jobwide logical name table is to be created. By default, the value is 4096 on VAX systems and 4096 on Alpha systems./LGICMD=filespec
Specifies the name of the default login command file. The file name defaults to the device specified for /DEVICE, the directory specified for /DIRECTORY, a file name of LOGIN, and a file type of .COM. If you select the defaults for all these values, the file name is SYS$SYSTEM:[USER]LOGIN.COM./LOCAL[=(range[,...])]
Specifies hours of access for interactive logins from local terminals. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on local logins./MAXACCTJOBS=value
Specifies the maximum number of batch, interactive, and detached processes that can be active at one time for all users of the same account. By default, a user has a maximum of 0, which represents an unlimited number./MAXDETACH=value
Specifies the maximum number of detached processes with the cited user name that can be active at one time. To prevent the user from creating detached processes, specify the keyword NONE. By default, a user has a value of 0, which represents an unlimited number./MAXJOBS=value
Specifies the maximum number of processes (interactive, batch, detached, and network) with the cited user name that can be active simultaneously. The first four network jobs are not counted. By default, a user has a maximum value of 0, which represents an unlimited number./MODIFY_IDENTIFIER (default)
/NOMODIFY_IDENTIFIER
Specifies whether the identifier associated with the user is to be modified in the rights database. This qualifier applies only when you modify the UIC or user name in the UAF record. By default, the associated identifiers are modified./NETWORK[=(range[,...])]
Specifies hours of access for network batch jobs. For a description of how to specify the range, see the /ACCESS qualifier. By default, network logins have no access restrictions./OWNER=owner-name
Specifies the name of the owner of the account. You can use this name for billing purposes or similar applications. The owner name is 1 to 31 characters. No default owner name exists./PASSWORD=(password1[,password2])
/NOPASSWORD
Specifies up to two passwords for login. Passwords can be from 0 to 32 alphanumeric characters in length. The dollar sign ($) and underscore (_) are also permitted.Uppercase and lowercase characters are equivalent. All lowercase characters are converted to uppercase before the password is encrypted. Avoid using the word password as the actual password.
Use the /PASSWORD qualifier as follows:
- To set only the first password and clear the second, specify /PASSWORD=password.
- To set both the first and second password, specify /PASSWORD=(password1, password2).
- To change the first password without affecting the second, specify /PASSWORD=(password, "").
- To change the second password without affecting the first, specify /PASSWORD=("", password).
- To set both passwords to null, specify /NOPASSWORD.
When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, the user is forced to change the password (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).
Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.
/PBYTLM
This flag is reserved for HP./PGFLQUOTA=value
Specifies the paging file limit. This is the maximum number of pages that the person's process can use in the system paging file. By default, the value is 32768 pages on VAX systems and 50000 pagelets on Alpha systems.If decompressing libraries, make sure to set PGFLQUOTA to twice the size of the library.
/PRCLM=value
Specifies the subprocess creation limit. This is the maximum number of subprocesses that can exist at one time for the specified user's process. By default, the value is 2 on VAX systems and 8 on Alpha systems./PRIMEDAYS=([NO]day[,...])
Defines the primary and secondary days of the week for logging in. Specify the days as a list separated by commas, and enclose the list in parentheses. To specify a secondary day, prefix the day with NO (for example, NOFRIDAY). To specify a primary day, omit the NO prefix.By default, primary days are Monday through Friday and secondary days are Saturday and Sunday. If you omit a day from the list, AUTHORIZE uses the default value. (For example, if you omit Monday from the list, AUTHORIZE defines Monday as a primary day.)
Use the primary and secondary day definitions in conjunction with such qualifiers as /ACCESS, /INTERACTIVE, and /BATCH.
/PRIORITY=value
Specifies the default base priority. The value is an integer in the range of 0 to 31 on VAX systems and 0 to 63 on Alpha systems. By default, the value is set to 4 for timesharing users./PRIVILEGES=([NO]privname[,...])
Specifies which privileges the user is authorized to hold, although these privileges are not necessarily enabled at login. (The /DEFPRIVILEGES qualifier determines which ones are enabled.) A NO prefix removes the privilege from the user. The keyword NOALL disables all user privileges. Many privileges have varying degrees of power and potential system impact (see the HP OpenVMS Guide to System Security for a detailed discussion). By default, a user holds TMPMBX and NETMBX privileges. Privname is the name of the privilege./PWDEXPIRED (default)
/NOPWDEXPIRED
Specifies the password is valid for only one login. A user must change a password immediately after login or be locked out of the system. The system warns users of password expiration. A user can either specify a new password, with the DCL command SET PASSWORD, or wait until expiration and be forced to change. By default, a user must change a password when first logging in to an account. The default is applied to the account only when the password is being modified./PWDLIFETIME=time (default)
/NOPWDLIFETIME
Specifies the length of time a password is valid. Specify a delta time value in the form [dddd-] [hh:mm:ss.cc]. For example, for a lifetime of 120 days, 0 hours, and 0 seconds, specify /PWDLIFETIME="120-". For a lifetime of 120 days 12 hours, 30 minutes and 30 seconds, specify /PWDLIFETIME="120-12:30:30". If a period longer than the specified time elapses before the user logs in, the system displays a warning message. The password is marked as expired.To prevent a password from expiring, specify the time as NONE. By default, a password expires in 90 days.
/PWDMINIMUM=value
Specifies the minimum password length in characters. Note that this value is enforced only by the DCL command SET PASSWORD. It does not prevent you from entering a password shorter than the minimum length when you use AUTHORIZE to create or modify an account. By default, a password must have at least 6 characters. The value specified by the /PWDMINIMUM qualifier conflicts with the value used by the /GENERATE_PASSWORD qualifier or the DCL command SET PASSWORD/GENERATE, the operating system chooses the lesser value. The maximum value for generated passwords is 10./QUEPRIO=value
Reserved for future use./REMOTE[=(range[,...])]
Specifies hours during which access is permitted for interactive logins from network remote terminals (with the DCL command SET HOST). For a description of the range specification, see the /ACCESS qualifier. By default, remote logins have no access restrictions./SHRFILLM=value
Specifies the maximum number of shared files that the user can have open at one time. By default, the system assigns a value of 0, which represents an infinite number./TQELM
Specifies the total number of entries in the timer queue plus the number of temporary common event flag clusters that the user can have at one time. By default, a user can have 10./UIC=value
Specifies the user identification code (UIC). The UIC value is a group number in the range from 1 to 37776 (octal) and a member number in the range from 0 to 177776 (octal), which are separated by a comma and enclosed in brackets. HP reserves group 1 and groups 300--377 for its own use.Each user must have a unique UIC. By default, the UIC value is [200,200].
/WSDEFAULT=value
Specifies the default working set limit. This represents the initial limit to the number of physical pages the process can use. (The user can alter the default quantity up to WSQUOTA with the DCL command SET WORKING_SET.) By default, a user has 256 pages on VAX systems and 2000 pagelets on Alpha systems.The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSDEFAULT.
/WSEXTENT=value
Specifies the working set maximum. This represents the maximum amount of physical memory allowed to the process. The system provides memory to a process beyond its working set quota only when it has excess free pages. The additional memory is recalled by the system if needed.The value is an integer equal to or greater than WSQUOTA. By default, the value is 1024 pages on VAX systems and 16384 pagelets on Alpha systems. The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSEXTENT.
/WSQUOTA=value
Specifies the working set quota. This is the maximum amount of physical memory a user process can lock into its working set. It also represents the maximum amount of swap space that the system reserves for this process and the maximum amount of physical memory that the system allows the process to consume if the systemwide memory demand is significant.The value cannot be greater than the value of WSMAX and cannot exceed 64K pages. This quota value replaces smaller values of PQL_MWSQUOTA.
Modify the DEFAULT record when qualifiers normally assigned to a new user differ from the HP-supplied values. The following qualifiers correspond to fields in the default record that are commonly modified:
UAF> DEFAULT /DEVICE=SYS$USER/LGICMD=SYS$MANAGER:SECURELGN - _UAF> /PRIVILEGES=(TMPMBX,GRPNAM,GROUP) %UAF-I-MDFYMSG, user record(s) updated |
The command in this example modifies the DEFAULT record, changing the default device, default login command file, and default privileges.
Enables you to exit from AUTHORIZE and return to DCL command level. You can also return to command level by pressing Ctrl/Z.
EXIT
None.
None.
Assigns the specified identifier to the user and documents the user as a holder of the identifier in the rights database.
GRANT/IDENTIFIER id-name user-spec
id-name
Specifies the identifier name. The identifier name is a string of 1 to 31 alphanumeric characters that can contain underscores and dollar signs. The name must contain at least one nonnumeric character.user-spec
Specifies the UIC identifier that uniquely identifies the user on the system. This type of identifier appears in alphanumeric format. For example: [GROUP1,JONES].
/ATTRIBUTES=(keyword[,...])
Specifies attributes to be associated with the identifier. The following are valid keywords:
DYNAMIC Allows unprivileged holders of the identifier to remove and to restore the identifier from the process rights list by using the DCL command SET RIGHTS_LIST. HOLDER_HIDDEN Prevents people from getting a list of users who hold an identifier, unless they own the identifier themselves. NAME_HIDDEN Allows holders of an identifier to have it translated, either from binary to ASCII or from ASCII to binary, but prevents unauthorized users from translating the identifier. NOACCESS Makes any access rights of the identifier null and void. If a user is granted an identifier with the No Access attribute, that identifier has no effect on the user's access rights to objects. This attribute is a modifier for an identifier with the Resource or Subsystem attribute. RESOURCE Allows holders of an identifier to charge disk space to the identifier. Used only for file objects. SUBSYSTEM Allows holders of the identifier to create and maintain protected subsystems by assigning the Subsystem ACE to the application images in the subsystem. Used only for file objects. To remove an attribute from the identifier, add a NO prefix to the attribute keyword. For example, to remove the Resource attribute, specify /ATTRIBUTES=NORESOURCE.
UAF> GRANT/IDENTIFIER INVENTORY [300,015] %UAF-I-GRANTMSG, identifier INVENTORY granted to CRAMER |
The command in this example grants the identifier INVENTORY to the user named Cramer who has UIC [300,015]. Cramer becomes the holder of the identifier and any resources associated with it. The following command produces the same result:
UAF> GRANT/IDENTIFIER INVENTORY CRAMER
Next | Contents | Index |