 |
OpenVMS System Manager's Manual
7.6 Adding User Accounts
The following sections explain how to use two different methods for
adding user accounts:
- The Authorize utility (AUTHORIZE)
- A command procedure
7.6.1 Adding a User Account with AUTHORIZE
Once you analyze the purpose of a user account and decide which
attributes and resources it requires, you can use the Authorize utility
(AUTHORIZE) to create the account.
How to Perform This Task
- Give yourself the SYSPRV privilege:
$ SET PROCESS/PRIVILEGE=SYSPRV
|
- Enter the following commands to set your default device and
directory to SYS$SYSTEM and invoke AUTHORIZE:
$ SET DEFAULT SYS$SYSTEM
$ RUN AUTHORIZE
UAF>
|
- Use the AUTHORIZE command ADD to specify attributes in the UAF
fields as shown in the following example:
UAF> ADD JONES/PASSWORD=LPB57WM/UIC=[014,1] -
_UAF> /DEVICE=DISK$USER/DIRECTORY=[JONES] -
_UAF> /LGICMD=DISK$USER:[NEWPROD]GRPLOGIN -
_UAF> /OWNER="ROBERT JONES"/ACCOUNT=DOC
|
Choosing Qualifiers
This section lists the qualifiers that you can use when setting up an
account with AUTHORIZE. Table 7-6 lists the qualifiers under the
account attribute that they affect. See Section 7.11.2 for a detailed
description of each qualifier. For a complete list of AUTHORIZE
qualifiers, see the OpenVMS System Management Utilities Reference Manual.
Table 7-6 Qualifiers Used with AUTHORIZE
| Limits and Quotas1 |
|
/ASTLM
|
/FILLM
|
/PRCLM
|
|
/BIOLM
|
/JTQUOTA
|
/TQELM
|
|
/BYTLM
|
/MAXACCTJOBS
|
/WSDEFAULT
|
|
/CPUTIME
|
/MAXDETACH
|
/WSEXTENT
|
|
/DIOLM
|
/MAXJOBS
|
/WSQUOTA
|
|
/ENQLM
|
/PGFLQUOTA
|
|
| Priority2 |
|
/PRIORITY
|
|
|
| Privileges |
|
/DEFPRIVILEGES
|
/PRIVILEGES
|
|
| Login Access Controls 3 |
|
/ACCESS
|
/FLAGS
4
|
/PRIMEDAYS
|
|
/DIALUP
|
/INTERACTIVE
|
/REMOTE
|
|
/EXPIRATION
|
/LOCAL
|
|
1Default values are adequate in most cases.
2Default values are usually adequate for accounts not
running real-time processes.
3By default, users are allowed to log in at any hour of any
day. To override the setting of a particular day, use the DCL command
SET DAY. Use this command if a holiday occurs on a day that would
normally be treated as a primary day and you want it treated as a
secondary day. See Section 7.8 for a discussion of using these fields
to restrict login times and functions.
4Not all FLAGS fit into this category.
7.6.2 Adding a User Account with a Command Procedure
As an alternative to using the Authorize utility, you can use a command
procedure to create user accounts. The ADDUSER.COM procedure, which is
located in the SYS$EXAMPLES directory, is an example of such a
procedure; it supplies prompts and several default values for creating
the new account.
You can modify ADDUSER.COM as appropriate for the needs of your system.
To run ADDUSER.COM, log in to the SYSTEM account and enter the
following command:
$ @SYS$EXAMPLES:ADDUSER.COM
|
ADDUSER.COM prompts you to enter values in a number of UAF record
fields. If you press Return without specifying a value for a field,
ADDUSER supplies the following default values:
| UAF Field |
Default Value |
|
User name
|
No default; must supply
|
|
Owner
|
No default; must supply
|
|
Password
|
User name specified
|
|
UIC group number
|
200
|
|
UIC member number
|
No default; must supply number
|
|
Account name
|
Optional
|
|
Privileges
|
TMPMBX,NETMBX
|
|
Login directory
|
User name specified
|
|
Login device
|
$DISK1
|
|
Disk quota
|
1000
|
|
Overdraft quota
|
100
|
The UIC must be unique for the system. For example, each account in the
UIC group 200 must have a unique member number. You can list the UICs
currently assigned to users by entering a question mark ( ? ) after the
UIC member number prompt. The account is not created until you have
answered all of the questions in the procedure.
The procedure has the following final prompt:
Is everything satisfactory with the account [YES]?
|
If you press Return, the account is created and remains in SYSUAF.DAT
as specified. If you enter NO, the account is removed.
Note
If you press Ctrl/Y before, during, or directly after the system
displays the characteristics of the account (that is, before you
respond to the "satisfactory?" prompt), the account, or
portions of it, will still be added.
|
Make sure users log in to their accounts promptly to change the
password.
7.7 Maintaining User Accounts
As system manager, you perform a certain number of user account
maintenance tasks, such as modifying and deleting accounts. The
following sections explain how to perform these tasks:
7.7.1 Using Command Procedures for Interactive Accounts
For all accounts, login command procedures contain
commands commonly executed at the beginning of every user session.
These commands do such tasks as the following ones:
- Define symbols
- Assign logical names
- Display messages and the time of day
- Set terminal characteristics
- Define keys to perform certain functions
- Set process default file protection (SET PROTECTION/DEFAULT)
Login command procedures are useful for saving keystrokes and
standardizing operations.
In establishing login command procedures for interactive accounts, you
have the following choices:
| Login Command Procedure |
Description |
|
System
|
As system manager, you normally create and maintain a standard login
command procedure in the system directory (the file is usually named
SYS$MANAGER:SYLOGIN.COM). You then assign the logical name SYS$SYLOGIN
to the name of the file so that whenever a user logs in, the procedure
is executed.
|
|
Individual
|
For any or all accounts, you can specify an additional login command
procedure with the /LGICMD qualifier of the AUTHORIZE commands ADD,
MODIFY, or COPY. You can give the login command procedure any valid
file specification. Whenever the user logs in, the additional procedure
is executed after SYS$SYLOGIN.
|
|
User-specified command file
|
If system (and, optionally, individual) login command procedures are
not implemented, the system looks for a command file called LOGIN.COM
in the user's login directory as defined by the UAF (user authorization
file) record device and directory fields. If the file is found, the
system executes it. The user develops and maintains this command file,
which should follow these conventions:
- Device and directory names must take the default file specification
for the account.
- The file name and file type must be LOGIN.COM.
You can provide an aid to new users by copying a login command
procedure template into newly created top-level directories. However,
to ensure proper ownership of the file, change the owner UIC (user
identification code) of the file to that of the user. Make this change
with the DCL command SET FILE/OWNER.
|
Example 7-1 illustrates typical systemwide login command procedures.
| Example 7-1 Sample Systemwide
SYS$MANAGER:SYLOGIN.COM Login Command Procedure |
$ V = F$VERIFY(0)
$START:
$ !
$ SET NOCONTROL=Y ! Do not allow Ctrl/Y to exit procedure
$ SET NOON
$ !
$ ! Allow network jobs to start faster
$ !
$ IF F$MODE() .EQS. "NETWORK" THEN GOTO EXIT
$ !
$ ! Enable Ctrl/T handling by DCL
$ !
$ SET CONTROL=T
$ !
$ ! Define Foreign Commands For Installed Utilities
$ !
$ USERS == "SHOW USERS"
$ DISPLAY == "MONITOR PROCESSES/TOPCPU"
$ INFO == "SHOW PROCESS/CONTINUOUS"
$ SUSPEND == "SET PROCESS/SUSPEND"
$ RESUME == "SET PROCESS/RESUME"
$ SETNAME == "SET PROCESS/NAME"
$ !
$ ! Define a symbol indicating whether the terminal
$ ! is on a dialup port
$ !
$ TT == F$GETDVI("TT","DEVNAM")-"_"
$ DIALUP == ((TT .GES. "TTG0:" .AND. TT .LES. "TTG4:") -
.OR. (TT .GES. "TTH1:" .AND. TT .LES. "TTH4:") -
.OR. (TT .EQS. "TTI5:"))
$ IF DIALUP THEN SET TERMINAL/INQUIRE
$ !
$EXIT:
$ IF V THEN SET VERIFY
.
.
.
$ SET CONTROL=Y
$ EXIT
|
As the example shows, you can disable the Ctrl/Y function (which
suspends execution of the current image and invokes the command
interpreter) to force execution of the complete login command procedure
whenever the user logs in. Do this with the DCL command SET
NOCONTROL=Y. Before the login command procedure exits, add the DCL
command that resets the Ctrl/Y function (SET CONTROL=Y).
Example 7-2 shows typical abbreviations and symbols that a user might
define in a login file.
| Example 7-2 Sample Login Command Procedure
(LOGIN.COM) for a User Account |
$ SET NOON
$ SET PROTECTION=(S=RD,O=RWED,G=R,W=R)/DEFAULT
$ !
$ ! Define abbreviations for often used commands
$ !
$ DIR*ECTORY == DIRECTORY/DATE/SIZE
$ PU*RGE == PURGE/LOG
$ DE*LETE == DELETE/LOG/CONFIRM
$ !
$ !
$ ! Other useful abbreviations
$ !
$ SHP == "SHOW PROCESS/PRIVILEGES"
$ PRI*NT == "PRINT/NOTIFY"
$ SHD == "SHOW DEFAULT"
$ UP == "SET DEFAULT [-]"
$ SP == "SET PROCESS/PRIVILEGES="
$ SQ == "SHOW QUEUE/BATCH/ALL/DEVICE"
$ H*OME == "SET DEFAULT SYS$LOGIN"
$ SUB*MIT == "SUBMIT/NOTIFY"
$ SYS == "SHOW SYSTEM"
$ DAY == "SHOW TIME"
$ !
$ ! Set /LOG for all commands
$ !
$ BACK*UP == "BACKUP/LOG"
$ DEL*ETE == "DELETE/LOG"
$ LIB*RARY == "LIBRARY/LOG"
$ PUR*GE == "PURGE/LOG"
$ REN*AME == "RENAME/LOG"
$ !
$ ! End of LOGIN.COM processing
$ !
$ GOTO 'F$MODE()
$NETWORK:
$ EXIT
$INTERACTIVE:
$ VN == "SET TERMINAL/WIDTH=80"
$ VW == "SET TERMINAL/WIDTH=132"
$ EXPERT == "SET MESSAGE/NOFACIL/NOSEVER/NOIDENT"
$ NOVICE == "SET MESSAGE/FACILITY/SEVERITY/IDENTIF"
$ NOVICE
$ !
$ ! Symbols for network users
$ !
$ SYSA == "SET HOST SYSA"
$ SYSB == "SET HOST SYSB"
$ SYSC == "SET HOST SYSC"
$ EXIT ! End of interactive login
$BATCH:
$ SET VERIFY ! End of batch login
$ EXIT
|
Using Logout Command Procedures
The system does not provide for automatic execution of a command
procedure at logout time. However, you can supply one as follows.
How to Perform This Task
- Create a systemwide logout command procedure that executes whenever
a user logs out. (The file is usually named SYS$MANAGER:SYLOGOUT.COM.)
- To ensure that this command procedure executes, include a command
in SYS$MANAGER:SYLOGIN.COM that equates the most commonly used
abbreviation of the LOGOUT command (often LO) to the execution of the
logout command procedure.
Example
$ LO*GOUT:==@SYS$MANAGER:SYLOGOUT
|
The last line of the logout command procedure then uses an alternate
form of the LOGOUT command, such as a LOGOUTNOW command. (You can
create any command
name you like beginning with LO.) You cannot use the same abbreviation
as used for the symbol (in this case LO) because it will start the
procedure again. As an alternative, you could add the following
command, just above the last line:
$ DELETE/SYMBOL/GLOBAL LOGOUT
|
Note that this technique works in some situations but it is not
foolproof; there are many alternative ways to terminate a process.
7.7.2 Modifying a User Account
To change a user account's quotas, default directory, password,
authorized privileges, or any other characteristics assigned by
AUTHORIZE, use the MODIFY command. You can use the MODIFY command to
change any field in an existing user account. However, a user must log
out and log in again for the modifications to take effect.
Examples
- When a user forgets a password and cannot log in, use the AUTHORIZE
command MODIFY/GENERATE_PASSWORD to reset a user password. For example,
the following command generates a new password for user WELCH:
UAF> MODIFY WELCH/GENERATE_PASSWORD
|
By default, after logging in, user WELCH must change the password.
- Any changes that you make to a user's record will take effect
after the user next logs in. For example, suppose that user
JONES currently has an open file quota (FILLM) of 20. To increase user
Jones' open file limit to 40, you would use the following command in
AUTHORIZE:
UAF> MODIFY JONES/FILLM=40
|
Any process of user JONES that is logged in at the time that you
modify the user authorization file continues to have a file limit of
20. In order to have an open file limit of 40, user JONES must log out
and then log in again, after you have made the modification to the user
authorization file (UAF) using AUTHORIZE.
7.7.3 Listing User Accounts
Use the AUTHORIZE command LIST to create the file SYSUAF.LIS,
containing a summary of all user records in the UAF. By default, the
LIST command produces a brief report containing the following
information from the UAF:
- Account owner
- User name
- UIC
- Account names
- Privileges
- Process priority
- Default disk and directory
Use the /FULL qualifier to create a full report of all the information
(except user passwords) contained within the UAF.
Example
The following example writes a brief report of the UAF to the output
file SYSUAF.LIS:
UAF> LIST
%UAF-I-LSTMSG1, writing listing file
%UAF-I-LSTMSG2, listing file SYSUAF.LIS complete
|
The system displays the same messages when you use the /FULL qualifier.
However, a full report is written to the output file.
7.7.4 Maintaining the User Environment
As the work requirements of your system change, you might have to
perform the following tasks:
- Create additional default records to serve as templates for new
categories of users
- Delete or disable the accounts of users who leave your site
- Impose login restrictions to limit system use by certain accounts
With the Authorize utility, you can perform these maintenance
operations by modifying or deleting records in the UAF.
Creating Additional Default Record Templates
On systems where all users perform the same type of work, you typically
use the system-supplied default record, DEFAULT, as the template for
adding new user records. You might find, however, that your system
supports several different user categories, each category performing a
specific type of work and requiring unique record attributes. Instead
of always using the system-supplied default record as a template and
making numerous changes each time you add a user record, you can create
additional default UAF records to serve as templates for each user
category.
Before you create additional default records, you must make the
following decisions:
- What the individual user categories are
- What attributes are common to each category
- What to name the default records
How to Perform This Task
Once you define a user category and establish which record attributes
are needed, you can create the default record.
Examples
- The following command creates a default record for a category of
user that requires a special captive account:
UAF> ADD DEFAULT2/LGICMD=ALT_COM_PROC/FLAGS=CAPTIVE -
_UAF> /DEVICE=USER3:/DIRECTORY=[PRODUCT]
|
The command in this example uses the system-supplied default record
DEFAULT to create the record DEFAULT2 and changes the LGICMD, login
flags, default device, and default directory fields.
- You can then use the AUTHORIZE command COPY to create additional
records having the same attributes as DEFAULT2. The COPY command
creates a new UAF record that uses the specified default record except
where you explicitly override field values.
UAF> COPY DEFAULT2 PALOOKA/PASSWORD=W7YA84MI/UIC=[360,114]
|
This example uses DEFAULT2 as a template to create a duplicate
record for the user PALOOKA. Notice that only the password and UIC
values are changed.
7.7.5 Deleting a User Account
The main problem in deleting an account, especially an interactive or
restricted account, is deleting the files used by the account.
How to Perform This Task
The following steps are suggested:
- Copy (or have the outgoing user of the account copy) any files of
value to the ownership of another account. Be sure to change the owner
UIC of the files to match the owner UIC of the new owner. You can also
use the Backup utility (BACKUP) to save the files to a backup tape or
disk.
- Change the password and log in as a user of that account if you are
working from a nonprivileged account. This avoids inadvertently
deleting files that might point to other files of different ownership.
- Delete the account's files and directories from the deepest level
up to the top level, using the following procedure:
- Locate and examine all subdirectories using the DCL command
DIRECTORY [directory-spec...], where directory-spec
is the name of the account's default directory.
- Delete the files in each subdirectory, and then delete the
subdirectory. Note that directory files are protected against owner
deletion; therefore, you must change the protection before deleting
directory files.
- Delete the account's top-level directory. The command procedure in
the next example deletes an account's files from the bottom level up.
Do not, however, execute this command procedure from a privileged
account.
- Exit from the user account and return to a privileged account.
Remove the user's account, using the Authorize utility (AUTHORIZE).
When you run AUTHORIZE to remove a user's UAF record, AUTHORIZE
also removes the user's connections as a holder of identifiers in the
rights database. However, if a departed user is the only remaining
holder of a given identifier, remove that identifier to avoid future
confusion. See the OpenVMS Guide to System Security.
- Remove the user's disk quota entry from the disk quota file, if one
existed, with SYSMAN.
- Remove associated mail information by entering the MAIL command
REMOVE username. (See the OpenVMS User's Manual for more information.)
The command procedure template in Example 7-3 deletes an account's
files.
Note
Do not execute this command procedure from a privileged account.
|
| Example 7-3 Command Procedure Template for
Deleting an Account's Files |
$ ! DELTREE.COM - deletes a complete directory tree
$ !
$ ! P1 = pathname of root of tree to delete
$ !
$ ! All files and directories in the tree, including
$ ! the named root, are deleted.
$ !
$ IF "''DELTREE'" .EQS. "" THEN DELTREE = "@SYS$LIBRARY:DELTREE"
$ ON CONTROL_Y THEN GOTO DONE
$ ON WARNING THEN GOTO DONE
$ DEFAULT = F$LOGICAL("SYS$DISK") + F$DIRECTORY()
$10:
$ IF P1 .NES. "" THEN GOTO 20
$ INQUIRE P1 "Root"
$ GOTO 10
$20:
$ IF F$PARSE(P1) .EQS. "" THEN OPEN FILE 'P1'
$ SET DEFAULT 'P1'
$LOOP:
$ FILESPEC = F$SEARCH("*.DIR;1")
$ IF FILESPEC .EQS. "" THEN GOTO LOOPEND
$ DELTREE [.'F$PARSE(FILESPEC,,,"NAME")']
$ GOTO LOOP
$LOOPEND:
$ IF F$SEARCH("*.*;*") .NES. "" THEN DELETE *.*;*
$ DIR = (F$DIRECTORY()-"]"-">")-F$PARSE("[-]",,,-
"DIRECTORY")-"]"-">")-"."-"["-"<"
$ SET PROTECTION=WORLD:RWED [-]'DIR'.DIR;1
$ DELETE [-]'DIR'.DIR;1
$DONE:
$ SET DEFAULT 'DEFAULT'
|
|
