 |
HP OpenVMS System Management Utilities Reference
Manual
When you modify a password, the new password expires automatically; it
is valid only once (unless you specify /NOPWDEXPIRED). On login, users
are forced to change their passwords (unless you specify
/FLAGS=DISFORCE_PWD_CHANGE).
Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually
exclusive.
/INTERACTIVE[ =(range[,...])]
/NOINTERACTIVE
Specifies the hours of access for interactive logins. For a description
of the range specification, see the /ACCESS qualifier. By default,
there are no access restrictions on interactive logins.
/JTQUOTA=value
Specifies the initial byte quota with which the jobwide logical name
table is to be created. By default, the value is 4096 on VAX systems
and 4096 on Alpha and I64 systems.
/LGICMD=filespec
Specifies the name of the default login command file. The file name
defaults to the device specified for /DEVICE, the directory specified
for /DIRECTORY, a file name of LOGIN, and a file type of .COM. If you
select the defaults for all these values, the file name is
SYS$SYSTEM:[USER]LOGIN.COM.
/LOCAL[=(range[,...])]
Specifies hours of access for interactive logins from local terminals.
For a description of the range specification, see the /ACCESS
qualifier. By default, there are no access restrictions on local logins.
/MAXACCTJOBS=value
Specifies the maximum number of batch, interactive, and detached
processes that can be active at one time for all users of the same
account. By default, a user has a maximum of 0, which represents an
unlimited number.
/MAXDETACH=value
Specifies the maximum number of detached processes with the cited user
name that can be active at one time. To prevent the user from creating
detached processes, specify the keyword NONE. By default, a user has a
value of 0, which represents an unlimited number.
/MAXJOBS=value
Specifies the maximum number of processes (interactive, batch,
detached, and network) with the cited user name that can be active
simultaneously. The first four network jobs are not counted. By
default, a user has a maximum value of 0, which represents an unlimited
number.
/NETWORK[=(range[,...])]
Specifies hours of access for network batch jobs. For a description of how to specify the range, see the /ACCESS qualifier. By default, network logins have no access restrictions.
/OWNER=owner-name
Specifies the name of the owner of the account. You can use this name for billing purposes or similar applications. The owner name is 1 to 31 characters. No default owner name exists.
/PASSWORD=(password1[,password2])
/NOPASSWORD
Specifies up to two passwords for login. Passwords can be from 0 to 32
alphanumeric characters in length. The dollar sign ($) and underscore
(_) are also permitted.
Uppercase and lowercase characters are equivalent. All lowercase
characters are converted to uppercase before the password is encrypted.
Avoid using the word password as the actual password.
Use the /PASSWORD qualifier as follows:
- To set only the first password and clear the second, specify
/PASSWORD=password.
- To set both the first and second password, specify
/PASSWORD=(password1, password2).
- To change the first password without affecting the second, specify
/PASSWORD=(password, "").
- To change the second password without affecting the first, specify
/PASSWORD=("", password).
- To set both passwords to null, specify /NOPASSWORD.
When you modify a password, the new password expires automatically; it
is valid only once (unless you specify /NOPWDEXPIRED). On login, the
user is forced to change the password (unless you specify
/FLAGS=DISFORCE_PWD_CHANGE).
Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually
exclusive.
By default, the ADD command assigns the password USER. When you create
a new UAF record with the COPY or RENAME command, you must specify a
password. Avoid using the word password as the actual password.
/PBYTLM
This flag is reserved for HP.
/PGFLQUOTA=value
Specifies the paging file limit. This is the maximum number of pages
that the person's process can use in the system paging file. By
default, the value is 32768 pages on VAX systems and 256,000 pagelets
on Alpha and I64 systems.
If decompressing libraries, make sure to set PGFLQUOTA to twice the
size of the library.
/PRCLM=value
Specifies the subprocess creation limit. This is the maximum number of
subprocesses that can exist at one time for the specified user's
process. By default, the value is 2 on VAX systems and 8 on Alpha and
I64 systems.
/PRIMEDAYS=([NO]day[,...])
Defines the primary and secondary days of the week for logging in.
Specify the days as a list separated by commas, and enclose the list in
parentheses. To specify a secondary day, prefix the day with NO (for
example, NOFRIDAY). To specify a primary day, omit the NO prefix.
By default, primary days are Monday through Friday and secondary days
are Saturday and Sunday. If you omit a day from the list, AUTHORIZE
uses the default value. (For example, if you omit Monday from the list,
AUTHORIZE defines Monday as a primary day.)
Use the primary and secondary day definitions in conjunction with such
qualifiers as /ACCESS, /INTERACTIVE, and /BATCH.
/PRIORITY=value
Specifies the default base priority. The value is an integer in the
range of 0 to 31 on VAX systems and 0 to 63 on Alpha and I64 systems.
By default, the value is set to 4 for timesharing users.
/PRIVILEGES=([NO]privname[,...])
Specifies which privileges the user is authorized to hold, although
these privileges are not necessarily enabled at login. (The
/DEFPRIVILEGES qualifier determines which ones are enabled.) A NO
prefix removes the privilege from the user. The keyword NOALL disables
all user privileges. Many privileges have varying degrees of power and
potential system impact (see the HP OpenVMS Guide to System Security for a detailed
discussion). By default, a user holds TMPMBX and NETMBX privileges.
Privname is the name of the privilege.
/PWDEXPIRED (default)
/NOPWDEXPIRED
Specifies the password is valid for only one login. A user must change
a password immediately after login or be locked out of the system. The
system warns users of password expiration. A user can either specify a
new password, with the DCL command SET PASSWORD, or wait until
expiration and be forced to change. By default, a user must change a
password when first logging in to an account. The default is applied to
the account only when the password is being modified.
/PWDLIFETIME=time (default)
/NOPWDLIFETIME
Specifies the length of time a password is valid. Specify a delta time
value in the form [dddd-] [hh:mm:ss.cc]. For example, for a lifetime of
120 days, 0 hours, and 0 seconds, specify /PWDLIFETIME="120-". For a
lifetime of 120 days 12 hours, 30 minutes and 30 seconds, specify
/PWDLIFETIME="120-12:30:30". If a period longer than the specified time
elapses before the user logs in, the system displays a warning message.
The password is marked as expired.
To prevent a password from expiring, specify the time as NONE. By
default, a password expires in 90 days.
/PWDMINIMUM=value
Specifies the minimum password length in characters. Note that this
value is enforced only by the DCL command SET PASSWORD. It does not
prevent you from entering a password shorter than the minimum length
when you use AUTHORIZE to create or modify an account. By default, a
password must have at least 6 characters. The value specified by the
/PWDMINIMUM qualifier conflicts with the value used by the
/GENERATE_PASSWORD qualifier or the DCL command SET PASSWORD/GENERATE,
the operating system chooses the lesser value. The maximum value for
generated passwords is 10.
/QUEPRIO=value
Reserved for future use.
/REMOTE[=(range[,...])]
Specifies hours during which access is permitted for interactive logins
from network remote terminals (with the DCL command SET HOST). For a
description of the range specification, see the /ACCESS qualifier. By
default, remote logins have no access restrictions.
/SHRFILLM=value
Specifies the maximum number of shared files that the user can have
open at one time. By default, the system assigns a value of 0, which
represents an infinite number.
/TQELM
Specifies the total number of entries in the timer queue plus the
number of temporary common event flag clusters that the user can have
at one time. By default, a user can have 100.
/UIC=value
Specifies the user identification code (UIC). The UIC value is a group
number in the range from 1 to 37776 (octal) and a member number in the
range from 0 to 177776 (octal), which are separated by a comma and
enclosed in brackets. HP reserves group 1 and groups 300--377 for its
own use.
Each user must have a unique UIC. By default, the UIC value is
[200,200].
/WSDEFAULT=value
Specifies the default working set limit. This represents the initial
limit to the number of physical pages the process can use. (The user
can alter the default quantity up to WSQUOTA with the DCL command SET
WORKING_SET.) By default, a user has 256 pages on VAX systems and 4096
pagelets on Alpha and I64 systems.
The value cannot be greater than WSMAX. This quota value replaces
smaller values of PQL_MWSDEFAULT.
/WSEXTENT=value
Specifies the working set maximum. This represents the maximum amount
of physical memory allowed to the process. The system provides memory
to a process beyond its working set quota only when it has excess free
pages. The additional memory is recalled by the system if needed.
The value is an integer equal to or greater than WSQUOTA. By default,
the value is 1024 pages on VAX systems and 16384 pagelets on Alpha and
I64 systems. The value cannot be greater than WSMAX. This quota value
replaces smaller values of PQL_MWSEXTENT.
/WSQUOTA=value
Specifies the working set quota. This is the maximum amount of physical
memory a user process can lock into its working set. It also represents
the maximum amount of swap space that the system reserves for this
process and the maximum amount of physical memory that the system
allows the process to consume if the systemwide memory demand is
significant.
The value cannot be greater than the value of WSMAX and cannot exceed
8,192 pagelets on Alpha and I64 systems. This quota value replaces
smaller values of PQL_MWSQUOTA.
Description
When you do not specify a value for a field, AUTHORIZE uses values from
the DEFAULT record (excluding the default password, which is always
USER). The DEFAULT account serves as a template for creating user
records in the system user authorization file.
On Alpha and I64 systems, the DEFAULT account is as follows:
Username: DEFAULT Owner:
Account: UIC: [200,200] ([DEFAULT])
CLI: DCL Tables: DCLTABLES
Default: [USER]
LGICMD:
Flags: DisUser
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
No access restrictions
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: 90 00:00 Pwdchange: (pre-expired)
Last Login: (none) (interactive), (none) (non-interactive)
Maxjobs: 0 Fillm: 128 Bytlm: 128000
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 150 JTquota: 4096
Prclm: 8 DIOlm: 150 WSdef: 4096
Prio: 4 ASTlm: 300 WSquo: 8192
Queprio: 4 TQElm: 100 WSextent: 16384
CPU: (none) Enqlm: 4000 Pgflquo: 256000
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
|
On VAX systems, the DEFAULT account is as follows:
Username: DEFAULT Owner:
Account: UIC: [200,200] ([DEFAULT])
CLI: DCL Tables: DCLTABLES
Default: SYS$SYSDEVICE:[USER]
LGICMD: LOGIN
Flags: DisUser
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
No access restrictions
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: 90 00:00 Pwdchange: (pre-expired)
Last Login: (none) (interactive) (none) (non-interactive)
Maxjobs: 0 Fillm: 300 Bytlm: 32768
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 40 JTquota: 4096
Prclm: 2 DIOlm: 40 WSdef: 256
Prio: 4 ASTlm: 40 WSquo: 512
Queprio: 0 TQElm: 10 WSextent: 1024
CPU: (none) Enqlm: 200 Pgflquo: 32768
Authorized Privileges:
TMPMBX NETMBX
Default Privileges:
TMPMBX NETMBX
|
When you add a new account, specify values for fields that you want to
be different. Typically, changing the default values for limits
priority, privileges, or the command interpreter is not necessary. As a
result, you enter only the password, UIC, directory, owner, account,
and device.
Note
Limits are also set by system parameters. To be effective, the limits
you set through AUTHORIZE must be within the minimum limits determined
by the corresponding system parameters (particularly those beginning
with the PQL prefix).
|
When you add a record to the UAF, create a directory for the new user.
Specify the device name, directory name, and UIC in the UAF record. The
following DCL command creates a directory for user ROBIN:
$ CREATE/DIRECTORY SYS$USER:[ROBIN] /OWNER_UIC=[ROBIN]
|
Note
When you add a new record to the UAF and a rights database exists, an
identifier with the user name is added to the rights database
automatically (unless you specify the /NOADD_IDENTIFIER qualifier).
Similarly, when you specify an account name (other than the user name)
that does not yet have an identifier, AUTHORIZE creates a group
identifier in the rights database.
|
Examples
| #1 |
UAF> ADD ROBIN /PASSWORD=SP0152/UIC=[014,006] -
_/DEVICE=SYS$USER/DIRECTORY=[ROBIN]/OWNER="JOSEPH ROBIN" /ACCOUNT=INV
%UAF-I-ADDMSG, user record successfully added
%UAF-I-RDBADDMSGU, identifier ROBIN value: [000014,000006] added to
RIGHTSLIST.DAT
%UAF-I-RDBADDMSGU, identifier INV value: [000014,177777] added to
RIGHTSLIST.DAT
|
This example illustrates the typical ADD command and qualifiers. The
resulting record from this command appears in the description of the
SHOW command.
| #2 |
UAF> ADD WELCH /PASSWORD=SP0158/UIC=[014,051] -
_/DEVICE=SYS$USER/DIRECTORY=[WELCH]/OWNER="ROB WELCH"/FLAGS=DISUSER -
_/ACCOUNT=INV/LGICMD=SECUREIN
%UAF-I-ADDMSG, user record successfully added
%UAF-I-RDBADDMSGU, identifier WELCH value: [000014,000051] added to
RIGHTSLIST.DAT
UAF> MODIFY WELCH/FLAGS=(RESTRICTED,DISNEWMAIL,DISWELCOME, -
_NODISUSER,EXTAUTH)/NODIALUP=SECONDARY/NONETWORK=PRIMARY -
/CLITABLES=DCLTABLES/NOACCESS=(PRIMARY, 9-16, SECONDARY, 18-8)
%UAF-I-MDFYMSG, user records updated
|
The commands in this example add a record for a restricted account.
Because of the number of qualifiers required, a MODIFY command is used
in conjunction with the ADD command. This helps to minimize the
possibility of typing errors.
In the ADD command line, setting the DISUSER flag prevents the user
from logging in until all the account parameters are set up. In the
MODIFY command line, the DISUSER flag is disabled (by specifying
NODISUSER) to allow access to the account. The EXTAUTH flag causes the
system to consider the user as authenticated by an external user name
and password, not by the SYSUAF user name and password.
The record that results from these commands and an explanation of the
restrictions the record imposes appear in the description of the SHOW
command.
Adds only an identifier to the rights database. It does not add a user
account.
Format
ADD/IDENTIFIER [id-name]
Parameter
id-name
Specifies the name of the identifier to be added to the rights
database. If you omit the name, you must specify the /USER qualifier.
The identifier name is a string of 1 to 31 alphanumeric characters. The
name can contain underscores and dollar signs. It must contain at least
one nonnumeric character.
Qualifiers
/ATTRIBUTES=(keyword[,...])
Specifies attributes to be associated with the new identifier. The
following keywords are valid:
|
DYNAMIC
|
Allows unprivileged holders of the identifier to remove and to restore
the identifier from the process rights list by using the DCL command
SET RIGHTS_LIST.
|
|
HOLDER_HIDDEN
|
Prevents people from getting a list of users who hold an identifier,
unless they own the identifier themselves.
|
|
NAME_HIDDEN
|
Allows holders of an identifier to have it translated, either from
binary to ASCII or from ASCII to binary, but prevents unauthorized
users from translating the identifier.
|
|
NOACCESS
|
Makes any access rights of the identifier null and void. If a user is
granted an identifier with the No Access attribute, that identifier has
no effect on the user's access rights to objects. This attribute is a
modifier for an identifier with the Resource or Subsystem attribute.
|
|
RESOURCE
|
Allows holders of an identifier to charge disk space to the identifier.
Used only for file objects.
|
|
SUBSYSTEM
|
Allows holders of the identifier to create and maintain protected
subsystems by assigning the Subsystem ACE to the application images in
the subsystem. Used only for file objects.
|
By default, none of these attributes is associated with the new
identifier.
/USER=user-spec
Scans the UAF record for the specified user and creates the
corresponding identifier. Specify user-spec by user name or
UIC. You can use the asterisk wildcard to specify multiple user names
or UICs. Full use of the asterisk and percent wildcards is permitted
for user names; UICs must be in the form [*,*], [n,*], [*,n], or [n,n].
A wildcard user name specification (*) creates identifiers
alphabetically by user name; a wildcard UIC specification ([*,*])
creates them in numerical order by UIC.
/VALUE=value-specifier
Specifies the value to be attached to the identifier. The following
formats are valid for the value-specifier:
|
IDENTIFIER:n
|
An integer value in the range of 65,536 to 268,435,455. You can also
specify the value in hexadecimal (precede the value with %X) or octal
(precede the value with %O).
The system displays this type of identifier in hexadecimal. To
differentiate general identifiers from UIC identifiers, the system adds
%X80000000 to the value you specify.
|
|
GID:n
|
GID is the POSIX group identifier. It is an integer value in the range
0 to 16,777,215 (%XFFFFFF). The system will add %XA400.0000 to the
value you specify and then enter this new value into the system
RIGHTSLIST as an identifier.
|
|
UIC:uic
|
A UIC value in standard UIC format consists of a member name and,
optionally, a group name enclosed in brackets. For example, [360,031].
In numeric UICs, the group number is an octal number in the range
of 1 to 37776; the member number is an octal number in the range of 0
to 177776. You can omit leading zeros when you are specifying group and
member numbers.
Regardless of the UIC format you use, the system translates a UIC
to a 32-bit numeric value.
Alphanumeric UICs are not allowed.
|
Typically, system managers add identifiers as UIC values to represent
system users; the system applies identifiers in integer format to
system resources.
Examples
| #1 |
UAF> ADD/IDENTIFIER/VALUE=UIC:[300,011] INVENTORY
%UAF-I-RDBADDMSGU, identifier INVENTORY value: [000300,000011]
added to RIGHTSLIST.DAT
|
The command in this example adds an identifier named INVENTORY to the
rights database. By default, the identifier is not marked as a resource.
| #2 |
UAF> ADD/IDENTIFIER/ATTRIBUTES=(RESOURCE) -
_/VALUE=IDENTIFIER:%X80011 PAYROLL
%UAF-I-RDBADDMSGU, identifier PAYROLL value: %X80080011 added to
RIGHTSLIST.DAT
|
This command adds the identifier PAYROLL and marks it as a resource. To
differentiate identifiers with integer values from identifiers with UIC
values, %X80000000 is added to the specified code.
Adds an entry to the network proxy authorization files, NETPROXY.DAT
and NET$PROXY.DAT, and signals DECnet to update its volatile database.
Proxy additions take effect immediately on all nodes in a cluster that
share the proxy database.
Format
ADD/PROXY node::remote-user local-user[,...]
Parameters
node
Specifies a DECnet node name. If you provide a wildcard character (*),
the specified remote user on all nodes is served by the account defined
as local-user.
remote-user
Specifies the user name of a user at a remote node. If you specify an
asterisk, all users at the specified node are served by the local user.
For systems that are not OpenVMS and that implement DECnet, specifies
the UIC of a user at a remote node. You can specify a wildcard
character (*) in the group and member fields of the UIC.
local-user
Specifies the user names of 1 to 16 users on the local node. If you
specify an asterisk, a local-user name equal to
remote-user name will be used.
Positional Qualifier
/DEFAULT
Establishes the specified user name as the default proxy account. The
remote user can request proxy access to an authorized account other
than the default proxy account by specifying the name of the proxy
account in the access control string of the network operation.
Description
The ADD/PROXY command adds an entry to the network proxy authorization
files, NETPROXY.DAT and NET$PROXY.DAT, and signals DECnet to update its
volatile database. Proxy additions take effect immediately on all nodes
in a cluster that share the proxy database.
You can grant a remote user access to one default proxy account and up
to 15 other local accounts. To access proxy accounts other than the
default proxy account, remote users specify the requested account name
in an access control string. To change the default proxy account, use
the AUTHORIZE command MODIFY/PROXY.
Proxy login is an effective way to avoid specifying (and, possibly,
revealing) passwords in command lines. However, you must use caution in
granting access to remote users. While logged in to the local system,
remote users can apply the full DCL command set (with the exception of
SET HOST). A remote user receives the default privileges of the local
user and, therefore, becomes the owner of the local user's files when
executing any DCL commands.
To avoid potential security compromises, HP recommends that you create
proxy accounts on the local node that are less privileged than a user's
normal account on the remote node. By adding an extension such as _N,
you can identify the account as belonging to a remote user, while
distinguishing it from a native account with the same name on the local
node. For example, the following command creates a JONES_N proxy
account on the local node that allows the user JONES to access the
account from the remote node SAMPLE:
UAF> ADD/PROXY SAMPLE::JONES JONES_N/DEFAULT
%UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT
|
For more information about creating proxy accounts, refer to the
HP OpenVMS Guide to System Security.
Examples
| #1 |
UAF> ADD/PROXY SAMPLE::WALTER ROBIN/DEFAULT
%UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT
|
Specifies that user WALTER on remote node SAMPLE has proxy access to
user ROBIN's account on local node AXEL. Through proxy login, WALTER
receives the default privileges of user ROBIN when he accesses node
AXEL remotely.
| #2 |
UAF> ADD/PROXY MISHA::* MARCO/DEFAULT, OSCAR
%UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT
|
Specifies that any user on the remote node MISHA can, by default, use
the MARCO account on the local node for DECnet tasks such as remote
file access. Remote users can also access the OSCAR proxy account by
specifying the user name OSCAR in the access control string.
| #3 |
UAF> ADD/PROXY MISHA::MARCO */DEFAULT
%UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT
|
Specifies that user MARCO on the remote node MISHA can use only the
MARCO account on the local node for remote file access.
| #4 |
UAF> ADD/PROXY TAO::MARTIN MARTIN/D,SALES_READER
%UAF-I-NAFADDMSG, proxy from TAO:.TWA.RAN::MARTIN to MARTIN added
%UAF-I-NAFADDMSG, proxy from TAO:.TWA.RAN::MARTIN to SALES_READER
added
|
Adds a proxy from TAO::MARTIN to the local accounts MARTIN (the
default) and SALES_READER on a system running DECnet-Plus.
|
