[an error occurred while processing this directive]

HP OpenVMS Systems Documentation

Content starts here HP OpenVMS System Management Utilities Reference Manual

HP OpenVMS System Management Utilities Reference Manual


September 2003

This document describes reference information for System Management utilities used with the OpenVMS Alpha operating system.

Revision/Update Information: This manual supersedes the HP OpenVMS System Management Utilities Reference Manual,
OpenVMS Version 7.3-1.

Software Version: OpenVMS Alpha Version 7.3-2




Hewlett-Packard Company Palo Alto, California


© Copyright 2003 Hewlett-Packard Development Company, L.P.

Microsoft®, MS-DOS®, Visual C++®, Windows®, and Windows NT® are U.S. registered trademarks of Microsoft Corporation.

Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and other countries and are used under license. Pentium® is a U.S. registered trademark of Intel Corporation.

Motif and OSF/1 are trademarks of The Open Group in the U.S. and other countries. UNIX® is a registered trademark of The Open Group.

The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Proprietary computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.

ZK6048

The HP OpenVMS documentation set is available on CD-ROM.

Contents Index


Preface

The HP OpenVMS System Management Utilities Reference Manual contains reference information about the utilities that are used to manage both the OpenVMS VAX and OpenVMS Alpha operating systems. This manual describes each system management utility and provides examples for frequently used commands and qualifiers. In addition to system management utilities, a description and usage summary of the AUTOGEN command procedure is presented in this reference manual.

All commands follow the standard rules of grammar as specified in the HP OpenVMS DCL Dictionary.

For information on how to use these system management utilities and AUTOGEN, please refer to the HP OpenVMS System Manager's Manual.

Intended Audience

This manual is intended for system managers and users of the system management utilities for the OpenVMS VAX and OpenVMS Alpha operating systems.

Document Structure

Each part of this manual, with the exception of the section on the AUTOGEN command procedure, provides reference information for a system management utility.

Related Documents

For more information on the system management utilities, refer to the following documents:

  • HP OpenVMS Guide to System Security
  • HP OpenVMS DCL Dictionary
  • POLYCENTER Software Installation Utility Developer's Guide
  • OpenVMS Programming Concepts Manual
  • OpenVMS Programming Interfaces: Calling a System Routine
  • OpenVMS Record Management Services Reference Manual
  • HP OpenVMS System Services Reference Manual
  • OpenVMS User's Manual
  • OpenVMS VAX Device Support Manual(archived, available on the OpenVMS Documentation CD-ROM)
  • POLYCENTER Software Installation Utility Developer's Guide
  • OpenVMS VAX System Dump Analyzer Utility Manual
  • HP Volume Shadowing for OpenVMS
  • OpenVMS Cluster Systems
  • Writing OpenVMS Alpha Device Drivers in C (Margie Sherlock and Leonard Szubowicz, Digital Press, 1996)

For additional information about HP OpenVMS products and services, visit the following World Wide Web address:


http://www.hp.com/go/openvms

Reader's Comments

HP welcomes your comments on this manual. Please send comments to either of the following addresses:

Internet openvmsdoc@hp.com
Postal Mail Hewlett-Packard Company
OSSG Documentation Group, ZKO3-4/U08
110 Spit Brook Rd.
Nashua, NH 03062-2698

How To Order Additional Documentation

For information about how to order additional documentation, visit the following World Wide Web address:


http://www.hp.com/go/openvms/doc/order

Conventions

VMScluster systems are now referred to as OpenVMS Cluster systems. Unless otherwise specified, references to OpenVMS Clusters or clusters in this document are synonymous with VMSclusters.

The contents of the display examples for some utility commands described in this manual may differ slightly from the actual output provided by these commands on your system. However, when the behavior of a command differs significantly between OpenVMS VAX and OpenVMS Alpha, that behavior is described in text and rendered, as appropriate, in separate examples.

The following conventions are also used in this manual:

Ctrl/ x A sequence such as Ctrl/ x indicates that you must hold down the key labeled Ctrl while you press another key or a pointing device button.
PF1 x A sequence such as PF1 x indicates that you must first press and release the key labeled PF1 and then press and release another key or a pointing device button.
[Return] In examples, a key name enclosed in a box indicates that you press a key on the keyboard. (In text, a key name is not enclosed in a box.)

In the HTML version of this document, this convention appears as brackets, rather than a box.

... A horizontal ellipsis points in examples indicate one of the following possibilities:
  • Additional optional arguments in a statement have been omitted.
  • The preceding item or items can be repeated one or more times.
  • Additional parameters, values, or other information can be entered.
.
.
.
A vertical ellipsis points indicate the omission of items from a code example or command format; the items are omitted because they are not important to the topic being discussed.
( ) In command format descriptions, parentheses indicate that, if you choose more than one option, you must enclose the choices in parentheses.
[ ] In command format descriptions, brackets indicate optional elements. You can choose one, none, or all of the options. (Brackets are not optional, however, in the syntax of a directory name in an OpenVMS file specification or in the syntax of a substring specification in an assignment statement.)
{ } In command format descriptions, braces indicate a required choice of options; you must choose one of the options listed.
text style This text style represents the introduction of a new term or the name of an argument, an attribute, or a reason.

In the HTML version of this document, this convention appears as italic text.

italic text Italic text indicates important information, complete titles of manuals, or variables. Variables include information that varies in system messages (Internal error number), in command lines (/PRODUCER= name), and in command parameters in text (where dd represents the predefined code for the device type).
UPPERCASE TEXT Uppercase text indicates a command, the name of a routine, the name of a file, or the abbreviation for a system privilege.
Monospace type Monospace type indicates code examples and interactive screen displays.

In the C programming language, monospace type identifies the following elements: keywords, the names of independently compiled external functions and files, syntax summaries, and references to variables or identifiers introduced in an example.

- A hyphen at the end of a command format description, command line, or code line indicates that the command or statement continues on the following line.
numbers All numbers in text are assumed to be decimal unless otherwise noted. Nondecimal radixes---binary, octal, or hexadecimal---are explicitly indicated.


Chapter 1
Access Control List Editor

1.1 ACL Editor Description

The access control list editor (ACL editor) is a screen-oriented editor used to create and maintain access control lists (ACLs). An ACL is a collection of access control entries (ACEs) that grant or deny access for specific users or groups of users of an object. (For a description of the entry and display format for ACEs, see Section 1.3.) ACLs enable you to control access more closely than you can by using the default user identification code (UIC) based protection.

The system does not limit the number of ACEs that an ACL can contain or the number of characters in an ACE. However, long ACLs increase the amount of time necessary to gain access to an object. In practice, memory constraints can limit the size of an ACL.

The order of ACEs in an ACL is important. ACEs granting or denying access to an object for specific users must appear before ACEs identifying broader classes of users. For example, to grant user SMITH read access to a system object and to deny all other interactive users all types of access to the object, place the ACE for user SMITH before the ACE identifying all interactive users on the system.

You can place ACLs on the following object classes:

Capability
Common event flag cluster
Device
File
Group global section
Logical name table
Queue
Resource domain
Security class
System global section
Volume

1.2 ACL Editor Usage Summary

The access control list editor (ACL editor) creates or modifies an access control list (ACL) for a specified object.


Format

EDIT/ACL object-spec


Parameter

object-spec

Specifies the object whose access control list is to be created or edited. If an access control list does not exist, it is created.

You can specify an object from any of the following object classes:

Capability
Common event flag cluster
Device
File
Group global section
Logical name table
Queue
Resource domain
Security class
System global section
Volume

The default object class is a file. A file must be a disk file on a Files-11 On-Disk Structure Level 2 or 5 formatted volume. For any object other than a file, you must specify the object class with the /CLASS qualifier.

Note that the ACL editor does not provide a default file type for files. To prevent the ACL editor from using a null file type, specify the file type on the command line. If the object is a directory, specify the .DIR file type.

Do not include wildcard characters in the object specification.


Description

You can invoke the ACL editor to create or modify an ACL for an object that you own, have control access to, or can gain access to by a privilege such as BYPASS, GRPPRV, or SYSPRV. To invoke the ACL editor, enter the DCL command EDIT/ACL. In the command line, specify the name of the object whose ACL you want to edit. For example, to create an ACL for the file INVENTORY.DAT, enter the following command:


$ EDIT/ACL INVENTORY.DAT

You can use either the EDIT/ACL command or the SET SECURITY/EDIT command to invoke the ACL editor. For more information about the SET SECURITY command, refer to the HP OpenVMS DCL Dictionary and the HP OpenVMS Guide to System Security.

By default, the ACL editor creates and modifies ACLs for files. To create an ACL for an object other than a file (for example, to create an ACL for a queue), you must specify the object class when you invoke the ACL editor. For example, the following command invokes the ACL editor to create an ACL for the disk DAPR:


$ EDIT/ACL/CLASS=DEVICE DAPR

If an ACL for the object you specify already exists, the ACL editor displays the ACL. You can then use keypad editing commands to add, replace, or delete one or more ACEs in the ACL (see Section A.1). To exit from a completed editing session, press Ctrl/Z. To end an editing session without incorporating any of your edits, press the GOLD key (PF1) and then press Ctrl/Z.

For a description of keypad editing commands supplied by the ACL editor, see Appendix A. For information about how to modify the ACL editor by modifying ACL section files, see Appendix B.

Note

In addition to invoking the ACL editor directly or by entering commands at the DCL prompt ($), you can modify an ACL by using the callable interface to the ACL editor (the ACLEDIT$EDIT routine). For information about how to use the ACLEDIT$EDIT routine, refer to the OpenVMS Utility Routines Manual.

1.3 ACE Formats

This section describes the entry and display format for the following access control entries (ACEs):

  • Alarm ACE for security auditing of an object
  • Audit ACE for security auditing of an object
  • Creator ACE to set the ownership access for new files created in a directory
  • Default Protection ACE to set a default protection code through a directory structure
  • Identifier ACE for object access control
  • Subsystem ACE for protected subsystem access control

The HP OpenVMS Guide to System Security describes how to use each of these ACEs. You can also use other types of ACEs. For example, applications can use an Application ACE to store application-specific information associated with a file. For a description of the internal format used to store an ACE, refer to the OpenVMS Programming Concepts Manual.

Alarm ACE

Specifies the access criteria that cause an alarm message to be sent to all security operator terminals.

ACL alarms are enabled by default; however, alarms are not written to the system security audit log file. If you have existing files or resources protected by Alarm ACEs and you want messages to be recorded in the log file, replace the Alarm ACEs with Audit ACEs.


Format

(ALARM=SECURITY [,OPTIONS=attributes], ACCESS=access-type[+access-type...])


Parameters

options

Specify any of the following attributes:
Default Indicates that an ACE is to be included in the ACL of any files created within a directory. When the entry is propagated, the Default attribute is removed from the ACE of the created file. This attribute is valid for directory files only.
Hidden Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command.

Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.

Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
  • By using the ACL editor
  • By specifying the ACE explicitly when deleting it

    Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.

  • By deleting all ACEs, both protected and unprotected

    Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.

The following commands do not delete protected ACEs:

SET SECURITY/ACL/DELETE
SET SECURITY/LIKE
SET SECURITY/DEFAULT
Nopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.
None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

access

Specify any access that is valid for the object class. refer to the HP OpenVMS Guide to System Security for a listing of valid access types. For an Alarm ACE to have any effect, you must include the keywords SUCCESS, FAILURE, or both with the access types. For example, if the auditing criterion is a failure to obtain write access to an object, specify the following Alarm ACE:


(ALARM=SECURITY, ACCESS=WRITE+FAILURE)

Audit ACE

Specifies the access criteria that cause an audit message to be written to the system security audit log file. A message is recorded by default. A message is recorded only if ACL audits are enabled with the DCL command SET AUDIT/AUDIT/ENABLE=ACL.

Format

(AUDIT=SECURITY [,OPTIONS=attributes], ACCESS=access-type[+access-type...])


Parameters

options

Specify one of the following attributes:
Default Indicates that an ACE is to be included in the ACL of any files created within a directory. When the entry is propagated, the Default attribute is removed from the ACE of the created file. This attribute is valid for directory files only.
Hidden Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command.

Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.

Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
  • By using the ACL editor
  • By specifying the ACE explicitly when deleting it

    Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.

  • By deleting all ACEs, both protected and unprotected

    Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.

The following commands do not delete protected ACEs:

SET SECURITY/ACL/DELETE
SET SECURITY/LIKE
SET SECURITY/DEFAULT
Nopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.
None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

access

Specify any access that is valid for the object class. Refer to the HP OpenVMS Guide to System Security for a listing of valid access types. For an Audit ACE to have any effect, you must include the keywords SUCCESS, FAILURE, or both with the access types. For example, if the auditing criterion is a failure to obtain write access to an object, specify the following Audit ACE:


(AUDIT=SECURITY,ACCESS=WRITE+FAILURE)

Creator ACE

Adds an extra ACE to the ACL for a file created within the directory to which you assign the Creator ACE. The Creator ACE applies only when the following conditions exist:
  • The file being created is not owned by the user identification code (UIC) of the process creating the file.
  • The process creating the file does not have system privileges.

For example, both of these conditions exist when a process holding a general identifier with the Resource attribute creates a file in a directory owned by that identifier. In this situation, the system adds an extra ACE at the top of the new file's ACL. If a Creator ACE exists in the ACL for the parent directory, the system propagates the access specified in the Creator ACE to the new ACE. If a directory lacks a Creator ACE, the system assigns an extra ACE with a combination of control access and ownership access. A Creator ACE with ACCESS=None suppresses the addition of the extra ACE.

The Creator ACE applies to directory files only.

Refer to the HP OpenVMS Guide to System Security for more information.


Format

(CREATOR [,OPTIONS=attribute[+attribute...]],ACCESS=access-type[+access-type...])


Parameters

options

Specify any of the following attributes:
Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
  • By using the ACL editor
  • By specifying the ACE explicitly when deleting it

    Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.

  • By deleting all ACEs, both protected and unprotected

    Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.

The following commands do not delete protected ACEs:

SET SECURITY/ACL/DELETE
SET SECURITY/LIKE
SET SECURITY/DEFAULT
Nopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.
None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

access

Specify access types that are valid for files (read, write, execute, delete, and control).

Default Protection ACE

Defines a UIC-based protection to be propagated to new files throughout a directory tree. The protection code in the ACE is assigned to new files created in the directory. The Default Protection ACE applies to directory files only. Although the system propagates the Default Protection ACE to new subdirectories, the protection code is not assigned to the subdirectories. Instead, the subdirectories receive a modified copy of the parent directory's protection code in which delete access is not granted.

An example of a Default Protection ACE is as follows:


(DEFAULT_PROTECTION,S:RWED,O:RWED,G,W)

The ACE grants read, write, execute, and delete access to users in the system (S) and owner (O) categories but no access to users in the group and world categories. For more information, refer to the HP OpenVMS Guide to System Security.


Format

(DEFAULT_PROTECTION[,OPTIONS=attribute[+attribute...]],access)


Parameters

options

Specify any of the following attributes:
Hidden Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command.

Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.

Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
  • By using the ACL editor
  • By specifying the ACE explicitly when deleting it

    Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.

  • By deleting all ACEs, both protected and unprotected

    Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.

The following commands do not delete protected ACEs:

SET SECURITY/ACL/DELETE
SET SECURITY/LIKE
SET SECURITY/DEFAULT
Nopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.
None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

access

Specify access in the format of a UIC-based protection code, which is as follows:

[category: list of access allowed (, category: list of access allowed,...)]

  • User categories include system (S), owner (O), group (G), and world (W). Refer to the HP OpenVMS Guide to System Security for a definition of these categories. Access types for files include read (R), write (W), execute (E), and delete (D). The access type is assigned to each ownership category and is separated from its access types with a colon (:).
  • A null access list means no access, so when you omit an access type for a user category, that category of user is denied that type of access. To deny all access to a user category, specify the user category without any access types. Omit the colon after the user category when you deny access to a category of users.
  • When you omit a user category from a protection code, the current access allowed that category of user is set to no access.

Identifier ACE

Controls the type of access allowed to a particular user or group of users. An example of an Identifier ACE is as follows:


(IDENTIFIER=SALES,ACCESS=READ+WRITE)

A system manager can use the Authorize utility (AUTHORIZE) to grant the SALES identifier to a specific group of users. Read and write access to the file INVENTORY.DAT is then granted to users who hold the SALES identifier.

For more information, refer to the HP OpenVMS Guide to System Security.


Format

(IDENTIFIER=identifier[+identifier...] [,OPTIONS=attributes[+attributes...]] ,ACCESS=access-type[+access-type...])


Parameters

identifier

Specifies a user or groups of users whose access to an object is defined in the ACE. A system manager creates or removes identifiers and assigns users to hold these identifiers.

Types of identifiers are as follows:

UIC Identifiers in alphanumeric format that are based on the user identification codes (UICs) and that uniquely identify each user on the system. Users with accounts on the system automatically receive a UIC identifier, for example, [GROUP1,JONES] or [JONES]. Thus, each UIC identifier specifies a particular user.
General Identifiers defined by the security administrator in the rights list to identify groups of users on the system. A general identifier is an alphanumeric string of 1 to 31 characters, containing at least one alphabetic character. It can include the letters A to Z, dollar signs ($), underscores (_), and the numbers 0 to 9, for example, 92SALES$, ACCOUNT_3, or PUBLISHING.
Environmental Identifiers describing different types of users based on their initial entry into the system. Environmental identifiers are also called system-defined identifiers. Environmental identifiers correspond directly to the login classes described in the HP OpenVMS Guide to System Security. They include batch, network, interactive, local, dialup, and remote.

For more information, refer to the HP OpenVMS Guide to System Security.

options

Specify any of the following attributes:
Default Indicates that an ACE is to be included in the ACL of any files created within a directory. When the entry is propagated, the Default attribute is removed from the ACE of the created file. This attribute is valid for directory files only.

Note that an Identifier ACE with the Default attribute has no effect on access.

Hidden Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command.

Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.

Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
  • By using the ACL editor
  • By specifying the ACE explicitly when deleting it

    Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.

  • By deleting all ACEs, both protected and unprotected

    Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.

The following commands do not delete protected ACEs:

SET SECURITY/ACL/DELETE
SET SECURITY/LIKE
SET SECURITY/DEFAULT
Nopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.
None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

access

Specify access types that are valid for the object class. Refer to the HP OpenVMS Guide to System Security for a listing of valid access types.

Subsystem ACE

Grants additional identifiers to a process while it is running the image to which the Subsystem ACE applies. Users with execute access to the image can access objects that are in the protected subsystem, such as data files and printers, but only when they run the subsystem images. The Subsystem ACE applies to executable images only.

An example of a Subsystem ACE is as follows:


(SUBSYSTEM, IDENTIFIER=ACCOUNTING)

Format

(SUBSYSTEM,[OPTIONS=attribute[+attribute...],]IDENTIFIER=identifier [,ATTRIBUTES=attribute[+attribute...]] [,IDENTIFIER=identifier [,ATTRIBUTES=attribute[+attribute...]],...])


Parameters

options

Specify any of the following attributes:
Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
  • By using the ACL editor
  • By specifying the ACE explicitly when deleting it

    Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.

  • By deleting all ACEs, both protected and unprotected

    Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.

The following commands do not delete protected ACEs:

SET SECURITY/ACL/DELETE
SET SECURITY/LIKE
SET SECURITY/DEFAULT
Nopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.
None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

identifier

A general identifier specifying the users or groups of users who are allowed or denied access to an object. It is an alphanumeric string of 1 through 31 characters, containing at least one alphabetic character. It can include the letters A to Z, dollar signs ($), underscores (_), and the numbers 0 to 9. For more information, refer to the HP OpenVMS Guide to System Security.

A Subsystem ACE can have multiple pairs of identifiers, with special attributes assigned to the identifiers. A subsystem might require several identifiers to work properly. For example:


(SUBSYSTEM,IDENTIFIER=MAIL_SUBSYSTEM,ATTRIBUTE=NONE,IDENTIFIER=BLDG5,ATTRIBUTE=NONE)

attribute

The identifier characteristics you specify when you add identifiers to the rights list or grant identifiers to users. You can specify the following attribute:
Resource Allows holders of the identifier to charge disk space to the identifier. Used only for file objects.

1.4 ACL Editor Qualifiers

When you invoke the ACL editor, you can include qualifiers on the command line that identify the object class and the editing mode (prompt or noprompt). You can also use qualifiers to name a journaling file or to recover an ACL editing session. This section describes the qualifiers listed in the following table:
Qualifier Description
/CLASS Specifies the class of object whose ACL is being edited
/JOURNAL Controls whether a journal file is created for the editing session
/MODE Specifies the use of prompting during the editing session
/OBJECT_TYPE Superseded by the /CLASS qualifier
/RECOVER Restores an ACL from a journal file at the beginning of an editing session

All of the qualifiers described in this section also apply to the SET SECURITY/EDIT command. You can substitute the SET SECURITY/EDIT command wherever the EDIT/ACL command is shown; the syntax is the same for both commands.

/CLASS

Specifies the class of the object whose ACL is being edited. Unless the object is a file, you must specify the object class.

Format

/CLASS =object-class


Description

To edit the ACL for an object other than a file, specify the object class with the /CLASS qualifier. Specify one of the following classes:
CAPABILITY A system capability, such as the ability to process vector instructions. Currently, the only defined object name for the CAPABILITY class is VECTOR, which governs the ability of a subject to access a vector processor on the system. Note that you must supply the capability name as the object name parameter.
COMMON_EVENT_CLUSTER A common event flag cluster.
DEVICE A device, such as a disk or tape drive.
FILE A file or a directory file. This is the default.
GROUP_GLOBAL_SECTION A group global section.
LOGICAL_NAME_TABLE A logical name table.
QUEUE A batch queue or a device (printer, server, or terminal) queue.
RESOURCE_DOMAIN A resource domain.
SECURITY_CLASS A security class.
SYSTEM_GLOBAL_SECTION A system global section.
VOLUME A disk or tape volume.

Examples

#1

$ EDIT/ACL/CLASS=DEVICE WORK1
      

The command in this example specifies that the object WORK1 is a device.

#2

$ EDIT/ACL/CLASS=QUEUE FAST_BATCH
      

The command in this example creates an ACL for the queue FAST_BATCH. Note that if you create an ACL for a generic queue, you must create identical ACLs for all execution queues to which jobs can be directed.

/JOURNAL

Controls whether a journal file is created for the editing session.

Format

/JOURNAL [=file-spec]

/NOJOURNAL


Description

By default, the ACL editor keeps a journal file containing a copy of modifications made during an editing session. The journal file is given the name of the object and a .TJL file type. If you specify a different name for the file, do not include any wildcard characters.

To prevent the ACL editor from creating a journal file, specify /NOJOURNAL.

If your editing session ends abnormally, you can recover the changes made during the aborted session by invoking the ACL editor with the /RECOVER qualifier.


Examples

#1

$ EDIT/ACL/JOURNAL=COMMONACL.SAV MECH1117.DAT
      

With this command, you create a journal file named COMMONACL.SAV. The file contains a copy of the ACL and the editing commands used to create the ACL for the file MECH1117.DAT.

If the editing session is interrupted, you can recover your edits by specifying the name COMMONACL.SAV with the /RECOVER qualifier.

#2

$ EDIT/ACL/CLASS=RESOURCE/JOURNAL=ZERO_RESOURCE.TJL [0]
      

If you edit an ACL for the resource domain [0], the ACL editor attempts to create the file [0].TJL on the default device and fails. To create an ACL for the resource [0], you must specify a different name for the journal file (as shown in this example) or suppress the creation of a journal file with the /NOJOURNAL qualifier.

/MODE

Specifies the use of prompting during the editing session.

Format

/MODE =option


Description

By default, the ACL editor prompts you for each ACE and provides values for some of the fields within an ACE (/MODE=PROMPT). To disable prompting, specify /MODE=NOPROMPT on the command line.

Examples

#1

$ EDIT/ACL/MODE=NOPROMPT WEATHERTBL.DAT

      

With this command, you initiate an ACL editing session to create an ACL for the file WEATHERTBL.DAT. The /MODE=NOPROMPT qualifier specifies that no assistance is required in entering the ACL entries.

/OBJECT_TYPE

The /OBJECT_TYPE qualifier is superseded by the /CLASS qualifier.

/RECOVER

Restores an ACL from a journal file at the beginning of an editing session.

Format

/RECOVER [=file-spec]

/NORECOVER


Description

The /RECOVER qualifier specifies that the ACL editor must restore the ACL from a journal file. The ACL editor restores the ACL to the state it was in when the last ACL editing session ended abnormally.

By default the journal file is given the name of the object and a .TJL file type. If you specify a more meaningful name for the journal file when you invoke the ACL editor (by using /JOURNAL), specify that file name with the /RECOVER qualifier.


Examples

#1

$ EDIT/ACL/JOURNAL=SAVEACL MYFILE.DAT








   .
   .
   .
User creates ACL until system crashes
   .
   .
   .
$ EDIT/ACL/JOURNAL=SAVEACL/RECOVER=SAVEACL MYFILE.DAT
   .
   .
   .
ACL is restored and user proceeds with editing until done
   .
   .
   .
^Z
$

The first command in this example starts the ACL editing session and specifies that the ACL editor must save the journal file SAVEACL.TJL if the session ends abnormally. The session proceeds until it is aborted by a system crash.

The next command restores the lost session with the journal file SAVEACL.TJL. To end the session, press Ctrl/Z. The ACL editor saves the edits and deletes the journal file.


Chapter 2
Accounting Utility

2.1 ACCOUNTING Description

The Accounting utility (ACCOUNTING) produces reports of system resource use.

You can use ACCOUNTING qualifiers to:

  • Produce a number of report formats
  • Choose how the reports are organized
  • Choose on which resources you want reports

You can use the reports to learn more about how the system is used and how it performs.

2.2 ACCOUNTING Usage Summary

Produces reports of resource use.


Format

ACCOUNTING [filespec[,...]]


Parameter

filespec[,...]

Specifies the accounting files you want to process.

Each file specification can include the percent (%) and asterisk (*) wildcard characters. If it does not include the device or directory, your current default device or directory is used. If it does not include the file name or file type, the values ACCOUNTNG and DAT are used respectively.

If you do not specify a file, the command processes the file SYS$MANAGER:ACCOUNTNG.DAT.


Description

Use this DCL command to run the Accounting utility:

$ ACCOUNTING [filespec[,...]]

You are returned to DCL level when the command has finished processing the specified accounting files.

By default, the command directs its output to the current SYS$OUTPUT device. If you want to direct the output to a file, use the /OUTPUT qualifier.

Requires READ access to the accounting files you specify, and to the directories containing them.

2.3 ACCOUNTING Qualifiers

This section describes and provides examples of each ACCOUNTING qualifier. The following table summarizes the ACCOUNTING qualifiers:

Qualifier Description
/ACCOUNT Selects or rejects records for the specified account names
/ADDRESS Selects or rejects records for DECnet for OpenVMS requests made by the specified nodes
/BEFORE Selects all records time-stamped before the specified time
/BINARY Copies the selected records to a new file in binary format
/BRIEF Produces a brief report of the selected records
/ENTRY Selects or rejects records for print and batch jobs with the specified queue entry numbers
/FULL Produces a full report of the selected records
/IDENT Selects or rejects records for the specified processes
/IMAGE Selects or rejects records for the specified images
/JOB Selects or rejects records for print and batch jobs with the specified job names
/LOG Outputs informational messages
/NODE Selects or rejects records for DECnet for OpenVMS requests made by the specified nodes
/OUTPUT Specifies the output file (Alpha only)
/OWNER Selects or rejects records for subprocesses created by the specified processes
/PRIORITY Selects or rejects records for the specified priority
/PROCESS Selects or rejects records for the specified types of process
/QUEUE Selects or rejects records for print or batch jobs executed by the specified queues
/REJECTED Copies the rejected records to a new file
/REMOTE_ID Selects or rejects records for DECnet for OpenVMS requests made by the specified remote IDs
/REPORT Specifies the resources that you want to summarize in a summary report
/SINCE Selects all records time-stamped at or after the specified time
/SORT Sorts the selected records
/STATUS Selects or rejects records with the specified final exit status codes
/SUMMARY Produces a summary report of the selected records
/TERMINAL Selects or rejects records for interactive sessions at the specified terminals
/TITLE Specifies the title shown on the first line of a summary report
/TYPE Selects or rejects the specified types of record
/UIC Selects or rejects records for the specified UICs
/USER Selects or rejects records for the specified user names
/WIDE Changes the width of Buffered I/O and Direct I/O fields in a report from 8 to 10 characters

/ACCOUNT

Selects or rejects records for the specified account names.

Format

/ACCOUNT= ([-]account[,...])


Description

The /ACCOUNT qualifier uses the value of the account field to select records for processing. This field is present in all records except file backward link and file forward link records.

The /ACCOUNT qualifier selects only records that have the specified values in the account field. If you precede the values with a minus sign, it selects all records except those with the specified values.

The following table shows the values stored in the account field of login failure and system initialization records:

Value Description
<batch> Batch job login failure
<det> Detached process login failure
<login> Interactive login failure
<net> Network login failure
<start> System startup

Note that when you specify these account field values as qualifier values, you must enclose them in quotes. Like all DCL commands, the ACCOUNTING command converts strings to uppercase unless they are enclosed in quotes.


Examples

#1

$ ACCOUNTING /ACCOUNT=(SALES, QA)
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for the account names SALES and QA.

#2

$ ACCOUNTING /ACCOUNT=(-SALES, QA) /FULL
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of all records except for the account names SALES and QA.

/ADDRESS

Selects or rejects records for DECnet for OpenVMS requests made by the specified nodes.

Format

/ADDRESS= ([-]node_address[,...])


Description

The /ADDRESS qualifier uses the value of the remote node address field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about DECnet for OpenVMS requests, it contains the address of the node that made the request.

The /ADDRESS qualifier selects only records with the specified values in the remote node address field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See also the /NODE and /REMOTE_ID qualifiers, which select or reject records for DECnet for OpenVMS requests made by specified node names and remote IDs respectively.


Example


$ ACCOUNTING /ADDRESS=19656
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for DECnet for OpenVMS requests made by the node with the address 19656. (The decimal equivalent of this address is 19.200.)

/BEFORE

Selects all records time-stamped before the specified time.

Format

/BEFORE [=time]


Description

All records in an accounting file are time-stamped with the time the record was logged in the file.

The /BEFORE qualifier selects only the records time-stamped before the specified time. You can specify an absolute time, a delta time, or a combination of the two. If you omit the time, 00:00 hours on the current day is used.

See also the /SINCE qualifier, which selects records time-stamped at or after a specified time.


Example


$ ACCOUNTING /SINCE=1-NOV-2002 /BEFORE=1-DEC-2002

      

This example produces a brief report of all records time-stamped in the file SYS$MANAGER:ACCOUNTNG.DAT during November 2002.

/BINARY

Copies the selected records to a new file in binary format.

Format

/BINARY


Description

The /BINARY qualifier specifies that records are output in binary format to the file specified by the /OUTPUT qualifier. (/OUTPUT is Alpha-only, however.) Use the Accounting utility to process this file later.

See also the /BRIEF, /FULL, and /SUMMARY qualifiers, which process the selected records to produce a report.

You cannot use the /BINARY qualifier with the /BRIEF, /FULL, or /SUMMARY qualifiers.


Examples

#1

$ ACCOUNTING /USER=SMITH /BINARY /OUTPUT=MYDISK:[ACCOUNTING]MYACC.DAT
      

This example creates the file MYDISK:[ACCOUNTING]MYACC.DAT. It processes the file SYS$MANAGER:ACCOUNTNG.DAT, copying all records for the user SMITH to the new file in binary format.

#2

$ ACCOUNTING /TYPE=PRINT -
_$ /BINARY /OUTPUT=PRINT_INFO.DAT /REJECTED=NOT_PRINT_INFO.DAT
      

This example creates two files in the default directory, PRINT_INFO.DAT and NOT_PRINT_INFO.DAT. It processes the file SYS$MANAGER:ACCOUNTNG.DAT, copying print records to PRINT_INFO.DAT and other records to NOT_PRINT_INFO.DAT. These records are in binary format.

/BRIEF

Produces a brief report of the selected records.

Format

/BRIEF (default)


Description

The /BRIEF qualifier is the default. It produces a brief report of the selected records. The report is directed to the current SYS$OUTPUT device, unless you use the /OUTPUT qualifier to write it to a file. (Note that /OUTPUT is Alpha-only.)

Each line of a brief report corresponds to a record in the accounting file. It does not show resources used, but gives the information shown in the following table about each record in the accounting file:

Column Description
Date/Time When the record was logged in the accounting file.
Type The type of the record.
Subtype For records of type IMAGE, this is the name of the image (the file name portion of its file specification). For records of type PROCESS, it is the type of the process (BATCH, DETACHED, INTERACTIVE, NETWORK, or SUBPROCESS).
User name The user name. For login failures where the user did not give a valid user name, this is shown as <login>.
ID The process identifier (PID). For print jobs, this is the PID of the process that submitted the job.
Source The terminal associated with an interactive process or, for DECnet for OpenVMS requests, the name of the node that issued the request.
Status The final exit status code, expressed as a hexadecimal value.

To translate the final exit status code into the equivalent message text, use the F$MESSAGE lexical function, and precede the status code with %X, as in this example:



$ MESSAGE = F$MESSAGE(%X00000001)
$ SHOW SYMBOL MESSAGE
  MESSAGE = "%SYSTEM-S-NORMAL, normal successful completion"

See also the /BINARY qualifier, which copies the selected records to a file, and the /FULL and /SUMMARY qualifiers, which produce full and summary reports of the selected records.

You cannot use the /BRIEF qualifier with the /BINARY, /FULL, or /SUMMARY qualifiers.


Example


$ ACCOUNTING
      

This example produces a brief report of all records in the file SYS$MANAGER:ACCOUNTNG.DAT.

This is an example of the report that is produced:



Date / Time           Type   Subtype   Username     ID    Source   Status
--------------------------------------------------------------------------
7-JAN-2002 17:20:08 FILE_BL                      00000000         00000000
7-JAN-2002 17:22:05 PROCESS DETACHED    JONES    516000E1         02DBA002
7-JAN-2002 17:22:10 PROCESS INTERACTIVE JONES    516000DD TWA10:  00000001
7-JAN-2002 17:22:16 PROCESS INTERACTIVE JONES    51600104 TWA11:  0001C0F4
7-JAN-2002 17:22:20 PROCESS DETACHED    JONES    51600103         12DB821C
8-JAN-2002 01:06:36 PROCESS SUBPROCESS  SYSTEM   51600106         10000001
8-JAN-2002 03:09:59 PROCESS BATCH       SYSTEM   5160010F         10030001
8-JAN-2002 09:13:15 LOGFAIL                      51600105         00D3803C
8-JAN-2002 09:14:40 IMAGE   LOGINOUT    JONES    51600110         00000000
8-JAN-2002 09:28:57 PROCESS SUBPROCESS  SMITH    51600119         10000001
8-JAN-2002 09:50:18 PROCESS SUBPROCESS  SMITH    5160011A         00000001

/ENTRY

Selects or rejects records for print and batch jobs with the specified queue entry numbers.

Format

/ENTRY= ([-]entry_number[,...])


Description

The /ENTRY qualifier uses the value of the queue entry number field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about print or batch jobs, it contains the unique entry number assigned to the job in the print or batch queue.

The /ENTRY qualifier selects only records that have the specified values in the queue entry number field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See also the /JOB and /QUEUE qualifiers, which select or reject records for print and batch jobs with specified job and queue names.


Examples

#1

$ ACCOUNTING /ENTRY=(211,212,213)

      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for print or batch jobs with a queue entry number of 211, 212, or 213.

#2

$ ACCOUNTING /ENTRY=(-25,50)
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for print or batch jobs with a queue entry number of 25 or 50.

/FULL

Produces a full report of the selected records.

Format

/FULL


Description

The /FULL qualifier produces a full report of the selected records. The report is directed to the current SYS$OUTPUT device, unless you use the /OUTPUT qualifier to write it to a file. (Note that /OUTPUT is Alpha-only.)

Full reports display one screen of information for each selected record. The information displayed, and the way that it is laid out, depend on the type of the record and the data it contains.

The first line shows the event that caused the record to be logged in the accounting file. For example, for a record that was logged when an interactive process terminated, the first line shows INTERACTIVE Process Termination.

For subprocesses, the Owner ID field shows the process identifier (PID) of the parent process.

For records that contain information about DECnet for OpenVMS requests, the three Remote fields identify the remote user and remote node.

The Processor time field shows the total CPU time used. This includes any vector CPU time used. The Vector CPU time field is shown only if vector CPU time has been used.

Vector CPU time is the time that the process was scheduled on a vector-present CPU while that process was a vector consumer. Note that:

  • When a process is a vector consumer, it accrues vector CPU time when it is scheduled, even if it does not issue any vector instructions.
  • Processes that are scalar consumers or marginal vector consumers do not accrue vector CPU time, even when they are scheduled on vector-present CPUs.

The privilege is shown as two hexadecimal numbers that represent the first and last 32 bits of the 64-bit privilege mask. To translate the privilege bit mask into privileges, refer to the definitions of the symbols that begin PRV$V_ in the $PRVDEF macro in the STARLET library. For example, the $PRVDEF macro defines the PRV$V_READALL symbol to equate to 35. This means that READALL privilege is represented by bit 35 set in the privilege mask.

If you are processing only one file and you are displaying it on your screen, when you do not want to look at any more records, press Ctrl/Z to return to the DCL prompt.

See also the /BINARY qualifier, which copies the selected records to a file, and the /BRIEF and /SUMMARY qualifiers, which produce brief and summary reports of the selected records.

You cannot use the /FULL qualifier with the /BINARY, /BRIEF, or /SUMMARY qualifiers.


Examples

#1

$ ACCOUNTING /FULL
      

This example displays a full report of all the records in the file SYS$MANAGER:ACCOUNTNG.DAT. This example screen shows a record that was logged when an interactive process terminated. The interactive process was created when the user JONES at the node HQ222 entered a SET HOST command to connect to the local node.



INTERACTIVE Process Termination
-------------------------------
Username:         FISH        UIC:               [DOC,FISH]
Account:          DOC         Finish time:       23-JAN-2002 15:21:23.83
Process ID:       20A0029B    Start time:        23-JAN-2002 15:19:08.28
Owner ID:                     Elapsed time:                0 00:02:15.55
Terminal name:     RTA2:      Processor time:              0 00:00:04.14
Remote node addr: 63576       Priority:          4
Remote node name: HQ222       Privilege <31-00>: 00108000
Remote ID:        JONES       Privilege <63-32>: 00000000
Queue entry:                  Final status code: 00000001
Queue name:
Job name:
Final status text: %SYSTEM-S-NORMAL, normal successful completion

Page faults:      2043        Direct IO:              159
Page fault reads:   68        Buffered IO:            228
Peak working set:  852        Volumes mounted:          0
Peak page file:   5512        Images executed:         10
                              Vector CPU time:             0 00:00:0.54
Press RETURN for Next Record >

#2

$ ACCOUNTING /FULL /OUTPUT=MYACC
      

This example creates the output file MYACC.LIS in the default directory. It processes the file SYS$MANAGER:ACCOUNTNG.DAT, writing a full report of all records to the new output file.

/IDENT

Selects or rejects records for the specified processes.

Format

/IDENT= ([-]pid[,...])


Description

The /IDENT qualifier uses the value of the process identifier (PID) field to select records for processing. This field is present in all records except file backward link and file forward link records. For print job records, it contains the PID of the process that submitted the job.

The /IDENT qualifier selects only records that have the specified values in the PID field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See also the /OWNER qualifier, which selects or rejects records for subprocesses created by specified processes.


Examples

#1

$ ACCOUNTING /IDENT=(25634,045A6B)
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for processes with a PID of 25634 or 045A6B.

#2

$ ACCOUNTING /IDENT=(-25634,045A6B)
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for processes with a PID of 25634 or 045A6B.

/IMAGE

Selects or rejects records for the specified images.

Format

/IMAGE= ([-]image_name[,...])


Description

The /IMAGE qualifier uses the value of the image name field to select records for processing. This field is present only in records of type IMAGE, and contains the name of the image.

Note that the system does not track records of type IMAGE by default. To enable the tracking of IMAGE records, use the SET ACCOUNTING command.

The /IMAGE qualifier selects only records that have the specified values in the image name field. If you precede the values with a minus sign, it selects all records except those with the specified values.

Each image name is a string that gives the file name portion of the image file specification. Do not include the device, directory, or file type.


Examples

#1

$ ACCOUNTING /IMAGE=DIRECTORY
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for the DIRECTORY.EXE image.

#2

$ ACCOUNTING /IMAGE=-DIRECTORY

      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for the DIRECTORY.EXE image.

/JOB

Selects or rejects records for print and batch jobs with the specified job names.

Format

/JOB= ([-]job_name[,...])


Description

The /JOB qualifier uses the value of the job name field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about print and batch jobs, it contains the name of the job.

The /JOB qualifier selects only records that have the specified values in the job name field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See also the /QUEUE and /ENTRY qualifiers, which select or reject records for print and batch jobs with specified queue names and queue entry numbers.


Examples

#1

$ ACCOUNTING /JOB=(MYJOB1,MYJOB2)

      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for print or batch jobs named MYJOB1 or MYJOB2.

#2

$ ACCOUNTING /JOB=(-MYJOB1,MYJOB2) /FULL
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of all records except those for print or batch jobs named MYJOB1 or MYJOB2.

/LOG

Outputs informational messages.

Format

/LOG


Description

The /LOG qualifier outputs these informational messages to the current SYS$OUTPUT device:
  • For each file processed, the name of the file and the number of records selected and rejected from that file
  • If you use the /SORT qualifier, the total number of records merged in the sort (this is the total number of records selected from all the files that were processed)
  • If you process more than one file, the total number of files that were processed, and the total number of records selected and rejected

Example


$ ACCOUNTING MYFILE1.DAT,MYFILE2.DAT /TYPE=PRINT /SORT=USER /OUTPUT=OUTFILE








%ACC-I-INPUT, SYS$SYSROOT:[SYSMGR]MYFILE1.DAT;7, 297 selected, 16460 rejected
%ACC-I-INPUT, SYS$SYSROOT:[SYSMGR]MYFILE2.DAT;13,302 selected, 16388 rejected
%ACC-I-MERGE, 599 records to be merged
%ACC-I-TOTAL, 599 selected, 32848 rejected, 2 input files

This example processes two accounting files. It writes a brief report of all the records for print jobs, sorted in user name order, to an output file and displays informational messages that tell you which files were processed and how many records were selected and rejected.

/NODE

Selects or rejects records for DECnet for OpenVMS requests made by the specified nodes.

Format

/NODE= ([-]node_name[,...])


Description

The /NODE qualifier uses the value of the remote node name field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about DECnet for OpenVMS requests, it contains the name of the node that made the request.

The /NODE qualifier selects only records that have the specified values in the remote node name field. If you precede the values with a minus sign, it selects all records except those with the specified values.

Do not include the double colon (::) after the name of the node.

See also the /ADDRESS and /REMOTE_ID qualifiers, which select or reject records for DECnet for OpenVMS requests made by specified node addresses and remote IDs respectively.


Examples

#1

$ ACCOUNTING /NODE=HQ291 /FULL
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of all records for DECnet for OpenVMS requests made by the node HQ291.

#2

$ ACCOUNTING /NODE=(-HQ222,HQ223)
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for DECnet for OpenVMS requests made by the nodes HQ222 or HQ223.

/OUTPUT (Alpha Only)

Specifies the output file.

Requires read and write access to the directory in which the output file is created.


Format

/OUTPUT [=filespec]


Description

The /OUTPUT qualifier creates the specified output file and writes the report or copies the selected records to that file.

If you omit the /OUTPUT qualifier, or you use the /OUTPUT qualifier and omit the file specification, the report or selected records are output to the current SYS$OUTPUT device.

If the file specification does not include the device or directory name, your current default device or directory is used. If you omit the file name, the file name of the first input file is used (the first file listed in the parameter to the ACCOUNTING command). If you omit the file type, the default file type is .LIS if you are producing reports, and .DAT if you are copying records.


Examples

#1

$ ACCOUNTING MYFILE1.DAT,MYFILE2.DAT /SORT=USER /BINARY /OUTPUT=.NEW
      

This example creates the output file MYFILE1.NEW in the default directory. It processes two accounting files, MYFILE1.DAT and MYFILE2.DAT, sorting their records in user name order, then copies these records to the new output file.

#2

$ ACCOUNTING MYFILE1.NEW /FULL
/OUTPUT=MYDISK:[ACCOUNTING]STAT
      

This example creates the output file MYDISK:[ACCOUNTING]STAT.LIS, and writes a full report of all the records in MYFILE1.NEW to the new output file.

/OWNER

Selects or rejects records for subprocesses created by the specified processes.

Format

/OWNER= ([-]owner_pid[,...])


Description

The /OWNER qualifier uses the value of the process owner field to select records for processing. This field is present in all records except file backward link and file forward link records. For a subprocess, this field contains the process identifier (PID) of the process that created it.

The /OWNER qualifier selects only records that have the specified values in the process owner field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See also the /IDENT qualifier, which selects or rejects records for specified processes.


Example


$ ACCOUNTING /OWNER=(25634,045A6B)

      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for subprocesses created by processes with a PID of 25634 or 045A6B.

/PRIORITY

Selects or rejects records for the specified priority.

Format

/PRIORITY= ([-]priority[,...])


Description

The /PRIORITY qualifier uses the value of the priority field to select records for processing. This field is present in all records except file backward link and file forward link records. For print and batch job records, this field contains the priority of the job in the print or batch queue. For other records, it contains the base process priority.

The /PRIORITY qualifier selects only records that have the specified values in the priority field. If you precede the values with a minus sign, it selects all records except those with the specified values.


Example


$ ACCOUNTING /PRIORITY=3

      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for processes with a base priority of 3 and for print and batch jobs with a queue priority of 3.

/PROCESS

Selects or rejects records for the specified types of process.

Format

/PROCESS= ([-]process_type[,...])


Keyword

process_type[,...]

Specifies which types of process you want to select or reject. The following table shows the keywords available:
Keyword Type of Process
BATCH Batch process
DETACHED Detached process
INTERACTIVE Interactive process
NETWORK Network process
SUBPROCESS Subprocess of any of the other process types

Description

The /PROCESS qualifier uses the value of the process type field to select records for processing. This field is present only in records of type IMAGE and type PROCESS. For records of type IMAGE, this field contains the type of the process in which the image was executed.

The /PROCESS qualifier selects only records that match the specified types of process. If you precede the list with a minus sign, it selects all records except those for the specified types of process.

See also the /TYPE qualifier, which selects or rejects specified types of record.


Example


$ ACCOUNTING /TYPE=IMAGE /PROCESS=INTERACTIVE /FULL
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of the resources used by images running in interactive processes.

/QUEUE

Selects or rejects records for print or batch jobs executed by the specified queues.

Format

/QUEUE= ([-]queue_name[,...])


Description

The /QUEUE qualifier uses the value of the queue name field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about print or batch jobs, it contains the name of the queue that executed the job.

The /QUEUE qualifier selects only records that have the specified values in the queue name field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See also the /JOB and /ENTRY qualifiers.


Example


$ ACCOUNTING /QUEUE=SYS$MYNODE_BATCH

      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for jobs executed by the SYS$MYNODE_BATCH queue.

/REJECTED

Copies the rejected records to a new file.

Requires read and write access to the directory in which the specified file is created.


Format

/REJECTED =filespec


Description

The /REJECTED qualifier creates the specified file, then copies the records that do not match your selection criteria to this file in binary format. Use the Accounting utility to process this file later.

If the file specification does not include the device or directory name, your current default device or directory is used. If you omit the file name, the file name of the first input file is used (the first file listed in the parameter to the ACCOUNTING command). If you omit the file type, .REJ is used.


Example


$ ACCOUNTING /TYPE=PRINT /BINARY /OUTPUT=PRINT_INFO.DAT -
_$ /REJECTED=NOT_PRINT_INFO.DAT

      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It creates two files, PRINT_INFO.DAT and NOT_PRINT_INFO.DAT, in the default directory. It copies print job records to PRINT_INFO.DAT and all other records to NOT_PRINT_INFO.DAT.

/REMOTE_ID

Selects or rejects records for DECnet for OpenVMS requests made by the specified remote IDs.

Format

/REMOTE_ID= ([-]remote_id[,...])


Description

The /REMOTE_ID qualifier uses the value of the remote ID field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about DECnet for OpenVMS requests, this field contains a string that identifies the user who made the request. If the remote process was on an OpenVMS node, this is the user name of the user at the remote node.

The /REMOTE_ID qualifier selects only records that have the specified values in the remote ID field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See also the /NODE and /ADDRESS qualifiers, which select or reject records for DECnet for OpenVMS requests made by nodes with specified names and addresses respectively.


Example


$ ACCOUNTING /NODE=HQ223 /REMOTE_ID=SMITH /FULL
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of all the records for DECnet for OpenVMS requests made by user SMITH at the node HQ223.

/REPORT

Specifies the resources that you want to summarize in a summary report.

Format

/REPORT [=(resource[,...])]


Keyword

resource[,...]

Specifies the resources that you want to summarize in the report. The following table shows the keywords available:
Keyword Description How Summarized
BUFFERED_IO 2 Number of buffered I/Os Total
DIRECT_IO 2 Number of direct I/Os Total
ELAPSED 1, 2 Elapsed time Total
EXECUTION 2 Number of images run by the process Total
FAULTS 2 Number of hard and soft page faults Total
GETS 1 Number of GETs from the file that was printed Total
PAGE_FILE 2 Page file usage Maximum
PAGE_READS 2 Number of hard page faults Total
PAGES 1 Number of pages printed Total
PROCESSOR 2 Total CPU time used Total
QIOS 1 Number of QIOs to the printer Total
RECORDS Number of accounting file records processed Total
VECTOR_PROCESSOR 2 Vector CPU time used (see the description of the /FULL qualifier for further details) Total
VOLUMES 2 Number of volumes mounted Total
WORKING_SET 2 Working set size Maximum

1Present in records of type PRINT
2Present in records of type IMAGE, LOGFAIL, PROCESS, and SYSINIT

The RECORDS keyword is the default if you omit either the keywords or the /REPORT qualifier. It gives the total number of records for each summary key value.


Description

The /REPORT qualifier specifies the resources that you want to summarize in a summary report. The resources are summarized, either as totals or maximum values, for each summary key value specified by the /SUMMARY qualifier.

When a record is processed that does not contain the specified resource field, a default value of 0 is used. For example, if you use the PAGES keyword to summarize the total pages printed, the value of 0 is used for each record that is not of type PRINT.

Note that the resource usage data stored in records of type IMAGE is a subset of the data stored in records of type PROCESS. For example, the CPU time stored in a record of type PROCESS includes the CPU time used by the images executed by that process. To make sure that you do not count the same resource data twice when you are summarizing process resources by totals, use the /TYPE qualifier to exclude records of type IMAGE.

You cannot use the /REPORT qualifier without the /SUMMARY qualifier.


Examples

#1

$ ACCOUNTING /SUMMARY=IMAGE /REPORT=(RECORDS,PROCESSOR)
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a summary report that shows for each image the number of times it was executed and the total CPU time consumed.

#2

$ ACCOUNTING /TYPE=-IMAGE /SUMMARY=USER /REPORT=EXECUTION
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a summary report that shows the total number of images executed by each user. Notice the use of the /TYPE qualifier to exclude records of type IMAGE to avoid double counting.

/SINCE

Selects all records time-stamped at or after the specified time.

Format

/SINCE [=time]


Description

All records in an accounting file are time-stamped with the time the record was logged in the file.

The /SINCE qualifier selects only the records time-stamped on or after the specified time. You can specify an absolute time, delta time, or a combination of the two. If you omit the time, 00:00 hours on the current day is used.

See also the /BEFORE qualifier, which selects records time-stamped before a specified time.


Example


$ ACCOUNTING /SINCE=5-JAN-2002

      

This example produces a brief report of all records time-stamped at or after 5-JAN-2002 in the file SYS$MANAGER:ACCOUNTNG.DAT.

/SORT

Sorts the selected records.

Format

/SORT [=([-]sort_field[,...])]


Keyword

sort_field[,...]

Specifies the sort key.

The following table shows the keywords available. You can specify up to ten sort fields.

Keyword Sorts on This Field
ACCOUNT Account
ADDRESS Address of the node that made the DECnet for OpenVMS request
BUFFERED_IO Number of buffered I/Os
DIRECT_IO Number of direct I/Os
ELAPSED Elapsed time
ENTRY Print or batch job queue entry number
EXECUTION Number of images run by the process
FAULTS Number of hard and soft page faults
FINISHED Time record was logged in the accounting file
GETS Number of GETs from the file that was printed
IDENT Process identifier (PID)
IMAGE Image name (sorts only on file name portion of the image file specification)
JOB Name of print or batch job
NODE Name of the node that made the DECnet for OpenVMS request
OWNER PID of parent process
PAGE_FILE Peak page file usage
PAGE_READS Number of hard page faults
PAGES Number of pages printed
PRIORITY Base process priority, or print or batch queue priority
PROCESS Type of process
PROCESSOR Total CPU time used
QIOS Number of QIOs to the printer
QUEUE Name of print or batch queue
QUEUED Time print job was queued
STARTED Start time
STATUS Final exit status code
TERMINAL Terminal name
TYPE Type of record
UIC User identification code
USER User name at local node
VECTOR_PROCESSOR Vector CPU time (see the description of the /FULL qualifier for further details)
VOLUMES Number of volumes mounted
WORKING_SET Peak working set size

For each keyword, see the description of the corresponding Accounting utility qualifier or the table in the /TYPE qualifier section for details of the types of record in which the corresponding field is present.


Description

The /SORT qualifier merges the selected records from each input file (each file listed in the parameter to the ACCOUNTING command) and sorts them using the specified sort key. The records are sorted according to the value of the first sort field in the list, and when two or more records have the same value in this field, they are sorted by the value of the second sort field in the list, and so on.

The records are sorted in ascending order of the sort field value. If the keyword is preceded by a minus sign, the records are sorted in descending order.

When you use the /SORT qualifier, records are rejected if they do not contain the sort field. For example, /SORT=IMAGE rejects all records that are not of type IMAGE, because the image name field is only present in records of type IMAGE. Similarly, /SORT=PAGES rejects all records except those for print jobs.

You cannot use the /SORT qualifier with the /SUMMARY qualifier.


Examples

#1

$ ACCOUNTING /TYPE=PRINT /SORT=USER
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all the records for print jobs and displays them in user name order.

The following example shows the report that is produced:



Date / Time           Type  Subtype Username     ID      Source  Status
-------------------------------------------------------------------------
14-JAN-2002 09:53:05  PRINT         BROWN        20A00193        00040001
13-JAN-2002 13:36:04  PRINT         BROWN        20A00442        00000001
13-JAN-2002 12:42:37  PRINT         BROWN        20A00442        00000001
13-JAN-2002 14:43:56  PRINT         DECNET_MAIL  20A00456        00000001
14-JAN-2002 19:39:01  PRINT         DECNET_MAIL  20A00265        00000001
14-JAN-2002 20:09:03  PRINT         DECNET_MAIL  20A00127        00000001
14-JAN-2002 20:34:45  PRINT         DECNET_MAIL  20A00127        00000001
14-JAN-2002 11:23:34  PRINT         FISH         20A0032E        00040001
14-JAN-2002 16:43:16  PRINT         JONES        20A00070        00040001
14-JAN-2002 09:30:21  PRINT         SMITH        20A00530        00040001


#2

$ ACCOUNTING MYFILE1.DAT,MYFILE2.DAT /SORT=IMAGE -
_$ /FULL /REJECTED=NON_IMAGE.DAT
      

This example processes two files, MYFILE1.DAT and MYFILE2.DAT, to produce a full report of records of type IMAGE, sorted in image name order. It creates the file NON_IMAGE.DAT, and copies all records except those of type IMAGE to that file. Notice that no selection qualifiers are used, and so all records are selected for processing. When the records are sorted, records that do not contain an image name are rejected.

/STATUS

Selects or rejects records with the specified final exit status codes.

Format

/STATUS= ([-]status_code[,...])


Description

The /STATUS qualifier uses the value of the final status code field to select records for processing. This field is present in all records except records of type USER, file backward link records, and file forward link records.

The /STATUS qualifier selects only records that have the specified values in the final status code field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See the description of the /BRIEF qualifier for details of how to convert a final exit status code to the equivalent message text.


Example


$ ACCOUNTING /STATUS=10D38064
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records with a final exit status code of 10D38064.

/SUMMARY

Produces a summary report of the selected records.

Format

/SUMMARY [=(summary_item[,...])]


Keyword

summary_item[,...]

Specifies the summary key. The following table lists keywords:
Keyword Description
ACCOUNT Account
DATE Date
DAY Day of month (1--31)
HOUR Hour of day (0--23)
IMAGE Image name (file name portion of image file specification)
JOB Name of print or batch job
MONTH Month of year (1--12)
NODE Name of the node that issued the DECnet for OpenVMS request
PROCESS Process type
QUEUE Print or batch job queue name
TERMINAL Terminal name
TYPE Record type
UIC User identification code
USER User name
WEEKDAY Day of week (0=Sunday, 1=Monday, and so on)
YEAR Year

If you omit these keywords, the user name is used as the summary key.


Description

The /SUMMARY qualifier produces a summary report of the selected records. The report is directed to the current SYS$OUTPUT device, unless you use the /OUTPUT qualifier to write it to a file.

Summary reports give statistical summaries of the resources specified by the /REPORT qualifier for each value of the summary key specified by the /SUMMARY qualifier. If you omit the /REPORT qualifier, the summary report gives the total number of records processed for each summary key value.

The first line of the summary report shows the time span of the data processed (when the first and last records processed were logged in the input files), with a title in the middle. You can use the /TITLE qualifier to specify your own title.

The next few lines of the report are column headings. There is one column for each summary_item, then one column for each resource specified by the /REPORT qualifier. The columns are laid out in the same left-to-right sequence as the equivalent keywords in the /SUMMARY and /REPORT qualifiers.

The rest of the report uses one line for each summary key value. It gives a summary of the resources associated with that summary key value. The data is sorted in ascending order of the summary key value.

See also the /BINARY qualifier, which copies the selected records to a file, and the /BRIEF and /FULL qualifiers, which produce brief and full reports of the selected records.

You cannot use the /SUMMARY qualifier with the /BINARY, /BRIEF, or /FULL qualifiers.


Examples

#1

$ ACCOUNTING /TYPE=PRINT /SUMMARY=USER /REPORT=(PAGES,RECORDS)
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It processes all the print job records and produces a summary report that shows, for each user, the total number of pages printed and the number of records that were added together to produce this total. This is an example of the report that is produced:



From: 12-JAN-2002 15:55  VAX/VMS Accounting Report  To: 15-JAN-2002 15:17

Username         Pages    Total
               Printed  Records
-------------------------------
BROWN              115        2
CROW                 3        1
CUTHBERT            20        4
FOSTER              46        1
SMITH               50        3
WHITE               50        7


#2

$ ACCOUNTING /SUMMARY=IMAGE /REPORT=(PROCESSOR,RECORDS)
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a summary report that shows the total CPU time used by each image. This is an example of the report that is produced:



From: 12-JAN-2002 15:55  VAX/VMS Accounting Report  To: 15-JAN-2002 15:17
Image name     Processor        Total
                  Time        Records
-------------------------------------
               0 00:09:09.83       51
ACC            0 00:01:36.72       99
AUTHORIZE      0 00:00:04.17        8
CDU            0 00:00:33.25       21
COPY           0 00:00:05.97       30
DELETE         0 00:00:02.79       12
DIRECTORY      0 00:00:09.67       38
DUMP           0 00:00:04.51        3
EDT            0 00:00:05.85        7
LOGINOUT       0 00:04:03.48       75
NETSERVER      0 00:00:00.63       23
SHOW           0 00:00:04.80       22

/TERMINAL

Selects or rejects records for interactive sessions at the specified terminals.

Format

/TERMINAL= ([-]terminal_name[,...])


Description

The /TERMINAL qualifier uses the value of the terminal name field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about interactive sessions, this field contains the name of the terminal associated with the session.

The /TERMINAL qualifier selects only records that have the specified values in the terminal name field. If you precede the values with a minus sign, it selects all records except those with the specified values.

Give the terminal name as the standard device name and include the colon (:).


Example


$ ACCOUNTING /TERMINAL=TTB3:

      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for interactive sessions at the terminal TTB3.

/TITLE

Specifies the title shown on the first line of a summary report.

Format

/TITLE= title


Description

The /TITLE qualifier specifies the title shown in the center of the first line of summary reports. The title is truncated if it is too long. For reports displayed on your screen, the title is truncated if it is longer than (W--56) characters, where W is the width (in characters) of your screen.

Example


$ ACCOUNTING /SUMMARY=IMAGE /TITLE="June Accounting Report"

      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a summary report that shows the number of times each image was executed. The title "June Accounting Report" appears at the top of the report.

/TYPE

Selects or rejects the specified types of record.

Format

/TYPE= ([-]record_type[,...])


Keyword

record_type[,...]

Specifies the types of record that you want to select or reject. The following table shows the keywords available:
Keyword Type of Record Description of Record
FILE FILE_BL File backward link. This is the first record in the accounting file. It is logged when the file is created, and contains the name of the previous accounting file.
  FILE_FL File forward link. This is the last record in the file. It is logged when the file is closed, and contains the name of the next accounting file.
IMAGE IMAGE Image termination. It contains details of the resources used by the image.
LOGFAIL LOGFAIL Failed attempt to log in. It contains details of the resources used by the login attempt.
PRINT PRINT Print job termination. It contains details of the resources used by the print job.
PROCESS PROCESS Process termination. It contains details of the resources used by the process. Note that this includes the resources used by the images executed by that process.
SYSINIT SYSINIT System booted. It contains details of resources used to boot the system.
UNKNOWN   Record not recognized as one of the other types in this table.
USER USER Record logged by a program calling the $SNDJBC system service to send an accounting message.

Description

All records in an accounting file contain a type field that contains the type of the record.

The /TYPE qualifier selects the specified types of record. If you precede the list with a minus sign, it selects all records except those specified.

See also the /PROCESS qualifier, which selects or rejects records for particular types of process.


Examples

#1

$ ACCOUNTING /TYPE=PRINT
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for print jobs.

#2

$ ACCOUNTING /TYPE=-PRINT
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for print jobs.

/UIC

Selects or rejects records for the specified UICs.

Format

/UIC= ([-]uic[,...])


Description

The /UIC qualifier uses the value of the UIC field to select records for processing. This field is present in all records except file backward link and file forward link records. It contains the value [SYSTEM] for login failure records where the user did not give a valid user name.

The /UIC qualifier selects only records that have the specified values in the UIC field. If you precede the values with a minus sign, it selects all records except those with the specified values.

You can specify the UIC in numeric or alphanumeric format, and can use the asterisk (*) wildcard character.


Example


$ ACCOUNTING /UIC=([360,*],[ADMIN,COTTON])

      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for users in group number 360 or users whose UIC is [ADMIN,COTTON].

/USER

Selects or rejects records for the specified user names.

Format

/USER= ([-]user name[,...])


Description

The /USER qualifier uses the value of the user name field to select records for processing. This field is present in all records except file backward link and file forward link records. It contains the value <login> for login failure records where the user did not give a valid user name.

The /USER qualifier selects only records that have the specified values in the user name field. If you precede the values with a minus sign, it selects all records except those with the specified values.


Examples

#1

$ ACCOUNTING /USER=SMITH
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for the user SMITH.

#2

$ ACCOUNTING /USER=(-SMITH,JONES)
      

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all the records except for those of the users SMITH and JONES.

/WIDE

Changes the width of Buffered I/O and Direct I/O fields in a report from 8 to 10 characters.

Format

/WIDE


Description

The /WIDE qualifier corrects a problem that users have had with ACCOUNTING reports: the Buffered I/O and Direct I/O fields were too small and displayed asterisks (*) when numbers exceeded 8 characters.

The /WIDE qualifier changes the widths of the Buffered I/O and Direct I/O fields in reports to 10 characters.


Example


$ ACCOUNTING /PROC=BATCH /TYP=PROC -
     /REPORT=(RECORDS,PROCESSOR,DIRECT_IO,BUFFER)  -
     /SUMM=MONTH /SIN=1-JAN /WIDE










       MM    TOTAL    PROCESSOR       DIRECT   BUFFERED
            RECORDS     TIME             I/O       I/O
  ------------------------------------------------------
       01      2043  19 06:52:40.97  532675222 551986091
       02      1767   9 00:14:34.00  183290432 420000532

  ------------------------------------------------------

Without the /WIDE qualifier, the Direct I/O or Buffered I/O fields print ***** if the field overflows. With the /WIDE qualifier, these fields print correctly.


Chapter 3
Analyze/Disk_Structure Utility

3.1 ANALYZE/DISK_STRUCTURE Description

You can use the Analyze/Disk_Structure utility (ANALYZE/DISK_STRUCTURE) in two important ways:
  • Use the utility on a regular basis to check disks for inconsistencies and errors, and to recover lost files.
  • Use the utility with the /SHADOW qualifier to examine the entire contents of a shadow set or a specified range of blocks in a shadow set.

These two uses are explained in the following sections.

Checking Disks

ANALYZE/DISK_STRUCTURE detects problems on On-Disk Structure (ODS) Levels 1, 2, and 5 Files--11 disks; hardware errors, system errors, or user errors can cause these problems. By using ANALYZE/DISK_STRUCTURE to identify and delete lost files and files marked for deletion, you can reclaim disk space.

ANALYZE/DISK_STRUCTURE performs the verification of a volume or volume set in eight distinct stages. During these stages, ANALYZE/DISK_STRUCTURE collects information used in reporting errors or performing repairs. However, ANALYZE/DISK_STRUCTURE repairs volumes only when you specify the /REPAIR qualifier. For a complete description of each of the eight stages, and an annotated example of an ANALYZE/DISK_STRUCTURE session, refer to Appendix D.

ANALYZE/DISK_STRUCTURE allocates virtual memory to hold copies of the index file and storage bitmaps. With larger bitmaps introduced in OpenVMS Version 7.2, the virtual memory requirements increase correspondingly. To use this utility on volumes with large bitmaps, you might need to increase your page file quota. On OpenVMS VAX systems, you might also need to increase the system parameter VIRTUALPAGECNT.

Virtual memory size requirements for the bitmaps are in VAX pages (or Alpha 512-byte pagelets) per block of bitmap. Note that the size of the index file bitmap in blocks is the maximum number of files divided by 4096. For ANALYZE/DISK_STRUCTURE, this requirement is the sum of the following across the entire volume set:

  • 3 times all the storage bitmaps plus the largest bitmap in the volume set
  • 117 times the index file bitmaps
  • An additional 96 times the index file bitmaps if /USAGE was requested
  • Approximately 600 pages additional fixed scratch space

Examining Shadow Sets

The ANALYZE/DISK_STRUCTURE/SHADOW command is especially useful if a shadow set was initialized with the INITIALIZE/SHADOW command but without the /ERASE qualifier.

Another use of the ANALYZE/DISK_STRUCTURE/SHADOW command is if an error is logged on a member device, and you do not know whether the error was caused by a disk error or by some other hardware component such as a disk controller or cable. When you use the ANALYZE/DISK_STRUCTURE/SHADOW command, every block of every member is read and compared.

Refer to the Section 3.1.2 and to the /SHADOW qualifier documentation for further details.

3.1.1 Disk Error Reporting and Repair

You can invoke the Analyze/Disk_Structure utility to operate in any of the following three modes for disks errors:

  • Error reporting with no repairs
  • Error reporting with repairs
  • User-controlled selective repairs

By default, ANALYZE/DISK_STRUCTURE reports errors, but does not make repairs. For example, use the following command to report all errors on device DBA1:


$ ANALYZE/DISK_STRUCTURE DBA1:

When you issue this command, ANALYZE/DISK_STRUCTURE runs through eight stages of data collection, then, by default, prints a list of all errors and lost files to your terminal. One type of problem that ANALYZE/DISK_STRUCTURE locates is an invalid directory backlink; a backlink is a pointer to the directory in which a file resides. If your disk has a file with an invalid directory backlink, ANALYZE/DISK_STRUCTURE displays the following message and the file specification to which the error applies:


%VERIFY-I-BACKLINK, incorrect directory back link [SYSEXE]SYSBOOT.EXE;1

To instruct ANALYZE/DISK_STRUCTURE to repair the errors that it detects, use the /REPAIR qualifier. For example, the following command reports and repairs all errors on the DBA1 device:


$ ANALYZE/DISK_STRUCTURE DBA1:/REPAIR

Notes

HP recommends using a colon (:) after device names in commands.

When you update the storage control block (SCB) within a BITMAP.SYS file, the VERIFY utility forces the volume to perform mount verification if the volume is controlled by host-based shadowing.

To select which errors ANALYZE/DISK_STRUCTURE repairs, use both the /REPAIR and /CONFIRM qualifiers:


$ ANALYZE/DISK_STRUCTURE DBA1:/REPAIR/CONFIRM

When you issue this command, ANALYZE/DISK_STRUCTURE displays a description of each error and prompts you for confirmation before making a repair. For example, the previous command might produce the following messages and prompts:


%VERIFY-I-BACKLINK, incorrect directory back link [SYS0]SYSMAINT.DIR;1


Repair this error? (Y or N): Y


%VERIFY-I-BACKLINK, incorrect directory back link
[SYSEXE]SYSBOOT.EXE;1]


Repair this error? (Y or N): N

Consider running ANALYZE/DISK_STRUCTURE twice for each volume. First, invoke the utility to report all errors. Evaluate the errors and decide on an appropriate action. Then invoke the utility again with the /REPAIR qualifier to repair all errors, or with the /REPAIR and /CONFIRM qualifiers to repair selected errors.

For message descriptions, use the online Help Message (MSGHLP) utility or refer to the OpenVMS system messages documentation.

Recovering Lost Files

A lost file is a file that is not linked to a directory. Under normal circumstances, files do not become lost. However, files occasionally become lost because of disk corruption, hardware problems, or user error. For example, in cleaning up files and directories, you might inadvertently delete directories that still point to files. When you delete a directory file (a file with the file type .DIR) without first deleting its subordinate files, the files referred to by that directory become lost files. Though lost, these files remain on the disk and consume space.

When you run ANALYZE/DISK_STRUCTURE specifying the /REPAIR qualifier, the utility places lost files in SYSLOST.DIR.

For example, to report and repair all errors and lost files found on the device DDA0, issue the following command:


$ ANALYZE/DISK_STRUCTURE/REPAIR/CONFIRM DDA0:

If it discovers lost files on your disk, ANALYZE/DISK_STRUCTURE issues messages similar to those that follow:


%VERIFY-W-LOSTHEADER, file (16,1,1) []X.X;1
        not found in a directory
%VERIFY-W-LOSTHEADER, file (17,1,1) []Y.Y;1
        not found in a directory
%VERIFY-W-LOSTHEADER, file (18,1,1) []Z.Z;1
        not found in a directory
%VERIFY-W-LOSTHEADER, file (19,1,1) []X.X;2
        not found in a directory
%VERIFY-W-LOSTHEADER, file (20,1,1) []Y.Y;2
        not found in a directory
%VERIFY-W-LOSTHEADER, file (21,1,1) []Z.;1
        not found in a directory
%VERIFY-W-LOSTHEADER, file (22,1,1) []Z.;2
        not found in a directory
%VERIFY-W-LOSTHEADER, file (23,1,1) LOGIN.COM;163
        not found in a directory
%VERIFY-W-LOSTHEADER, file (24,1,1) MANYACL.COM;1
        not found in a directory

All lost files in this example are automatically moved to SYSLOST.DIR.

Erasing Old Home Blocks

When you initialize a volume, the initialize operation might not erase old home blocks. These are blocks that were created by previous initialize operations. If a volume that has old home blocks is damaged, you may not be able to recover the volume without erasing the blocks.

You can erase old home blocks manually by using the /HOMEBLOCKS qualifier on the ANALYZE/DISK_STRUCTURE command as follows:


$ ANALYZE/DISK_STRUCTURE/REPAIR/HOMEBLOCKS

Note that this operation can take up to 30 minutes to complete.

ANALYZE/DISK_STRUCTURE Output

By default, the Analyze/Disk_Structure utility directs all output to your terminal. If you prefer, you can use the /LIST qualifier to generate a file containing the following information for each file on the disk:

  • File identification (FID)
  • File name
  • Owner
  • Errors associated with the file

To generate a disk usage accounting file, use the /USAGE qualifier. The first record of the file, called the identification record, contains a summary of disk and volume characteristics. The identification record is followed by a series of summary records; one summary record is created for each file on the disk. A summary record contains the owner, size, and name of the file.

For more information about the disk usage accounting file, see Appendix E.

3.1.2 Detecting Shadow Set Errors

When you enter the ANALYZE/DISK_STRUCTURE/SHADOW command, the system checks for shadow set discrepancies---to ensure that every block on the disk is identical. A discrepancy is a block that should be the same on all members but is not. For example, when a WRITE is executed, it might not be written to all of the members when the ANALYZE/DISK/SHADOW processes it.

If a discrepancy is found, a clusterwide WRITE lock is taken on the shadow set, and the questionable blocks are reread. Then either one of two actions occurs:

  • If a discrepancy is still present on the second read, the system displays the file name on the screen. The system also dumps the data block containing the discrepancy to the screen or to a file if you specify the /OUTPUT qualifier.
  • If no discrepancy is found on the second read, the system considers the error to be a transient one (for example, if a WRITE to that disk block was in progress). The system then logs the transient error in the summary displayed on the user's terminal. However, verification that all members contained the same information is considered a success---in other words, the data on the disk is actually the same, although for a brief period it was not.

3.2 ANALYZE/DISK_STRUCTURE Usage Summary

The Analyze/Disk_Structure utility checks the readability and validity of Files--11 Structure Levels 1, 2, and 5 disk volumes, and reports errors and inconsistencies. You can detect most classes of errors by invoking the utility once and using its defaults.

Format

ANALYZE/DISK_STRUCTURE device-name:[/qualifier]


Parameter

device-name

Specifies the disk volume or volume set to be verified. If you specify a volume set, all volumes of the volume set must be mounted as Files--11 volumes. For information about the Mount utility, refer to the MOUNT documentation in this manual.
Usage Summary Use the following command to invoke the utility:

ANALYZE/DISK_STRUCTURE device-name: /qualifiers

To terminate an ANALYZE/DISK_STRUCTURE session, press Ctrl/C or Ctrl/Y while the utility executes. You cannot resume a session by using the DCL command CONTINUE.

By default, ANALYZE/DISK_STRUCTURE directs all output to your terminal. Use the /USAGE or /LIST qualifiers to direct output to a file.

To repair a disk effectively, you must have read, write, and delete access to all files on the disk. To effectively scan a disk (/NOREPAIR), you must have read access to all files on the disk. You must also have write access to INDEXF.SYS to force the flushing of the caches for this file. You must also have write access to BITMAP.SYS for the same reason: to force the flushing of the caches for this file. (You need write access to QUOTA.SYS only if the volume is running disk quotas.)

For a complete explanation of file access, refer to the HP OpenVMS Guide to System Security.

You can safely use ANALYZE/DISK_STRUCTURE on a disk that is concurrently being used for other file operations. If you specify /REPAIR, the utility locks the volume before performing any operations; this blocks volume modification. Because other users cannot create, delete, extend, or truncate files, repair operations are unimpeded and the volume is left in a consistent state.

If you specify /NOREPAIR, the volume is not locked; the utility does not attempt to write to the disk. However, if users perform file operations while you run the utility, you may receive error messages that incorrectly indicate file damage. To avoid this problem, HP recommends that you run ANALYZE/DISK_STRUCTURE when the disk is in a quiescent state.

3.3 ANALYZE/DISK_STRUCTURE Qualifiers

This section describes and provides examples of each ANALYZE/DISK_STRUCTURE qualifier. The following table summarizes the qualifiers:

Qualifier Description
/CONFIRM Determines whether ANALYZE/DISK_STRUCTURE prompts you to confirm each repair
/HOMEBLOCKS Erases damaged home blocks on an initialized volume
/LIST[=filespec] Determines whether ANALYZE/DISK_STRUCTURE produces a listing of the index file
/LOCK_VOLUME (Alpha only) Prevents updates to a volume while you are analyzing it
/OUTPUT[=filespec] Specifies the output file to which ANALYZE/DISK_STRUCTURE writes the disk structure errors
/READ_CHECK Determines whether ANALYZE/DISK_STRUCTURE performs a read check of all allocated blocks on the specified disk
/RECORD_ATTRIBUTES Determines whether ANALYZE/DISK_STRUCTURE repairs files containing erroneous settings in the record attributes section of their associated file attribute block (FAT)
/REPAIR Determines whether ANALYZE/DISK_STRUCTURE repairs errors that are detected in the file structure of the specified device
/SHADOW Causes the entire contents of a shadow set or a specified range of blocks in a shadow set to be checked for discrepancies.
/STATISTICS Produces statistical information about the volume under verification and creates a file, STATS.DAT, which contains per-volume statistics
/USAGE[=filespec] Specifies that a disk usage accounting file should be produced, in addition to the other specified functions of ANALYZE/DISK_STRUCTURE

/CONFIRM

Determines whether the Analyze/Disk_Structure utility prompts you to confirm each repair. If you respond with Y or YES, the utility performs the repair. Otherwise, the repair is not performed.

Format

/CONFIRM

/NOCONFIRM


Description

You can use the /CONFIRM qualifier only with the /REPAIR qualifier. The default is /NOCONFIRM.

Example


$ ANALYZE/DISK_STRUCTURE DBA0:/REPAIR/CONFIRM
%VERIFY-I-BACKLINK, incorrect directory back link [SYS0]SYSMAINT.DIR;1
Repair this error? (Y or N): Y
%VERIFY-I-BACKLINK, incorrect directory back link [SYSEXE]SYSBOOT.EXE;1
Repair this error? (Y or N): N
      

The command in this example causes the Analyze/Disk_Structure utility to prompt you for confirmation before performing the indicated repair operation.

/HOMEBLOCKS

Erases home blocks from a volume whose home blocks were not deleted during previous initialization operations.

Format

/HOMEBLOCKS


Description

You can use the /HOMEBLOCKS qualifier only with the /REPAIR qualifier. The operation can take 30 minutes to complete.

Example


$ ANALYZE/DISK_STRUCTURE DBA0:/REPAIR/HOMEBLOCKS
      

The command in this example causes the Analyze/Disk_Structure utility to erase home blocks on DBA0.

/LIST

Determines whether the Analyze/Disk_Structure utility produces a listing of the index file.

Format

/LIST
[=filespec]

/NOLIST


Description

If you specify /LIST, the utility produces a file that contains a listing of all file identifications (FIDs), file names, and file owners. If you omit the file specification, the default is SYS$OUTPUT. If you include a file specification without a file type, the default type is .LIS. You cannot use wildcard characters in the file specification.

The default is /NOLIST.


Example


$ ANALYZE/DISK_STRUCTURE DLA2:/LIST=INDEX
$ TYPE INDEX
Listing of index file on DLA2:
31-OCT-2002 20:54:42.22

(00000001,00001,001)  INDEXF.SYS;1
                              [1,1]
(00000002,00002,001)  BITMAP.SYS;1
                              [1,1]
(00000003,00003,001)  BADBLK.SYS;1
                              [1,1]
(00000004,00004,001)  000000.DIR;1
                              [1,1]
(00000005,00005,001)  CORIMG.SYS;1
                              [1,1]
.
.
.
$
      

In this example, ANALYZE/DISK_STRUCTURE did not find errors on the device DLA2. Because the file INDEX was specified without a file type, the system assumes a default file type of .LIS. The subsequent TYPE command displays the contents of the file INDEX.LIS.

/LOCK_VOLUME (Alpha only)

Prevents updates to a volume while you are analyzing it.

Format

/LOCK_VOLUME

/NOLOCK_VOLUME


Description

/LOCK_VOLUME provides a way to prevent file system activity on a volume while you are using the ANALYZE/DISK_STRUCTURE utility on that volume. This qualifier operates the same way as /REPAIR does: it software write-locks the file structure while the utility is running. (The qualifier does not, however, affect any repairs on the volume.) The default is /NOLOCK_VOLUME.

Using this qualifier reduces the number of false error messages that might occur when you run the utility on an active volume. /LOCK_VOLUME stops the activity of applications that open, close, or modify files on the target volume for the period the utility is running.

Note

Be careful about using this qualifier, especially for volumes that contain active system files such as SYSUAF or RIGHTSLIST.

Example


$ ANALYZE/DISK_STRUCTURE DBA1:/LOCK_VOLUME
      

The command in this example stops file system activity on DBA1: while ANALYZE/DISK_STRUCTURE is running.

/OUTPUT

Specifies the output file to which the Analyze/Disk_Structure utility is to write the disk structure errors.

Format

/OUTPUT[=filespec]

/NOOUTPUT[=filespec]


Description

Specifies the output file for the disk structure errors. If you omit the /OUTPUT file specification, output is directed to SYS$OUTPUT. If /NOOUTPUT is specified, no disk structure errors are displayed. If the /CONFIRM qualifier is specified, output is forced to SYS$OUTPUT regardless of whether this qualifier is used.

/READ_CHECK

Determines whether the Analyze/Disk_Structure utility performs a read check of all allocated blocks on the specified disk. When the Analyze/Disk_Structure utility performs a read check, it reads the disk twice; this ensures that it reads the disk correctly. The default is /NOREAD_CHECK.

Format

/READ_CHECK

/NOREAD_CHECK


Example


$ ANALYZE/DISK_STRUCTURE DMA1:/READ_CHECK
      

The command in this example directs ANALYZE/DISK_STRUCTURE to perform a read check on all allocated blocks on the device DMA1.

/RECORD_ATTRIBUTES

Determines whether the Analyze/Disk_Structure utility repairs files containing erroneous settings in the record attributes section of their associated file attribute block (FAT).

Format

/RECORD_ATTRIBUTES


Description

You can use the /RECORD_ATTRIBUTES qualifier with the /REPAIR qualifier. If attribute repair is enabled during the repair phase, erroneous bits are cleared from a file's record attributes. This action might not correctly set a file's record attributes as it is beyond the scope of this utility to determine their correct values.

HP recommends that system managers not perform an attribute repair; instead, they should notify the owners of the files about the inconsistencies and have the owners reset the files' attributes using the SET FILE/RECORD_ATTRIBUTES=({record-attributes}) command.


Example


$ ANALYZE/DISK_SYS$SYSDEVICE:

%ANALDISK-I-BAD_RECATTR, file (2930,1,1) [USER]ATTRIBUTES.DAT;13
file record format: Variable
inconsistent file attributes: Bit 5
%ANALDISK-I-BAD_RECATTR, file (2931,1,1) [USER]ATTRIBUTES.DAT;14
file record format: Variable
inconsistent file attributes: FORTRAN carriage control, Bit 5
%ANALDISK-I-BAD_RECATTR, file (2932,1,1) [USER]ATTRIBUTES.DAT;15
file record format: Variable
inconsistent file attributes: Implied carriage control, Bit 5
%ANALDISK-I-BAD_RECATTR, file (2933,1,1) [USER]ATTRIBUTES.DAT;16
file record format: Variable
inconsistent file attributes: Non-spanned, Bit 5
%ANALDISK-I-BAD_RECATTR, file (2934,1,1) [USER]ATTRIBUTES.DAT;17
file record format: Variable
inconsistent file attributes: FORTRAN carriage control,
Non-spanned, Bit 5
      

/REPAIR

Determines whether the Analyze/Disk_Structure utility repairs errors that are detected in the file structure of the specified device.

Format

/REPAIR

/NOREPAIR


Description

The Analyze/Disk_Structure utility does not perform any repair operation unless you specify the /REPAIR qualifier. The file structure is software write-locked during a repair operation. The default is /NOREPAIR.

To effectively scan a disk (/NOREPAIR), you must have read access to all files on the disk. You must also have write access to INDEXF.SYS to force the flushing of the caches for this file. You must also have write access to BITMAP.SYS for the same reason: to force the flushing of the caches for this file. (You need write access to QUOTA.SYS only if the volume is running disk quotas.)


Example


$ ANALYZE/DISK_STRUCTURE DBA1:/REPAIR
      

The command in this example causes ANALYZE/DISK_STRUCTURE to perform a repair on all errors found in the file structure of device DBA1.

/SHADOW

Examines the entire contents of a shadow set or a specified range of blocks in a shadow set for discrepancies.

Format

/SHADOW


Parameters

None.

Qualifiers

/BLOCKS={(START:n, COUNT:x, END:y,) FILE_SYSTEM, ALL}

Directs the system to compare only the range specified. The options are the following:
START: n Number of the first block to be analyzed. The default is the first block.
COUNT: x Number of blocks to be analyzed. You can use this option in combination with or instead of the END option.
END: y Number of the last block to be analyzed. The default is the last block of the volume.
FILE_SYSTEM Blocks currently in use by valid files on the disk. This is the default.
ALL All blocks on the disk.

You can specify START,END,COUNT and either ALL or FILE_SYSTEM. For example, if you specify /BLOCKS=(START,END,COUNT:100,ALL), the software checks the first 100 blocks on the disk, whether or not the file system is using them.

If you specify /BLOCKS=(START,END,COUNT:100,FILE_SYSTEM), the software checks only those blocks that valid files on the disk are using.

/BRIEF

Displays only the logical block number (LBN) if the data in a block is found to be different. Without this qualifier, if differences exist for an LBN, the hexadecimal data of that block will be displayed for each member.

/IGNORE

[NO]IGNORE

Ignore "special" files that are likely to have some blocks with different data. These differences, however, are not unusual and can, therefore, be ignored.

Other special files are the following:

SWAPFILE*.*
PAGEFILE*.*
SYSDUMP.DMP
SYS$ERRLOG.DMP

IGNORE is the default.

/OUTPUT=filename

Output the information to the specified file.

/STATISTICS

Display only the file header and footer. The best use of this qualifier is with the /OUTPUT qualifier.

Description

When you enter the ANALYZE/DISK_STRUCTURE/SHADOW command, the system checks for shadow set discrepancies. If a discrepancy is found, a clusterwide WRITE lock is taken on the shadow set, and the questionable blocks are reread. Then either one of two actions occurs:
  • If a discrepancy is still present on the second read, the system displays the file name on the screen. The system also dumps the data block containing the discrepancy to the screen or to a file if you specify the /OUTPUT qualifier.
  • If no discrepancy is found on the second read, the system considers the error to be a transient one (for example, a WRITE to that disk block was in progress).

See Section 3.1.2 for more details.


Example


$ ANALYZE/DISK_STRUCTURE/SHADOW/BRIEF/BLOCKS=COUNT:1000 dsa716:
Starting to check _DSA716: at 14-MAY-2002 13:42:52.43
Members of shadow set _DSA716: are _$252$MDA0: _$252$DUA716:
and the number of blocks to be compared is 1000.
Checking LBN #0 (approx 0%)
Checking LBN #127 (approx 12%)
Checking LBN #254 (approx 25 %)
Checking LBN #381 (approx 38%)
Checking LBN #508 (approx 50%)
Checking LBN #635 (approx 63%)
Checking LBN #762 (approx 76%)
Checking LBN #889 (approx 88%)

Run statistics for _DSA716: are as follows:
         Finish Time = 14-MAY-2002 13:42:52.73
         ELAPSED TIME =    0 00:00:00.29
         CPU TIME = 0:00:00.02
         BUFFERED I/O COUNT = 10
         DIRECT I/O COUNT = 16
         Failed LBNs = 0
         Transient LBN compare errors = 0
$
      

The command in this example causes ANALYZE/DISK_STRUCTURE/SHADOW to examine the first 1000 blocks of the DSA716: virtual unit to ensure that the device $252$MDAO: and $252$DUA716: have identical data in those blocks.

/STATISTICS

Produces statistical information about the volume under verification and creates a file, STATS.DAT, which contains per-volume statistics.

Format

/STATISTICS


Description

The following information is placed in the STATS.DAT file:
  • The number of ODS-2 and ODS-5 headers on the volume
  • The number of special headers on ODS-5 volumes
  • The distribution of file name lengths
  • The distribution of extension header chain lengths
  • The distribution of header identification area free space
  • The distribution of header map area and ACL area free space
  • The totals of header space that is in use and header space that is not in use

Example


$ ANALYZE/DISK_STRUCTURE MDA2000: /STATISTICS
      

The OpenVMS Alpha volume in this example, which is on device MDA2000:, has been converted from ODS-2 to ODS-5 using the SET VOLUME command. The STATS.DAT file created contains the following information:


********** Statistics for volume 001 of 001 **********

Volume is ODS level 5.

Volume has 00000004 ODS-2 primary headers.
Volume has 00000003 ODS-5 primary headers.
Volume has 00000000 ODS-5 -1 segnum headers.

00000001 filenames of length 009 bytes.
00000002 filenames of length 011 bytes.
00000001 filenames of length 013 bytes.
00000002 filenames of length 015 bytes.
00000001 filenames of length 073 bytes.

00000007 extension header chains of length 00000.

00000001 ODS-2 headers have  071 ident area free bytes.
00000001 ODS-2 headers have  073 ident area free bytes.
00000001 ODS-2 headers have  075 ident area free bytes.
00000001 ODS-2 headers have  077 ident area free bytes.

Total ODS-2 ident area free bytes is 00000296.

00000001 ODS-5 headers have  001 ident area free bytes.
00000001 ODS-5 headers have  029 ident area free bytes.
00000001 ODS-5 headers have  033 ident area free bytes.

Total ODS-5 ident area free bytes is 00000063.

00000001 headers have 277 free bytes in total.
00000001 headers have 335 free bytes in total.
00000001 headers have 339 free bytes in total.
00000001 headers have 377 free bytes in total.
00000001 headers have 379 free bytes in total.
00000001 headers have 381 free bytes in total.
00000001 headers have 383 free bytes in total.

Total header area in bytes is   00003584.
Total header area free bytes is 00002791.
Total header area used bytes is 00000793.

/USAGE[=filespec]

Specifies that a disk usage accounting file should be produced, in addition to the other specified functions of the Analyze/Disk_Structure utility.

Format

/USAGE
[=filespec]


Description

If all or part of the file specification is omitted, ANALYZE/DISK_STRUCTURE assumes a default file specification of USAGE.DAT. The file is placed in the current default directory.

Example


$ ANALYZE/DISK_STRUCTURE DBA1:/USAGE
$ DIRECTORY USAGE

Directory DISK$DEFAULT:[ACCOUNT]

USAGE.DAT;1

Total of 1 file.

      

The first command in this example causes ANALYZE/DISK_STRUCTURE to produce a disk usage accounting file. Because a file specification was not provided in the command line, ANALYZE/DISK_STRUCTURE uses both the default file name and directory [ACCOUNT]USAGE.DAT. The DIRECTORY command instructs the system to display all files with a file name of usage in the current directory. The OpenVMS Alpha device in this example, MDA2000:, has been converted from ODS-2 to ODS-5 using the SET VOLUME command.


Chapter 4
Audit Analysis Utility

4.1 ANALYZE/AUDIT Description

The Audit Analysis utility (ANALYZE/AUDIT) is a system management tool that enables system managers or site security administrators to produce reports from security audit log files.

The OpenVMS operating system automatically audits a limited number of events, such as changes to the authorization database and use of the SET AUDIT command. Depending on your site's requirements, you may want to enable other forms of reporting. However, collecting security audit messages is useful only if you develop and implement a procedure to periodically review the audit log file for suspicious activity. Use ANALYZE/AUDIT to examine the data in security audit log files or security archive files.

The ANALYZE/AUDIT command's different qualifiers allow you to specify the type of information the utility extracts from the security audit log file. The utility can produce an audit report in a variety of formats and direct a report to a file or a terminal.

A description of the format of the auditing messages written to the security auditing file appears in Appendix F.

In a mixed-version cluster, an audit log file contains entries from systems running different versions of the operating system. To analyze the log file, you must invoke the Audit Analysis utility (ANALYZE/AUDIT) from a node running Version 6.1 or later.

For information about how to generate audit messages records and how to use ANALYZE/AUDIT, refer to the HP OpenVMS Guide to System Security.

4.2 ANALYZE/AUDIT Usage Summary

The Audit Analysis utility (ANALYZE/AUDIT) processes event messages in security audit log files to produce reports of security-related events on the system.

Format

ANALYZE/AUDIT [file-spec[,...]]


Parameter

file-spec[,...]

Specifies one or more security audit log files as input to ANALYZE/AUDIT. If you specify more than one file name, separate the names with commas.

If you omit the file-spec parameter, the utility searches for the default audit log file SECURITY.AUDIT$JOURNAL.

The default audit log file is created in the SYS$COMMON:[SYSMGR] directory. To use the file, specify SYS$MANAGER on the ANALYZE/AUDIT command line. If you do not specify a directory, the utility searches for the file in the current directory.

You can include wildcard characters, such as the asterisk (*) or percent sign (%), in the file specification.

The audit log file can be located in any directory. To display the current location, use the DCL command SHOW AUDIT/ALL.


Description

Use the DCL command ANALYZE/AUDIT to analyze security audit log files or security archive files. An ANALYZE/AUDIT command line can specify the name of one or more log files, as follows:

ANALYZE/AUDIT [file-spec,...]

You can also use the ANALYZE/AUDIT command to extract security event messages from security archive files or from binary files (created with previous ANALYZE/AUDIT commands).

Each ANALYZE/AUDIT request runs until the log file is completely processed. You can interrupt the processing to modify the display or to change position in the report if you activate command mode by pressing Ctrl/C. To terminate an ANALYZE/AUDIT request before completion, press Ctrl/Z.

You can direct ANALYZE/AUDIT output to any supported terminal device or to a disk or tape file by specifying the file specification as an argument to the /OUTPUT qualifier. By default, the output is directed to SYS$OUTPUT.

Use of ANALYZE/AUDIT requires no special privileges other than access to the files specified in the command line.

4.3 ANALYZE/AUDIT Qualifiers

This section describes ANALYZE/AUDIT and provides examples of each qualifier. The following table summarizes the ANALYZE/AUDIT qualifiers:

Qualifier Description
/BEFORE Controls whether records dated earlier than the specified time are selected
/BINARY Controls whether output is a binary file
/BRIEF Controls whether a brief, single-line record format is used in ASCII displays
/EVENT_TYPE Selects the classes of events to be extracted from the security log file
/FULL Controls whether a full format is used in ASCII displays
/IGNORE Excludes records from the report that match the specified criteria
/INTERACTIVE Controls whether interactive command mode is enabled when ANALYZE/AUDIT is invoked
/OUTPUT Specifies where to direct output from ANALYZE/AUDIT
/PAUSE Specifies the length of time each record is displayed in a full format display
/SELECT Specifies the criteria for selecting records
/SINCE Indicates that the utility must operate on records dated with the specified time or after the specified time
/SUMMARY Specifies that a summary of the selected records be produced after all records are processed

/BEFORE

Controls whether records dated earlier than the specified time are selected.

Format

/BEFORE [=time]

/NOBEFORE


Keyword

time

Specifies the time used to select records. Records dated earlier than the specified time are selected. You can specify an absolute time, delta time, or a combination of the two. Observe the syntax rules for date and time described in the OpenVMS User's Manual.

Description

By default, all records in the security audit log file may be examined. You must specify /BEFORE to exclude records created after a specific point in time.

Examples

#1

$ ANALYZE/AUDIT /BEFORE=25-NOV-2002 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example selects all records dated earlier than November 25, 2002.

#2

$ ANALYZE/AUDIT /BEFORE=14:00/SINCE=12:00 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example selects all records generated between noon and 2 P.M. today.

/BINARY

Controls whether output is a binary file.

Format

/BINARY

/NOBINARY


Keywords

None.

Description

When you use /BINARY, the output file you specify with the /OUTPUT qualifier contains image copies of the selected input records. If you specify /NOBINARY or omit the qualifier, the output file contains ASCII records.

By default, if you specify /BINARY and do not include the /OUTPUT qualifier, an output file named AUDIT.AUDIT$JOURNAL is created.

The /BINARY, /BRIEF, and /FULL qualifiers cannot be used in combination.


Example


$ ANALYZE/AUDIT /BINARY/SINCE=TODAY/OUTPUT=25OCT00.AUDIT -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example selects all audit records generated today and writes the records in binary format to 25OCT00.AUDIT.

/BRIEF

Controls whether a brief, single-line record format is used in ASCII displays.

Format

/BRIEF (default)


Keywords

None.

Description

By default, records are displayed in the brief format. You must specify /FULL to have the full contents of each selected audit event record displayed.

The /BINARY, /BRIEF, and /FULL qualifiers cannot be used in combination.


Example


$ ANALYZE/AUDIT /OUTPUT=AUDIT.LIS -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example produces an ASCII file in brief format by default. The report is written to the AUDIT.LIS file.

/EVENT_TYPE

Selects the classes of events to be extracted from the security log file. If you omit the qualifier or specify the ALL keyword, the utility includes all enabled event classes in the report.

Format

/EVENT_TYPE=(event-type[,...])


Keyword

event type[,...]

Specifies the classes of events used to select records. You can specify any of the following event types:
[NO]ACCESS Access to an object, such as a file
[NO]ALL All event types
[NO]AUDIT Use of the SET AUDIT command
[NO]AUTHORIZATION Change to the authorization database (SYSUAF.DAT, RIGHTSLIST.DAT, NETPROXY.DAT, or NET$PROXY.DAT)
[NO]BREAKIN Break-in detection
[NO]CONNECTION Establishment of a network connection through the System Management utility (SYSMAN), DECwindows, or interprocess communication (IPC) software or DECnet Phase IV (VAX only)
[NO]CREATE Creation of an object
[NO]DEACCESS Completion of access to an object
[NO]DELETE Deletion of an object
[NO]INSTALL Modification of the known file list with the Install utility (INSTALL)
[NO]LOGFAIL Unsuccessful login attempt
[NO]LOGIN Successful login
[NO]LOGOUT Successful logout
[NO]MOUNT Execution of DCL commands MOUNT or DISMOUNT
[NO]NCP Modification of the DECnet network configuration databases
[NO]NETPROXY Modification of the network proxy authorization file (NETPROXY.DAT or NET$PROXY.DAT)
[NO]PRIVILEGE Privilege auditing
[NO]PROCESS Use of one or more of the process control system services: $CREPRC, $DELPRC, $SCHDWK, $CANWAK, $WAKE, $SUSPND, $RESUME, $GRANTID, $REVOKID, $GETJPI, $FORCEX, $SETPRI
[NO]RIGHTSDB Modification of the rights database (RIGHTSLIST.DAT)
[NO]SYSGEN Modification of system parameters through the System Generation utility (SYSGEN) or AUTOGEN
[NO]SYSUAF Modification of the system user authorization file (SYSUAF.DAT)
[NO]TIME Change in system or cluster time

Specifying the negated form of an event class (for example, NOLOGFAIL) excludes the specified event class from the audit report.


Examples

#1

$ ANALYZE/AUDIT/EVENT_TYPE=LOGFAIL -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example extracts all records of unsuccessful login attempts, which match the LOGFAIL class, and compiles a brief report.

#2

$ ANALYZE/AUDIT/EVENT_TYPE=(NOLOGIN,NOLOGOUT) -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example builds a report in brief format of all audit records except those in the LOGIN and LOGOUT event classes.

/FULL

Controls whether a full format is used in ASCII displays. If you specify /NOFULL or omit the qualifier, records are displayed in the brief format.

Format

/FULL

/NOFULL (default)


Keywords

None.

Description

By default, records are displayed in the brief format. You must specify /FULL (or enter command mode by pressing Ctrl/C) to have the full contents of each selected record displayed.

The /BINARY, /BRIEF, and /FULL qualifiers cannot be used in combination.


Example


$ ANALYZE/AUDIT /FULL -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example displays the full contents of each selected record.

/IGNORE

Excludes records from the report that match the specified criteria.

Format

/IGNORE= criteria[,...]


Keyword

criteria[,...]

Specifies that all records are selected except those matching any of the specified exclusion criteria. See the /SELECT qualifier description for a list of the possible criteria to use with the /IGNORE qualifier.

Description

Use the /IGNORE qualifier to exclude specific groups of audit records from the audit report. When more than one keyword from the list of possible exclusion criteria are specified, records that meet any of these criteria are excluded by default.

Examples

#1

$ ANALYZE/AUDIT/IGNORE=(SYSTEM=NAME=WIPER,USERNAME=MILANT) -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example excludes from the audit analysis report all records in the audit log file generated from node WIPER or from user MILANT (on any node).

#2

$ ANALYZE/AUDIT/IGNORE=SUBTYPE=(DIALUP,REMOTE)
      

The command in this example excludes dialup and remote processes.

/INTERACTIVE

Controls whether interactive command mode is enabled when ANALYZE/AUDIT is invoked.

Format

/INTERACTIVE (default)

/NOINTERACTIVE


Keywords

None.

Description

Interactive command mode, which is enabled by default, allows you to interrupt the audit report being displayed on the terminal and to enter commands either to modify the criteria used to select records for the report or to reposition the display.

To interrupt a full or brief audit report, press Ctrl/C and enter commands at the COMMAND> prompt. Once in command mode, the utility displays the current record in full format. Note that the record might not match the selection or exclusion criteria specified in the previous ANALYZE/AUDIT command.

The NEXT RECORD command is the default when you enter command mode. When ANALYZE/AUDIT reaches the end of the log file, it prompts for the next command. To verify the current log file name and your position within the file, press Ctrl/T.

Enter the CONTINUE command to leave interactive command mode and to resume display of the audit report. Enter the EXIT command to terminate the session. See the ANALYZE/AUDIT Commands section for a description of each interactive command.

To disable interactive mode, specify /NOINTERACTIVE. In this mode, the utility displays audit records one at a time and prompts you to advance the display by pressing the Return key.


Examples

#1

$ ANALYZE/AUDIT/FULL -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example produces a full format display of the selected records. New records are displayed every 3 seconds. (See the /PAUSE qualifier description to find how to modify the duration of each record display.) Press Ctrl/C to interrupt the display and to enter interactive commands.

#2

$ ANALYZE/AUDIT/FULL/NOINTERACTIVE -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example invokes the utility in noninteractive mode. It displays the first record selected and prompts you to press the Return key to display each additional selected record. Control returns to the DCL command level when all selected records have been displayed.

/OUTPUT

Specifies where to direct output from ANALYZE/AUDIT. If you omit the qualifier, the report is sent to SYS$OUTPUT.

Format

/OUTPUT [=file-spec]

/NOOUTPUT


Keyword

file-spec[,...]

Specifies the name of the file that is to contain the selected records. If you omit the device and directory specification, the utility uses the current device and directory specification. If you omit the file name and type, the default file name AUDIT.LIS is used. If the output is binary (/BINARY) and you omit the /OUTPUT qualifier, the binary information is written to the file AUDIT.AUDIT$JOURNAL.

Example


$ ANALYZE/AUDIT /BINARY/OUTPUT=BIN122588.DAT -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example selects audit records from the system audit log file and writes them to the binary file BIN122588.DAT.

/PAUSE

Specifies the length of time each record is displayed in a full-format display.

Format

/PAUSE =seconds


Keyword

seconds

Specifies the duration (in seconds) of the full-screen display. A value of 0 specifies that the system should not pause before displaying the next record. By default, the utility displays a record for 3 seconds.

Description

The /PAUSE qualifier can be used only with full-format (/FULL) displays to specify the length of time each record is displayed. By default, each record is displayed for a period of 3 seconds. A value of 0 results in a continuous display of audit records.

Example


$ ANALYZE/AUDIT /FULL/PAUSE=1 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example displays a selected record in full format every second. You can interrupt the display and enter interactive commands at any time by pressing Ctrl/C. (See the ANALYZE/AUDIT Commands section for more information.)

/SELECT

Specifies the criteria for selecting records from the audit log file. Refer to the HP OpenVMS Guide to System Security for a description of how to generate audit records.

Format

/SELECT= criteria[,...]

/NOSELECT


Keyword

criteria[,...]

Specifies the criteria for selecting records. For each specified criterion, ANALYZE/AUDIT has two selection requirements:
  • The packet corresponding to the criterion must be present in the record.
  • One of the specified values must match the value in that packet.

For example, if you specify (USER=(PUTNAM,WU),SYSTEM=DBASE) as the criteria, ANALYZE/AUDIT selects an event record containing the SYSTEM=DBASE packet and a USER packet with either the PUTNAM value or the WU value.

If you omit the /SELECT qualifier, all event records selected through the /EVENT_TYPE qualifier are extracted from the audit log file and included in the report.

You can specify any of the following criteria:

ACCESS=(type,...)

Specifies the type of object access upon which the selection is based. Access is object-specific and includes the following types:
Associate Execute Read
Control Lock Submit
Create Logical Use
Delete Manage Write
  Physical  

The HP OpenVMS Guide to System Security describes each of these types.

ACCOUNT=(name,...)

Specifies the account name upon which selection is based. You can use wildcards, such as an asterisk (*) or percent sign (%), to represent all or part of the name.

ALARM_NAME=(alarm-name,...)

Specifies the alarm journal name on which selection is based. You can use wildcards to represent all or part of the alarm name.

ASSOCIATION_NAME=(IPC-name,...)

Specifies the name of the interprocess communication (IPC) association.

AUDIT_NAME=(journal-name,...)

Specifies the audit journal name on which selection is based. You can use wildcards to represent all or part of the audit journal name.

COMMAND_LINE=(command,...)

Specifies the command line that the user entered.

CONNECTION_IDENTIFICATION=(IPC-name,...)

Specifies the name for the interprocess communication (IPC) connection.

DECNET_LINK_IDENTIFICATION=(value,...)

Specifies the number of the DECnet logical link.

DECNET_OBJECT_NAME=(object-name,...)

Specifies the name of the DECnet object.

DECNET_OBJECT_NUMBER=(value,...)

Specifies the number of the DECnet object.

DEFAULT_USERNAME=(username,...)

Specifies the default local user name for incoming network proxy requests.

DEVICE_NAME=(device-name,...)

Specifies the name of a device in audit records that have a DEVICE_NAME packet. Note that this does not select the device name when it occurs in other packet types, such as in a file name or in the TARGET_DEVICE_NAME packet.

DIRECTORY_ENTRY=(directory,...)

Specifies the directory entry associated with file system operation.

DIRECTORY_NAME=(directory,...)

Specifies the name of the directory file.

DISMOUNT_FLAGS=(flag-name,...)

Identifies the names of the volume dismounting flags to be used in selecting records. Specify one or more of the following flag names: Abort, Cluster, Nounload, and Unit.

EVENT_CLUSTER_NAME=(event-flag-cluster-name,...)

Specifies the name of the event flag cluster.

FACILITY=(facility-name,...)

Specifies that only events audited by the named facility be selected. Provide a name or a number but, in either case, the facility has to be defined through the logical AUDSERV$FACILITY_NAME as a decimal number; the system uses the number 0.

FIELD_NAME=(field-name,...)

Specifies the name of the field that was modified. ANALYZE/AUDIT uses the FIELD_NAME criterion with packets containing the original data and the new data (specified by the NEW_DATA criterion).

A FIELD_NAME is a character string that describes the content of the field. A search for "NEW:" in a full audit report will display records that contain the FIELD_NAME values that can be specified for this option. Examples of FIELD_NAME values are Account, Default Directory, Flags, and Password Date.

For sensitive information, see SENSITIVE_FIELD_NAME.

FILE_NAME=(file-name)

Specifies the name of the file that caused the audit. Describes audit records for the specified file by using a slightly different display format than is provided by the /OBJECT=NAME=object-name keyword.

FILE_IDENTIFICATION=(identification-value)

Specifies the value of the file's identification. To calculate the value, start with the value listed for File ID when you use the FILE_NAME keyword. For example, the display lists the File ID as:


File ID:   (3024,5,0)
Use the following formula to calculate the value:


((0 * 65536) + 5 * 65536) + 3024 = 330704

FLAGS=(flag-name,...)

Identifies the names of the audit event flags associated with the audited event. These names should be used in selecting records. Specify one or more of the following flags: ACL, Alarm, Audit, Flush, Foreign, Internal, and Mandatory. (For a description of these flags, see Table F-3.)

HOLDER=keyword(,...)

Specifies the characteristics of the identifier holder to be used when selecting event records. Choose from the following keywords:
NAME=username Specifies the name of the holder. You can represent all or part of the name with a wildcard.
OWNER=uic Specifies the user identification code (UIC) of the holder.

IDENTIFIER=keyword(,...)

Identifies which attributes of an identifier should be used when selecting event records. Choose from the following keywords:
ATTRIBUTES=name Specifies the name of the particular attribute. Valid attribute names are as follows: Dynamic, Holder_Hidden, Name_Hidden, NoAccess, Resource, and Subsystem.
NAME=identifier Specifies the original name of the identifier. You can represent all or part of the name with a wildcard.
NEW_NAME=identifier Specifies the new name of the identifier. You can represent all or part of the name with a wildcard.
NEW_ATTRIBUTES=name Specifies the name of the new attribute. Valid attribute names are Dynamic, Holder_Hidden, Name_Hidden, NoAccess, Resource, and Subsystem.
VALUE=value Specifies the original value of the identifier.
NEW_VALUE=value Specifies the new value of the identifier.

IDENTIFIERS_MISSING=(identifier,...)

Specifies the identifiers missing in a failure to access an object.

IDENTIFIERS_USED=(identifier,...)

Specifies the identifiers used to gain access to an object. An event record matches if the specified list is a subset of the identifiers recorded in the event record.

IMAGE_NAME=(image-name,...)

Identifies the name of the image to be used when selecting event records. You can represent all or part of the image name with a wildcard.

INSTALL=keyword(,...)

Specifies that installation event packets are to be considered when selecting event records. Choose from the following keywords:
FILE=filename Specifies the name of the installed file. You can represent all or part of the name with a wildcard.

Note that on Alpha systems prior to Version 6.1 and on VAX systems prior to Version 6.0, audit log files record the installed file name within an object name packet. To select the installed file, you must use the expression OBJECT=(NAME=object-name) instead of FILE=filename.

FLAGS=flag-name Specifies the names of the flags, which correspond to qualifiers of the Install utility (INSTALL); for example, OPEN corresponds to /OPEN.
PRIVILEGES=privilege-name Specifies the names of the privileges with which the file was installed.

LNM_PARENT_NAME=(table-name,...)

Specifies the name of the parent logical name table.

LNM_TABLE_NAME=(table-name,...)

Specifies the name of the logical name table.

LOCAL=(characteristic,...)

Specifies the characteristics of the local (proxy) account to be used when selecting event records. The following characteristic is supported:
USERNAME=username Specifies the name of the local account. You can represent all or part of the name with a wildcard.

LOGICAL_NAME=(logical-name,...)

Specifies the logical name of the mounted (or dismounted) volume upon which selection is based. You can represent all or part of the logical name with a wildcard.

MAILBOX_UNIT=(number,...)

Specifies the number of the mailbox unit.

MOUNT_FLAGS=(flag-name,...)

Specifies the names of the volume mounting flags upon which selection is based. Possible flag names include the following names:
CACHE=(NONE,WRITETHROUGH)
CDROM
CLUSTER
COMPACTION
DATACHECK=(READ,WRITE)
DSI
FOREIGN
GROUP
INCLUDE
INITIALIZATION=(ALLOCATE,CONTINUATION)
MESSAGE
NOASSIST
NOAUTOMATIC
NOCOMPACTION
NOCOPY
NOHDR3
NOJOURNAL
NOLABEL
NOMOUNT_VERIFICATION
NOQUOTA
NOREBUILD
NOUNLOAD
NOWRITE
OVERRIDE=(options[,...])
  • ACCESSIBILITY
  • EXPIRATION
  • IDENTIFICATION
  • LIMITED_SEARCH
  • LOCK
  • NO_FORCED_ERROR
  • OWNER_IDENTIFIER
  • SECURITY
  • SETID

POOL
QUOTA
SHARE
SUBSYSTEM
SYSTEM
TAPE_DATA_WRITE
XAR

The names NOLABEL and FOREIGN each point to the FOREIGN flag. The reason for this is that the MOUNT/NOLABEL and MOUNT/FOREIGN commands each set the FOREIGN flag. Therefore, if you used MOUNT/NOLABEL, and you use ANALYZE/AUDIT/SELECT/MOUNT_FLAGS=NOLABEL, the audit record will display the FOREIGN flag.

NEW_DATA=(value,...)

Specifies the value to use after the event occurs. Use this criterion with the FIELD_NAME criterion.

For sensitive information, see SENSITIVE_NEW_DATA.

NEW_IMAGE_NAME=(image-name,...)

Specifies the name of the image to be activated in the newly created process, as supplied to the $CREPRC system service.

NEW_OWNER=(uic,...)

Specifies the user identification code (UIC) to be assigned to the created process, as supplied to the $CREPRC system service.

OBJECT=keyword(,...)

Specifies which characteristics of an object should be used when selecting event records. Choose any of the following keywords:
CLASS=class-name Specifies the general object class as one of the following classes:
  Capability
Device
Event_cluster
File
Group_global_section
Logical_name_table
Queue
Resource_domain
Security_class
System_global_section
Volume
  You must enter the full class name (for example, CLASS=logical_name_table) or use wildcard characters to supply a portion of the class name (for example, CLASS=log*).
NAME=object-name Specifies the name of the object. You can represent all or part of the name with a wildcard. If you do not use a wildcard, specify the full object name (for example, BOSTON$DUA0:[RWOODS]MEMO.MEM;1).
OWNER=value Specifies the UIC or general identifier of the object.
TYPE=type Specifies the general object class (type of object). The available classes are as follows:
  Capability
Device
File
Group_global_section
Logical_name_table
Queue
System_global_section
  The CLASS keyword supersedes the TYPE keyword. However, TYPE is required to select audit records in files created prior to OpenVMS Alpha Version 6.1 and OpenVMS VAX Version 6.0.

PARENT=keyword(,...)

Specifies which characteristics of the parent process are used when selecting event records generated by a subprocess. Choose from the following keywords:
IDENTIFICATION=value Specifies the process identifier (PID) of the parent process.
   
NAME=process-name Specifies the name of the parent process. You can represent all or part of the name with a wildcard.
   
OWNER=value Specifies the owner (identifier value) of the parent process.
   
USERNAME=username Specifies the user name of the parent process. You can represent all or part of the name with a wildcard.

PASSWORD=(password,...)

Specifies the password used when the system detected a break-in attempt.

PRIVILEGES_MISSING=(privilege-name,...)

Specifies privileges the caller needed to perform the operation successfully. Specify any of the system privileges, as described in the HP OpenVMS Guide to System Security.

PRIVILEGES_USED=(privilege-name,...)

Specifies the privileges of the process to be used when selecting event records. Specify any of the system privileges, as described in the HP OpenVMS Guide to System Security. Also include the STATUS keyword in the selection criteria so the report can demonstrate whether the privilege was involved in a successful or an unsuccessful operation.

PROCESS=(characteristic,...)

Specifies the characteristics of the process to be used when selecting event records. Choose from the following characteristics:
IDENTIFICATION=value Specifies the PID of the process.
   
NAME=process-name Specifies the name of the process. You can represent all or part of the name with a wildcard.

REMOTE=keyword(,...)

Specifies that some characteristic of the network request is to be used when selecting event records. Choose from the following keywords:
ASSOCIATION_NAME=IPC-name Specifies the interprocess communication (IPC) association name.
   
LINK_IDENTIFICATION=value Specifies the number of the DECnet logical link.
   
IDENTIFICATION=value Specifies the DECnet node address.
   
NODENAME=node-name Specifies the DECnet node name. You can represent all or part of the name with a wildcard.
   
USERNAME=username Specifies the remote user name. You can represent all or part of the remote user name with a wildcard.

REQUEST_NUMBER=(value,...)

Specifies the request number associated with the DCL command REQUEST/REPLY.

SECTION_NAME=(global-section-name,...)

Specifies the name of the global section.

SENSITIVE_FIELD_NAME=(field-name,...)

Specifies the name of the field that was modified. ANALYZE/AUDIT uses the SENSITIVE_FIELD_NAME criterion, such as PASSWORD, with packets containing the original data and the new data (specified by the SENSITIVE_NEW_DATA criterion).

SENSITIVE_NEW_DATA=(value,...)

Specifies the value to use after the event occurs. Use this criterion with the SENSITIVE_FIELD_NAME criterion.

SNAPSHOT_BOOTFILE=(filename,...)

Specifies the name of the file containing a snapshot of the system.

SNAPSHOT_SAVE_FILENAME=(filename,...)

Specifies the name of the system snapshot file for a save operation that is in progress.

STATUS=type(,...)

Specifies the type of success status to be used when selecting event records. Choose from the following status types:
SUCCESSFUL Specifies any success status.
FAILURE Specifies any failure status.
CODE=(value,...) Specifies a specific completion status.

SUBJECT_OWNER=(uic,...)

Specifies the owner (UIC) of the process causing the event.

SUBTYPE=(subtype,...)

Specifies that the criteria be limited to the value or values specified as a subtype.

Refer to Table F-2 for valid subtype values.

SYSTEM=keyword(,...)

Specifies the characteristics of the system to be used when selecting event records. Choose from the following keywords:
IDENTIFICATION=value Specifies the numeric identification of the system.
NAME=nodename Specifies the node name of the system.

SYSTEM_SERVICE_NAME=(service-name,...)

Specifies the name of the system service associated with the event.

TARGET_DEVICE_NAME=(device-name,...)

Specifies the target device name used by a process control system service.

TARGET_PROCESS_IDENTIFICATION=(value,...)

Specifies the target process identifier (PID) used by a process control system service.

TARGET_PROCESS_NAME=(process-name,...)

Specifies the target process name used by a process control system service.

TARGET_PROCESS_OWNER=(uic,...)

Specifies the target process owner (UIC) used by a process control system service.

TARGET_USERNAME=(username,...)

Specifies the target user name used by a process control system service.

TERMINAL=(device-name,...)

Specifies the name of the terminal to be used when selecting event records. You can represent all or part of the terminal name with a wildcard.

TRANSPORT_NAME=(transport-name,...)

Specifies the name of the transport: interprocess communication (IPC) or System Management Integrator (SMI), which handles requests from the System Management utility.

On VAX systems, it also can specify the DECnet transport name (NSP).

USERNAME=(username,...)

Specifies the user name to be used when selecting event records. You can represent all or part of the user name with a wildcard.

VOLUME_NAME=(volume-name,...)

Specifies the name of the mounted (or dismounted) volume to be used when selecting event records. You can represent all or part of the volume name with a wildcard.

VOLUME_SET_NAME=(volume-set-name,...)

Specifies the name of the mounted (or dismounted) volume set to be used when selecting event records. You can represent all or part of the volume set name with a wildcard.

Examples

#1

$ ANALYZE/AUDIT /FULL/SELECT=USERNAME=JOHNSON -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example selects all records written to the security audit log file that were generated by user JOHNSON.

#2

$ ANALYZE/AUDIT/FULL/SELECT=PRIVILEGES_USED=(SYSPRV,-
_$ BYPASS)  SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example selects all records written to the security audit log file that were generated by events through the use of either SYSPRV or BYPASS privilege.

#3

$ ANALYZE/AUDIT/FULL/EVENT=SYSUAF/SELECT= -
_$ IMAGE=("*:[SYS*SYSEXE]SETP0.EXE","*:[SYS*SYSEXE]LOGINOUT.EXE") -
_$ SYS$MANAGER:SECURITY
      

The command in this example selects all records that involve password changes written to the security audit log file.

The following example is a command procedure that you could run at midnight to select all SYSUAF, AUDIT, and BREAKIN events (excluding password changes) and mail the result to the system manager:



$! DAILY_AUDIT.COM
$
$   mail_list = "SYSTEM"
$   audsrv$_noselect = %X003080A0
$   audit_events = "SYSUAF,BREAKIN,AUDIT"
$
$   analyze /audit /full -
 /event=('audit_events') -
 /output=audit.tmp -
 /ignore=image=("*:[SYS*SYSEXE]SETP0.EXE","*:[SYS*SYSEXE]LOGINOUT.EXE") -
 sys$manager:SECURITY.AUDIT$JOURNAL
$
$   status = $status
$   if (status.and.%XFFFFFFF) .eq. audsrv$_noselect then goto no_records
$   if .not. status then goto error_analyze
$   if f$file("audit.tmp","eof") .eq. 0 then goto no_records
$   mail /subject="''audit_events' listing from ''f$time()'" -
 audit.tmp 'mail_list'
$   goto new_log
$
$ no_records:
$   mail /subject="No interesting security events" nl: 'mail_list'
$
$ new_log:
$   if f$search("audit.tmp") .nes. "" then delete audit.tmp;*
$   set audit /server=new_log
$   rename sys$manager:SECURITY.AUDIT$JOURNAL;-1 -
 sys$common:[sysmgr]'f$element(0," ",f$edit(f$time(),"TRIM"))'
$   exit
$
$ error_analyze:
$   mail/subj="Error analyzing auditing information" nl: 'mail_list'
$   exit

/SINCE

Indicates the utility must operate on records dated with the specified time or after the specified time.

Format

/SINCE [=time]

/NOSINCE


Keyword

time

Specifies the time used to select records. Records dated the same or later than the specified time are selected. You can specify an absolute time, a delta time, or a combination of the two. Observe the syntax rules for date and time described in the OpenVMS User's Manual.

If you specify /SINCE without the time, the utility uses the beginning of the current day.


Examples

#1

$ ANALYZE/AUDIT /SINCE=25-NOV-2002 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example selects records dated later than November 25, 2002.

#2

$ ANALYZE/AUDIT /SINCE=25-NOV-2002:15:00 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example selects records written after 3 P.M. on November 25, 2002.

/SUMMARY

Specifies that a summary of the selected records be produced after all records are processed.

You can use the /SUMMARY qualifier alone or in combination with the /BRIEF, the /BINARY, or the /FULL qualifier.


Format

/SUMMARY =presentation

/NOSUMMARY


Keyword

presentation

Specifies the presentation of the summary. If you do not specify a presentation criterion, ANALYZE/AUDIT summarizes the number of audits.

You can specify either of the following presentations:

COUNT

Lists the total number of audit messages for each class of security event that have been extracted from the security audit log file. This is the default.

PLOT

Displays a plot showing the class of the audit event, the time of day when the audit was generated, and the name of the system where the audit was generated.

Examples

#1

$ ANALYZE/AUDIT/SUMMARY SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example generates a summary report of all records processed.


Total records read:        9701          Records selected:          9701
Record buffer size:        1031
Successful logins:          542          Object creates:            1278
Successful logouts:         531          Object accesses:           3761
Login failures:              35          Object deaccesses:         2901
Breakin attempts:             2          Object deletes:             301
System UAF changes:          10          Volume (dis)mounts:          50
Rights db changes:            8          System time changes:          0
Netproxy changes:             5          Server messages:              0
Audit changes:                7          Connections:                  0
Installed db changes:        50          Process control audits:       0
Sysgen changes:               9          Privilege audits:            91
NCP command lines:          120
#2

$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

The command in this example generates a full format listing of all logged audit messages that match the break-in or log failure event classes. A summary report is included at the end of the listing.

#3

$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY=PLOT -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
      

This command generates a histogram that you can display on a character-cell terminal.


4.4 ANALYZE/AUDIT Commands

This section describes the interactive commands available with the Audit Analysis utility (ANALYZE/AUDIT). The qualifiers for this section follow the standard rules of DCL grammar.

The utility runs interactively by default; you disable the feature with the /NOINTERACTIVE qualifier to the ANALYZE/AUDIT command. To enter interactive commands, press Ctrl/C at any time during the processing of a full or brief interactive display. At the COMMAND> prompt, you can enter any command listed in this section. Use the CONTINUE command to resume processing of the event records, or use the EXIT command to terminate the session.

CONTINUE

Resumes processing of event records.

Format

CONTINUE


Parameters

None.

Qualifiers

None.

Example


COMMAND> DISPLAY/SINCE=25-JAN-2002/SELECT=USERNAME=JOHNSON
COMMAND> CONTINUE
      

The first command in this example selects only event records generated by user JOHNSON after January 25, 2002. The second command in the example displays a report based on the new selection criteria.

DISPLAY

Changes the criteria used to select event records.

Format

DISPLAY


Parameters

None.

For a more complete description of any one of the following qualifiers, refer to the description of the qualifier in the preceding ANALYZE/AUDIT Qualifiers section.


Qualifiers

/BEFORE=time

Controls whether only those records dated earlier than the specified time are selected.

/BRIEF

Controls whether a brief (one-line-per-record) format is used in ASCII displays.

/EVENT_TYPE=event-type[,...]

Controls whether only those records matching the specified event type are selected.

/FULL

Controls whether a full format for each record is used in ASCII displays.

/IGNORE=criteria[,...]

Controls whether records matching the specified criteria are excluded. If you specify /IGNORE two or more times, the criteria are combined. To specify a new set of exclusion criteria, include the /REMOVE qualifier with the /IGNORE qualifier.

/PAUSE=seconds

For full-format displays (/FULL), specifies the length of time each record is displayed.

/REMOVE

Controls whether the criteria specified by the /IGNORE and the /SELECT qualifiers are no longer to be used to select event records to be displayed.

/SELECT=criteria[,...]

Controls whether only those records matching the specified criteria are selected. If you specify /SELECT two or more times, the criteria are combined. To specify a new set of selection criteria, include the /REMOVE qualifier with the /SELECT qualifier.

/SINCE[=time]

Controls whether only those records dated the same or later than the specified time are selected.

Examples

#1

COMMAND> DISPLAY/EVENT_TYPE=SYSUAF
COMMAND> CONTINUE
      

The first command in this example selects records that were generated as a result of a modification to the system user authorization file (SYSUAF). The second command displays the selected records.

#2

COMMAND> DISPLAY/SELECT=USERNAME=CRICK
COMMAND> CONTINUE
   .
   .
   .
 [Ctrl/C]

COMMAND> DISPLAY/SELECT=USERNAME=WATSON
COMMAND> CONTINUE
      

The first DISPLAY command in this example selects records that were generated by user CRICK. The second command displays the selected records. The next DISPLAY command selects records that were generated by user WATSON. The last command in the example displays all records generated by users CRICK and WATSON.

EXIT

Terminates the session.

Format

EXIT


Parameters

None.

Qualifiers

None.

HELP

Provides online help information for using ANALYZE/AUDIT commands.

Format

HELP [topic]


Parameter

topic

Specifies the command for which help information is to be displayed. If you omit the keyword, HELP displays a list of available help topics and prompts you for a particular keyword.

Qualifiers

None.

Example


COMMAND> HELP DISPLAY
      

The command in this example displays help information about the DISPLAY command.

LIST

Changes the criteria used to select event records. The LIST command is synonymous with the DISPLAY command.

Format

LIST


Parameters

None.

Qualifiers

See the description of the DISPLAY command.

Example


COMMAND> LIST/EVENT_TYPE=SYSUAF
COMMAND> CONTINUE
      

The first command in this example selects records that were generated as a result of a modification to the system user authorization file (SYSUAF). The second command displays the selected records.

NEXT FILE

Controls whether the current security audit log file is closed and the next log file opened. The command is useful when you supply a wildcard file specification to the ANALYZE/AUDIT command; for example *.AUDIT$JOURNAL. If there are no other audit log files to open, the audit analysis session terminates and control returns to DCL.

Format

NEXT FILE


Parameters

None.

Qualifiers

None.

NEXT RECORD

Controls whether the next audit record is displayed. The NEXT RECORD command is the default for interactive mode.

This command is synonymous with the POSITION command.


Format

NEXT RECORD


Parameters

None.

Qualifiers

None.

POSITION

Moves the full-format display forward or backward the specified number of event records.

Format

POSITION number


Parameter

number

For positive numbers, displays the record that is the specified number of records after the current record. For negative numbers, displays the record that is the specified number of records before the current record.

Qualifiers

None.

Examples

#1

COMMAND> POSITION 100
      

The command in this example moves the display forward 100 event records.

#2

COMMAND> POSITION -100
      

The command in this example moves the display back 100 event records.

SHOW

Displays information about the selection or exclusion criteria currently being used to select event records.

Format

SHOW option[,...]


Parameter

option[,...]

Displays information about selection or exclusion criteria currently being used to select records. Specify one or more of the following options:
ALL Displays all criteria being used to select event records.
EXCLUSION_CRITERIA Displays the criteria being used to exclude event records.
SELECTION_CRITERIA Displays the criteria being used to select event records.

Qualifiers

None.

Example


COMMAND> SHOW SELECTION_CRITERIA
      

The command in this example displays the selection criteria currently in use to select records.


Chapter 5
Authorize Utility

5.1 AUTHORIZE Description

The Authorize utility (AUTHORIZE) is a system management tool used to control access to the system and to allocate resources to users.

AUTHORIZE creates new records or modifies existing records in the following files:

  • System user authorization file (SYSUAF.DAT)
    You can use AUTHORIZE to assign values to various fields within each SYSUAF record. The values you assign identify the user and the user's work environment, and control use of system resources.
    You can redirect SYSUAF logical access by defining a logical in your local process logical table; for example:


    $ DEFINE/PROCESS/EXEC SYSUAF DISK$USER:[MYPROCESSTABLE]SYSUAF.DAT
    

    You can, if you like, define the SYSUAF logical in user mode.
    If you move the SYSUAF.DAT file, be sure the logical name SYSUAF is defined and points to an existing file. If AUTHORIZE is unable to locate the SYSUAF.DAT file, it displays the following error message:


    %UAF-E-NAOFIL, unable to open SYSUAF.DAT
    -RMS-E-FNF, file not found
    Do you want to create a new file?
    

    A response of YES results in creation of a new SYSUAF file containing a SYSTEM record and a DEFAULT record. These records are initialized with the same values set when the system was installed.
  • Network proxy authorization file
    The default network proxy authorization file is NET$PROXY.DAT. However, AUTHORIZE maintains the file NETPROXY.DAT for compatibility. In a mixed-version cluster where systems are running OpenVMS Alpha or a version of OpenVMS VAX earlier than Version 6.1, you must make all proxy modifications on an OpenVMS VAX Version 6.1 or later system.
    You can redirect NETPROXY logical access by defining a logical in your local process logical table; for example:


    $ DEFINE/PROCESS/EXEC NETPROXY DISK$USER:[MYPROCESSTABLE]NETPROXY.DAT
    
  • Rights database file (RIGHTSLIST.DAT)
    You can redirect RIGHTSLIST logical access by defining a logical in your local process logical table; for example:


    $ DEFINE/PROCESS/EXEC RIGHTSLIST DISK$USER:[MYPROCESSTABLE]RIGHTSLIST.DAT
    

These files store system authorization information. By default, they are owned by the system (UIC of [SYSTEM]) and are created with the following protection:


SYSUAF.DAT      S:RWED, O:RWED, G, W
NETPROXY.DAT    S:RWED, O:RWED, G, W
NET$PROXY.DAT   S, O, G, W
RIGHTSLIST.DAT  S:RWED, O:RWED, G, W:

To use AUTHORIZE, you must have write access to all three of these files (you must have an account with the user identification code (UIC) of [SYSTEM] or the SYSPRV privilege).

Note that you must have read access to the RIGHTSLIST.DAT file (or sufficient privileges) to display the rights identifiers held by other users.

Because certain images (such as MAIL and SET) require access to the system user authorization file (UAF) and are normally installed with the SYSPRV privilege, ensure that you always grant system access to SYSUAF.DAT.

When you install a new system, the software distribution kit provides the following records in the system user authorization file in SYS$SYSTEM:

On VAX systems:

DEFAULT
FIELD
SYSTEM
SYSTEST
SYSTEST_CLIG

On Alpha systems:

DEFAULT
SYSTEM

If the SYSUAF.DAT becomes corrupted or is accidentally deleted, you can use the template file SYSUAF.TEMPLATE in the SYS$SYSTEM directory to recreate the file, as follows:


$ SET DEFAULT SYS$SYSTEM
$ COPY SYSUAF.TEMPLATE SYSUAF.DAT

The file SYSUAF.TEMPLATE contains records that are identical to those defined when the system was installed.

To make an emergency backup for the system SYSUAF file, you can create a private copy of SYSUAF.DAT. To affect future logins, copy a private version of SYSUAF.DAT to the appropriate directory, as shown in the following example:


$ COPY MYSYSUAF.DAT SYS$COMMON:[SYSEXE]:SYSUAF.DAT-
_$ /PROTECTION=(S:RWED,O:RWED,G,W)

5.2 AUTHORIZE Usage Summary

The Authorize utility (AUTHORIZE) is a system management tool that enables you to control access to the system and to allocate resources to users.


Format

RUN SYS$SYSTEM:AUTHORIZE


Parameters

None.

Description

To invoke AUTHORIZE, set your default device and directory to SYS$SYSTEM and enter RUN AUTHORIZE at the DCL command prompt.

At the UAF> prompt, you can enter any AUTHORIZE command described in the following section.

To exit from AUTHORIZE, enter the EXIT command at the UAF> prompt or press Ctrl/Z.

5.3 AUTHORIZE Commands

This section describes the AUTHORIZE commands and provides examples of their use. You can abbreviate any command, keyword, or qualifier as long as the abbreviation is not ambiguous. The asterisk (*) and the percent sign (%) can be used as wildcard characters to specify user names, node names, and UICs.

AUTHORIZE commands fall into the following four categories:

  • Commands that allow you to manage user authorization records. By specifying appropriate qualifiers, you can use these commands to act upon individual fields of SYSUAF records. You can identify the user and the user's work environment and control use of system resources.
  • Commands that build and maintain the network proxy authorization file (NETPROXY.DAT or NET$PROXY.DAT).
  • Commands that create and maintain the rights database (RIGHTSLIST.DAT).
  • Commands that perform general utility functions or modify the system password.

The following table summarizes the AUTHORIZE commands according to these categories:

Command Description
Managing System Resources and User Accounts with SYSUAF
ADD Adds a user record to the SYSUAF and corresponding identifiers to the rights database.
COPY Creates a new SYSUAF record that duplicates an existing record.
DEFAULT Modifies the default SYSUAF record.
LIST Writes reports for selected UAF records to a listing file, SYSUAF.LIS.
MODIFY Changes values in a SYSUAF user record. Qualifiers not specified in the command remain unchanged.
REMOVE Deletes a SYSUAF user record and corresponding identifiers in the rights database. The DEFAULT and SYSTEM records cannot be deleted.
RENAME Changes the user name of the SYSUAF record (and, if specified, the corresponding identifier) while retaining the characteristics of the old record.
SHOW Displays reports for selected SYSUAF records.
Managing Network Proxies with NETPROXY.DAT or NET$PROXY.DAT
ADD/PROXY Adds proxy access for the specified user.
CREATE/PROXY Creates a network proxy authorization file.
LIST/PROXY Creates a listing file of all proxy accounts and all remote users with proxy access to the accounts.
MODIFY/PROXY Modifies proxy access for the specified user.
REMOVE/PROXY Deletes proxy access for the specified user.
SHOW/PROXY Displays proxy access allowed for the specified user.
Managing Identifiers with RIGHTSLIST.DAT
ADD/IDENTIFIER Adds an identifier name to the rights database.
CREATE/RIGHTS Creates a new rights database file.
GRANT/IDENTIFIER Grants an identifier name to a UIC identifier.
LIST/IDENTIFIER Creates a listing file of identifier names and values.
LIST/RIGHTS Creates a listing file of all identifiers held by the specified user.
MODIFY/IDENTIFIER Modifies the named identifier in the rights database.
REMOVE/IDENTIFIER Removes an identifier from the rights database.
RENAME/IDENTIFIER Renames an identifier in the rights database.
REVOKE/IDENTIFIER Revokes an identifier name from a UIC identifier.
SHOW/IDENTIFIER Displays identifier names and values on the current output device.
SHOW/RIGHTS Displays on the current output device the names of all identifiers held by the specified user.
General Commands
EXIT Returns the user to DCL command level.
HELP Displays HELP text for AUTHORIZE commands.
MODIFY/SYSTEM_PASSWORD Sets the system password (equivalent to the DCL command SET PASSWORD/SYSTEM).

ADD

Adds a user record to the SYSUAF and corresponding identifiers to the rights database.

Note

ADD/IDENTIFIER and ADD/PROXY are documented as separate commands.

Format

ADD newusername


Parameter

newusername

Specifies the name of the user record to be included in the SYSUAF. The newusername parameter is a string of 1 to 12 alphanumeric characters and can contain underscores. Although dollar signs are permitted, they are usually reserved for system names.

Avoid using fully numeric user names (for example, 89560312). A fully numeric user name cannot receive a corresponding identifier because fully numeric identifiers are not permitted.


Qualifiers

/ACCESS[=(range[,...])]

/NOACCESS[=(range[,...])]

Specifies hours of access for all modes of access. The syntax for specifying the range is:

/[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])

Specify hours as integers from 0 to 23, inclusive. You can specify single hours (n) or ranges of hours (n-m). If the ending hour of a range is earlier than the starting hour, the range extends from the starting hour through midnight to the ending hour. The first set of hours after the keyword PRIMARY specifies hours on primary days; the second set of hours after the keyword SECONDARY specifies hours on secondary days. Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour.

By default, a user has full access every day. See the DCL command SET DAY in the HP OpenVMS DCL Dictionary for information about overriding the defaults for primary and secondary day types.

All the list elements are optional. Unless you specify hours for a day type, access is permitted for the entire day. By specifying an access time, you prevent access at all other times. Adding NO to the qualifier denies the user access to the system for the specified period of time. See the following examples.

/ACCESS Allows unrestricted access
/NOACCESS=SECONDARY Allows access on primary days only
/ACCESS=(9-17) Allows access from 9 A.M. to 5:59 P.M. on all days
/NOACCESS=(PRIMARY, 9-17, SECONDARY, 18-8) Disallows access between 9 A.M. to 5:59 P.M. on primary days but allows access during these hours on secondary days

To specify access hours for specific types of access, see the /BATCH, /DIALUP, /INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.

Refer to HP OpenVMS Guide to System Security for information about the effects of login class restrictions.

/ACCOUNT=account-name

Specifies the default name for the account (for example, a billing name or number). The name can be a string of 1 to 8 alphanumeric characters. By default, AUTHORIZE does not assign an account name.

/ADD_IDENTIFIER (default)

/NOADD_IDENTIFIER

Adds a user (user name and account name) to the rights database. The /NOADD_IDENTIFIER does not create a rights list identifier (user name and account name). The AUTHORIZE command ADD/IDENTIFIER is quite different: it adds a record to the AUTHORIZE database UAF file.

/ALGORITHM=keyword=type [=value]

Sets the password encryption algorithm for a user. The keyword VMS refers to the algorithm used in the operating system version that is running on your system, whereas a customer algorithm is one that is added through the $HASH_PASSWORD system service by a customer site, by a layered product, or by a third party. The customer algorithm is identified in $HASH_PASSWORD by an integer in the range of 128 to 255. It must correspond with the number used in the AUTHORIZE command MODIFY/ALGORITHM. By default, passwords are encrypted with the VMS algorithm for the current version of the operating system.
Keyword Function
BOTH Set the algorithm for primary and secondary passwords.
CURRENT Set the algorithm for the primary, secondary, both, or no passwords, depending on account status. CURRENT is the default value.
PRIMARY Set the algorithm for the primary password only.
SECONDARY Set the algorithm for the secondary password only.

The following table lists password encryption algorithms:

Type Definition
VMS The algorithm used in the version of the operating system that is running on your system.
CUSTOMER A numeric value in the range of 128 to 255 that identifies a customer algorithm.

The following example selects the VMS algorithm for Sontag's primary password:


UAF>  MODIFY SONTAG/ALGORITHM=PRIMARY=VMS

If you select a site-specific algorithm, you must give a value to identify the algorithm, as follows:


UAF>  MODIFY SONTAG/ALGORITHM=CURRENT=CUSTOMER=128

/ASTLM=value

Specifies the AST queue limit, which is the total number of asynchronous system trap (AST) operations and scheduled wake-up requests that the user can have queued at one time. The default is 40 on VAX systems and 250 on Alpha systems.

/BATCH[=(range[,...])]

Specifies the hours of access permitted for batch jobs. For a description of the range specification, see the /ACCESS qualifier. By default, a user can submit batch jobs any time.

/BIOLM=value

Specifies a buffered I/O count limit for the BIOLM field of the UAF record. The buffered I/O count limit is the maximum number of buffered I/O operations, such as terminal I/O, that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems.

/BYTLM=value

Specifies the buffered I/O byte limit for the BYTLM field of the UAF record. The buffered I/O byte limit is the maximum number of bytes of nonpaged system dynamic memory that a user's job can consume at one time. Nonpaged dynamic memory is used for operations such as I/O buffering, mailboxes, and file-access windows. The default is 32768 on VAX systems and 64000 on Alpha systems.

/CLI=cli-name

Specifies the name of the default command language interpreter (CLI) for the CLI field of the UAF record. The cli-name is a string of 1 to 31 alphanumeric characters and should be DCL, which is the default. This setting is ignored for network jobs.

/CLITABLES=filespec

Specifies user-defined CLI tables for the account. The filespec can contain 1 to 31 characters. The default is SYS$LIBRARY:DCLTABLES. Note that this setting is ignored for network jobs to guarantee that the system-supplied command procedures used to implement network objects function properly.

/CPUTIME=time

Specifies the maximum process CPU time for the CPU field of the UAF record. The maximum process CPU time is the maximum amount of CPU time a user's process can take per session. You must specify a delta time value. For a discussion of delta time values, refer to the OpenVMS User's Manual. The default is 0, which means an infinite amount of time.

/DEFPRIVILEGES=([NO]privname[,...])

Specifies default privileges for the user; that is, those enabled at login time. A NO prefix removes a privilege from the user. By specifying the keyword [NO]ALL with the /DEFPRIVILEGES qualifier, you can disable or enable all user privileges. The default privileges are TMPMBX and NETMBX. Privname is the name of the privilege.

/DEVICE=device-name

Specifies the name of the user's default device at login. The device-name is a string of 1 to 31 alphanumeric characters. If you omit the colon from the device-name value, AUTHORIZE appends a colon. The default device is SYS$SYSDISK.

If you specify a logical name as the device-name (for example, DISK1: for DUA1:), you must make an entry for the logical name in the LNM$SYSTEM_TABLE in executive mode by using the DCL command DEFINE/SYSTEM/EXEC.

/DIALUP[=(range[,...])]

Specifies hours of access permitted for dialup logins. For a description of the range specification, see the /ACCESS qualifier. The default is full access.

/DIOLM=value

Specifies the direct I/O count limit for the DIOLM field of the UAF record. The direct I/O count limit is the maximum number of direct I/O operations (usually disk) that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems.

/DIRECTORY=directory-name

Specifies the default directory name for the DIRECTORY field of the UAF record. The directory-name can be 1 to 39 alphanumeric characters. If you do not enclose the directory name in brackets, AUTHORIZE adds the brackets for you. The default directory name is [USER].

/ENQLM=value

Specifies the lock queue limit for the ENQLM field of the UAF record. The lock queue limit is the maximum number of locks that can be queued by the user at one time. The default is 200 on VAX systems and 2000 on Alpha systems.

/EXPIRATION=time (default)

/NOEXPIRATION

Specifies the expiration date and time of the account. The /NOEXPIRATION qualifier removes the expiration date on the account. If you do not specify an expiration time when you add a new account, AUTHORIZE copies the expiration time from the DEFAULT account. (The expiration time on the DEFAULT account is "none" by default.)

/FILLM=value

Specifies the open file limit for the FILLM field of the UAF record. The open file limit is the maximum number of files that can be open at one time, including active network logical links. The default is 300 on VAX systems and 100 on Alpha systems.

/FLAGS=([NO]option[,...])

Specifies login flags for the user. The prefix NO clears the flag. The options are as follows:
AUDIT Enables or disables mandatory security auditing for a specific user. By default, the system does not audit the activities of specific users (NOAUDIT).
AUTOLOGIN Restricts the user to the automatic login mechanism when logging in to an account. When set, the flag disables login by any terminal that requires entry of a user name and password. The default is to require a user name and password (NOAUTOLOGIN).
CAPTIVE Prevents the user from changing any defaults at login, for example, /CLI or /LGICMD. It prevents the user from escaping the captive login command procedure specified by the /LGICMD qualifier and gaining access to the DCL command level. Refer to "Guidelines for Captive Command Procedures" in the HP OpenVMS Guide to System Security.

The CAPTIVE flag also establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. By default, an account is not captive (NOCAPTIVE).

DEFCLI Restricts the user to the default command interpreter by prohibiting the use of the /CLI qualifier at login. By default, a user can choose a CLI (NODEFCLI).
DISCTLY Establishes an environment where Ctrl/Y interrupts are initially turned off and are invalid until a SET CONTROL=Y is encountered. This could happen in SYLOGIN.COM or in a procedure called by SYLOGIN.COM. Once a SET CONTROL=Y is executed (which requires no privilege), a user can enter a Ctrl/Y and reach the DCL prompt ($). If the intent of DISCTLY is to force execution of the login command files, then SYLOGIN.COM should issue the DCL command SET CONTROL=Y to turn on Ctrl/Y interrupts before exiting. By default, Ctrl/Y is enabled (NODISCTLY).
DISFORCE_PWD_CHANGE Removes the requirement that a user must change an expired password at login. By default, a person can use an expired password only once (NODISFORCE_PWD_CHANGE) and then is forced to change the password after logging in. If the user does not select a new password, the user is locked out of the system.

To use this feature, set a password expiration date with the /PWDLIFETIME qualifier.

DISIMAGE Prevents the user from executing RUN and foreign commands. By default, a user can execute RUN and foreign commands (NODISIMAGE).
DISMAIL Disables mail delivery to the user. By default, mail delivery is enabled (NODISMAIL).
DISNEWMAIL Suppresses announcements of new mail at login. By default, the system announces new mail (NODISNEWMAIL).
DISPWDDIC Disables automatic screening of new passwords against a system dictionary. By default, passwords are automatically screened (NODISPWDDIC).
DISPWDHIS Disables automatic checking of new passwords against a list of the user's old passwords. By default, the system screens new passwords (NODISPWDHIS).
DISPWDSYNCH Suppresses synchronization of the external password for this account. See bit 9 in the SECURITY_POLICY system parameter for systemwide password synchronization control.
DISRECONNECT Disables automatic reconnection to an existing process when a terminal connection has been interrupted. By default, automatic reconnection is enabled (NODISRECONNECT).
DISREPORT Suppresses reports of the last login time, login failures, and other security reports. By default, login information is displayed (NODISREPORT).
DISUSER Disables the account so the user cannot log in. For example, the DEFAULT account is disabled. By default, an account is enabled (NODISUSER).
DISWELCOME Suppresses the welcome message (an informational message displayed during a local login). This message usually indicates the version number of the operating system that is running and the name of the node on which the user is logged in. By default, a system login message appears (NODISWELCOME).
EXTAUTH Considers user to be authenticated by an external user name and password, not by the SYSUAF user name and password. (The system still uses the SYSUAF record to check a user's login restrictions and quotas and to create the user's process profile.)
GENPWD Restricts the user to generated passwords. By default, users choose their own passwords (NOGENPWD).
LOCKPWD Prevents the user from changing the password for the account. By default, users can change their passwords (NOLOCKPWD).
PWD_EXPIRED Marks a password as expired. The user cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not expired after login (NOPWD_EXPIRED).
PWD2_EXPIRED Marks a secondary password as expired. Users cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not set to expire after login (NOPWD2_EXPIRED).
PWDMIX Enables case-sensitive and extended-character passwords.

After PWDMIX is specified, you can then use mixed-case and extended characters in passwords. Be aware that before the PWDMIX flag is enabled, the system stores passwords in all upper-case. Therefore, until you change passwords, you must enter your pre-PWDMIX passwords in upper-case.

To change the password after PWDMIX is enabled:

  • You (the user) can use the DCL command SET PASSWORD, specifying the new mixed-case password (omitting quotation marks).
  • You (the system manager) can use the AUTHORIZE command MODIFY/PASSWORD, and enclose the user's new mixed-case password in quotation marks " " .
RESTRICTED Prevents the user from changing any defaults at login (for example, by specifying /LGICMD) and prohibits user specification of a CLI with the /CLI qualifier. The RESTRICTED flag establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. Typically, this flag is used to prevent an applications user from having unrestricted access to the CLI. By default, a user can change defaults (NORESTRICTED).
VMSAUTH Allows account to use standard (SYSUAF) authentication when the EXTAUTH flag would otherwise require external authentication. This depends on the application. An application specifies the VMS domain of interpretation when calling SYS$ACM to request standard VMS authentication for a user account that normally uses external authentication.

/GENERATE_PASSWORD[=keyword]

/NOGENERATE_PASSWORD (default)

Invokes the password generator to create user passwords. Generated passwords can consist of 1 to 10 characters. Specify one of the following keywords:
BOTH Generate primary and secondary passwords.
CURRENT Do whatever the DEFAULT account does (for example, generate primary, secondary, both, or no passwords). This is the default keyword.
PRIMARY Generate primary password only.
SECONDARY Generate secondary password only.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, users are forced to change their passwords (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

/INTERACTIVE[ =(range[,...])]

/NOINTERACTIVE

Specifies the hours of access for interactive logins. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on interactive logins.

/JTQUOTA=value

Specifies the initial byte quota with which the jobwide logical name table is to be created. By default, the value is 4096 on VAX systems and 4096 on Alpha systems.

/LGICMD=filespec

Specifies the name of the default login command file. The file name defaults to the device specified for /DEVICE, the directory specified for /DIRECTORY, a file name of LOGIN, and a file type of .COM. If you select the defaults for all these values, the file name is SYS$SYSTEM:[USER]LOGIN.COM.

/LOCAL[=(range[,...])]

Specifies hours of access for interactive logins from local terminals. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on local logins.

/MAXACCTJOBS=value

Specifies the maximum number of batch, interactive, and detached processes that can be active at one time for all users of the same account. By default, a user has a maximum of 0, which represents an unlimited number.

/MAXDETACH=value

Specifies the maximum number of detached processes with the cited user name that can be active at one time. To prevent the user from creating detached processes, specify the keyword NONE. By default, a user has a value of 0, which represents an unlimited number.

/MAXJOBS=value

Specifies the maximum number of processes (interactive, batch, detached, and network) with the cited user name that can be active simultaneously. The first four network jobs are not counted. By default, a user has a maximum value of 0, which represents an unlimited number.

/NETWORK[=(range[,...])]

Specifies hours of access for network batch jobs. For a description of how to specify the range, see the /ACCESS qualifier. By default, network logins have no access restrictions.

/OWNER=owner-name

Specifies the name of the owner of the account. You can use this name for billing purposes or similar applications. The owner name is 1 to 31 characters. No default owner name exists.

/PASSWORD=(password1[,password2])

/NOPASSWORD

Specifies up to two passwords for login. Passwords can be from 0 to 32 alphanumeric characters in length. The dollar sign ($) and underscore (_) are also permitted.

Uppercase and lowercase characters are equivalent. All lowercase characters are converted to uppercase before the password is encrypted. Avoid using the word password as the actual password.

Use the /PASSWORD qualifier as follows:

  • To set only the first password and clear the second, specify /PASSWORD=password.
  • To set both the first and second password, specify /PASSWORD=(password1, password2).
  • To change the first password without affecting the second, specify /PASSWORD=(password, "").
  • To change the second password without affecting the first, specify /PASSWORD=("", password).
  • To set both passwords to null, specify /NOPASSWORD.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, the user is forced to change the password (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

By default, the ADD command assigns the password USER. When you create a new UAF record with the COPY or RENAME command, you must specify a password. Avoid using the word password as the actual password.

/PBYTLM

This flag is reserved for HP.

/PGFLQUOTA=value

Specifies the paging file limit. This is the maximum number of pages that the person's process can use in the system paging file. By default, the value is 32768 pages on VAX systems and 50000 pagelets on Alpha systems.

If decompressing libraries, make sure to set PGFLQUOTA to twice the size of the library.

/PRCLM=value

Specifies the subprocess creation limit. This is the maximum number of subprocesses that can exist at one time for the specified user's process. By default, the value is 2 on VAX systems and 8 on Alpha systems.

/PRIMEDAYS=([NO]day[,...])

Defines the primary and secondary days of the week for logging in. Specify the days as a list separated by commas, and enclose the list in parentheses. To specify a secondary day, prefix the day with NO (for example, NOFRIDAY). To specify a primary day, omit the NO prefix.

By default, primary days are Monday through Friday and secondary days are Saturday and Sunday. If you omit a day from the list, AUTHORIZE uses the default value. (For example, if you omit Monday from the list, AUTHORIZE defines Monday as a primary day.)

Use the primary and secondary day definitions in conjunction with such qualifiers as /ACCESS, /INTERACTIVE, and /BATCH.

/PRIORITY=value

Specifies the default base priority. The value is an integer in the range of 0 to 31 on VAX systems and 0 to 63 on Alpha systems. By default, the value is set to 4 for timesharing users.

/PRIVILEGES=([NO]privname[,...])

Specifies which privileges the user is authorized to hold, although these privileges are not necessarily enabled at login. (The /DEFPRIVILEGES qualifier determines which ones are enabled.) A NO prefix removes the privilege from the user. The keyword NOALL disables all user privileges. Many privileges have varying degrees of power and potential system impact (see the HP OpenVMS Guide to System Security for a detailed discussion). By default, a user holds TMPMBX and NETMBX privileges. Privname is the name of the privilege.

/PWDEXPIRED (default)

/NOPWDEXPIRED

Specifies the password is valid for only one login. A user must change a password immediately after login or be locked out of the system. The system warns users of password expiration. A user can either specify a new password, with the DCL command SET PASSWORD, or wait until expiration and be forced to change. By default, a user must change a password when first logging in to an account. The default is applied to the account only when the password is being modified.

/PWDLIFETIME=time (default)

/NOPWDLIFETIME

Specifies the length of time a password is valid. Specify a delta time value in the form [dddd-] [hh:mm:ss.cc]. For example, for a lifetime of 120 days, 0 hours, and 0 seconds, specify /PWDLIFETIME="120-". For a lifetime of 120 days 12 hours, 30 minutes and 30 seconds, specify /PWDLIFETIME="120-12:30:30". If a period longer than the specified time elapses before the user logs in, the system displays a warning message. The password is marked as expired.

To prevent a password from expiring, specify the time as NONE. By default, a password expires in 90 days.

/PWDMINIMUM=value

Specifies the minimum password length in characters. Note that this value is enforced only by the DCL command SET PASSWORD. It does not prevent you from entering a password shorter than the minimum length when you use AUTHORIZE to create or modify an account. By default, a password must have at least 6 characters. The value specified by the /PWDMINIMUM qualifier conflicts with the value used by the /GENERATE_PASSWORD qualifier or the DCL command SET PASSWORD/GENERATE, the operating system chooses the lesser value. The maximum value for generated passwords is 10.

/QUEPRIO=value

Reserved for future use.

/REMOTE[=(range[,...])]

Specifies hours during which access is permitted for interactive logins from network remote terminals (with the DCL command SET HOST). For a description of the range specification, see the /ACCESS qualifier. By default, remote logins have no access restrictions.

/SHRFILLM=value

Specifies the maximum number of shared files that the user can have open at one time. By default, the system assigns a value of 0, which represents an infinite number.

/TQELM

Specifies the total number of entries in the timer queue plus the number of temporary common event flag clusters that the user can have at one time. By default, a user can have 10.

/UIC=value

Specifies the user identification code (UIC). The UIC value is a group number in the range from 1 to 37776 (octal) and a member number in the range from 0 to 177776 (octal), which are separated by a comma and enclosed in brackets. HP reserves group 1 and groups 300--377 for its own use.

Each user must have a unique UIC. By default, the UIC value is [200,200].

/WSDEFAULT=value

Specifies the default working set limit. This represents the initial limit to the number of physical pages the process can use. (The user can alter the default quantity up to WSQUOTA with the DCL command SET WORKING_SET.) By default, a user has 256 pages on VAX systems and 2000 pagelets on Alpha systems.

The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSDEFAULT.

/WSEXTENT=value

Specifies the working set maximum. This represents the maximum amount of physical memory allowed to the process. The system provides memory to a process beyond its working set quota only when it has excess free pages. The additional memory is recalled by the system if needed.

The value is an integer equal to or greater than WSQUOTA. By default, the value is 1024 pages on VAX systems and 16384 pagelets on Alpha systems. The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSEXTENT.

/WSQUOTA=value

Specifies the working set quota. This is the maximum amount of physical memory a user process can lock into its working set. It also represents the maximum amount of swap space that the system reserves for this process and the maximum amount of physical memory that the system allows the process to consume if the systemwide memory demand is significant.

The value cannot be greater than the value of WSMAX and cannot exceed 64K pages. This quota value replaces smaller values of PQL_MWSQUOTA.


Description

When you do not specify a value for a field, AUTHORIZE uses values from the DEFAULT record (excluding the default password, which is always USER). The DEFAULT account serves as a template for creating user records in the system user authorization file.

On Alpha systems, the DEFAULT account is as follows:



Username: DEFAULT                          Owner:
Account:                                   UIC:    [200,200] ([FIELD,USERP])
CLI:      DCL                              Tables: DCLTABLES
Default:  SYS$SYSDEVICE:[USER]
LGICMD:   LOGIN
Flags:  DisUser
Primary days:   Mon Tue Wed Thu Fri
Secondary days:                     Sat Sun
No access restrictions
Expiration:            (none)    Pwdminimum:  6   Login Fails:     0
Pwdlifetime:         90 00:00    Pwdchange:      (pre-expired)
Last Login:            (none) (interactive),            (none) (non-interactive)
Maxjobs:         0  Fillm:       100  Bytlm:        64000
Maxacctjobs:     0  Shrfillm:      0  Pbytlm:           0
Maxdetach:       0  BIOlm:       150  JTquota:       4096
Prclm:           8  DIOlm:       150  WSdef:         2000
Prio:            4  ASTlm:       250  WSquo:         4000
Queprio:         0  TQElm:        10  WSextent:     16384
CPU:        (none)  Enqlm:      2000  Pgflquo:      50000
Authorized Privileges:
  TMPMBX NETMBX
Default Privileges:
  TMPMBX NETMBX


On VAX systems, the DEFAULT account is as follows:



Username: DEFAULT                          Owner:
Account:                                   UIC:    [200,200] ([DEFAULT])
CLI:      DCL                              Tables: DCLTABLES
Default:  SYS$SYSDEVICE:[USER]
LGICMD:   LOGIN
Flags:  DisUser
Primary days:   Mon Tue Wed Thu Fri
Secondary days:                     Sat Sun
No access restrictions
Expiration:            (none)    Pwdminimum:  6   Login Fails:     0
Pwdlifetime:         90 00:00    Pwdchange:      (pre-expired)
Last Login:            (none) (interactive)            (none) (non-interactive)
Maxjobs:         0  Fillm:       300  Bytlm:        32768
Maxacctjobs:     0  Shrfillm:      0  Pbytlm:           0
Maxdetach:       0  BIOlm:        40  JTquota:       4096
Prclm:           2  DIOlm:        40  WSdef:          256
Prio:            4  ASTlm:        40  WSquo:          512
Queprio:         0  TQElm:        10  WSextent:      1024
CPU:        (none)  Enqlm:       200  Pgflquo:      32768
Authorized Privileges:
  TMPMBX NETMBX
Default Privileges:
  TMPMBX NETMBX



When you add a new account, specify values for fields that you want to be different. Typically, changing the default values for limits priority, privileges, or the command interpreter is not necessary. As a result, you enter only the password, UIC, directory, owner, account, and device.

Note

Limits are also set by system parameters. To be effective, the limits you set through AUTHORIZE must be within the minimum limits determined by the corresponding system parameters (particularly those beginning with the PQL prefix).

When you add a record to the UAF, create a directory for the new user. Specify the device name, directory name, and UIC in the UAF record. The following DCL command creates a directory for user ROBIN:


$ CREATE/DIRECTORY SYS$USER:[ROBIN] /OWNER_UIC=[ROBIN]

Note

When you add a new record to the UAF and a rights database exists, an identifier with the user name is added to the rights database automatically (unless you specify the /NOADD_IDENTIFIER qualifier). Similarly, when you specify an account name (other than the user name) that does not yet have an identifier, AUTHORIZE creates a group identifier in the rights database.

Examples

#1

UAF> ADD ROBIN /PASSWORD=SP0152/UIC=[014,006] -
_/DEVICE=SYS$USER/DIRECTORY=[ROBIN]/OWNER="JOSEPH ROBIN" /ACCOUNT=INV
%UAF-I-ADDMSG, user record successfully added
%UAF-I-RDBADDMSGU, identifier ROBIN value: [000014,000006] added to
  RIGHTSLIST.DAT
%UAF-I-RDBADDMSGU, identifier INV value: [000014,177777] added to
  RIGHTSLIST.DAT
      

This example illustrates the typical ADD command and qualifiers. The resulting record from this command appears in the description of the SHOW command.

#2

UAF> ADD WELCH /PASSWORD=SP0158/UIC=[014,051] -
_/DEVICE=SYS$USER/DIRECTORY=[WELCH]/OWNER="ROB WELCH"/FLAGS=DISUSER -
_/ACCOUNT=INV/LGICMD=SECUREIN
%UAF-I-ADDMSG, user record successfully added
%UAF-I-RDBADDMSGU, identifier WELCH value: [000014,000051] added to
      RIGHTSLIST.DAT
UAF> MODIFY WELCH/FLAGS=(RESTRICTED,DISNEWMAIL,DISWELCOME, -
_NODISUSER,EXTAUTH)/NODIALUP=SECONDARY/NONETWORK=PRIMARY -
/CLITABLES=DCLTABLES/NOACCESS=(PRIMARY, 9-16, SECONDARY, 18-8)
%UAF-I-MDFYMSG, user records updated
      

The commands in this example add a record for a restricted account. Because of the number of qualifiers required, a MODIFY command is used in conjunction with the ADD command. This helps to minimize the possibility of typing errors.

In the ADD command line, setting the DISUSER flag prevents the user from logging in until all the account parameters are set up. In the MODIFY command line, the DISUSER flag is disabled (by specifying NODISUSER) to allow access to the account. The EXTAUTH flag causes the system to consider the user as authenticated by an external user name and password, not by the SYSUAF user name and password.

The record that results from these commands and an explanation of the restrictions the record imposes appear in the description of the SHOW command.

ADD/IDENTIFIER

Adds only an identifier to the rights database. It does not add a user account.

Format

ADD/IDENTIFIER [id-name]


Parameter

id-name

Specifies the name of the identifier to be added to the rights database. If you omit the name, you must specify the /USER qualifier. The identifier name is a string of 1 to 31 alphanumeric characters. The name can contain underscores and dollar signs. It must contain at least one nonnumeric character.

Qualifiers

/ATTRIBUTES=(keyword[,...])

Specifies attributes to be associated with the new identifier. The following keywords are valid:
DYNAMIC Allows unprivileged holders of the identifier to remove and to restore the identifier from the process rights list by using the DCL command SET RIGHTS_LIST.
HOLDER_HIDDEN Prevents people from getting a list of users who hold an identifier, unless they own the identifier themselves.
NAME_HIDDEN Allows holders of an identifier to have it translated, either from binary to ASCII or from ASCII to binary, but prevents unauthorized users from translating the identifier.
NOACCESS Makes any access rights of the identifier null and void. If a user is granted an identifier with the No Access attribute, that identifier has no effect on the user's access rights to objects. This attribute is a modifier for an identifier with the Resource or Subsystem attribute.
RESOURCE Allows holders of an identifier to charge disk space to the identifier. Used only for file objects.
SUBSYSTEM Allows holders of the identifier to create and maintain protected subsystems by assigning the Subsystem ACE to the application images in the subsystem. Used only for file objects.

By default, none of these attributes is associated with the new identifier.

/USER=user-spec

Scans the UAF record for the specified user and creates the corresponding identifier. Specify user-spec by user name or UIC. You can use the asterisk wildcard to specify multiple user names or UICs. Full use of the asterisk and percent wildcards is permitted for user names; UICs must be in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard user name specification (*) creates identifiers alphabetically by user name; a wildcard UIC specification ([*,*]) creates them in numerical order by UIC.

/VALUE=value-specifier

Specifies the value to be attached to the identifier. The following formats are valid for the value-specifier:
IDENTIFIER:n An integer value in the range of 65,536 to 268,435,455. You can also specify the value in hexadecimal (precede the value with %X) or octal (precede the value with %O).

The system displays this type of identifier in hexadecimal. To differentiate general identifiers from UIC identifiers, the system adds %X80000000 to the value you specify.

GID:n GID is the POSIX group identifier. It is an integer value in the range 0 to 16,777,215 (%XFFFFFF). The system will add %XA400.0000 to the value you specify and then enter this new value into the system RIGHTSLIST as an identifier.
UIC:uic A UIC value in standard UIC format consists of a member name and, optionally, a group name enclosed in brackets. For example, [360,031].

In numeric UICs, the group number is an octal number in the range of 1 to 37776; the member number is an octal number in the range of 0 to 177776. You can omit leading zeros when you are specifying group and member numbers.

Regardless of the UIC format you use, the system translates a UIC to a 32-bit numeric value.

Alphanumeric UICs are not allowed.

Typically, system managers add identifiers as UIC values to represent system users; the system applies identifiers in integer format to system resources.


Examples

#1

UAF> ADD/IDENTIFIER/VALUE=UIC:[300,011] INVENTORY
%UAF-I-RDBADDMSGU, identifier INVENTORY value: [000300,000011]
added to RIGHTSLIST.DAT
      

The command in this example adds an identifier named INVENTORY to the rights database. By default, the identifier is not marked as a resource.

#2

UAF> ADD/IDENTIFIER/ATTRIBUTES=(RESOURCE) -
_/VALUE=IDENTIFIER:%X80011 PAYROLL
%UAF-I-RDBADDMSGU, identifier PAYROLL value: %X80080011 added to
RIGHTSLIST.DAT
      

This command adds the identifier PAYROLL and marks it as a resource. To differentiate identifiers with integer values from identifiers with UIC values, %X80000000 is added to the specified code.

ADD/PROXY

Adds an entry to the network proxy authorization files, NETPROXY.DAT and NET$PROXY.DAT, and signals DECnet to update its volatile database. Proxy additions take effect immediately on all nodes in a cluster that share the proxy database.

Format

ADD/PROXY node::remote-user local-user[,...]


Parameters

node

Specifies a DECnet node name. If you provide a wildcard character (*), the specified remote user on all nodes is served by the account defined as local-user.

remote-user

Specifies the user name of a user at a remote node. If you specify an asterisk, all users at the specified node are served by the local user.

For systems that are not OpenVMS and that implement DECnet, specifies the UIC of a user at a remote node. You can specify a wildcard character (*) in the group and member fields of the UIC.

local-user

Specifies the user names of 1 to 16 users on the local node. If you specify an asterisk, a local-user name equal to remote-user name will be used.

Positional Qualifier

/DEFAULT

Establishes the specified user name as the default proxy account. The remote user can request proxy access to an authorized account other than the default proxy account by specifying the name of the proxy account in the access control string of the network operation.

Description

The ADD/PROXY command adds an entry to the network proxy authorization files, NETPROXY.DAT and NET$PROXY.DAT, and signals DECnet to update its volatile database. Proxy additions take effect immediately on all nodes in a cluster that share the proxy database.

You can grant a remote user access to one default proxy account and up to 15 other local accounts. To access proxy accounts other than the default proxy account, remote users specify the requested account name in an access control string. To change the default proxy account, use the AUTHORIZE command MODIFY/PROXY.

Proxy login is an effective way to avoid specifying (and, possibly, revealing) passwords in command lines. However, you must use caution in granting access to remote users. While logged in to the local system, remote users can apply the full DCL command set (with the exception of SET HOST). A remote user receives the default privileges of the local user and, therefore, becomes the owner of the local user's files when executing any DCL commands.

To avoid potential security compromises, HP recommends that you create proxy accounts on the local node that are less privileged than a user's normal account on the remote node. By adding an extension such as _N, you can identify the account as belonging to a remote user, while distinguishing it from a native account with the same name on the local node. For example, the following command creates a JONES_N proxy account on the local node that allows the user JONES to access the account from the remote node SAMPLE:


UAF> ADD/PROXY SAMPLE::JONES JONES_N/DEFAULT
%UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT

For more information about creating proxy accounts, refer to the HP OpenVMS Guide to System Security.


Examples

#1

UAF> ADD/PROXY  SAMPLE::WALTER   ROBIN/DEFAULT
%UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT
      

Specifies that user WALTER on remote node SAMPLE has proxy access to user ROBIN's account on local node AXEL. Through proxy login, WALTER receives the default privileges of user ROBIN when he accesses node AXEL remotely.

#2

UAF> ADD/PROXY MISHA::* MARCO/DEFAULT, OSCAR
%UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT
      

Specifies that any user on the remote node MISHA can, by default, use the MARCO account on the local node for DECnet tasks such as remote file access. Remote users can also access the OSCAR proxy account by specifying the user name OSCAR in the access control string.

#3

UAF> ADD/PROXY MISHA::MARCO */DEFAULT
%UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT
      

Specifies that user MARCO on the remote node MISHA can use only the MARCO account on the local node for remote file access.

#4

UAF> ADD/PROXY TAO::MARTIN  MARTIN/D,SALES_READER
%UAF-I-NAFADDMSG, proxy from TAO:.TWA.RAN::MARTIN to MARTIN added
%UAF-I-NAFADDMSG, proxy from TAO:.TWA.RAN::MARTIN to SALES_READER
added
      

Adds a proxy from TAO::MARTIN to the local accounts MARTIN (the default) and SALES_READER on a system running DECnet-Plus.

COPY

Creates a new SYSUAF record that duplicates an existing UAF record.

Format

COPY oldusername newusername


Parameters

oldusername

Name of an existing user record to serve as a template for the new record.

newusername

Name for the new user record. The user name is a string of 1 to 12 alphanumeric characters.

Qualifiers

/ACCESS[=(range[,...])]

/NOACCESS[=(range[,...])]

Specifies hours of access for all modes of access. The syntax for specifying the range is:

/[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])

Specify hours as integers from 0 to 23, inclusive. You can specify single hours (n) or ranges of hours (n-m). If the ending hour of a range is earlier than the starting hour, the range extends from the starting hour through midnight to the ending hour. The first set of hours after the keyword PRIMARY specifies hours on primary days; the second set of hours after the keyword SECONDARY specifies hours on secondary days. Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour.

By default, a user has full access every day. See the DCL command SET DAY in the HP OpenVMS DCL Dictionary for information about overriding the defaults for primary and secondary day types.

All the list elements are optional. Unless you specify hours for a day type, access is permitted for the entire day. By specifying an access time, you prevent access at all other times. Adding NO to the qualifier denies the user access to the system for the specified period of time. See the following examples.

/ACCESS Allows unrestricted access
/NOACCESS=SECONDARY Allows access on primary days only
/ACCESS=(9-17) Allows access from 9 A.M. to 5:59 P.M. on all days
/NOACCESS=(PRIMARY, 9-17, SECONDARY, 18-8) Disallows access between 9 A.M. to 5:59 P.M. on primary days but allows access during these hours on secondary days

To specify access hours for specific types of access, see the /BATCH, /DIALUP, /INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.

Refer to HP OpenVMS Guide to System Security for information about the effects of login class restrictions.

/ACCOUNT=account-name

Specifies the default name for the account (for example, a billing name or number). The name can be a string of 1 to 8 alphanumeric characters. By default, AUTHORIZE does not assign an account name.

/ADD_IDENTIFIER (default)

/NOADD_IDENTIFIER

Adds a user (user name and account name) to the rights database. The /NOADD_IDENTIFIER does not create a rights list identifier (user name and account name). The AUTHORIZE command ADD/IDENTIFIER is quite different: it adds a record to the AUTHORIZE database UAF file.

/ALGORITHM=keyword=type [=value]

Sets the password encryption algorithm for a user. The keyword VMS refers to the algorithm used in the operating system version that is running on your system, whereas a customer algorithm is one that is added through the $HASH_PASSWORD system service by a customer site, by a layered product, or by a third party. The customer algorithm is identified in $HASH_PASSWORD by an integer in the range of 128 to 255. It must correspond with the number used in the AUTHORIZE command MODIFY/ALGORITHM. By default, passwords are encrypted with the VMS algorithm for the current version of the operating system.
Keyword Function
BOTH Set the algorithm for primary and secondary passwords.
CURRENT Set the algorithm for the primary, secondary, both, or no passwords, depending on account status. CURRENT is the default value.
PRIMARY Set the algorithm for the primary password only.
SECONDARY Set the algorithm for the secondary password only.

The following table lists password encryption algorithms:

Type Definition
VMS The algorithm used in the version of the operating system that is running on your system.
CUSTOMER A numeric value in the range of 128 to 255 that identifies a customer algorithm.

The following example selects the VMS algorithm for Sontag's primary password:


UAF>  MODIFY SONTAG/ALGORITHM=PRIMARY=VMS

If you select a site-specific algorithm, you must give a value to identify the algorithm, as follows:


UAF>  MODIFY SONTAG/ALGORITHM=CURRENT=CUSTOMER=128

/ASTLM=value

Specifies the AST queue limit, which is the total number of asynchronous system trap (AST) operations and scheduled wake-up requests that the user can have queued at one time. The default is 40 on VAX systems and 250 on Alpha systems.

/BATCH[=(range[,...])]

Specifies the hours of access permitted for batch jobs. For a description of the range specification, see the /ACCESS qualifier. By default, a user can submit batch jobs any time.

/BIOLM=value

Specifies a buffered I/O count limit for the BIOLM field of the UAF record. The buffered I/O count limit is the maximum number of buffered I/O operations, such as terminal I/O, that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems.

/BYTLM=value

Specifies the buffered I/O byte limit for the BYTLM field of the UAF record. The buffered I/O byte limit is the maximum number of bytes of nonpaged system dynamic memory that a user's job can consume at one time. Nonpaged dynamic memory is used for operations such as I/O buffering, mailboxes, and file-access windows. The default is 32768 on VAX systems and 64000 on Alpha systems.

/CLI=cli-name

Specifies the name of the default command language interpreter (CLI) for the CLI field of the UAF record. The cli-name is a string of 1 to 31 alphanumeric characters and should be DCL, which is the default. This setting is ignored for network jobs.

/CLITABLES=filespec

Specifies user-defined CLI tables for the account. The filespec can contain 1 to 31 characters. The default is SYS$LIBRARY:DCLTABLES. Note that this setting is ignored for network jobs to guarantee that the system-supplied command procedures used to implement network objects function properly.

/CPUTIME=time

Specifies the maximum process CPU time for the CPU field of the UAF record. The maximum process CPU time is the maximum amount of CPU time a user's process can take per session. You must specify a delta time value. For a discussion of delta time values, refer to the OpenVMS User's Manual. The default is 0, which means an infinite amount of time.

/DEFPRIVILEGES=([NO]privname[,...])

Specifies default privileges for the user; that is, those enabled at login time. A NO prefix removes a privilege from the user. By specifying the keyword [NO]ALL with the /DEFPRIVILEGES qualifier, you can disable or enable all user privileges. The default privileges are TMPMBX and NETMBX. Privname is the name of the privilege.

/DEVICE=device-name

Specifies the name of the user's default device at login. The device-name is a string of 1 to 31 alphanumeric characters. If you omit the colon from the device-name value, AUTHORIZE appends a colon. The default device is SYS$SYSDISK.

If you specify a logical name as the device-name (for example, DISK1: for DUA1:), you must make an entry for the logical name in the LNM$SYSTEM_TABLE in executive mode by using the DCL command DEFINE/SYSTEM/EXEC.

/DIALUP[=(range[,...])]

Specifies hours of access permitted for dialup logins. For a description of the range specification, see the /ACCESS qualifier. The default is full access.

/DIOLM=value

Specifies the direct I/O count limit for the DIOLM field of the UAF record. The direct I/O count limit is the maximum number of direct I/O operations (usually disk) that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems.

/DIRECTORY=directory-name

Specifies the default directory name for the DIRECTORY field of the UAF record. The directory-name can be 1 to 39 alphanumeric characters. If you do not enclose the directory name in brackets, AUTHORIZE adds the brackets for you. The default directory name is [USER].

/ENQLM=value

Specifies the lock queue limit for the ENQLM field of the UAF record. The lock queue limit is the maximum number of locks that can be queued by the user at one time. The default is 200 on VAX systems and 2000 on Alpha systems.

/EXPIRATION=time (default)

/NOEXPIRATION

Specifies the expiration date and time of the account. The /NOEXPIRATION qualifier removes the expiration date on the account. If you do not specify an expiration time when you add a new account, AUTHORIZE copies the expiration time from the DEFAULT account. (The expiration time on the DEFAULT account is "none" by default.)

/FILLM=value

Specifies the open file limit for the FILLM field of the UAF record. The open file limit is the maximum number of files that can be open at one time, including active network logical links. The default is 300 on VAX systems and 100 on Alpha systems.

/FLAGS=([NO]option[,...])

Specifies login flags for the user. The prefix NO clears the flag. The options are as follows:
AUDIT Enables or disables mandatory security auditing for a specific user. By default, the system does not audit the activities of specific users (NOAUDIT).
AUTOLOGIN Restricts the user to the automatic login mechanism when logging in to an account. When set, the flag disables login by any terminal that requires entry of a user name and password. The default is to require a user name and password (NOAUTOLOGIN).
CAPTIVE Prevents the user from changing any defaults at login, for example, /CLI or /LGICMD. It prevents the user from escaping the captive login command procedure specified by the /LGICMD qualifier and gaining access to the DCL command level. Refer to "Guidelines for Captive Command Procedures" in the HP OpenVMS Guide to System Security.

The CAPTIVE flag also establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. By default, an account is not captive (NOCAPTIVE).

DEFCLI Restricts the user to the default command interpreter by prohibiting the use of the /CLI qualifier at login. By default, a user can choose a CLI (NODEFCLI).
DISCTLY Establishes an environment where Ctrl/Y interrupts are initially turned off and are invalid until a SET CONTROL=Y is encountered. This could happen in SYLOGIN.COM or in a procedure called by SYLOGIN.COM. Once a SET CONTROL=Y is executed (which requires no privilege), a user can enter a Ctrl/Y and reach the DCL prompt ($). If the intent of DISCTLY is to force execution of the login command files, then SYLOGIN.COM should issue the DCL command SET CONTROL=Y to turn on Ctrl/Y interrupts before exiting. By default, Ctrl/Y is enabled (NODISCTLY).
DISFORCE_PWD_CHANGE Removes the requirement that a user must change an expired password at login. By default, a person can use an expired password only once (NODISFORCE_PWD_CHANGE) and then is forced to change the password after logging in. If the user does not select a new password, the user is locked out of the system.

To use this feature, set a password expiration date with the /PWDLIFETIME qualifier.

DISIMAGE Prevents the user from executing RUN and foreign commands. By default, a user can execute RUN and foreign commands (NODISIMAGE).
DISMAIL Disables mail delivery to the user. By default, mail delivery is enabled (NODISMAIL).
DISNEWMAIL Suppresses announcements of new mail at login. By default, the system announces new mail (NODISNEWMAIL).
DISPWDDIC Disables automatic screening of new passwords against a system dictionary. By default, passwords are automatically screened (NODISPWDDIC).
DISPWDHIS Disables automatic checking of new passwords against a list of the user's old passwords. By default, the system screens new passwords (NODISPWDHIS).
DISPWDSYNCH Suppresses synchronization of the external password for this account. See bit 9 in the SECURITY_POLICY system parameter for systemwide password synchronization control.
DISRECONNECT Disables automatic reconnection to an existing process when a terminal connection has been interrupted. By default, automatic reconnection is enabled (NODISRECONNECT).
DISREPORT Suppresses reports of the last login time, login failures, and other security reports. By default, login information is displayed (NODISREPORT).
DISUSER Disables the account so the user cannot log in. For example, the DEFAULT account is disabled. By default, an account is enabled (NODISUSER).
DISWELCOME Suppresses the welcome message (an informational message displayed during a local login). This message usually indicates the version number of the operating system that is running and the name of the node on which the user is logged in. By default, a system login message appears (NODISWELCOME).
EXTAUTH Considers user to be authenticated by an external user name and password, not by the SYSUAF user name and password. (The system still uses the SYSUAF record to check a user's login restrictions and quotas and to create the user's process profile.)
GENPWD Restricts the user to generated passwords. By default, users choose their own passwords (NOGENPWD).
LOCKPWD Prevents the user from changing the password for the account. By default, users can change their passwords (NOLOCKPWD).
PWD_EXPIRED Marks a password as expired. The user cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not expired after login (NOPWD_EXPIRED).
PWD2_EXPIRED Marks a secondary password as expired. Users cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not set to expire after login (NOPWD2_EXPIRED).
PWDMIX Enables case-sensitive and extended-character passwords.

After PWDMIX is specified, you can then use mixed-case and extended characters in passwords. Be aware that before the PWDMIX flag is enabled, the system stores passwords in all upper-case. Therefore, until you change passwords, you must enter your pre-PWDMIX passwords in upper-case.

To change the password after PWDMIX is enabled:

  • You (the user) can use the DCL command SET PASSWORD, specifying the new mixed-case password (omitting quotation marks).
  • You (the system manager) can use the AUTHORIZE command MODIFY/PASSWORD, and enclose the user's new mixed-case password in quotation marks " " .
RESTRICTED Prevents the user from changing any defaults at login (for example, by specifying /LGICMD) and prohibits user specification of a CLI with the /CLI qualifier. The RESTRICTED flag establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. Typically, this flag is used to prevent an applications user from having unrestricted access to the CLI. By default, a user can change defaults (NORESTRICTED).
VMSAUTH Allows account to use standard (SYSUAF) authentication when the EXTAUTH flag would otherwise require external authentication. This depends on the application. An application specifies the VMS domain of interpretation when calling SYS$ACM to request standard VMS authentication for a user account that normally uses external authentication.

/GENERATE_PASSWORD[=keyword]

/NOGENERATE_PASSWORD (default)

Invokes the password generator to create user passwords. Generated passwords can consist of 1 to 10 characters. Specify one of the following keywords:
BOTH Generate primary and secondary passwords.
CURRENT Do whatever the DEFAULT account does (for example, generate primary, secondary, both, or no passwords). This is the default keyword.
PRIMARY Generate primary password only.
SECONDARY Generate secondary password only.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, users are forced to change their passwords (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

/INTERACTIVE[ =(range[,...])]

/NOINTERACTIVE

Specifies the hours of access for interactive logins. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on interactive logins.

/JTQUOTA=value

Specifies the initial byte quota with which the jobwide logical name table is to be created. By default, the value is 4096 on VAX systems and 4096 on Alpha systems.

/LGICMD=filespec

Specifies the name of the default login command file. The file name defaults to the device specified for /DEVICE, the directory specified for /DIRECTORY, a file name of LOGIN, and a file type of .COM. If you select the defaults for all these values, the file name is SYS$SYSTEM:[USER]LOGIN.COM.

/LOCAL[=(range[,...])]

Specifies hours of access for interactive logins from local terminals. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on local logins.

/MAXACCTJOBS=value

Specifies the maximum number of batch, interactive, and detached processes that can be active at one time for all users of the same account. By default, a user has a maximum of 0, which represents an unlimited number.

/MAXDETACH=value

Specifies the maximum number of detached processes with the cited user name that can be active at one time. To prevent the user from creating detached processes, specify the keyword NONE. By default, a user has a value of 0, which represents an unlimited number.

/MAXJOBS=value

Specifies the maximum number of processes (interactive, batch, detached, and network) with the cited user name that can be active simultaneously. The first four network jobs are not counted. By default, a user has a maximum value of 0, which represents an unlimited number.

/NETWORK[=(range[,...])]

Specifies hours of access for network batch jobs. For a description of how to specify the range, see the /ACCESS qualifier. By default, network logins have no access restrictions.

/OWNER=owner-name

Specifies the name of the owner of the account. You can use this name for billing purposes or similar applications. The owner name is 1 to 31 characters. No default owner name exists.

/PASSWORD=(password1[,password2])

/NOPASSWORD

Specifies up to two passwords for login. Passwords can be from 0 to 32 alphanumeric characters in length. The dollar sign ($) and underscore (_) are also permitted.

Uppercase and lowercase characters are equivalent. All lowercase characters are converted to uppercase before the password is encrypted. Avoid using the word password as the actual password.

Use the /PASSWORD qualifier as follows:

  • To set only the first password and clear the second, specify /PASSWORD=password.
  • To set both the first and second password, specify /PASSWORD=(password1, password2).
  • To change the first password without affecting the second, specify /PASSWORD=(password, "").
  • To change the second password without affecting the first, specify /PASSWORD=("", password).
  • To set both passwords to null, specify /NOPASSWORD.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, the user is forced to change the password (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

When you create a new UAF record with the COPY command, you must specify a password.

/PBYTLM

This flag is reserved for HP.

/PGFLQUOTA=value

Specifies the paging file limit. This is the maximum number of pages that the person's process can use in the system paging file. By default, the value is 32768 pages on VAX systems and 50000 pagelets on Alpha systems.

If decompressing libraries, make sure to set PGFLQUOTA to twice the size of the library.

/PRCLM=value

Specifies the subprocess creation limit. This is the maximum number of subprocesses that can exist at one time for the specified user's process. By default, the value is 2 on VAX systems and 8 on Alpha systems.

/PRIMEDAYS=([NO]day[,...])

Defines the primary and secondary days of the week for logging in. Specify the days as a list separated by commas, and enclose the list in parentheses. To specify a secondary day, prefix the day with NO (for example, NOFRIDAY). To specify a primary day, omit the NO prefix.

By default, primary days are Monday through Friday and secondary days are Saturday and Sunday. If you omit a day from the list, AUTHORIZE uses the default value. (For example, if you omit Monday from the list, AUTHORIZE defines Monday as a primary day.)

Use the primary and secondary day definitions in conjunction with such qualifiers as /ACCESS, /INTERACTIVE, and /BATCH.

/PRIORITY=value

Specifies the default base priority. The value is an integer in the range of 0 to 31 on VAX systems and 0 to 63 on Alpha systems. By default, the value is set to 4 for timesharing users.

/PRIVILEGES=([NO]privname[,...])

Specifies which privileges the user is authorized to hold, although these privileges are not necessarily enabled at login. (The /DEFPRIVILEGES qualifier determines which ones are enabled.) A NO prefix removes the privilege from the user. The keyword NOALL disables all user privileges. Many privileges have varying degrees of power and potential system impact (see the HP OpenVMS Guide to System Security for a detailed discussion). By default, a user holds TMPMBX and NETMBX privileges. Privname is the name of the privilege.

/PWDEXPIRED (default)

/NOPWDEXPIRED

Specifies the password is valid for only one login. A user must change a password immediately after login or be locked out of the system. The system warns users of password expiration. A user can either specify a new password, with the DCL command SET PASSWORD, or wait until expiration and be forced to change. By default, a user must change a password when first logging in to an account. The default is applied to the account only when the password is being modified.

/PWDLIFETIME=time (default)

/NOPWDLIFETIME

Specifies the length of time a password is valid. Specify a delta time value in the form [dddd-] [hh:mm:ss.cc]. For example, for a lifetime of 120 days, 0 hours, and 0 seconds, specify /PWDLIFETIME="120-". For a lifetime of 120 days 12 hours, 30 minutes and 30 seconds, specify /PWDLIFETIME="120-12:30:30". If a period longer than the specified time elapses before the user logs in, the system displays a warning message. The password is marked as expired.

To prevent a password from expiring, specify the time as NONE. By default, a password expires in 90 days.

/PWDMINIMUM=value

Specifies the minimum password length in characters. Note that this value is enforced only by the DCL command SET PASSWORD. It does not prevent you from entering a password shorter than the minimum length when you use AUTHORIZE to create or modify an account. By default, a password must have at least 6 characters. The value specified by the /PWDMINIMUM qualifier conflicts with the value used by the /GENERATE_PASSWORD qualifier or the DCL command SET PASSWORD/GENERATE, the operating system chooses the lesser value. The maximum value for generated passwords is 10.

/QUEPRIO=value

Reserved for future use.

/REMOTE[=(range[,...])]

Specifies hours during which access is permitted for interactive logins from network remote terminals (with the DCL command SET HOST). For a description of the range specification, see the /ACCESS qualifier. By default, remote logins have no access restrictions.

/SHRFILLM=value

Specifies the maximum number of shared files that the user can have open at one time. By default, the system assigns a value of 0, which represents an infinite number.

/TQELM

Specifies the total number of entries in the timer queue plus the number of temporary common event flag clusters that the user can have at one time. By default, a user can have 10.

/UIC=value

Specifies the user identification code (UIC). The UIC value is a group number in the range from 1 to 37776 (octal) and a member number in the range from 0 to 177776 (octal), which are separated by a comma and enclosed in brackets. HP reserves group 1 and groups 300--377 for its own use.

Each user must have a unique UIC. By default, the UIC value is [200,200].

/WSDEFAULT=value

Specifies the default working set limit. This represents the initial limit to the number of physical pages the process can use. (The user can alter the default quantity up to WSQUOTA with the DCL command SET WORKING_SET.) By default, a user has 256 pages on VAX systems and 2000 pagelets on Alpha systems.

The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSDEFAULT.

/WSEXTENT=value

Specifies the working set maximum. This represents the maximum amount of physical memory allowed to the process. The system provides memory to a process beyond its working set quota only when it has excess free pages. The additional memory is recalled by the system if needed.

The value is an integer equal to or greater than WSQUOTA. By default, the value is 1024 pages on VAX systems and 16384 pagelets on Alpha systems. The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSEXTENT.

/WSQUOTA=value

Specifies the working set quota. This is the maximum amount of physical memory a user process can lock into its working set. It also represents the maximum amount of swap space that the system reserves for this process and the maximum amount of physical memory that the system allows the process to consume if the systemwide memory demand is significant.

The value cannot be greater than the value of WSMAX and cannot exceed 64K pages. This quota value replaces smaller values of PQL_MWSQUOTA.


Description

The COPY command creates a new SYSUAF record that duplicates an existing SYSUAF record. The command requires the /PASSWORD qualifier. If you do not specify additional qualifiers to the COPY command, the fields in the record you create are the same as those in the record being copied.

For example, you could add a record for a new user named Thomas Sparrow that is identical to that of Joseph Robin (but presumably different from the default record), as follows:


UAF> COPY ROBIN SPARROW /PASSWORD=SP0152

However, to add a record for Thomas Sparrow that differs from Joseph Robin's in the UIC, directory name, password, and owner, specify the following command:


UAF> COPY ROBIN SPARROW /UIC=[200,13]/DIRECTORY=[SPARROW] -
_/PASSWORD=THOMAS/OWNER="THOMAS SPARROW"

You can also use the COPY command to create a set of template records to meet the specific needs of various user groups. For example, if you have programmers, administrators, and data entry personnel working on the same system, you can create records such as PROGRAMMER, ADMINISTRATOR, and DATA_ENTRY, each tailored to the needs of a particular group. To add an account for a new user in one of these groups, copy the appropriate template record and specify a new user name, password, UIC, directory, and owner.

If you omit the /PASSWORD qualifier when you create an account, AUTHORIZE displays the following error message:


%UAF-W-DEFPWD, copied or renamed records must receive new password

To specify a password for the account, use the MODIFY command with the /PASSWORD qualifier.


Examples

#1

UAF> COPY ROBIN SPARROW /PASSWORD=SP0152
%UAF-I-COPMSG, user record copied
%UAF-E-RDBADDERRU, unable to add SPARROW value: [000014,00006] to
      RIGHTSLIST.DAT   -SYSTEM-F-DUPIDENT, duplicate identifier
      

The command in this example adds a record for Thomas Sparrow that is identical, except for the password, to that of Joseph Robin. Note that because the UIC value has no change, no identifier is added to RIGHTSLIST.DAT. AUTHORIZE issues a "duplicate identifier" error message.

#2

UAF> COPY ROBIN SPARROW /UIC=[200,13]/DIRECTORY=[SPARROW] -
_/PASSWORD=THOMAS/OWNER="THOMAS SPARROW"
%UAF-I-COPMSG, user record copied
%UAF-I-RDBADDMSGU, identifier SPARROW value: [000200,000013] added to
      RIGHTSLIST.DAT
      

The command in this example adds a record for Thomas Sparrow that is the same as Joseph Robin's except for the UIC, directory name, password, and owner. Note that you could use a similar command to copy a template record when adding a record for a new user in a particular user group.

CREATE/PROXY

Creates and initializes the network proxy authorization files. The primary network proxy authorization file is NET$PROXY.DAT. The file NETPROXY.DAT is maintained for compatibility.

Note

Do not delete NETPROXY.DAT because DECnet Phase IV and many layered products still use it.

Format

CREATE/PROXY


Parameters

None.

Qualifiers

None.

Description

NETPROXY.DAT is created with no records and is assigned the following protection:


(S:RWED,O:RWED,G,W)

NET$PROXY.DAT is created with no records and is assigned the following protection:


(S:RWED,O,G,W)

If NETPROXY.DAT or NET$PROXY.DAT already exist, AUTHORIZE reports the following error message:


%UAF-W-NAFAEX, NETPROXY.DAT already exists

To create a new file, you must either delete or rename the old one.


Example


UAF> CREATE/PROXY
UAF>
      

The command in this example creates and initializes the network proxy authorization file.

CREATE/RIGHTS

Creates and initializes the rights database, RIGHTSLIST.DAT.

Format

CREATE/RIGHTS


Parameters

None.

Qualifiers

None.

Description

RIGHTSLIST.DAT is created with no records and is assigned the following protection:


(S:RWED,O:RWED,G:R,W:)

Note that the file is created only if the file does not already exist.


Example


UAF> CREATE/RIGHTS
%UAF-E-RDBCREERR, unable to create RIGHTSLIST.DAT
-RMS-E-FEX, file already exists, not superseded
      

You can use the command in this example to create and initialize a new rights database. Note, however, that RIGHTSLIST.DAT is created automatically during the installation process. Thus, you must delete or rename the existing file before creating a new one. For more information about rights database management, refer to the HP OpenVMS Guide to System Security.

DEFAULT

Modifies the SYSUAF's DEFAULT record.

Format

DEFAULT


Parameters

None.

Qualifiers

/ACCESS[=(range[,...])]

/NOACCESS[=(range[,...])]

Specifies hours of access for all modes of access. The syntax for specifying the range is:

/[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])

Specify hours as integers from 0 to 23, inclusive. You can specify single hours (n) or ranges of hours (n-m). If the ending hour of a range is earlier than the starting hour, the range extends from the starting hour through midnight to the ending hour. The first set of hours after the keyword PRIMARY specifies hours on primary days; the second set of hours after the keyword SECONDARY specifies hours on secondary days. Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour.

By default, a user has full access every day. See the DCL command SET DAY in the HP OpenVMS DCL Dictionary for information about overriding the defaults for primary and secondary day types.

All the list elements are optional. Unless you specify hours for a day type, access is permitted for the entire day. By specifying an access time, you prevent access at all other times. Adding NO to the qualifier denies the user access to the system for the specified period of time. See the following examples.

/ACCESS Allows unrestricted access
/NOACCESS=SECONDARY Allows access on primary days only
/ACCESS=(9-17) Allows access from 9 A.M. to 5:59 P.M. on all days
/NOACCESS=(PRIMARY, 9-17, SECONDARY, 18-8) Disallows access between 9 A.M. to 5:59 P.M. on primary days but allows access during these hours on secondary days

To specify access hours for specific types of access, see the /BATCH, /DIALUP, /INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.

Refer to HP OpenVMS Guide to System Security for information about the effects of login class restrictions.

/ACCOUNT=account-name

Specifies the default name for the account (for example, a billing name or number). The name can be a string of 1 to 8 alphanumeric characters. By default, AUTHORIZE does not assign an account name.

/ALGORITHM=keyword=type [=value]

Sets the password encryption algorithm for a user. The keyword VMS refers to the algorithm used in the operating system version that is running on your system, whereas a customer algorithm is one that is added through the $HASH_PASSWORD system service by a customer site, by a layered product, or by a third party. The customer algorithm is identified in $HASH_PASSWORD by an integer in the range of 128 to 255. It must correspond with the number used in the AUTHORIZE command MODIFY/ALGORITHM. By default, passwords are encrypted with the VMS algorithm for the current version of the operating system.
Keyword Function
BOTH Set the algorithm for primary and secondary passwords.
CURRENT Set the algorithm for the primary, secondary, both, or no passwords, depending on account status. CURRENT is the default value.
PRIMARY Set the algorithm for the primary password only.
SECONDARY Set the algorithm for the secondary password only.

The following table lists password encryption algorithms:

Type Definition
VMS The algorithm used in the version of the operating system that is running on your system.
CUSTOMER A numeric value in the range of 128 to 255 that identifies a customer algorithm.

The following example selects the VMS algorithm for Sontag's primary password:


UAF>  MODIFY SONTAG/ALGORITHM=PRIMARY=VMS

If you select a site-specific algorithm, you must give a value to identify the algorithm, as follows:


UAF>  MODIFY SONTAG/ALGORITHM=CURRENT=CUSTOMER=128

/ASTLM=value

Specifies the AST queue limit, which is the total number of asynchronous system trap (AST) operations and scheduled wake-up requests that the user can have queued at one time. The default is 40 on VAX systems and 250 on Alpha systems.

/BATCH[=(range[,...])]

Specifies the hours of access permitted for batch jobs. For a description of the range specification, see the /ACCESS qualifier. By default, a user can submit batch jobs any time.

/BIOLM=value

Specifies a buffered I/O count limit for the BIOLM field of the UAF record. The buffered I/O count limit is the maximum number of buffered I/O operations, such as terminal I/O, that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems.

/BYTLM=value

Specifies the buffered I/O byte limit for the BYTLM field of the UAF record. The buffered I/O byte limit is the maximum number of bytes of nonpaged system dynamic memory that a user's job can consume at one time. Nonpaged dynamic memory is used for operations such as I/O buffering, mailboxes, and file-access windows. The default is 32768 on VAX systems and 64000 on Alpha systems.

/CLI=cli-name

Specifies the name of the default command language interpreter (CLI) for the CLI field of the UAF record. The cli-name is a string of 1 to 31 alphanumeric characters and should be DCL, which is the default. This setting is ignored for network jobs.

/CLITABLES=filespec

Specifies user-defined CLI tables for the account. The filespec can contain 1 to 31 characters. The default is SYS$LIBRARY:DCLTABLES. Note that this setting is ignored for network jobs to guarantee that the system-supplied command procedures used to implement network objects function properly.

/CPUTIME=time

Specifies the maximum process CPU time for the CPU field of the UAF record. The maximum process CPU time is the maximum amount of CPU time a user's process can take per session. You must specify a delta time value. For a discussion of delta time values, refer to the OpenVMS User's Manual. The default is 0, which means an infinite amount of time.

/DEFPRIVILEGES=([NO]privname[,...])

Specifies default privileges for the user; that is, those enabled at login time. A NO prefix removes a privilege from the user. By specifying the keyword [NO]ALL with the /DEFPRIVILEGES qualifier, you can disable or enable all user privileges. The default privileges are TMPMBX and NETMBX. Privname is the name of the privilege.

/DEVICE=device-name

Specifies the name of the user's default device at login. The device-name is a string of 1 to 31 alphanumeric characters. If you omit the colon from the device-name value, AUTHORIZE appends a colon. The default device is SYS$SYSDISK.

If you specify a logical name as the device-name (for example, DISK1: for DUA1:), you must make an entry for the logical name in the LNM$SYSTEM_TABLE in executive mode by using the DCL command DEFINE/SYSTEM/EXEC.

/DIALUP[=(range[,...])]

Specifies hours of access permitted for dialup logins. For a description of the range specification, see the /ACCESS qualifier. The default is full access.

/DIOLM=value

Specifies the direct I/O count limit for the DIOLM field of the UAF record. The direct I/O count limit is the maximum number of direct I/O operations (usually disk) that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems.

/DIRECTORY=directory-name

Specifies the default directory name for the DIRECTORY field of the UAF record. The directory-name can be 1 to 39 alphanumeric characters. If you do not enclose the directory name in brackets, AUTHORIZE adds the brackets for you. The default directory name is [USER].

/ENQLM=value

Specifies the lock queue limit for the ENQLM field of the UAF record. The lock queue limit is the maximum number of locks that can be queued by the user at one time. The default is 200 on VAX systems and 2000 on Alpha systems.

/EXPIRATION=time (default)

/NOEXPIRATION

Specifies the expiration date and time of the account. The /NOEXPIRATION qualifier removes the expiration date on the account. If you do not specify an expiration time when you add a new account, AUTHORIZE copies the expiration time from the DEFAULT account. (The expiration time on the DEFAULT account is "none" by default.)

/FILLM=value

Specifies the open file limit for the FILLM field of the UAF record. The open file limit is the maximum number of files that can be open at one time, including active network logical links. The default is 300 on VAX systems and 100 on Alpha systems.

/FLAGS=([NO]option[,...])

Specifies login flags for the user. The prefix NO clears the flag. The options are as follows:
AUDIT Enables or disables mandatory security auditing for a specific user. By default, the system does not audit the activities of specific users (NOAUDIT).
AUTOLOGIN Restricts the user to the automatic login mechanism when logging in to an account. When set, the flag disables login by any terminal that requires entry of a user name and password. The default is to require a user name and password (NOAUTOLOGIN).
CAPTIVE Prevents the user from changing any defaults at login, for example, /CLI or /LGICMD. It prevents the user from escaping the captive login command procedure specified by the /LGICMD qualifier and gaining access to the DCL command level. Refer to "Guidelines for Captive Command Procedures" in the HP OpenVMS Guide to System Security.

The CAPTIVE flag also establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. By default, an account is not captive (NOCAPTIVE).

DEFCLI Restricts the user to the default command interpreter by prohibiting the use of the /CLI qualifier at login. By default, a user can choose a CLI (NODEFCLI).
DISCTLY Establishes an environment where Ctrl/Y interrupts are initially turned off and are invalid until a SET CONTROL=Y is encountered. This could happen in SYLOGIN.COM or in a procedure called by SYLOGIN.COM. Once a SET CONTROL=Y is executed (which requires no privilege), a user can enter a Ctrl/Y and reach the DCL prompt ($). If the intent of DISCTLY is to force execution of the login command files, then SYLOGIN.COM should issue the DCL command SET CONTROL=Y to turn on Ctrl/Y interrupts before exiting. By default, Ctrl/Y is enabled (NODISCTLY).
DISFORCE_PWD_CHANGE Removes the requirement that a user must change an expired password at login. By default, a person can use an expired password only once (NODISFORCE_PWD_CHANGE) and then is forced to change the password after logging in. If the user does not select a new password, the user is locked out of the system.

To use this feature, set a password expiration date with the /PWDLIFETIME qualifier.

DISIMAGE Prevents the user from executing RUN and foreign commands. By default, a user can execute RUN and foreign commands (NODISIMAGE).
DISMAIL Disables mail delivery to the user. By default, mail delivery is enabled (NODISMAIL).
DISNEWMAIL Suppresses announcements of new mail at login. By default, the system announces new mail (NODISNEWMAIL).
DISPWDDIC Disables automatic screening of new passwords against a system dictionary. By default, passwords are automatically screened (NODISPWDDIC).
DISPWDHIS Disables automatic checking of new passwords against a list of the user's old passwords. By default, the system screens new passwords (NODISPWDHIS).
DISPWDSYNCH Suppresses synchronization of the external password for this account. See bit 9 in the SECURITY_POLICY system parameter for systemwide password synchronization control.
DISRECONNECT Disables automatic reconnection to an existing process when a terminal connection has been interrupted. By default, automatic reconnection is enabled (NODISRECONNECT).
DISREPORT Suppresses reports of the last login time, login failures, and other security reports. By default, login information is displayed (NODISREPORT).
DISUSER Disables the account so the user cannot log in. For example, the DEFAULT account is disabled. By default, an account is enabled (NODISUSER).
DISWELCOME Suppresses the welcome message (an informational message displayed during a local login). This message usually indicates the version number of the operating system that is running and the name of the node on which the user is logged in. By default, a system login message appears (NODISWELCOME).
EXTAUTH Considers user to be authenticated by an external user name and password, not by the SYSUAF user name and password. (The system still uses the SYSUAF record to check a user's login restrictions and quotas and to create the user's process profile.)
GENPWD Restricts the user to generated passwords. By default, users choose their own passwords (NOGENPWD).
LOCKPWD Prevents the user from changing the password for the account. By default, users can change their passwords (NOLOCKPWD).
PWD_EXPIRED Marks a password as expired. The user cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not expired after login (NOPWD_EXPIRED).
PWD2_EXPIRED Marks a secondary password as expired. Users cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not set to expire after login (NOPWD2_EXPIRED).
PWDMIX Enables case-sensitive and extended-character passwords.

After PWDMIX is specified, you can then use mixed-case and extended characters in passwords. Be aware that before the PWDMIX flag is enabled, the system stores passwords in all upper-case. Therefore, until you change passwords, you must enter your pre-PWDMIX passwords in upper-case.

To change the password after PWDMIX is enabled:

  • You (the user) can use the DCL command SET PASSWORD, specifying the new mixed-case password (omitting quotation marks).
  • You (the system manager) can use the AUTHORIZE command MODIFY/PASSWORD, and enclose the user's new mixed-case password in quotation marks " " .
RESTRICTED Prevents the user from changing any defaults at login (for example, by specifying /LGICMD) and prohibits user specification of a CLI with the /CLI qualifier. The RESTRICTED flag establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. Typically, this flag is used to prevent an applications user from having unrestricted access to the CLI. By default, a user can change defaults (NORESTRICTED).
VMSAUTH Allows account to use standard (SYSUAF) authentication when the EXTAUTH flag would otherwise require external authentication. This depends on the application. An application specifies the VMS domain of interpretation when calling SYS$ACM to request standard VMS authentication for a user account that normally uses external authentication.

/GENERATE_PASSWORD[=keyword]

/NOGENERATE_PASSWORD (default)

Invokes the password generator to create user passwords. Generated passwords can consist of 1 to 10 characters. Specify one of the following keywords:
BOTH Generate primary and secondary passwords.
CURRENT Do whatever the DEFAULT account does (for example, generate primary, secondary, both, or no passwords). This is the default keyword.
PRIMARY Generate primary password only.
SECONDARY Generate secondary password only.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, users are forced to change their passwords (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

/INTERACTIVE[ =(range[,...])]

/NOINTERACTIVE

Specifies the hours of access for interactive logins. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on interactive logins.

/JTQUOTA=value

Specifies the initial byte quota with which the jobwide logical name table is to be created. By default, the value is 4096 on VAX systems and 4096 on Alpha systems.

/LGICMD=filespec

Specifies the name of the default login command file. The file name defaults to the device specified for /DEVICE, the directory specified for /DIRECTORY, a file name of LOGIN, and a file type of .COM. If you select the defaults for all these values, the file name is SYS$SYSTEM:[USER]LOGIN.COM.

/LOCAL[=(range[,...])]

Specifies hours of access for interactive logins from local terminals. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on local logins.

/MAXACCTJOBS=value

Specifies the maximum number of batch, interactive, and detached processes that can be active at one time for all users of the same account. By default, a user has a maximum of 0, which represents an unlimited number.

/MAXDETACH=value

Specifies the maximum number of detached processes with the cited user name that can be active at one time. To prevent the user from creating detached processes, specify the keyword NONE. By default, a user has a value of 0, which represents an unlimited number.

/MAXJOBS=value

Specifies the maximum number of processes (interactive, batch, detached, and network) with the cited user name that can be active simultaneously. The first four network jobs are not counted. By default, a user has a maximum value of 0, which represents an unlimited number.

/MODIFY_IDENTIFIER (default)

/NOMODIFY_IDENTIFIER

Specifies whether the identifier associated with the user is to be modified in the rights database. This qualifier applies only when you modify the UIC or user name in the UAF record. By default, the associated identifiers are modified.

/NETWORK[=(range[,...])]

Specifies hours of access for network batch jobs. For a description of how to specify the range, see the /ACCESS qualifier. By default, network logins have no access restrictions.

/OWNER=owner-name

Specifies the name of the owner of the account. You can use this name for billing purposes or similar applications. The owner name is 1 to 31 characters. No default owner name exists.

/PASSWORD=(password1[,password2])

/NOPASSWORD

Specifies up to two passwords for login. Passwords can be from 0 to 32 alphanumeric characters in length. The dollar sign ($) and underscore (_) are also permitted.

Uppercase and lowercase characters are equivalent. All lowercase characters are converted to uppercase before the password is encrypted. Avoid using the word password as the actual password.

Use the /PASSWORD qualifier as follows:

  • To set only the first password and clear the second, specify /PASSWORD=password.
  • To set both the first and second password, specify /PASSWORD=(password1, password2).
  • To change the first password without affecting the second, specify /PASSWORD=(password, "").
  • To change the second password without affecting the first, specify /PASSWORD=("", password).
  • To set both passwords to null, specify /NOPASSWORD.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, the user is forced to change the password (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

/PBYTLM

This flag is reserved for HP.

/PGFLQUOTA=value

Specifies the paging file limit. This is the maximum number of pages that the person's process can use in the system paging file. By default, the value is 32768 pages on VAX systems and 50000 pagelets on Alpha systems.

If decompressing libraries, make sure to set PGFLQUOTA to twice the size of the library.

/PRCLM=value

Specifies the subprocess creation limit. This is the maximum number of subprocesses that can exist at one time for the specified user's process. By default, the value is 2 on VAX systems and 8 on Alpha systems.

/PRIMEDAYS=([NO]day[,...])

Defines the primary and secondary days of the week for logging in. Specify the days as a list separated by commas, and enclose the list in parentheses. To specify a secondary day, prefix the day with NO (for example, NOFRIDAY). To specify a primary day, omit the NO prefix.

By default, primary days are Monday through Friday and secondary days are Saturday and Sunday. If you omit a day from the list, AUTHORIZE uses the default value. (For example, if you omit Monday from the list, AUTHORIZE defines Monday as a primary day.)

Use the primary and secondary day definitions in conjunction with such qualifiers as /ACCESS, /INTERACTIVE, and /BATCH.

/PRIORITY=value

Specifies the default base priority. The value is an integer in the range of 0 to 31 on VAX systems and 0 to 63 on Alpha systems. By default, the value is set to 4 for timesharing users.

/PRIVILEGES=([NO]privname[,...])

Specifies which privileges the user is authorized to hold, although these privileges are not necessarily enabled at login. (The /DEFPRIVILEGES qualifier determines which ones are enabled.) A NO prefix removes the privilege from the user. The keyword NOALL disables all user privileges. Many privileges have varying degrees of power and potential system impact (see the HP OpenVMS Guide to System Security for a detailed discussion). By default, a user holds TMPMBX and NETMBX privileges. Privname is the name of the privilege.

/PWDEXPIRED (default)

/NOPWDEXPIRED

Specifies the password is valid for only one login. A user must change a password immediately after login or be locked out of the system. The system warns users of password expiration. A user can either specify a new password, with the DCL command SET PASSWORD, or wait until expiration and be forced to change. By default, a user must change a password when first logging in to an account. The default is applied to the account only when the password is being modified.

/PWDLIFETIME=time (default)

/NOPWDLIFETIME

Specifies the length of time a password is valid. Specify a delta time value in the form [dddd-] [hh:mm:ss.cc]. For example, for a lifetime of 120 days, 0 hours, and 0 seconds, specify /PWDLIFETIME="120-". For a lifetime of 120 days 12 hours, 30 minutes and 30 seconds, specify /PWDLIFETIME="120-12:30:30". If a period longer than the specified time elapses before the user logs in, the system displays a warning message. The password is marked as expired.

To prevent a password from expiring, specify the time as NONE. By default, a password expires in 90 days.

/PWDMINIMUM=value

Specifies the minimum password length in characters. Note that this value is enforced only by the DCL command SET PASSWORD. It does not prevent you from entering a password shorter than the minimum length when you use AUTHORIZE to create or modify an account. By default, a password must have at least 6 characters. The value specified by the /PWDMINIMUM qualifier conflicts with the value used by the /GENERATE_PASSWORD qualifier or the DCL command SET PASSWORD/GENERATE, the operating system chooses the lesser value. The maximum value for generated passwords is 10.

/QUEPRIO=value

Reserved for future use.

/REMOTE[=(range[,...])]

Specifies hours during which access is permitted for interactive logins from network remote terminals (with the DCL command SET HOST). For a description of the range specification, see the /ACCESS qualifier. By default, remote logins have no access restrictions.

/SHRFILLM=value

Specifies the maximum number of shared files that the user can have open at one time. By default, the system assigns a value of 0, which represents an infinite number.

/TQELM

Specifies the total number of entries in the timer queue plus the number of temporary common event flag clusters that the user can have at one time. By default, a user can have 10.

/UIC=value

Specifies the user identification code (UIC). The UIC value is a group number in the range from 1 to 37776 (octal) and a member number in the range from 0 to 177776 (octal), which are separated by a comma and enclosed in brackets. HP reserves group 1 and groups 300--377 for its own use.

Each user must have a unique UIC. By default, the UIC value is [200,200].

/WSDEFAULT=value

Specifies the default working set limit. This represents the initial limit to the number of physical pages the process can use. (The user can alter the default quantity up to WSQUOTA with the DCL command SET WORKING_SET.) By default, a user has 256 pages on VAX systems and 2000 pagelets on Alpha systems.

The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSDEFAULT.

/WSEXTENT=value

Specifies the working set maximum. This represents the maximum amount of physical memory allowed to the process. The system provides memory to a process beyond its working set quota only when it has excess free pages. The additional memory is recalled by the system if needed.

The value is an integer equal to or greater than WSQUOTA. By default, the value is 1024 pages on VAX systems and 16384 pagelets on Alpha systems. The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSEXTENT.

/WSQUOTA=value

Specifies the working set quota. This is the maximum amount of physical memory a user process can lock into its working set. It also represents the maximum amount of swap space that the system reserves for this process and the maximum amount of physical memory that the system allows the process to consume if the systemwide memory demand is significant.

The value cannot be greater than the value of WSMAX and cannot exceed 64K pages. This quota value replaces smaller values of PQL_MWSQUOTA.


Description

Modify the DEFAULT record when qualifiers normally assigned to a new user differ from the HP-supplied values. The following qualifiers correspond to fields in the default record that are commonly modified:
Qualifier Reason for Modification
/CLI Specifies the default Command Line Interpreter to be used for this user. (Most OpenVMS users use the DCL command interpreter.)
/DEVICE If most users have the same default login device, allows you to specify a default login device for newly-created users.

The use of a logical name is recommended.

/LGICMD Specifies the filename of a command procedure to be invoked during the login of the user.
  1. OpenVMS first looks for a systemwide login command procedure, using the systemwide logical name SYS$SYLOGIN. If this logical name successfully translates to a valid file specification, the command interpreter invokes the resulting command procedure during login.

    If the file specification does not include a file extension, the command interpreter applies a default value that is specific to that command interpreter. In the case of the DCL interpreter, the default file extension is .COM.

  2. OpenVMS then looks for a LGICMD specification. If it finds this specification, OpenVMS invokes the command procedure.

    If the LGICMD specification does not include a file extension, the current command interpreter applies a default value. In the case of the DCL interpreter, the default file extension is .COM.

You can disable or override the command procedure invocation during login by specifying qualifiers such as /NOCOMMAND or /LGICMD at the login username prompt.

Also see the CAPTIVE and RESTRICTED flags.

/PRIVILEGES When users are given different privileges than those supplied by HP.
Quota qualifiers When the default quotas are insufficient or inappropriate for mainstream work.

Example


UAF> DEFAULT /DEVICE=SYS$USER/LGICMD=SYS$MANAGER:SECURELGN -
_UAF> /PRIVILEGES=(TMPMBX,GRPNAM,GROUP)
%UAF-I-MDFYMSG, user record(s) updated
      

The command in this example modifies the DEFAULT record, changing the default device, default login command file, and default privileges.

EXIT

Enables you to exit from AUTHORIZE and return to DCL command level. You can also return to command level by pressing Ctrl/Z.

Format

EXIT


Parameters

None.

Qualifiers

None.

GRANT/IDENTIFIER

Assigns the specified identifier to the user and documents the user as a holder of the identifier in the rights database.

Format

GRANT/IDENTIFIER id-name user-spec


Parameters

id-name

Specifies the identifier name. The identifier name is a string of 1 to 31 alphanumeric characters that can contain underscores and dollar signs. The name must contain at least one nonnumeric character.

user-spec

Specifies the UIC identifier that uniquely identifies the user on the system. This type of identifier appears in alphanumeric format. For example: [GROUP1,JONES].

Qualifier

/ATTRIBUTES=(keyword[,...])

Specifies attributes to be associated with the identifier. The following are valid keywords:
DYNAMIC Allows unprivileged holders of the identifier to remove and to restore the identifier from the process rights list by using the DCL command SET RIGHTS_LIST.
HOLDER_HIDDEN Prevents people from getting a list of users who hold an identifier, unless they own the identifier themselves.
NAME_HIDDEN Allows holders of an identifier to have it translated, either from binary to ASCII or from ASCII to binary, but prevents unauthorized users from translating the identifier.
NOACCESS Makes any access rights of the identifier null and void. If a user is granted an identifier with the No Access attribute, that identifier has no effect on the user's access rights to objects. This attribute is a modifier for an identifier with the Resource or Subsystem attribute.
RESOURCE Allows holders of an identifier to charge disk space to the identifier. Used only for file objects.
SUBSYSTEM Allows holders of the identifier to create and maintain protected subsystems by assigning the Subsystem ACE to the application images in the subsystem. Used only for file objects.

To remove an attribute from the identifier, add a NO prefix to the attribute keyword. For example, to remove the Resource attribute, specify /ATTRIBUTES=NORESOURCE.


Example


UAF> GRANT/IDENTIFIER INVENTORY [300,015]
%UAF-I-GRANTMSG, identifier INVENTORY granted to CRAMER
      

The command in this example grants the identifier INVENTORY to the user named Cramer who has UIC [300,015]. Cramer becomes the holder of the identifier and any resources associated with it. The following command produces the same result:


UAF> GRANT/IDENTIFIER INVENTORY CRAMER


Next Contents Index