Document revision date: 19 July 1999

The following sections explain how to use two different methods for adding user accounts:

• The Authorize utility (AUTHORIZE)
• A command procedure

Once you analyze the purpose of a user account and decide which attributes and resources it requires, you can use the Authorize utility (AUTHORIZE) to create the account.

How to Perform This Task

1. Give yourself the SYSPRV privilege:

   $ SET PROCESS/PRIVILEGE=SYSPRV

2. Enter the following commands to set your default device and directory to SYS$SYSTEM and invoke AUTHORIZE:

   $ SET DEFAULT SYS$SYSTEM $ RUN AUTHORIZE UAF>

3. Use the AUTHORIZE command ADD to specify attributes in the UAF fields as shown in the following example:

   UAF> ADD JONES/PASSWORD=LPB57WM/UIC=[014,1] - _UAF> /DEVICE=DISK$USER/DIRECTORY=[JONES] - _UAF> /LGICMD=DISK$USER:[NEWPROD]GRPLOGIN - _UAF> /OWNER="ROBERT JONES"/ACCOUNT=DOC

Choosing Qualifiers

This section lists the qualifiers that you can use when setting up an account with AUTHORIZE. Table 6-6 lists the qualifiers under the account attribute that they affect. See Section 6.11.2 for a detailed description of each qualifier. For a complete list of AUTHORIZE qualifiers, see the OpenVMS System Management Utilities Reference Manual.

Table 6-6 Qualifiers Used with AUTHORIZE

Limits and Quotas1
/ASTLM	/FILLM	/PRCLM
/BIOLM	/JTQUOTA	/TQELM
/BYTLM	/MAXACCTJOBS	/WSDEFAULT
/CPUTIME	/MAXDETACH	/WSEXTENT
/DIOLM	/MAXJOBS	/WSQUOTA
/ENQLM	/PGFLQUOTA
Priority2
/PRIORITY
Privileges
/DEFPRIVILEGES	/PRIVILEGES
Login Access Controls 3
/ACCESS	/FLAGS 4	/PRIMEDAYS
/DIALUP	/INTERACTIVE	/REMOTE
/EXPIRATION	/LOCAL

As an alternative to using the Authorize utility, you can use a command procedure to create user accounts. The ADDUSER.COM procedure, which is located in the SYS$EXAMPLES directory, is an example of such a procedure; it supplies prompts and several default values for creating the new account.

You can modify ADDUSER.COM as appropriate for the needs of your system. To run ADDUSER.COM, log in to the SYSTEM account and enter the following command:

$ @SYS$EXAMPLES:ADDUSER.COM

ADDUSER.COM prompts you to enter values in a number of UAF record fields. If you press Return without specifying a value for a field, ADDUSER supplies the following default values:

UAF Field	Default Value
User name	No default; must supply
Owner	No default; must supply
Password	User name specified
UIC group number	200
UIC member number	No default; must supply number
Account name	Optional
Privileges	TMPMBX,NETMBX
Login directory	User name specified
Login device	$DISK1
Disk quota	1000
Overdraft quota	100

The UIC must be unique for the system. For example, each account in the UIC group 200 must have a unique member number. You can list the UICs currently assigned to users by entering a question mark ( ? ) after the UIC member number prompt. The account is not created until you have answered all of the questions in the procedure. The procedure has the following final prompt:

Is everything satisfactory with the account [YES]?

If you press Return, the account is created and remains in SYSUAF.DAT as specified. If you enter NO, the account is removed.

Make sure users log in to their accounts promptly to change the password.

6.7 Maintaining User Accounts

As system manager, you perform a certain number of user account maintenance tasks, such as modifying and deleting accounts. The following sections explain how to perform these tasks:

Task	Section
Using command procedures for interactive accounts	Section 6.7.1
Modifying a user account	Section 6.7.2
Listing user accounts	Section 6.7.3
Maintaining the user environment	Section 6.7.4
Deleting a user account	Section 6.7.5
Using BACKUP to remove user files	Section 6.7.6
Disabling a user account	Section 6.7.7

6.7.1 Using Command Procedures for Interactive Accounts

For all accounts, login command procedures contain commands commonly executed at the beginning of every user session. These commands do such tasks as the following ones:

• Define symbols
• Assign logical names
• Display messages and the time of day
• Set terminal characteristics
• Define keys to perform certain functions
• Set process default file protection (SET PROTECTION/DEFAULT)

Login command procedures are useful for saving keystrokes and standardizing operations.

In establishing login command procedures for interactive accounts, you have the following choices:

Login Command Procedure	Description
System	As system manager, you normally create and maintain a standard login command procedure in the system directory (the file is usually named SYS$MANAGER:SYLOGIN.COM). You then assign the logical name SYS$SYLOGIN to the name of the file so that whenever a user logs in, the procedure is executed.
Individual	For any or all accounts, you can specify an additional login command procedure with the /LGICMD qualifier of the AUTHORIZE commands ADD, MODIFY, or COPY. You can give the login command procedure any valid file specification. Whenever the user logs in, the additional procedure is executed after SYS$SYLOGIN.
User-specified command file	If system (and, optionally, individual) login command procedures are not implemented, the system looks for a command file called LOGIN.COM in the user's login directory as defined by the UAF (user authorization file) record device and directory fields. If the file is found, the system executes it. The user develops and maintains this command file, which should follow these conventions: Device and directory names must take the default file specification for the account. The file name and file type must be LOGIN.COM. You can provide an aid to new users by copying a login command procedure template into newly created top-level directories. However, to ensure proper ownership of the file, change the owner UIC (user identification code) of the file to that of the user. Make this change with the DCL command SET FILE/OWNER.

Example 6-1 illustrates typical systemwide login command procedures.

Example 6-1 Sample Systemwide SYS$MANAGER:SYLOGIN.COM Login Command Procedure

$ V = F$VERIFY(0) $START: $ ! $ SET NOCONTROL=Y ! Do not allow Ctrl/Y to exit procedure $ SET NOON $ ! $ ! Allow network jobs to start faster $ ! $ IF F$MODE() .EQS. "NETWORK" THEN GOTO EXIT $ ! $ ! Enable Ctrl/T handling by DCL $ ! $ SET CONTROL=T $ ! $ ! Define Foreign Commands For Installed Utilities $ ! $ USERS == "SHOW USERS" $ DISPLAY == "MONITOR PROCESSES/TOPCPU" $ INFO == "SHOW PROCESS/CONTINUOUS" $ SUSPEND == "SET PROCESS/SUSPEND" $ RESUME == "SET PROCESS/RESUME" $ SETNAME == "SET PROCESS/NAME" $ ! $ ! Define a symbol indicating whether the terminal $ ! is on a dialup port $ ! $ TT == F$GETDVI("TT","DEVNAM")-"_" $ DIALUP == ((TT .GES. "TTG0:" .AND. TT .LES. "TTG4:") - .OR. (TT .GES. "TTH1:" .AND. TT .LES. "TTH4:") - .OR. (TT .EQS. "TTI5:")) $ IF DIALUP THEN SET TERMINAL/INQUIRE $ ! $EXIT: $ IF V THEN SET VERIFY . . . $ SET CONTROL=Y $ EXIT

As the example shows, you can disable the Ctrl/Y function (which suspends execution of the current image and invokes the command interpreter) to force execution of the complete login command procedure whenever the user logs in. Do this with the DCL command SET NOCONTROL=Y. Before the login command procedure exits, add the DCL command that resets the Ctrl/Y function (SET CONTROL=Y).

Example 6-2 shows typical abbreviations and symbols that a user might define in a login file.

Example 6-2 Sample Login Command Procedure (LOGIN.COM) for a User Account

$ SET NOON $ SET PROTECTION=(S=RD,O=RWED,G=R,W=R)/DEFAULT $ ! $ ! Define abbreviations for often used commands $ ! $ DIR*ECTORY == DIRECTORY/DATE/SIZE $ PU*RGE == PURGE/LOG $ DE*LETE == DELETE/LOG/CONFIRM $ ! $ ! $ ! Other useful abbreviations $ ! $ SHP == "SHOW PROCESS/PRIVILEGES" $ PRI*NT == "PRINT/NOTIFY" $ SHD == "SHOW DEFAULT" $ UP == "SET DEFAULT [-]" $ SP == "SET PROCESS/PRIVILEGES=" $ SQ == "SHOW QUEUE/BATCH/ALL/DEVICE" $ H*OME == "SET DEFAULT SYS$LOGIN" $ SUB*MIT == "SUBMIT/NOTIFY" $ SYS == "SHOW SYSTEM" $ DAY == "SHOW TIME" $ ! $ ! Set /LOG for all commands $ ! $ BACK*UP == "BACKUP/LOG" $ DEL*ETE == "DELETE/LOG" $ LIB*RARY == "LIBRARY/LOG" $ PUR*GE == "PURGE/LOG" $ REN*AME == "RENAME/LOG" $ ! $ ! End of LOGIN.COM processing $ ! $ GOTO 'F$MODE() $NETWORK: $ EXIT $INTERACTIVE: $ VN == "SET TERMINAL/WIDTH=80" $ VW == "SET TERMINAL/WIDTH=132" $ EXPERT == "SET MESSAGE/NOFACIL/NOSEVER/NOIDENT" $ NOVICE == "SET MESSAGE/FACILITY/SEVERITY/IDENTIF" $ NOVICE $ ! $ ! Symbols for network users $ ! $ SYSA == "SET HOST SYSA" $ SYSB == "SET HOST SYSB" $ SYSC == "SET HOST SYSC" $ EXIT ! End of interactive login $BATCH: $ SET VERIFY ! End of batch login $ EXIT

Using Logout Command Procedures

The system does not provide for automatic execution of a command procedure at logout time. However, you can supply one as follows.

How to Perform This Task

1. Create a systemwide logout command procedure that executes whenever a user logs out. (The file is usually named SYS$MANAGER:SYLOGOUT.COM.)
2. To ensure that this command procedure executes, include a command in SYS$MANAGER:SYLOGIN.COM that equates the most commonly used abbreviation of the LOGOUT command (often LO) to the execution of the logout command procedure.

Example

$ LO*GOUT:==@SYS$MANAGER:SYLOGOUT

The last line of the logout command procedure then uses an alternate form of the LOGOUT command, such as a LOGOUTNOW command. (You can create any command name you like beginning with LO.) You cannot use the same abbreviation as used for the symbol (in this case LO) because it will start the procedure again. As an alternative, you could add the following command, just above the last line:

$ DELETE/SYMBOL/GLOBAL LOGOUT

Note that this technique works in some situations but it is not foolproof; there are many alternative ways to terminate a process.

6.7.2 Modifying a User Account

To change a user account's quotas, default directory, password, authorized privileges, or any other characteristics assigned by AUTHORIZE, use the MODIFY command. You can use the MODIFY command to change any field in an existing user account. However, a user must log out and log in again for the modifications to take effect.

Examples

1. When a user forgets a password and cannot log in, use the AUTHORIZE command MODIFY/GENERATE_PASSWORD to reset a user password. For example, the following command generates a new password for user WELCH:

   UAF> MODIFY WELCH/GENERATE_PASSWORD

   
   By default, after logging in, user WELCH must change the password.

2. Any changes that you make to a user's record will take effect after the user next logs in. For example, suppose that user JONES currently has an open file quota (FILLM) of 20. To increase user Jones' open file limit to 40, you would use the following command in AUTHORIZE:

   UAF> MODIFY JONES/FILLM=40

   
   Any process of user JONES that is logged in at the time that you modify the user authorization file continues to have a file limit of 20. In order to have an open file limit of 40, user JONES must log out and then log in again, after you have made the modification to the user authorization file (UAF) using AUTHORIZE.

Use the AUTHORIZE command LIST to create the file SYSUAF.LIS, containing a summary of all user records in the UAF. By default, the LIST command produces a brief report containing the following information from the UAF:

• Account owner
• User name
• UIC
• Account names
• Privileges
• Process priority
• Default disk and directory

Use the /FULL qualifier to create a full report of all the information (except user passwords) contained within the UAF.

Example

The following example writes a brief report of the UAF to the output file SYSUAF.LIS:

UAF> LIST %UAF-I-LSTMSG1, writing listing file %UAF-I-LSTMSG2, listing file SYSUAF.LIS complete

The system displays the same messages when you use the /FULL qualifier. However, a full report is written to the output file.

6.7.4 Maintaining the User Environment

As the work requirements of your system change, you might have to perform the following tasks:

• Create additional default records to serve as templates for new categories of users
• Delete or disable the accounts of users who leave your site
• Impose login restrictions to limit system use by certain accounts

With the Authorize utility, you can perform these maintenance operations by modifying or deleting records in the UAF.

Creating Additional Default Record Templates

On systems where all users perform the same type of work, you typically use the system-supplied default record, DEFAULT, as the template for adding new user records. You might find, however, that your system supports several different user categories, each category performing a specific type of work and requiring unique record attributes. Instead of always using the system-supplied default record as a template and making numerous changes each time you add a user record, you can create additional default UAF records to serve as templates for each user category.

Before you create additional default records, you must make the following decisions:

• What the individual user categories are
• What attributes are common to each category
• What to name the default records

How to Perform This Task

Once you define a user category and establish which record attributes are needed, you can create the default record.

Examples

1. The following command creates a default record for a category of user that requires a special captive account:

   UAF> ADD DEFAULT2/LGICMD=ALT_COM_PROC/FLAGS=CAPTIVE - _UAF> /DEVICE=USER3:/DIRECTORY=[PRODUCT]

   
   The command in this example uses the system-supplied default record DEFAULT to create the record DEFAULT2 and changes the LGICMD, login flags, default device, and default directory fields.

2. You can then use the AUTHORIZE command COPY to create additional records having the same attributes as DEFAULT2. The COPY command creates a new UAF record that uses the specified default record except where you explicitly override field values.

   UAF> COPY DEFAULT2 PALOOKA/PASSWORD=W7YA84MI/UIC=[360,114]

   
   This example uses DEFAULT2 as a template to create a duplicate record for the user PALOOKA. Notice that only the password and UIC values are changed.

The main problem in deleting an account, especially an interactive or restricted account, is deleting the files used by the account.

How to Perform This Task

The following steps are suggested:

1. Copy (or have the outgoing user of the account copy) any files of value to the ownership of another account. Be sure to change the owner UIC of the files to match the owner UIC of the new owner. You can also use the Backup utility (BACKUP) to save the files to a backup tape or disk.
2. Change the password and log in as a user of that account if you are working from a nonprivileged account. This avoids inadvertently deleting files that might point to other files of different ownership.
3. Delete the account's files and directories from the deepest level up to the top level, using the following procedure:
   1. Locate and examine all subdirectories using the DCL command DIRECTORY [directory-spec...], where directory-spec is the name of the account's default directory.
   2. Delete the files in each subdirectory, and then delete the subdirectory. Note that directory files are protected against owner deletion; therefore, you must change the protection before deleting directory files.
   3. Delete the account's top-level directory. The command procedure in the next example deletes an account's files from the bottom level up. Do not, however, execute this command procedure from a privileged account.
4. Exit from the user account and return to a privileged account. Remove the user's account, using the Authorize utility (AUTHORIZE).
   When you run AUTHORIZE to remove a user's UAF record, AUTHORIZE also removes the user's connections as a holder of identifiers in the rights database. However, if a departed user is the only remaining holder of a given identifier, remove that identifier to avoid future confusion. See the OpenVMS Guide to System Security.
5. Remove the user's disk quota entry from the disk quota file, if one existed, with SYSMAN.
6. Remove associated mail information by entering the MAIL command REMOVE username. (See the OpenVMS User's Manual for more information.)

The command procedure template in Example 6-3 deletes an account's files.

Example 6-3 Command Procedure Template for Deleting an Account's Files

$ ! DELTREE.COM - deletes a complete directory tree $ ! $ ! P1 = pathname of root of tree to delete $ ! $ ! All files and directories in the tree, including $ ! the named root, are deleted. $ ! $ IF "''DELTREE'" .EQS. "" THEN DELTREE = "@SYS$LIBRARY:DELTREE" $ ON CONTROL_Y THEN GOTO DONE $ ON WARNING THEN GOTO DONE $ DEFAULT = F$LOGICAL("SYS$DISK") + F$DIRECTORY() $10: $ IF P1 .NES. "" THEN GOTO 20 $ INQUIRE P1 "Root" $ GOTO 10 $20: $ IF F$PARSE(P1) .EQS. "" THEN OPEN FILE 'P1' $ SET DEFAULT 'P1' $LOOP: $ FILESPEC = F$SEARCH("*.DIR;1") $ IF FILESPEC .EQS. "" THEN GOTO LOOPEND $ DELTREE [.'F$PARSE(FILESPEC,,,"NAME")'] $ GOTO LOOP $LOOPEND: $ IF F$SEARCH("*.*;*") .NES. "" THEN DELETE *.*;* $ DIR = (F$DIRECTORY()-"]"-">")-F$PARSE("[-]",,,- "DIRECTORY")-"]"-">")-"."-"["-"<" $ SET PROTECTION=WORLD:RWED [-]'DIR'.DIR;1 $ DELETE [-]'DIR'.DIR;1 $DONE: $ SET DEFAULT 'DEFAULT'

	privacy and legal statement
6017PRO_021.HTML