Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

Parameters

Qualifiers

/IDENTIFIER

/PROXY

Parameters

Qualifiers1

Examples

/ATTRIBUTES

/USER

/VALUE

Parameters

Qualifiers

Examples

/DEFAULT

/ACCESS

/ACCOUNT

/ADD_IDENTIFIER

/ALGORITHM

/ASTLM

/BATCH

/BIOLM

/BYTLM

/CLI

/CLITABLES

/CPUTIME

/DEFPRIVILEGES

/DEVICE

/DIALUP

/DIOLM

/DIRECTORY

/ENQLM

/EXPIRATION

/FILLM

/FLAGS

/GENERATE

/INTERACTIVE

/JTQUOTA

/LGICMD

/LOCAL

/MAXACCTJOBS

/MAXDETACH

/MAXJOBS

/NETWORK

/OWNER

/PASSWORD

/PFLAGS

/PGFLQUOTA

/P_RESTRICT

/PRCLM

/PRIMEDAYS

/PRIORITY

/PRIVILEGES

/PWDEXPIRED

/PWDLIFETIME

/PWDMINIMUM

/REMOTE

/SFLAGS

/S_RESTRICT

/SHRFILLM

/TQELM

/UIC

/WSDEFAULT

/WSEXTENT

/WSQUOTA

AUTHORIZE ADD — VMS 5.4

 The ADD command will create a new entry in the user authorization file.

 Format for creating new entries in SYSUAF.DAT:

        ADD newusername [/qualifiers]

Additional information available:

ParametersQualifiers

/IDENTIFIER/PROXY

/IDENTIFIER

 The ADD/IDENTIFIER command is used to add an identifier to the rights
 database.

 Format:

        ADD/IDENTIFIER  [id-name]

Additional information available:

ParametersQualifiers1Examples

Parameters

 id-name

 specifies the name of the identifier to be added to the rights
 database.  If you omit the name, you must specify the /USER
 qualifier. The id-name is a string of 1 through 32
 alphanumeric characters that may contain underscores and dollar
 signs.  The name must contain at  least one non-numeric
 character.

Qualifiers1

Additional information available:

/ATTRIBUTES/USER/VALUE

/ATTRIBUTES

 /ATTRIBUTES=(keyword)

 Specifies attributes to be associated with the new identifier.
 Valid keywords are:

 [NO]DYNAMIC    Indicates whether or not unprivileged holders of the
                identifier may add or remove the identifier from the
                process rights list.  The default is NODYNAMIC.

 [NO]NOACCESS   Indicates whether or not the identifier will be used
                in protection checks.  The default is NONOACCESS,
                meaning that the holder of the identifier will be
                granted or denied access to objects which list the
                identifier in their access control lists (ACLs).

 [NO]RESOURCE   Indicates whether or not holders of the identifier
                may charge resources to it.  The default is NORESOURCE.

 [NO]SUBSYSTEM  Indicates whether or not holders of the identifier
                are allowed to create protected subsystems containing
                the identifier.  The default is NOSUBSYSTEM.

/USER

 /USER=user-spec

 Scans the UAF record(s) of the specified user(s) and creates
 the appropriate identifiers(s).  Specify user-spec by username
 or UIC.  You can user the  asterisk wildcard to specify multiple
 usernames or UICs:  full user of the  asterisk and percent
 wildcards is permitted for user names; UICs must be in the form
 [*,*], [n,*], [*,n], or [n,n].  A wildcard username
 specification (i.e., *) creates identifiers alphabetically by
 username; a wildcard UIC  specification (i.e., [*,*]) creates
 them in numerical order by UIC.

/VALUE

 /VALUE=value-specifier

 Specifies the value to be attached to the identifier.  Valid formats
 for the value-specifier are:

 IDENTIFIER:integer    An integer value in the range of 65,536 to
                       268,435,455. You may also specify the value
                       in hexadecimal (precede the value with %X) or
                       octal (precede the value with %O).

                       Note that %X80000000 is added to the value
                       you specify in order to differentiate general
                       identifiers from UIC identifiers.

 UIC:uic               A UIC value in the standard UIC format

Examples

         The following examples illustrate the use of the ADD/IDENTIFIER
         command.

  1. UAF> ADD/IDENTIFIER/VALUE=UIC:[300,011] INVENTORY
     identifier INVENTORY value: [000300,000011] added to RIGHTSLIST.DAT

        This command adds to the rights database an identifier named
        INVENTORY.  By default, the identifier is not marked as a
        resource.

   2. UAF> ADD/IDENTIFIER/ATTRIBUTES=(RESOURCE) -
      /VALUE=IDENTIFIER:%X80011 PAYROLL
      identifier PAYROLL value: %X80080011 added to RIGHTSLIST.DAT

        This command adds the identifier PAYROLL and marks it as a
        resource.

/PROXY

  Adds a user record to the network proxy authorization file (NETPROXY).

  Format

        ADD/PROXY node::remote-user local-user[,...]


Additional information available:

ParametersQualifiersExamples

Parameters

 node

 specifies a node name (1 through 6 alphanumberic characters).

 remote-user

 specifies the username or UIC of a user at a remote node.  If you
 specify an asterisk, all users at the specified node can access
 files of a user specified on the local node.

 local-user

 specifies the usernames of a users on a local node.  A maximum of
 one default and fifteen nondefault local user names are allowed.

Qualifiers

Additional information available:

/DEFAULT

/DEFAULT

 /DEFAULT

 This qualifier is used to select the default local user name from the
 list of local users.

Examples

 1. UAF> ADD/PROXY MISHA::GEORGE */DEFAULT
    record successfully added to NETPROXY.DAT

        The command in this example specifies that the user GEORGE on
        the remote node MISHA can only access the files of GEORGE on the
        local node.

 2. UAF> ADD/PROXY MISHA::* GEORGE/DEFAULT,SAM,HARRY
    record successfully added to NETPROXY.DAT

        The command in this example specifies that any user on the
        remote node MISHA can, by default, access the files of GEORGE
        on the local node.  The remote user can also access the files
        of SAM and HARRY without using a password.

Parameters

 newusername

 "newusername" specifies the name of the user to be added to the user
 authorization file.


Qualifiers

Additional information available:

/ACCESS/ACCOUNT/ADD_IDENTIFIER/ALGORITHM/ASTLM
/BATCH/BIOLM/BYTLM/CLI/CLITABLES/CPUTIME
/DEFPRIVILEGES/DEVICE/DIALUP/DIOLM/DIRECTORY
/ENQLM/EXPIRATION/FILLM/FLAGS/GENERATE
/INTERACTIVE/JTQUOTA/LGICMD/LOCAL/MAXACCTJOBS
/MAXDETACH/MAXJOBS/NETWORK/OWNER/PASSWORD
/PFLAGS/PGFLQUOTA/P_RESTRICT/PRCLM/PRIMEDAYS
/PRIORITY/PRIVILEGES/PWDEXPIRED/PWDLIFETIME
/PWDMINIMUM/REMOTE/SFLAGS/S_RESTRICT/SHRFILLM
/TQELM/UIC/WSDEFAULT/WSEXTENT/WSQUOTA

/ACCESS

 /[NO]ACCESS=([PRIMARY], [n-m], [n] [,...] [SECONDARY], [n-m], [n] [,...])
 /[NO]ACCESS="[PRIMARY][:] [n-m][,] [n][,...][;] [SECONDARY][:] [n-m][,...]"

 Used to specify hours of access for all modes of logins.  Specify hours
 as integers from 0 to 23, inclusive. Hours may be specified as single
 hours (n), or as ranges of hours (n-m).  If the ending hour of a range
 is earlier than the starting hour, the range extends from the starting
 hour through midnight to the the ending hour.  The first set of hours
 after the keyword PRIMARY specifies hours on primary days; the second
 set of hours after the keyword SECONDARY specifies hours on secondary
 days.

 All the list elements are optional.  If no hours are specified for a
 day type, access is permitted the entire day.  If only primary hours
 or only secondary hours are given, no access is permitted for secondary
 or primary days, respectively.  If hours are given with no day type, they
 apply to both types of days.

 Negating the qualifier by specifying /NOACCESS=(...) completely inverts
 the sense of the access hours.

 Examples:

 /ACCESS                allows unrestricted access
 /NOACCESS=SECONDARY    allows access on primary days only
 /ACCESS=(9-17)         allows access from 9 am through 5 pm on all days
 /NOACCESS=(PRIMARY, 9-17, SECONDARY, 18-8)
                        allows access from 9 through 5 on secondary days
                        and all but 9 through 5 on primary days
 /ACCESS="Primary: 9-16; Secondary: 18-7, 8; Primary: 17"
                        allows access from 9 through 5 on primary days
                        and all but 9 through 5 on secondary days

 To specify access hours for specific types of logins, see the
 /BATCH, /NETWORK, /INTERACTIVE, /LOCAL, /DIALUP, and /REMOTE qualifiers.


/ACCOUNT

 /ACCOUNT=account-name

 Specifies a default account name.  This field is often used for billing
 purposes, and should consist of 1 through 8 characters.

/ADD_IDENTIFIER

 /[NO]ADD_IDENTIFIER

 Controls whether an identifier corresponding to the specified username
 and UIC is added to the rights database.  The default is /ADD_IDENTIFIER.

/ALGORITHM

 /ALGORITHM={CURRENT|PRIMARY|SECONDARY|BOTH|ALL}:{VMS|{CUSTOMER:n}}

 Modify the password hash algorithm for the specified passwords for
 the specified username.

 For each passsword, you can choose either to use the current VMS
 algorithm ('VMS') or one in the range of values 128-255.  The hash
 algorithm value is presented to the $HASH_PASSWORD system service by
 all VMS system software components and is used by $HASH_PASSWORD to
 determine which algorithm to use to hash the user's plaintext password.

 You must reset the user's password whenever you change to a different
 hash algorithm.

/ASTLM

 /ASTLM=n

 Specifies the AST queue limit, which is the total number of asynchronous
 system trap operations and scheduled wakeup requests that can be
 outstanding at one time for the user.

/BATCH

 /[NO]BATCH=([PRIMARY], [n-m], [n] [,...] [SECONDARY], [n-m], [n] [,...])
 /[NO]BATCH="[PRIMARY][:] [n-m][,] [n][,...][;] [SECONDARY][:] [n-m][,...]"

 Specifies hours of access permitted for batch jobs. For a detailed
 description of the interpretation of the access specification, see the
 /ACCESS qualifier.


/BIOLM

 /BIOLM=n

 Specifies the total buffered I/O operations that can be outstanding
 at one time.

/BYTLM

 /BYTLM=n

 Total number of bytes that can be specified for transfer in
 outstanding buffered I/O operations.

/CLI

 /CLI=cli-name

 Name of the default command interpreter.

/CLITABLES

 /CLITABLES=table-name

 Name of the default command interpreter tables.

/CPUTIME

 /CPUTIME=delta-time

 Maximum amount of CPU time a user process can take per session.  The
 unit of time must be in delta format.  0 means infinite.

/DEFPRIVILEGES

 /DEFPRIVILEGES=([NO]privname [,...])

 Specifies the default privileges for the user (i.e., those enabled
 at login time).  A NO prefix removes this privilege from the user;
 specifying a privilege without the NO prefix allows the user that
 privilege.

 There are many privileges available with varying degrees of power and
 potential system impact.   Please see the Guide to Setting Up a VMS
 System for a more detailed discussion of the available  privileges.


/DEVICE

 /DEVICE=device-name

 Name of default device (must be a direct access device) from one to
 fifteen characters.  The colon is automatically added if omitted.
 A blank device is interpreted as SYS$SYSDISK.

/DIALUP

 /[NO]DIALUP=([PRIMARY], [n-m], [n] [,...] [SECONDARY], [n-m], [n] [,...])
 /[NO]DIALUP="[PRIMARY][:] [n-m][,] [n][,...][;] [SECONDARY][:] [n-m][,...]"

 Specifies hours of access permitted for interactive login via dialup
 terminals.  For a detailed description of the interpretation of the
 access specification, see the /ACCESS qualifier.

/DIOLM

 /DIOLM=n

 Total direct (usually disk) I/O operations that can be outstanding at
 one time.

/DIRECTORY

 /DIRECTORY=directory-name

 Name of default login directory.  Brackets (either [] or <>) must be
 supplied.

/ENQLM

 /ENQLM=n

 Total number of lock requests which may be outstanding at one time.

/EXPIRATION

 /EXPIRATION=time

 Expiration date and time of the account.  Specify as an absolute or
 combination time.

/FILLM

 /FILLM=n

 Total number of files that can be open at one time, including active
 network logical links.

/FLAGS

 /FLAGS=([NO]option[,...])

 Login flags for this user.  Options which may be specified are:

        [NO]AUDIT      - [do not] audit all security relevant actions
        [NO]AUTOLOGIN  - [do not] restrict this account to autologins only
        [NO]CAPTIVE    - [do not] prevent user from changing any defaults
                                  at login and from escaping the captive
                                  login command procedure to the DCL level
        [NO]DEFCLI     - [do not] prevent user from changing default CLI
                                  or CLI tables
        [NO]DISCTLY    - [do not] disable <CTRL/Y> interrupts
        [NO]DISFORCE_PWD_CHANGE
                       - [do not] disable forced expired password changes
        [NO]DISMAIL    - [do not] prevent mail delivery to this user
        [NO]DISIMAGE   - [do not] prevent user from executing the RUN
                                  or MCR commands or from executing
                                  foreign commands at the DCL level
        [NO]DISNEWMAIL - [do not] suppress "New Mail..." announcements
        [NO]DISPWDDIC  - [do not] suppress dictionary-based password filter
        [NO]DISPWDHIS  - [do not] suppress history-based password filter
        [NO]DISRECONNECT-[do not] disable automated reconnections
        [NO]DISREPORT  - [do not] disable time of last login and other
                                  security reports
        [NO]DISUSER    - [do not] disable this account completely
        [NO]DISWELCOME - [do not] suppress "Welcome to..." login message
        [NO]GENPWD     - [do not] require user to use generated passwords
        [NO]LOCKPWD    - [do not] prevent user from changing password
        [NO]PWD_EXPIRED- [do not] mark password as expired
        [NO]PWD2_EXPIRED-[do not] mark second password as expired
        [NO]RESTRICTED - [do not] prevent user from changing any defaults
                                  at login

/GENERATE

 /GENERATE
 /GENERATE=CURRENT
 /GENERATE=PRIMARY
 /GENERATE=SECONDARY
 /GENERATE=BOTH
 /GENERATE=ALL

 Generate a random password.  The formats of the passwords is the same
 as for the DCL SET PASSWORD /GENERATE command.

/INTERACTIVE

 /[NO]INTERACTIVE=([PRIMARY], [n-m], [n] [,...] [SECONDARY], [n-m], [n] [,...])
 /[NO]INTERACTIVE="[PRIMARY][:] [n-m][,] [n][,...][;] [SECONDARY][:] [n][,...]"

 Specifies hours of access permitted for interactive login via any
 terminal.  For a detailed description of the interpretation of the
 access specification, see the /ACCESS qualifier.

/JTQUOTA

 /JTQUOTA=n

 Specifies the initial byte quota with which the job-wide logical name
 table is to be created with.

/LGICMD

 /LGICMD=filespec

 Name of login command file.  Default device and directory are used to
 locate the command file.

/LOCAL

 /[NO]LOCAL=([PRIMARY], [n-m], [n] [,...] [SECONDARY], [n-m], [n] [,...])
 /[NO]LOCAL="[PRIMARY][:] [n-m][,] [n][,...][;] [SECONDARY][:] [n-m][,...]"

 Specifies hours of access permitted for interactive login via local
 terminals.  For a detailed description of the interpretation of the
 access specification, see the /ACCESS qualifier.

/MAXACCTJOBS

 /MAXACCTJOBS=n

 Specifies the maximum number of batch, interactive and detached processes
 which may be active at one time for all users which are on the same
 account as the user for which the qualifier is present.

/MAXDETACH

 /MAXDETACH=n

 Specifies the maximum number of detached processes with this username
 that may be active at one time.  Processes which cause this count to
 be exceeded are terminated.

/MAXJOBS

 /MAXJOBS=n

 Maximum number of interactive, batch, and detached processes with this
 username which can be active at one time.  Processes which cause this
 count to be exceeded are terminated.

/NETWORK

 /[NO]NETWORK=([PRIMARY], [n-m], [n] [,...] [SECONDARY], [n-m], [n] [,...])
 /[NO]NETWORK="[PRIMARY][:] [n-m][,] [n][,...][;] [SECONDARY][:] [n-m][,...]"

 Specifies hours of access permitted for network jobs.  For a detailed
 description of the interpretation of the access specification, see the
 /ACCESS qualifier.


/OWNER

 /OWNER=owner-name

 Name of owner for billing purposes, etc.  May be from one to 31 characters.

/PASSWORD

 /PASSWORD=(password [,password2])
 /NOPASSWORD

 Password(s) for login.  Must be from 0 to 31 characters in length, and
 must be composed of alphanumeric characters, dollar signs, and underscores.

 To set the first password with no second password, specify

            /PASSWORD=password

 To set both passwords, specify

            /PASSWORD=(password, password2)

 To set only the first password leaving the second alone, specify

            /PASSWORD=(password, "")

 To set only the second password leaving the first alone, specify

            /PASSWORD=("", password2)

 To clear the second password leaving the first alone, specify

            /PASSWORD=""

 To clear both passwords, specify

            /NOPASSWORD

/PFLAGS

 /PFLAGS=([NO]option[,...])

 This qualifier is obsolete and is retained for compatibility purposes.
 For current usage, see the /ACCESS, etc., qualifiers.
 Login flags for primary days.  Options are:

        [NO]DISDIALUP   - [do not] prohibit user from dialing in
        [NO]DISNETWORK  - [do not] prohibit user from logging in via a
                                        "SET HOST" command.

/PGFLQUOTA

 /PGFLQUOTA=n

 Total pages that this process can use in the system paging file.  Should
 be a minimum of 2048 for a typical interactive process.

/P_RESTRICT

 /P_RESTRICT=(n-m[,...])

      or
 /P_RESTRICT=(n[,...])

 This qualifier is obsolete and is retained for compatibility purposes.
 For current usage, see the /ACCESS, etc., qualifiers.
 Used to specify hours or ranges of hours to restrict user from logging in on
 primary days.

 /P_RESTRICT=(...) is roughly equivalent to /NOACCESS=(PRIMARY, ...)


/PRCLM

 /PRCLM=n

 Total number of subprocesses that can exist at one time.

/PRIMEDAYS

 /PRIMEDAYS=([NO]day[,...])

 Used to define primary and secondary days.  A day prefixed with NO becomes
 a secondary day, and a day without the NO prefix is defined as a primary
 day.  Primary and secondary day definitions are used in conjunction with
 the /ACCESS, etc., qualifiers.

/PRIORITY

 /PRIORITY=n

 Default base priority for user.  The priority should be in the range from
 0 - 31, and 4 is the default for a timesharing user.

/PRIVILEGES

 /PRIVILEGES=([NO]privname[,...])

 Specifies authorized privileges for this user.  Privileges which are
 allowed or disallowed for this user.  A NO prefix removes this privilege
 from the user; specifying a privilege without the NO prefix allows the
 user that privilege.

 There are many privileges available with varying degrees of power and
 potential system impact.   Please see the Guide to Setting Up a VMS
 System for a more detailed discussion of the available privileges.

/PWDEXPIRED

 /[NO]PWDEXPIRED

 Password is [not] pre-expired.  When a password is pre-expired, the
 user is allowed to log in once, at which time he must change his
 password or be locked out of the system.

/PWDLIFETIME

 /PWDLIFETIME=delta-time
 /PWDLIFETIME=NONE

 Password lifetime.  If the date of last password change is older than
 the password lifetime, when the user logs in, he is issued a warning
 message and the password is marked as expired.  If there is no password
 lifetime, the password never expires.

 Delta-time is in the form: [dddd-] [hh:mm:ss.cc]

/PWDMINIMUM

 /PWDMINIMUM=n

 Minimum password length in characters.  Note that this value is only
 enforced by the SET PASSWORD command; passwords in violation of this
 value may be specified to AUTHORIZE.

/REMOTE

 /[NO]REMOTE=([PRIMARY], [n-m], [n] [,...] [SECONDARY], [n-m], [n] [,...])
 /[NO]REMOTE="[PRIMARY][:] [n-m][,] [n][,...][;] [SECONDARY][:] [n-m][,...]"

 Specifies hours of access permitted for interactive login via network
 remote terminals (i.e., SET HOST).  For a detailed description of the
 interpretation of the access specification, see the /ACCESS qualifier.

/SFLAGS

 /SFLAGS=([NO]option[,...])

 This qualifier is obsolete and is retained for compatibility purposes.
 For current usage, see the /ACCESS, etc., qualifiers.
 Login flags for secondary days.  Options are:

        [NO]DISDIALUP   - [do not] prohibit user from dialing in
        [NO]DISNETWORK  - [do not] prohibit user from logging in via a
                                        "SET HOST" command.

/S_RESTRICT

 /S_RESTRICT=(n-m[,...])

      or
 /S_RESTRICT=(n[,...])

 This qualifier is obsolete and is retained for compatibility purposes.
 For current usage, see the /ACCESS, etc., qualifiers.
 Used to specify hours or ranges of hours to restrict user from logging in on
 secondary days.

 /S_RESTRICT=(...) is roughly equivalent to /NOACCESS=(SECONDARY, ...)


/SHRFILLM

 /SHRFILLM=n

 Maximum number of shared files allowed to be open at one time.

/TQELM

 /TQELM=n

 Total entries in the timer queue plus the number of temporary common
 event flag clusters that the user can have at one time.

/UIC

 /UIC=uic

 User identification code as explained in the VMS DCL Concepts Manual
 The UIC should have an octal group number and user number, and be
 separated by a comma and enclosed in brackets.  The UIC group 0 is
 reserved to DIGITAL.

/WSDEFAULT

 /WSDEFAULT=n

 Initial limit of a working set for the user process.

/WSEXTENT

 /WSEXTENT=n

 Maximum to which the user's process may raise its working set limit
 when there is free memory available.

/WSQUOTA

 /WSQUOTA=n

 Maximum to which the user's process may raise the working set limit
 when system memory is in demand.


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026