Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

Parameters

Qualifiers

Examples

/ACCESS

/ACCOUNT

/ADD_IDENTIFIER

/ALGORITHM

/ASTLM

/BATCH

/BIOLM

/BYTLM

/CLI

/CLITABLES

/CPUTIME

/DEFPRIVILEGES

/DEVICE

/DIALUP

/DIOLM

/DIRECTORY

/ENQLM

/EXPIRATION

/FILLM

/FLAGS

/GENERATE_PASSWORD

/INTERACTIVE

/JTQUOTA

/LGICMD

/LOCAL

/MAXACCTJOBS

/MAXDETACH

/MAXJOBS

/MODIFY_IDENTIFIER

/NETWORK

/OWNER

/PASSWORD

/PGFLQUOTA

/PRCLM

/PRIMEDAYS

/PRIORITY

/PRIVILEGES

/PWDEXPIRED

/PWDLIFETIME

/PWDMINIMUM

/REMOTE

/SHRFILLM

/TQELM

/UIC

/WSDEFAULT

/WSEXTENT

/WSQUOTA

AUTHORIZE COPY — VMS 5.5-2H4

   Creates a new SYSUAF record that duplicates an existing UAF
   record.

   Format

     COPY  oldusername newusername

Additional information available:

ParametersQualifiersExamples

Parameters

oldusername
   Name of an existing user record to serve as a template for the new
   record.

newusername
   Name for the new user record. The user name is a string of 1
   through 12 alphanumeric characters.

Qualifiers

Additional information available:

/ACCESS/ACCOUNT/ADD_IDENTIFIER/ALGORITHM/ASTLM
/BATCH/BIOLM/BYTLM/CLI/CLITABLES/CPUTIME
/DEFPRIVILEGES/DEVICE/DIALUP/DIOLM/DIRECTORY
/ENQLM/EXPIRATION/FILLM/FLAGS/GENERATE_PASSWORD
/INTERACTIVE/JTQUOTA/LGICMD/LOCAL/MAXACCTJOBS
/MAXDETACH/MAXJOBS/MODIFY_IDENTIFIER/NETWORK/OWNER
/PASSWORD/PGFLQUOTA/PRCLM/PRIMEDAYS
/PRIORITY/PRIVILEGES/PWDEXPIRED/PWDLIFETIME
/PWDMINIMUM/REMOTE/SHRFILLM/TQELM/UIC/WSDEFAULT
/WSEXTENT/WSQUOTA

/ACCESS

      /ACCESS[=(range[,...])]

   Specifies hours of access for all modes of access. Syntax for
   range specification is:

   /[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])

   Specify hours as integers from 0 to 23, inclusive. Hours may be
   specified as single hours (n),  or as ranges of hours (n-m). If
   the ending hour of a range is earlier than the starting hour,
   the range extends from the starting hour through midnight to the
   ending hour. The first set of hours after the keyword PRIMARY
   specifies hours on primary days; the second set of hours after
   the keyword SECONDARY specifies hours on secondary days. Note that
   hours are inclusive; that is, if you grant access during a given
   hour, access extends to the end of that hour.

   By default, a user has full access everyday. See the DCL command
   SET DAY in the VMS DCL Dictionary for information on overriding
   the defaults for primary and secondary day types.

/ACCOUNT

      /ACCOUNT=account-name

   Specifies a 1 through 8 alphanumeric character string that is
   the default name for the account (for example, a billing name or
   number). By default, no account name is assigned.

/ADD_IDENTIFIER

      /ADD_IDENTIFIER (default)
      /NOADD_IDENTIFIER

   Adds identifiers for the user name and account name to the
   rights database. The qualifier is used only with the ADD and COPY
   commands.

/ALGORITHM

      /ALGORITHM=keyword=type [=value]

   Sets the password encryption algorithm for a user. The keyword VMS
   refers to the algorithm used in the version of VMS that is running
   on your system, whereas a customer algorithm is one that is added
   through the $HASH_PASSWORD system service by a customer site, by
   a layered product, or by a third party. The customer algorithm
   is identified in $HASH_PASSWORD by an integer in the range of
   128-255. The customer algorithm number has to correspond with the
   number used in the AUTHORIZE command MODIFY/ALGORITHM. By default,
   passwords are encrypted with the VMS algorithm for the current
   version of he operating system.

   Keyword       Function


   BOTH          Set the algorithm for primary and secondary
                 passwords.
   CURRENT       Set the algorithm for the primary, secondary, both,
                 or no passwords depending on account status. Current
                 is the default value.

   PRIMARY       Set the algorithm for the primary password only.

   SECONDARY     Set the algorithm for the secondary password only.

   Type          Definition


   VMS           The algorithm used in the version of VMS that is
                 running on your system.
   CUSTOMER      A numeric value in the range 128-255 identifies a
                 customer algorithm.

/ASTLM

      /ASTLM=value

   Specifies the AST queue limit, which is the total number of
   asynchronous system trap (AST) operations and scheduled wake-
   up requests that the user can have queued at one time. The default
   is 24.

/BATCH

      /BATCH[=(range[,...])]

   Specifies the hours of access permitted for batch jobs. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, a user can submit batch jobs any time.

/BIOLM

      /BIOLM=value

   Specifies a buffered I/O count limit for the BIOLM field of the
   UAF record. The buffered I/O count limit is the maximum number
   of buffered I/O operations, such as terminal I/O, that can be
   outstanding at one time. The default is 18.

/BYTLM

      /BYTLM=value

   Specifies the buffered I/O byte limit for the BYTLM field of the
   UAF record. The buffered I/O byte limit is the maximum number
   of bytes of nonpaged system dynamic memory that a user's job
   may consume at one time. Nonpaged dynamic memory is used for
   operations such as I/O buffering, mailboxes, and file-access
   windows. The default is 8192.

/CLI

      /CLI=cli-name

   Specifies the name of the default command language interpreter
   (CLI) for the CLI field of the UAF record. The cli-name is 1
   through 12 alphanumeric characters and should be either DCL or
   MCR. The default is DCL.

/CLITABLES

      /CLITABLES=filespec

   Specifies user-defined CLI tables for the account, from 1 to 31
   characters. The default is SYS$LIBRARY:DCLTABLES.

/CPUTIME

      /CPUTIME=time

   Specifies the maximum process CPU time for the CPU field of the
   UAF record. The maximum process CPU time is the maximum amount of
   CPU time a user's process can take per session. You must specify a
   delta-time value. The default is 0, which means an infinite amount
   of time.

/DEFPRIVILEGES

      /DEFPRIVILEGES=([NO]privname[,...])

   Specifies default privileges for the user; that is, those enabled
   at login time. A NO prefix removes a privilege from the user.
   The keyword [NO]ALL specified with the /DEFPRIVILEGES qualifier
   disables or enables all user privileges. The default privileges
   are TMPMBX and NETMBX.

/DEVICE

      /DEVICE=device-name

   Specifies the name of the user's default device at login. The
   device-name is a 1 through 31 alphanumeric character string.
   If you omit the colon from the device-name value, a colon is
   appended. The default device is SYS$SYSDISK.

/DIALUP

      /DIALUP[=(range[,...])]

   Specifies hours of access permitted for dial-up logins. For a
   description of the range specification, see the /ACCESS qualifier.
   The default is full access.

/DIOLM

      /DIOLM=value

   Specifies the direct I/O count limit for the DIOLM field of the
   UAF record. The direct I/O count limit is the maximum number of
   direct I/O operations (usually disk) that can be outstanding at
   one time. The default is 18.

/DIRECTORY

      /DIRECTORY=directory-name

   Specifies the default directory-name for the DIRECTORY field of
   the UAF record. The directory-name is 1 through 63 alphanumeric
   characters. Brackets are added to the directory name if omitted.
   The default directory name is [USER].

/ENQLM

      /ENQLM=value

   Specifies the lock queue limit for the ENQLM field of the UAF
   record. The lock queue limit is the maximum number of locks that
   can be queued by the user at one time. The default is 100.

/EXPIRATION

      /EXPIRATION=time (default)
      /NOEXPIRATION

   Specifies the expiration date and time of the account. The
   /NOEXPIRATION qualifier removes the expiration date on the account
   or resets the expiration time for expired accounts. The default
   expiration time period is 90 days for nonprivileged users.

/FILLM

      /FILLM=value

   Specifies the open file limit for the FILLM field of the UAF
   record. The open file limit is the maximum number of files that
   can be open at one time, including active network logical links.
   The default is 20.

/FLAGS

      /FLAGS=([NO]option[,...])

   Specifies login flags for the user. A NO in front of the flag
   clears the flag. The following are valid options:

   AUDIT                 Enables or disables security auditing for a
                         specific user. By default, VMS does not
                         audit the activities of specific users
                         (NOAUDIT).

   AUTOLOGIN             Restricts the user to the automatic login
                         mechanism when logging in to an account.
                         When set, the flag disables login by any
                         terminal that requires entry of a user name
                         and password. The default is to require a
                         user name and password (NOAUTOLOGIN).

   CAPTIVE               Prevents the user from changing any defaults
                         at login, for example, /CLI, /DISK,
                         /COMMAND, or /LGICMD. It also prevents
                         the user from escaping the captive login
                         command procedure and gaining access to
                         the DCL command level. The CAPTIVE flag
                         establishes an environment where Ctrl
                         /Y interrupts are initially turned off;
                         however, command procedures can still turn
                         on Ctrl/Y interrupts with the DCL command
                         SET CONTROL=Y. By default, an account is not
                         captive (NOCAPTIVE).

   DEFCLI                Restricts the user to the default command
                         interpreter by prohibiting the use of the
                         /CLI qualifier at login; (the MCR command
                         can still be used). By default, a user can
                         choose a CLI (NODEFCLI).

   DISCTLY               Establishes an environment where Ctrl
                         /Y interrupts are initially turned off
                         and are invalid until a SET CONTROL_
                         Y is encountered. This could happen in
                         SYLOGIN.COM or in a procedure called
                         by SYLOGIN.COM. Once a SET CONTROL_Y is
                         executed (which requires no privilege),
                         a user can enter a Ctrl/Y and reach the
                         DCL. If the intent of DISCTLY is to force
                         execution of the login command files, then
                         SYLOGIN.COM should issue the DCL command SET
                         CONTROL_Y before exiting to turn on Ctrl/Y
                         interrupts. By default, Ctrl/Y is enabled
                         (NODISCTLY).

   DISFORCE_PWD_CHANGE   Removes the requirement that a user must
                         change an expired password at login.
                         By default, a person can use an expired
                         password only once (NODISFORCE_PWD_CHANGE),
                         and then he or she is forced to change the
                         password after logging in. If a new password
                         is not selected, the user is locked out of
                         the system.

   DISIMAGE              Prevents the user from executing the RUN or
                         the MCR command or from using the foreign
                         command mechanism in DCL. By default, a user
                         can execute RUN, MCR, and foreign commands
                         (NODISIMAGE).

   DISMAIL               Disables mail delivery to the user.
                         By default, mail delivery is enabled
                         (NODISMAIL).

   DISNEWMAIL            Suppresses announcements of new mail at
                         login. By default, VMS announces new mail
                         (NODISNEWMAIL).

   DISPWDDIC             Disables automatic screening of new
                         passwords against a system dictionary.
                         By default, passwords are automatically
                         screened (NODISPWDDIC).

   DISPWDHIS             Disables automatic checking of new passwords
                         against a list of the user's old passwords.
                         By default, VMS screens new passwords
                         (NODISPWDHIS).

   DISRECONNECT          Disables automatic reconnection to an
                         existing process when a terminal connection
                         has been interrupted. By default, automatic
                         reconnection is disabled (DISRECONNECT).

   DISREPORT             Suppresses reports of the last login time,
                         login failures, and other security reports.
                         By default, login information is displayed
                         (NODISREPORT).

   DISUSER               Disables the account so the user cannot
                         log in. For example, the DEFAULT account is
                         disabled. By default, an account is enabled
                         (NODISUSER).

   DISWELCOME            Suppresses the "Welcome to ..." system login
                         message. By default, a system login message
                         appears (NODISWELCOME).

   GENPWD                Restricts the user to generated passwords.
                         By default, users choose their own passwords
                         (NOGENPWD).

   LOCKPWD               Prevents the user from changing the password
                         for the account. By default, users can
                         change their passwords (NOLOCKPWD).

   PWD_EXPIRED           Marks a password as expired. Users cannot
                         log in if this flag is set. LOGINOUT.EXE
                         sets the flag when users log in with the
                         DISFORCE_PWD_CHANGE flag set and their
                         password is expired. Primarily, a system
                         manager will only be clearing this flag.
                         By default, passwords are not expired after
                         login (NOPWD_EXPIRED).

   PWD2_EXPIRED          Marks a secondary password as expired.
                         Users cannot log in if this flag is set.
                         LOGINOUT.EXE sets the flag if users log in
                         with the DISFORCE_PWD_CHANGE flag set and
                         their passwords expire. Primarily, a system
                         manager will only be clearing this flag.
                         By default, passwords are not set to expire
                         after login (NOPWD2_EXPIRED).

   RESTRICTED            Prevents the user from changing any defaults
                         at login (for example, specifying /DISK,
                         /COMMAND, or /LGICMD) and prohibits user
                         specification of a CLI with the /CLI
                         qualifier. The RESTRICTED flag establishes
                         an environment where Ctrl/Y interrupts are
                         initially turned off; however, command
                         procedures can still turn on Ctrl/Y
                         interrupts with the DCL command SET CONTROL_
                         Y. This flag is typically used to prevent an
                         applications user from having unrestricted
                         access to the CLI. By default, a user can
                         change defaults (NORESTRICTED).

                         The flag provides compatibility with CAPTIVE
                         accounts in VMS systems prior to Version
                         5.2.

/GENERATE_PASSWORD

      /GENERATE_PASSWORD[=keyword]
      /NOGENERATE_PASSWORD (default)

   Invokes the password generator to create user passwords. Generated
   passwords can consist of 1 to 10 characters. Specify one of the
   following keywords:

   BOTH       Generate primary and secondary passwords.

   CURRENT    Do whatever the DEFAULT account does. This could mean
              to generate primary, secondary, both, or no passwords.
              This is the default keyword.

   PRIMARY    Generate primary password only.

   SECONDARY  Generate secondary password only.

   Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are
   mutually exclusive, and whenever you modify a password, the
   original one expires and the new one is valid for only one login.

/INTERACTIVE

      /INTERACTIVE[ =(range[,...])]

   Specifies the hours of access for interactive logins. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, there are no access restrictions on interactive
   logins.

/JTQUOTA

      /JTQUOTA=value

   Specifies the initial byte quota with which the job-wide logical
   name table is to be created. By default, the value is 1024.

/LGICMD

      /LGICMD=filespec

   Specifies the name of the default login command file. The file
   name defaults to the device specified for /DEVICE, the directory
   specified for /DIRECTORY, a file name of LOGIN, and a file type
   of COM. If you select the defaults for all these values, the file
   name is SYS$SYSTEM:[USER]LOGIN.COM.

/LOCAL

      /LOCAL[=(range[,...])]

   Specifies hours of access for interactive logins from local
   terminals. For a description of the range specification, see the
   /ACCESS qualifier. By default, there are no access restrictions on
   local logins.

/MAXACCTJOBS

      /MAXACCTJOBS=value

   Specifies the maximum number of batch, interactive, and detached
   processes that may be active at one time for all users of the same
   account. By default, a user has a maximum of 0, which represents
   an unlimited number.

/MAXDETACH

      /MAXDETACH=value

   Specifies the maximum number of detached processes with the
   cited user name that may be active at one time. The keyword NONE
   indicates the user cannot create detached processes. By default, a
   user has a value of 0, which represents an unlimited number.

/MAXJOBS

      /MAXJOBS=value

   Specifies the maximum number of processes (interactive, batch,
   detached, and network) with the cited user name that may be active
   simultaneously. The first four network jobs are not counted. By
   default, a user has a maximum value of 0, which represents an
   unlimited number.

/MODIFY_IDENTIFIER

      /MODIFY_IDENTIFIER (default)
      /NOMODIFY_IDENTIFIER

   Specifies whether the identifier associated with the cited user
   is to be modified in the rights database. This qualifier only
   applies when you modify the UIC or user name in the UAF record. By
   default, the associated identifiers are modified.

/NETWORK

      /NETWORK[=(range[,...])]

   Specifies hours of access for network batch jobs. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, there are no access restrictions on network logins.

/OWNER

      /OWNER=owner-name

   Specifies the name of the owner of the account. This name can
   be used, for example, for billing purposes. The owner-name is 1
   through 31 characters and there is no default.

/PASSWORD

      /PASSWORD=(password1[,password2])
      /NOPASSWORD

   Specifies up to two passwords for login. Passwords can be from
   0 to 32 characters in length, and can include alphanumeric
   characters, dollar signs, and underscores.

   To set only the first password, specify /PASSWORD=password. To set
   both the first and second password, specify /PASSWORD=(password1,
   password2). To change the first password without affecting the
   second, specify /PASSWORD=(password, ""). To change the second
   password without affecting the first, specify /PASSWORD=("",
   password). To set both passwords to null, specify /NOPASSWORD.

   By default, the ADD command assigns a password of 'USER'. When
   creating a new UAF record with the COPY or RENAME command, you
   must specify a password.

/PGFLQUOTA

      /PGFLQUOTA=value

   Specifies the paging file limit. This is the maximum number of
   pages that the person's process can use in the system paging file.
   By default, the value is 10,240.

/PRCLM

      /PRCLM=value

   Specifies the subprocess creation limit. This is the maximum
   number of subprocesses that can exist at one time for the
   specified user's process. By default, the value is 2.

/PRIMEDAYS

      /PRIMEDAYS=([NO]day[,...])

   Defines the primary and secondary days of the week for logging
   in. A day prefixed with NO is a secondary day; without a NO it
   is a primary day. Specify the days as a list separated by commas
   and enclosed in parentheses. Use the primary and secondary day
   definitions in conjunction with such qualifiers as /ACCESS,
   /INTERACTIVE, and /BATCH. By default, primary days are Monday
   through Friday and the secondary days are Saturday and Sunday. Any
   days omitted from the list take their default value.

/PRIORITY

      /PRIORITY=value

   Specifies the default base priority. The value is an integer in
   the range of 0 through 31. By default, the value is set to 4 for
   timesharing users.

/PRIVILEGES

      /PRIVILEGES=([NO]privname[,...])

   Specifies which privileges the user is authorized to hold although
   these privileges are not necessarily enabled at login. (The
   /DEFPRIVILEGES determines which are enabled). A NO prefix removes
   the privilege from the user. The keyword NOALL disables all user
   privileges. There are many privileges available with varying
   degrees of power and potential system impact. Please see the Guide
   to VMS System Security for a detailed discussion. By default, a
   user holds TMPMBX and NETMBX privileges.

/PWDEXPIRED

      /PWDEXPIRED (default)
      /NOPWDEXPIRED

   Specifies the password is valid for only one login. Users must
   change their passwords immediately after login or be locked out of
   the system. For a week prior to expiration, the VMS system warns
   users of the upcoming password expiration. They can either specify
   a new password during the week with the DCL command SET PASSWORD
   or wait until expiration and be forced to change. By default, a
   user has to change a password when first logging in to an account.

/PWDLIFETIME

      /PWDLIFETIME=time (default)
      /NOPWDLIFETIME

   Specifies the length of time a password is valid. You must specify
   a delta-time value, which takes the form [dddd-] [hh:mm:ss.cc].
   For example, a lifetime of 120 days, 0 hours, 0 seconds would
   be expressed as /PWDLIFETIME="120-", whereas a lifetime of 120
   days 12 hours, 30 minutes and 30 seconds would be expressed as
   /PWDLIFETIME="120-12:30:30". If a period longer than the specified
   time has elapsed when the user logs in, a warning message is
   displayed, and the password is marked as expired. A time equal to
   NONE means that the password never expires. By default, a password
   expires in 90 days.

/PWDMINIMUM

      /PWDMINIMUM=value

   Specifies the minimum password length in characters. By default, a
   password must have at least 6 characters.

/REMOTE

      /REMOTE[=(range[,...])]

   Specifies hours during which access is permitted for interactive
   logins from network remote terminals (with the DCL command SET
   HOST). For a description of the range specification, see the
   /ACCESS qualifier. By default, remote logins have no access
   restrictions.

/SHRFILLM

      /SHRFILLM=value

   Specifies the maximum number of shared files the user may have
   open at one time. By default, VMS assigns a value of 0, which
   represents an infinite number.

/TQELM

   Specifies the total number of entries in the timer queue plus the
   number of temporary common event flag clusters that the user can
   have at one time. By default, a user can have 10.

/UIC

      /UIC=value

   Specifies the user identification code (UIC). The UIC value is
   a group number in the range 1-37776 (octal) and a member number
   in the range 0-177776 (octal), which are separated by a comma
   and enclosed in brackets. Each user should have a unique UIC. By
   default, the UIC value is [200,200].

/WSDEFAULT

      /WSDEFAULT=value

   Specifies the default working set size. This represents the
   initial limit to the number of physical pages the process can
   use. The minimum value is 50 pages. By default, a user has 150
   pages.

/WSEXTENT

      /WSEXTENT=value

   Specifies the working set maximum. This represents the maximum
   amount of physical memory allowed to the process. The system
   provides memory to a process beyond its working set quota only
   when it has excess free pages. The additional memory is recalled
   by the system if needed. The value is an integer equal to or
   greater than WSQUOTA. By default, the value is 512.

/WSQUOTA

      /WSQUOTA=value

   Specifies the working set quota. This is the maximum amount of
   physical memory a user process can lock into its working set. It
   also represents the maximum amount of swap space that the system
   reserves for this process and the maximum amount of physical
   memory that the system allows the process to consume if the
   system-wide memory demand is significant. The minimum value is
   50 pages. By default, the quota is 256.

Examples

   1.  UAF> COPY ROBIN SPARROW /PASSWORD=SP0152
       %UAF-I-COPMSG, user record copied
       %UAF-E-RDBADDERRU, unable to add SPARROW value: [000014,00006] to
             RIGHTSLIST.DAT   -SYSTEM-F-DUPIDENT, duplicate identifier

     The command in this example adds a record for Thomas Sparrow
     that is identical, except for the password, to that of Joseph
     Robin. Note that since there is no change in the UIC value,
     no identifier is added to RIGHTSLIST.DAT. AUTHORIZE issues a
     "duplicate identifier" error message.

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026