![[Digital logo]](../../IMAGES/DIGITAL-LOGO.GIF){kind=logo}
![[HR]](../../IMAGES/REDBAR.GIF)
Creates a new SYSUAF record that duplicates an existing UAF record.
COPY oldusername newusername
oldusername
Name of an existing user record to serve as a template for the new record.newusername
Name for the new user record. The user name is a string of 1 to 12 alphanumeric characters.
All the qualifiers listed under the ADD command apply to the COPY command.
The COPY command creates a new SYSUAF record that duplicates an existing SYSUAF record. The command requires the /PASSWORD qualifier. If you do not specify additional qualifiers to the COPY command, the fields in the record you create are the same as those in the record being copied.For example, you could add a record for a new user named Thomas Sparrow that is identical to that of Joseph Robin (but presumably different from the default record), as follows:
UAF> COPY ROBIN SPARROW /PASSWORD=SP0152However, to add a record for Thomas Sparrow that differs from Joseph Robin's in the UIC, directory name, password, and owner, specify the following command:
UAF> COPY ROBIN SPARROW /UIC=[200,13]/DIRECTORY=[SPARROW] - _/PASSWORD=THOMAS/OWNER="THOMAS SPARROW"You can also use the COPY command to create a set of template records to meet the specific needs of various user groups. For example, if you have programmers, administrators, and data entry personnel working on the same system, you can create records such as PROGRAMMER, ADMINISTRATOR, and DATA_ENTRY, each tailored to the needs of a particular group. To add an account for a new user in one of these groups, copy the appropriate template record and specify a new user name, password, UIC, directory, and owner.
If you omit the /PASSWORD qualifier when you create an account, AUTHORIZE displays the following error message:
%UAF-W-DEFPWD, copied or renamed records must receive new passwordTo specify a password for the account, use the MODIFY command with the /PASSWORD qualifier.
UAF> COPY ROBIN SPARROW /PASSWORD=SP0152
%UAF-I-COPMSG, user record copied
%UAF-E-RDBADDERRU, unable to add SPARROW value: [000014,00006] to
RIGHTSLIST.DAT -SYSTEM-F-DUPIDENT, duplicate identifier
UAF> COPY ROBIN SPARROW /UIC=[200,13]/DIRECTORY=[SPARROW] -
_/PASSWORD=THOMAS/OWNER="THOMAS SPARROW"
%UAF-I-COPMSG, user record copied
%UAF-I-RDBADDMSGU, identifier SPARROW value: [000200,000013] added to
RIGHTSLIST.DAT
Creates and initializes the network proxy authorization files. The primary network proxy authorization file is NET$PROXY.DAT. The file NETPROXY.DAT is maintained for compatibility.
Note
Do not delete NETPROXY.DAT because DECnet Phase IV and many layered products still use it.
CREATE/PROXY
None.
None.
NETPROXY.DAT is created with no records and is assigned the following protection:(S:RWED,O:RWED,G,W)NET$PROXY.DAT is created with no records and is assigned the following protection:
(S:RWED,O,G,W)If NETPROXY.DAT or NET$PROXY.DAT already exist, AUTHORIZE reports the following error message:
%UAF-W-NAFAEX, NETPROXY.DAT already existsTo create a new file, you must either delete or rename the old one.
UAF> CREATE/PROXY UAF>
The command in this example creates and initializes the network proxy authorization file.
Creates and initializes the rights database, RIGHTSLIST.DAT.
CREATE/RIGHTS
None.
None.
RIGHTSLIST.DAT is created with no records and is assigned the following protection:(S:RWED,O:RWED,G:R,W:)Note that the file is created only if the file does not already exist.
UAF> CREATE/RIGHTS %UAF-E-RDBCREERR, unable to create RIGHTSLIST.DAT -RMS-E-FEX, file already exists, not superseded
You can use the command in this example to create and initialize a new rights database. Note, however, that RIGHTSLIST.DAT is created automatically during the installation process. Thus, you must delete or rename the existing file before creating a new one. For more information on rights database management, refer to the OpenVMS Guide to System Security.
Modifies the SYSUAF's DEFAULT record.
DEFAULT
None.
See the qualifiers listed under the ADD command.
Modify the DEFAULT record when qualifiers normally assigned to a new user differ from the Digital-supplied values. The following qualifiers most often require modification:
- /CLI---If the command interpreter is MCR.
- /DEVICE---If most users have the same default device.
- /LGICMD---When automation of initial housekeeping chores at login time is desired through a specific login command file. The system automates the execution of login command file in the following way:
First the system checks whether the logical name SYS$SYLOGIN has been defined. If it has, the name is translated (in most cases to SYLOGIN.COM), and the named command file is executed. (This command file can call other login command files.) However, when it completes, the system makes another check. If the user's LGICMD field in the UAF specifies a command file, that file is executed. If LGICMD is blank, the user's file LOGIN.COM is executed automatically if the command interpreter is DCL. (In this case, all users must name their login command files LOGIN.COM.) If the command interpreter is MCR, the user's file LOGIN.CMD is executed automatically.
Thus, the login protocol generally consists of a systemwide login command file followed by a user-specific login command file.- /PRIVILEGES---When users are given different privileges than those supplied by Digital.
- Quota qualifiers---When the default quotas are insufficient or inappropriate for mainstream work.
UAF> DEFAULT /DEVICE=SYS$USER/LGICMD=SYS$MANAGER:SECURELGN - _UAF> /PRIVILEGES=(TMPMBX,GRPNAM,GROUP) %UAF-I-MDFYMSG, user record(s) updated
The command in this example modifies the DEFAULT record, changing the default device, default login command file, and default privileges.
Enables you to exit from AUTHORIZE and return to DCL command level. You can also return to command level by pressing Ctrl/Z.
EXIT
None.
None.
Assigns the specified identifier to the user and documents the user as a holder of the identifier in the rights database.
GRANT/IDENTIFIER id-name user-spec
id-name
Specifies the identifier name. The identifier name is a string of 1 to 31 alphanumeric characters that can contain underscores and dollar signs. The name must contain at least one nonnumeric character.user-spec
Specifies the UIC identifier that uniquely identifies the user on the system. This type of identifier appears in alphanumeric format. For example: [GROUP1,JONES].
/ATTRIBUTES=(keyword[,...])
Specifies attributes to be associated with the identifier. The following are valid keywords:
DYNAMIC Allows unprivileged holders of the identifier to remove and to restore the identifier from the process rights list by using the DCL command SET RIGHTS_LIST. HOLDER_HIDDEN Prevents people from getting a list of users who hold an identifier, unless they own the identifier themselves. NAME_HIDDEN Allows holders of an identifier to have it translated, either from binary to ASCII or from ASCII to binary, but prevents unauthorized users from translating the identifier. NOACCESS Makes any access rights of the identifier null and void. If a user is granted an identifier with the No Access attribute, that identifier has no effect on the user's access rights to objects. This attribute is a modifier for an identifier with the Resource or Subsystem attribute. RESOURCE Allows holders of an identifier to charge disk space to the identifier. Used only for file objects. SUBSYSTEM Allows holders of the identifier to create and maintain protected subsystems by assigning the Subsystem ACE to the application images in the subsystem. Used only for file objects. To remove an attribute from the identifier, add a NO prefix to the attribute keyword. For example, to remove the Resource attribute, specify /ATTRIBUTES=NORESOURCE.
UAF> GRANT/IDENTIFIER INVENTORY [300,015] %UAF-I-GRANTMSG, identifier INVENTORY granted to CRAMER
The command in this example grants the identifier INVENTORY to the user named Cramer who has UIC [300,015]. Cramer becomes the holder of the identifier and any resources associated with it. The following command produces the same result:
UAF> GRANT/IDENTIFIER INVENTORY CRAMER
Displays information concerning the use of AUTHORIZE, including formats and explanations of commands, parameters, and qualifiers.
HELP [keyword[,...]]
keyword[,...]
Specifies one or more keywords that refer to the topic, command, qualifier, or parameter on which you want information from the AUTHORIZE HELP command.
None.
If you do not specify a keyword, HELP displays information on the topics and commands for which help is available. It then prompts you with "Topic?". You can supply a topic or a command name, or press Return. When you specify a command name and qualifiers, you get detailed information about that command. If you respond by pressing Return, you exit from help. You can also exit from help by pressing Ctrl/Z.If the command you request accepts qualifiers, the display of the help information on the command is followed by the prompt "Subtopic?". Respond to this prompt with a qualifier name, or press Return. If you respond by pressing Return, HELP prompts with "Topic?". If you want to exit from help directly from this level, press Ctrl/Z.
Examples
UAF> HELP ADD
ADD
Adds a user record to the SYSUAF and corresponding identifiers to
the rights database.
Format
ADD newusername
Additional information available:
Parameter Qualifiers
/ACCESS /ACCOUNT /ADD_IDENTIFIER /ALGORITHM /ASTLM /BATCH
/BIOLM /BYTLM /CLI /CLITABLES /CPUTIME /DEFPRIVILEGES
/DEVICE /DIALUP /DIOLM /DIRECTORY /ENQLM /EXPIRATION
/FILLM /FLAGS /GENERATE_PASSWORD /INTERACTIVE /JTQUOTA
/LGICMD /LOCAL /MAXACCTJOBS /MAXDETACH /MAXJOBS /NETWORK
/OWNER /PASSWORD /PBYTLM /PGFLQUOTA /PRCLM /PRIMEDAYS /PRIORITY
/PRIVILEGES /PWDEXPIRED /PWDLIFETIME
/PWDMINIMUM /REMOTE /SHRFILLM /TQELM /UIC
/WSDEFAULT /WSEXTENT /WSQUOTA
Examples /IDENTIFIER /PROXY
ADD Subtopic?
UAF> HELP MODIFY/WSDEFAULT
MODIFY /WSDEFAULT=value Specifies the default working set size. This represents the initial limit to the number of physical pages the process can use. (The user can alter the default quantity up to WSQUOTA with the DCL command SET WORKING_SET.) The minimum value is 50 pages (on VAX systems) and 150 pagelets (on Alpha systems). By default, a user has 150 pages (on VAX systems) and 150 pagelets (on Alpha systems).
Writes reports for selected UAF records to a listing file, SYSUAF.LIS, which is placed in the SYS$SYSTEM directory.
LIST [user-spec]
user-spec
Specifies the user name or UIC of the requested UAF record. Without the user-spec parameter, AUTHORIZE lists the user records of all users. The asterisk (*) and percent sign (%) wildcards are permitted in the user name.
/BRIEF
Specifies that a brief report be written to SYSUAF.LIS. The /BRIEF qualifier is the default qualifier. SYSUAF.LIS is placed in the SYS$SYSTEM directory./FULL
Specifies that a full report be written to SYSUAF.LIS, including identifiers held by the user. SYSUAF.LIS is placed in the SYS$SYSTEM directory.
The LIST command creates a listing file of reports for selected UAF records. Print the listing file, SYSUAF.LIS, with the DCL command PRINT.Specification of a user name results in a single-user report. Specification of the asterisk wildcard character following the LIST command results in reports for all users in ascending sequence by user name. Specification of a UIC results in reports for all users with that UIC. (Digital recommends that you assign each user a unique UIC, but if users share a UIC, the report will show all users with that UIC.) You can use the asterisk wildcard character to specify the UIC.
Table 5-2 shows how to specify a UIC with the LIST command and use the asterisk wildcard character with the UIC specification to produce various types of reports.
Table 5-2 UIC Specification with the LIST Command Command Description LIST [14,6] Lists a full report for the user (or users) with member number 6 in group 14. LIST [14,*] /BRIEF Lists a brief report for all users in group 14, in ascending sequence by member number. LIST [*,6] /BRIEF Lists a brief report for all users with a member number of 6. LIST [*,*] /BRIEF Lists a brief report for all users, in ascending sequence by UIC. Although you must provide separate UICs for each user, the LIST command reports users with the same UIC in the order in which they were added to the SYSUAF. Full reports list the details of the limits, privileges, login flags, and command interpreter. Brief reports do not include the limits, login flags, or command interpreter, nor do they summarize the privileges. AUTHORIZE never displays the password for an account.
See the SHOW command for examples of brief and full reports.
Examples
UAF> LIST ROBIN/FULL %UAF-I-LSTMSG1, writing listing file %UAF-I-LSTMSG2, listing file SYSUAF.LIS complete
UAF> LIST * %UAF-I-LSTMSG1, writing listing file %UAF-I-LSTMSG2, listing file SYSUAF.LIS complete
UAF> LIST [300.*] %UAF-I-LSTMSG1, writing listing file %UAF-I-LSTMSG2, listing file SYSUAF.LIS complete
Creates a listing file (RIGHTSLIST.LIS) in which identifier names, attributes, values, and holders are written.
LIST/IDENTIFIER [id-name]
id-name
Specifies an identifier name. You can specify the asterisk wildcard character (*) to list all identifiers. If you omit the identifier name, you must specify /USER or /VALUE.
/BRIEF
Specifies a brief listing in which only the identifier name, value, and attributes appear./FULL
Specifies a full listing, in which the names of the identifier's holders are displayed along with the identifier's name, value, and attributes. The /FULL qualifier specifies the default listing format./USER=user-spec
Specifies one or more users whose identifiers are to be listed. The user-spec can be a user name or UIC. You can use the asterisk wildcard character (*) to specify multiple user names or UICs. UICs must be in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard user name specification (*) lists identifiers alphabetically by user name; a wildcard UIC specification ([*,*]) lists them numerically by UIC./VALUE=value-specifier
Specifies the value of the identifier to be listed. The following are valid formats for the value-specifier:
IDENTIFIER:n An integer value in the range 65,536 to 268,435,455. You can also specify the value in hexadecimal (precede the value with %X) or octal (precede the value with %O). To differentiate general identifiers from UIC identifiers, %X80000000 is added to the value you specify.
UIC:uic A UIC value in the standard UIC format.
The LIST/IDENTIFIER command creates a listing file in which identifier names, attributes, values, and holders are displayed in various formats depending on the qualifiers specified. Two of these formats are illustrated in the description of the SHOW/IDENTIFIER command.Print the listing file named RIGHTSLIST.LIS with the DCL command PRINT.
Examples
UAF> LIST/IDENTIFIER INVENTORY %UAF-I-LSTMSG1, writing listing file %UAF-I-RLSTMSG, listing file RIGHTSLIST.LIS complete
UAF> LIST/IDENTIFIER/USER=ANDERSON %UAF-I-LSTMSG1, writing listing file %UAF-I-RLSTMSG, listing file RIGHTSLIST.LIS complete
UAF> LIST/IDENTIFIER/USER=[300,015]
UAF> LIST/IDENTIFIER/VALUE=UIC:[300,015]
Creates a listing file of the network proxy database entries from the network database file NET$PROXY.DAT.
LIST/PROXY
None.
/OLD
Directs AUTHORIZE to display information from the NETPROXY.DAT file rather than from the default file NET$PROXY.DAT.If someone modifies the proxy database on a cluster node that is not running the current OpenVMS VAX system, then you can use the /OLD qualifier to list the contents of the old database: NETPROXY.DAT.
Use the DCL command PRINT to print the listing file, NETPROXY.LIS. The output assumes the same format as that of the SHOW/PROXY command. For an example of the output format, see the description of the SHOW/PROXY command.
UAF> LIST/PROXY/OLD %UAF-I-LSTMSG1, writing listing file %UAF-I-NETLSTMSG, listing file NETPROXY.LIS complete
The command in this example creates a listing file of all the entries in the network proxy database NETPROXY.DAT.
Lists identifiers held by the specified identifier or, if /USER is specified, all identifiers held by the specified users.
LIST/RIGHTS [id-name]
id-name
Specifies the name of the identifier associated with the user. If you omit the identifier name, you must specify the /USER qualifier.
/USER=user-spec
Specifies a user whose identifiers are to be listed. The user-spec can be a user name or UIC. You can use the asterisk wildcard character (*) to specify multiple UICs or all user names. UICs must be in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard user name specification (*) or wildcard UIC specification ([*,*]) lists all identifiers held by users. The wildcard user name specification lists holders' user names alphabetically; the wildcard UIC specification lists them in the numerical order of their UICs.
Use the DCL command PRINT to print the listing file (RIGHTSLIST.LIS) produced by the LIST/RIGHTS command. For an example of the output format, see the description of the SHOW/RIGHTS command.
UAF> LIST/RIGHTS PAYROLL %UAF-I-LSTMSG1, writing listing file %UAF-I-RLSTMSG, listing file RIGHTSLIST.LIS complete
The command in this example lists identifiers held by PAYROLL, providing PAYROLL is the name of a UIC format identifier.
6048P009.HTM OSSG Documentation 26-NOV-1996 12:42:30.02
Copyright © Digital Equipment Corporation 1996. All Rights Reserved.