System Management Utilities Reference Manual, Volume I: A-L

Operating System and Version:
VSI OpenVMS x86-64 Version 9.2-1 or higher;
VSI OpenVMS IA-64 Version 8.4-1H1 or higher
VSI OpenVMS Alpha Version 8.4-2L1 or higher

Preface

This document describes reference information for System Management utilities used with the OpenVMS Alpha operating system.

1. About VSI

VMS Software, Inc. (VSI) is an independent software company licensed by Hewlett Packard Enterprise to develop and support the OpenVMS operating system.

2. Intended Audience

This manual is intended for system managers and users of the system management utilities for the OpenVMS Alpha and Integrity server operating systems.

3. Document Structure

This manual has 14 parts, arranged alphabetically. Each part, except the section on the AUTOGEN command procedure, contains reference information for a system management utility. Table 1 shows the structure.
Table 1. Manual Structure

Part

Utility

1

Access Control List Editor (ACL editor)

2

Accounting (ACCOUNTING)

3

Analyze/Disk_Structure (ANALYZE/DISK_STRUCTURE)

4

Audit Analysis (ANALYZE/AUDIT)

5

Authorize (AUTHORIZE)

6

AUTOGEN Command Procedure

7

Backup (BACKUP)

8

COPY/RECORDABLE_MEDIA (CDDVD)

9

EFI Utilities for OpenVMS

10

Error Log Viewer (ELV)

11

InfoServer

12

Install (INSTALL)

13

LAN Control Program (LANCP)

14

LAT Control Program (LATCP)

15

Log Manager Control Program (LMCP)

4. Related Documents

For more information on the system management utilities, see the following documents:
  • VSI OpenVMS Guide to System Security

  • VSI OpenVMS DCL Dictionary

  • VSI OpenVMS System Manager's Manual

  • VSI OpenVMS Programming Concepts Manual

  • VSI OpenVMS Record Management Services Reference Manual

  • VSI OpenVMS System Services Reference Manual

  • VSI OpenVMS User's Manual

  • OpenVMS VAX Device Support Manual (archived)

5. VSI Encourages Your Comments

You may send comments or suggestions regarding this manual or any VSI document by sending electronic mail to the following Internet address: . Users who have VSI OpenVMS support contracts through VSI can contact for help with this product.

6. OpenVMS Documentation

The full VSI OpenVMS documentation set can be found on the VMS Software Documentation webpage at https://docs.vmssoftware.com.

7. Typographical Conventions

VMScluster systems are now referred to as OpenVMS Cluster systems. Unless otherwise specified, references to OpenVMS Cluster systems or clusters in this document are synonymous with VMScluster systems.

The contents of the display examples for some utility commands described in this manual may differ slightly from the actual output provided by these commands on your system. However, when the behavior of a command differs significantly between OpenVMS Alpha and Integrity servers, that behavior is described in text and rendered, as appropriate, in separate examples.

In this manual, every use of DECwindows and DECwindows Motif refers to DECwindows Motif for OpenVMS software.

The following conventions are also used in this manual:
ConventionMeaning

Ctrl/ x

A sequence such as Ctrl/ x indicates that you must hold down the key labeled Ctrl while you press another key or a pointing device button.

PF1 x

A sequence such as PF1 x indicates that you must first press and release the key labeled PF1 and then press and release another key or a pointing device button.

Return

In examples, a key name enclosed in a box indicates that you press a key on the keyboard. (In text, a key name is not enclosed in a box.)

In the HTML version of this document, this convention appears as brackets, rather than a box.

A horizontal ellipsis in examples indicates one of the following possibilities:
  • Additional optional arguments in a statement have been omitted.

  • The preceding item or items can be repeated one or more times.

  • Additional parameters, values, or other information can be entered.

.

.

.

A vertical ellipsis indicates the omission of items from a code example or command format; the items are omitted because they are not important to the topic being discussed.

( )

In command format descriptions, parentheses indicate that you must enclose the options in parentheses if you choose more than one.

[ ]

In command format descriptions, brackets indicate optional choices. You can choose one or more items or no items. Do not type the brackets on the command line. However, you must include the brackets in the syntax for OpenVMS directory specifications and for a substring specification in an assignment statement.

[ |]

In command format descriptions, vertical bars separate choices within brackets or braces. Within brackets, the choices are options; within braces, at least one choice is required. Do not type the vertical bars on the command line.

{ }

In command format descriptions, braces indicate required choices; you must choose at least one of the items listed. Do not type the braces on the command line.

bold text

This typeface represents the introduction of a new term. It also represents the name of an argument, an attribute, or a reason.

italic text

Italic text indicates important information, complete titles of manuals, or variables. Variables include information that varies in system output (Internal error number), in command lines (/PRODUCER= name), and in command parameters in text (where dd represents the predefined code for the device type).

UPPERCASE TEXT

Uppercase text indicates a command, the name of a routine, the name of a file, or the abbreviation for a system privilege.

Monospace type

Monospace type indicates code examples and interactive screen displays.

In the C programming language, monospace type in text identifies the following elements: keywords, the names of independently compiled external functions and files, syntax summaries, and references to variables or identifiers introduced in an example.

-

A hyphen at the end of a command format description, command line, or code line indicates that the command or statement continues on the following line.

numbers

All numbers in text are assumed to be decimal unless otherwise noted. Nondecimal radixes—binary, octal, or hexadecimal—are explicitly indicated.

Chapter 1. Access Control List Editor

1.1. ACL Editor Description

The access control list editor (ACL editor) is a screen-oriented editor used to create and maintain access control lists (ACLs). An ACL is a collection of access control entries (ACEs) that grant or deny access for specific users or groups of users of an object. (For a description of the entry and display format for ACEs, see Section 1.3.) ACLs enable you to control access more closely than you can by using the default user identification code (UIC) based protection.

The system does not limit the number of ACEs that an ACL can contain or the number of characters in an ACE. However, long ACLs increase the amount of time necessary to gain access to an object. In practice, memory constraints can limit the size of an ACL.

The order of ACEs in an ACL is important. ACEs granting or denying access to an object for specific users must appear before ACEs identifying broader classes of users. For example, to grant user SMITH read access to a system object and to deny all other interactive users all types of access to the object, place the ACE for user SMITH before the ACE identifying all interactive users on the system.

You can place ACLs on the following object classes:
  • Capability
  • Common event flag cluster
  • Device
  • File
  • Group global section
  • Logical name table
  • Queue
  • Resource domain
  • Security class
  • System global section
  • Volume

1.2. ACL Editor Usage Summary

The access control list editor (ACL editor) creates or modifies an access control list (ACL) for a specified object.

Syntax

EDIT/ACL object-spec

Parameter

object-spec

Specifies the object whose access control list is to be created or edited. If an access control list does not exist, it is created.

You can specify an object from any of the following object classes:
  • Capability
  • Common event flag cluster
  • Device
  • File
  • Group global section
  • Logical name table
  • Queue
  • Resource domain
  • Security class
  • System global section
  • Volume

The default object class is a file. A file must be a disk file on a Files-11 On-Disk Structure Level 2 or 5 formatted volume. For any object other than a file, you must specify the object class with the /CLASS qualifier.

Note that the ACL editor does not provide a default file type for files. To prevent the ACL editor from using a null file type, specify the file type on the command line. If the object is a directory, specify the .DIR file type.

Do not include wildcard characters in the object specification.

Description

You can invoke the ACL editor to create or modify an ACL for an object that you own, have control access to, or can gain access to by a privilege such as BYPASS, GRPPRV, or SYSPRV. To invoke the ACL editor, enter the DCL command EDIT/ACL. In the command line, specify the name of the object whose ACL you want to edit. For example, to create an ACL for the file INVENTORY.DAT, enter the following command:
$ EDIT/ACL INVENTORY.DAT

You can use either the EDIT/ACL command or the SET SECURITY/EDIT command to invoke the ACL editor. For more information about the SET SECURITY command, see the VSI OpenVMS DCL Dictionary and the VSI OpenVMS Guide to System Security.

By default, the ACL editor creates and modifies ACLs for files. To create an ACL for an object other than a file (for example, to create an ACL fora queue), you must specify the object class when you invoke the ACL editor. For example, the following command invokes the ACL editor to create an ACL for the disk DAPR:
$ EDIT/ACL/CLASS=DEVICE DAPR

If an ACL for the object you specify already exists, the ACL editor displays the ACL. You can then use keypad editing commands to add, replace, or delete one or more ACEs in the ACL (see Section A.1). To exit from a completed editing session, press Ctrl/Z. To end an editing session without incorporating any of your edits, press the GOLD key (PF1) and then press Ctrl/Z.

For a description of keypad editing commands supplied by the ACL editor, see Appendix A. For information about how to modify the ACL editor by modifying ACL section files, see Appendix B.

Note

In addition to invoking the ACL editor directly or by entering commands at the DCL prompt ($), you can modify an ACL by using the callable interface to the ACL editor (the ACLEDIT$EDIT routine). For information about how to use the ACLEDIT$EDIT routine, see the VSI OpenVMS Utility Routines Manual.

1.3. ACE Formats

This section describes the entry and display format for the following access control entries (ACEs):
  • Alarm ACE for security auditing of an object

  • Audit ACE for security auditing of an object

  • Creator ACE to set the ownership access for new files created in a directory

  • Default Protection ACE to set a default protection code through a directory structure

  • Identifier ACE for object access control

  • Subsystem ACE for protected subsystem access control

The VSI OpenVMS Guide to System Security describes how to use each of these ACEs. You can also use other types of ACEs. For example, applications can use an Application ACE to store application-specific information associated with a file. For a description of the internal format used to store an ACE, refer to the VSI OpenVMS Programming Concepts Manual.

Alarm ACE

Alarm ACE — Specifies the access criteria that cause an alarm message to be sent to all security operator terminals. ACL alarms are enabled by default; however, alarms are not written to the system security audit log file. If you have existing files or resources protected by Alarm ACEs and you want messages to be recorded in the log file, replace the Alarm ACEs with Audit ACEs.

Syntax

(ALARM=SECURITY [,OPTIONS=attributes],ACCESS=access-type[+access-type...] )

Parameters

options

Specify any of the following attributes:

Default

Indicates that an ACE is to be included in the ACL of any files created within a directory. When the entry is propagated, the Default attribute is removed from the ACE of the created file. This attribute is valid for directory files only.

Hidden

Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command.

Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.

Protected
Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
  • By using the ACL editor

  • By specifying the ACE explicitly when deleting it

    Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.

  • By deleting all ACEs, both protected and unprotected

    Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.

The following commands do not delete protected ACEs:

  • SET SECURITY/ACL/DELETE
  • SET SECURITY/LIKE
  • SET SECURITY/DEFAULT
Nopropagate

Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.

None

Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

access

Specify any access that is valid for the object class. Refer to the VSI OpenVMS Guide to System Security for a listing of valid access types. For an Alarm ACE to have any effect, you must include the keywords SUCCESS, FAILURE, or both with the access types. For example, if the auditing criterion is a failure to obtain write access to an object, specify the following Alarm ACE:
ALARM=SECURITY, ACCESS=WRITE+FAILURE

Audit ACE

Audit ACE — Specifies the access criteria that cause an audit message to be written to the system security audit log file. A message is recorded by default. A message is recorded only if ACL audits are enabled with the DCL command SET AUDIT/AUDIT/ENABLE=ACL.

Syntax

(AUDIT=SECURITY [,OPTIONS=attributes],ACCESS=access-type[+access-type...] )

Parameters

options

Specify one of the following attributes:

Default

Indicates that an ACE is to be included in the ACL of any files created within a directory. When the entry is propagated, the Default attribute is removed from the ACE of the created file. This attribute is valid for directory files only.

Hidden

Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command.

Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.

Protected
Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
  • By using the ACL editor

  • By specifying the ACE explicitly when deleting it

    Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.

  • By deleting all ACEs, both protected and unprotected

    Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.

The following commands do not delete protected ACEs:

  • SET SECURITY/ACL/DELETE
  • SET SECURITY/LIKE
  • SET SECURITY/DEFAULT
Nopropagate

Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.

None

Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

access
Specify any access that is valid for the object class. For a listing of valid access types, see the VSI OpenVMS Guide to System Security. For an Audit ACE to have any effect, you must include the keywords SUCCESS, FAILURE, or both with the access types. For example, if the auditing criterion is a failure to obtain write access to an object, specify the following Audit ACE:
AUDIT=SECURITY,ACCESS=WRITE+FAILURE

Creator ACE

Creator ACE — Adds an extra ACE to the ACL for a file created within the directory to which you assign the Creator ACE.

Description

The Creator ACE applies only when the following conditions exist:

  • The file being created is not owned by the user identification code (UIC) of the process creating the file.

  • The process creating the file does not have system privileges.

For example, both of these conditions exist when a process holding a general identifier with the Resource attribute creates a file in a directory owned by that identifier. In this situation, the system adds an extra ACE at the top of the new file's ACL. If a Creator ACE exists in the ACL for the parent directory, the system propagates the access specified in the Creator ACE to the new ACE. If a directory lacks a Creator ACE, the system assigns an extra ACE with a combination of control access and ownership access. A Creator ACE with ACCESS=None suppresses the addition of the extra ACE.

The Creator ACE applies to directory files only.

Refer to the VSI OpenVMS Guide to System Security for more information.

Syntax

(CREATOR [,OPTIONS=attribute[+attribute...]],ACCESS=access-type[+access-type...])

Parameters

options

Specify any of the following attributes:
Protected

Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:

  • By using the ACL editor

  • By specifying the ACE explicitly when deleting it

    Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.

  • By deleting all ACEs, both protected and unprotected

    Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.

The following commands do not delete protected ACEs:

  • SET SECURITY/ACL/DELETE
  • SET SECURITY/LIKE
  • SET SECURITY/DEFAULT
NopropagateIndicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.
NoneIndicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

access

Specify access types that are valid for files (read, write, execute, delete, and control).

Default Protection ACE

Default Protection ACE — Defines a UIC-based protection to be propagated to new files throughout a directory tree. The protection code in the ACE is assigned to new files created in the directory. The Default Protection ACE applies to directory files only. Although the system propagates the Default Protection ACE to new subdirectories, the protection code is not assigned to the subdirectories. Instead, the subdirectories receive a modified copy of the parent directory's protection code in which delete access is not granted. An example of a Default Protection ACE is as follows: DEFAULT_PROTECTION,S:RWED,O:RWED,G,W. The ACE grants read, write, execute, and delete access to users in the system (S) and owner (O) categories but no access to users in the group and world categories. For more information, see the VSI OpenVMS Guide to System Security.

Syntax

(DEFAULT_PROTECTION[,OPTIONS=attribute[+attribute...]],access)

Parameters

options

Specify any of the following attributes:
Hidden

Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command.

Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.

Protected

Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:

  • By using the ACL editor

  • By specifying the ACE explicitly when deleting it

    Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.

  • By deleting all ACEs, both protected and unprotected

    Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.

The following commands do not delete protected ACEs:

  • SET SECURITY/ACL/DELETE
  • SET SECURITY/LIKE
  • SET SECURITY/DEFAULT
Nopropagate

Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.

None

Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

access

Specify access in the format of a UIC-based protection code, which is as follows:
[category: list of access allowed (, category: list of access allowed,...)]

  • User categories include system (S), owner (O), group (G), and world (W). Refer to the VSI OpenVMS Guide to System Security for a definition of these categories. Access types for files include read (R), write (W), execute (E), and delete (D). The access type is assigned to each ownership category and is separated from its access types with a colon (:).

  • A null access list means no access, so when you omit an access type for a user category, that category of user is denied that type of access. To deny all access to a user category, specify the user category without any access types. Omit the colon after the user category when you deny access to a category of users.

  • When you omit a user category from a protection code, the current access allowed that category of user is set to no access.

Identifier ACE

Identifier ACE — Controls the type of access allowed to a particular user or group of users. An example of an Identifier ACE is as follows: IDENTIFIER=SALES, ACCESS=READ+WRITE. A system manager can use the Authorize utility (AUTHORIZE) to grant the SALES identifier to a specific group of users. Read and write access to the file INVENTORY.DAT is then granted to users who hold the SALES identifier. For more information, see the VSI OpenVMS Guide to System Security.

Syntax

(IDENTIFIER=identifier[+identifier...] [,OPTIONS=attributes[+attributes...]] ,ACCESS=access-type[+access-type...] )

Parameters

identifier

Specifies a user or groups of users whose access to an object is defined in the ACE. A system manager creates or removes identifiers and assigns users to hold these identifiers.

Types of identifiers are as follows:

UIC

Identifiers in alphanumeric format that are based on the user identification codes (UICs) and that uniquely identify each user on the system. Users with accounts on the system automatically receive a UIC identifier, for example, [GROUP1,JONES] or [JONES]. Thus, each UIC identifier specifies a particular user.

General

Identifiers defined by the security administrator in the rights list to identify groups of users on the system. A general identifier is an alphanumeric string of 1 to 31 characters, containing at least one alphabetic character. It can include the letters A to Z, dollar signs ($), underscores (_), and the numbers 0 to 9, for example, 92SALES$, ACCOUNT_3, or PUBLISHING.

Environmental

Identifiers describing different types of users based on their initial entry into the system. Environmental identifiers are also called system-defined identifiers. Environmental identifiers correspond directly to the login classes described in the VSI OpenVMS Guide to System Security. They include batch, network, interactive, local, dialup, and remote.

For more information, see the VSI OpenVMS Guide to System Security.

options

Specify any of the following attributes:
Default

Indicates that an ACE is to be included in the ACL of any files created within a directory. When the entry is propagated, the Default attribute is removed from the ACE of the created file. This attribute is valid for directory files only.

Note that an Identifier ACE with the Default attribute has no effect on access.

Hidden

Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command.

Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.

Protected

Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:

  • By using the ACL editor

  • By specifying the ACE explicitly when deleting it

    Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.

  • By deleting all ACEs, both protected and unprotected

    Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.

The following commands do not delete protected ACEs:

  • SET SECURITY/ACL/DELETE
  • SET SECURITY/LIKE
  • SET SECURITY/DEFAULT
NopropagateIndicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.
NoneIndicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

access

Specify access types that are valid for the object class. Refer to the VSI OpenVMS Guide to System Security for a listing of valid access types.

Subsystem ACE

Subsystem ACE — Grants additional identifiers to a process while it is running the image to which the Subsystem ACE applies. Users with execute access to the image can access objects that are in the protected subsystem, such as data files and printers, but only when they run the subsystem images. The Subsystem ACE applies to executable images only. An example of a Subsystem ACE is as follows: SUBSYSTEM, IDENTIFIER=ACCOUNTING

Syntax

(SUBSYSTEM,[OPTIONS=attribute[+attribute...],]IDENTIFIER=identifier [,ATTRIBUTES=attribute[+attribute...]][,IDENTIFIER=identifier[,ATTRIBUTES=attribute[+attribute...]],...])

Parameters

options

Specify any of the following attributes:
Protected

Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:

  • By using the ACL editor

  • By specifying the ACE explicitly when deleting it

    Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.

  • By deleting all ACEs, both protected and unprotected

    Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.

The following commands do not delete protected ACEs:

  • SET SECURITY/ACL/DELETE
  • SET SECURITY/LIKE
  • SET SECURITY/DEFAULT
NopropagateIndicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.
NoneIndicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

identifier

A general identifier specifying the users or groups of users who are allowed or denied access to an object. It is an alphanumeric string of 1 through 31 characters, containing at least one alphabetic character. It can include the letters A to Z, dollar signs ($), underscores (_), and the numbers 0 to 9. For more information, see the VSI OpenVMS Guide to System Security.

A Subsystem ACE can have multiple pairs of identifiers, with special attributes assigned to the identifiers. A subsystem might require several identifiers to work properly. For example:
(SUBSYSTEM,IDENTIFIER=MAIL_SUBSYSTEM,ATTRIBUTE=NONE,IDENTIFIER=BLDG5,ATTRIBUTE=NONE)

attribute

The identifier characteristics you specify when you add identifiers to the rights list or grant identifiers to users. You can specify the following attribute:

Resource

Allows holders of the identifier to charge disk space to the identifier. Used only for file objects.

1.4. ACL Editor Qualifiers

When you invoke the ACL editor, you can include qualifiers on the command line that identify the object class and the editing mode (prompt or no prompt). You can also use qualifiers to name a journaling file or to recover an ACL editing session. This section describes the qualifiers listed in the following table:

Qualifier

Description

/CLASS

Specifies the class of object whose ACL is being edited

/JOURNAL

Controls whether a journal file is created for the editing session

/MODE

Specifies the use of prompting during the editing session

/OBJECT_TYPE

Superseded by the /CLASS qualifier

/RECOVER

Restores an ACL from a journal file at the beginning of an editing session

All of the qualifiers described in this section also apply to the SET SECURITY/EDIT command. You can substitute the SET SECURITY/EDIT command wherever the EDIT/ACL command is shown; the syntax is the same for both commands.

/CLASS

/CLASS — Specifies the class of the object whose ACL is being edited. Unless the object is a file, you must specify the object class.

Syntax

/CLASS =object-class

Description

To edit the ACL for an object other than a file, specify the object class with the /CLASS qualifier. Specify one of the following classes:

CAPABILITY

A system capability, such as the ability to process vector instructions. Currently, the only defined object name for the CAPABILITY class is VECTOR, which governs the ability of a subject to access a vector processor on the system. Note that you must supply the capability name as the object name parameter.

COMMON_EVENT_CLUSTER

A common event flag cluster.

DEVICE

A device, such as a disk or tape drive.

FILE

A file or a directory file. This is the default.

GROUP_GLOBAL_SECTION

A group global section.

LOGICAL_NAME_TABLE

A logical name table.

QUEUE

A batch queue or a device (printer, server, or terminal) queue.

RESOURCE_DOMAIN

A resource domain.

SECURITY_CLASS

A security class.

SYSTEM_GLOBAL_SECTION

A system global section.

VOLUME

A disk or tape volume.

Examples

  1. $ EDIT/ACL/CLASS=DEVICE WORK1

    The command in this example specifies that the object WORK1 is a device.

  2. $ EDIT/ACL/CLASS=QUEUE FAST_BATCH

    The command in this example creates an ACL for the queue FAST_BATCH. Note that if you create an ACL for a generic queue, you must create identical ACLs for all execution queues to which jobs can be directed.

/JOURNAL

/JOURNAL — Controls whether a journal file is created for the editing session.

Syntax

/JOURNAL =file-spec

/NOJOURNAL

Description

By default, the ACL editor keeps a journal file containing a copy of modifications made during an editing session. The journal file is given the name of the object and a .TJL file type. If you specify a different name for the file, do not include any wildcard characters.

To prevent the ACL editor from creating a journal file, specify /NOJOURNAL.

If your editing session ends abnormally, you can recover the changes made during the aborted session by invoking the ACL editor with the /RECOVER qualifier.

Examples

  1. $ EDIT/ACL/JOURNAL=COMMONACL.SAV MECH1117.DAT

    With this command, you create a journal file named COMMONACL.SAV. The file contains a copy of the ACL and the editing commands used to create the ACL for the file MECH1117.DAT.

    If the editing session is interrupted, you can recover your edits by specifying the name COMMONACL.SAV with the /RECOVER qualifier.

  2. $ EDIT/ACL/CLASS=RESOURCE/JOURNAL=ZERO_RESOURCE.TJL [0]

    If you edit an ACL for the resource domain [0], the ACL editor attempts to create the file [0].TJL on the default device and fails. To create an ACL for the resource [0], you must specify a different name for the journal file (as shown in this example) or suppress the creation of a journal file with the /NOJOURNAL qualifier.

/MODE

/MODE — Specifies the use of prompting during the editing session.

Syntax

/MODE =option

Description

By default, the ACL editor prompts you for each ACE and provides values for some of the fields within an ACE (/MODE=PROMPT). To disable prompting, specify/MODE=NOPROMPT on the command line.

Example

$ EDIT/ACL/MODE=NOPROMPT WEATHERTBL.DAT

With this command, you initiate an ACL editing session to create an ACL for the file WEATHERTBL.DAT. The /MODE=NOPROMPT qualifier specifies that no assistance is required in entering the ACL entries.

/OBJECT_TYPE

/OBJECT_TYPE — The /OBJECT_TYPE qualifier is superseded by the /CLASS qualifier.

Syntax

/OBJECT_TYPE

/RECOVER

/RECOVER — Restores an ACL from a journal file at the beginning of an editing session.

Syntax

/RECOVER =file-spec

/NORECOVER

Description

The /RECOVER qualifier specifies that the ACL editor must restore the ACL from a journal file. The ACL editor restores the ACL to the state it was in when the last ACL editing session ended abnormally.

By default the journal file is given the name of the object and a .TJL file type. If you specify a more meaningful name for the journal file when you invoke the ACL editor (by using /JOURNAL), specify that file name with the/RECOVER qualifier.

Examples

$ EDIT/ACL/JOURNAL=SAVEACL MYFILE.DAT

   .
   .
   .
User creates ACL until system crashes
   .
   .
   .
$ EDIT/ACL/JOURNAL=SAVEACL/RECOVER=SAVEACL MYFILE.DAT
   .
   .
   .
ACL is restored and user proceeds with editing until done
   .
   .
   .
^Z
$

The first command in this example starts the ACL editing session and specifies that the ACL editor must save the journal file SAVEACL.TJL if the session ends abnormally. The session proceeds until it is aborted by a system crash.

The next command restores the lost session with the journal file SAVEACL.TJL. To end the session, press Ctrl/Z. The ACL editor saves the edits and deletes the journal file.

Chapter 2. Accounting Utility

2.1. ACCOUNTING Description

The Accounting utility (ACCOUNTING) produces reports of system resource use.

You can use ACCOUNTING qualifiers to:
  • Produce a number of report formats

  • Choose how the reports are organized

  • Choose on which resources you want reports

You can use the reports to learn more about how the system is used and how it performs.

2.2. ACCOUNTING Usage Summary

Produces reports of resource use.

Syntax

ACCOUNTING filespec[,...]

Parameter

filespec[,...]

Specifies the accounting files you want to process.

Each file specification can include the percent (%) and asterisk (*) wildcard characters. If it does not include the device or directory, your current default device or directory is used. If it does not include the file name or file type, the values ACCOUNTNG and DAT are used respectively.

If you do not specify a file, the command processes the file SYS$MANAGER:ACCOUNTNG.DAT.

Description

Use this DCL command to run the Accounting utility:
$ ACCOUNTING  [filespec[,...]]

You are returned to DCL level when the command has finished processing the specified accounting files.

By default, the command directs its output to the current SYS$OUTPUT device. If you want to direct the output to a file, use the /OUTPUT qualifier.

Requires READ access to the accounting files you specify, and to the directories containing them.

2.3. ACCOUNTING Qualifiers

This section describes and provides examples of each ACCOUNTING qualifier. The following table summarizes the ACCOUNTING qualifiers:

Qualifier

Description

/ACCOUNT

Selects or rejects records for the specified account names

/ADDRESS

Selects or rejects records for DECnet for OpenVMS requests made by the specified nodes

/BEFORE

Selects all records time-stamped before the specified time

/BINARY

Copies the selected records to a new file in binary format

/BRIEF

Produces a brief report of the selected records

/ENTRY

Selects or rejects records for print and batch jobs with the specified queue entry numbers

/FULL

Produces a full report of the selected records

/IDENT

Selects or rejects records for the specified processes

/IMAGE

Selects or rejects records for the specified images

/JOB

Selects or rejects records for print and batch jobs with the specified job names

/LOG

Outputs informational messages

/NODE

Selects or rejects records for DECnet for OpenVMS requests made by the specified nodes

/OUTPUT

Specifies the output file (Alpha and Integrity servers)

/OWNER

Selects or rejects records for subprocesses created by the specified processes

/PRIORITY

Selects or rejects records for the specified priority

/PROCESS

Selects or rejects records for the specified types of process

/QUEUE

Selects or rejects records for print or batch jobs executed by the specified queues

/REJECTED

Copies the rejected records to a new file

/REMOTE_ID

Selects or rejects records for DECnet for OpenVMS requests made by the specified remote IDs

/REPORT

Specifies the resources that you want to summarize in a summary report

/SINCE

Selects all records time-stamped at or after the specified time

/SORT

Sorts the selected records

/STATUS

Selects or rejects records with the specified final exit status codes

/SUMMARY

Produces a summary report of the selected records

/TERMINAL

Selects or rejects records for interactive sessions at the specified terminals

/TITLE

Specifies the title shown on the first line of a summary report

/TYPE

Selects or rejects the specified types of record

/UIC

Selects or rejects records for the specified UICs

/USER

Selects or rejects records for the specified user names

/WIDE

Changes the width of Buffered I/O and Direct I/O fields in a report from 8 to 10 characters

/ACCOUNT

/ACCOUNT — Selects or rejects records for the specified account names.

Syntax

/ACCOUNT ([-]account[,...])

Description

The /ACCOUNT qualifier uses the value of the account field to select records for processing. This field is present in all records except file backward link and file forward link records.

The /ACCOUNT qualifier selects only records that have the specified values in the account field. If you precede the values with a minus sign, it selects all records except those with the specified values.

The following table shows the values stored in the account field of login failure and system initialization records:

Value

Description

<batch>

Batch job login failure

<det>

Detached process login failure

<login>

Interactive login failure

<net>

Network login failure

<start>

System startup

Note that when you specify these account field values as qualifier values, you must enclose them in quotes. Like all DCL commands, the ACCOUNTING command converts strings to uppercase unless they are enclosed in quotes.

Examples

  1. $ ACCOUNTING /ACCOUNT=(SALES, QA)

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for the account names SALES and QA.

  2. $ ACCOUNTING /ACCOUNT=(-SALES, QA) /FULL

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of all records except for the account names SALES and QA.

/ADDRESS

/ADDRESS — Selects or rejects records for DECnet for OpenVMS requests made by the specified nodes.

Syntax

/ADDRESS ([-]node_address[,...])

Description

The /ADDRESS qualifier uses the value of the remote node address field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about DECnet for OpenVMS requests, it contains the address of the node that made the request.

The /ADDRESS qualifier selects only records with the specified values in the remote node address field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See also the /NODE and /REMOTE_ID qualifiers, which select or reject records for DECnet for OpenVMS requests made by specified node names and remote IDs respectively.

Example

$ ACCOUNTING /ADDRESS=19656

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for DECnet for OpenVMS requests made by the node with the address 19656. (The decimal equivalent of this address is 19.200.)

/BEFORE

/BEFORE — Selects all records time-stamped before the specified time.

Syntax

/BEFORE =time

Description

All records in an accounting file are time-stamped with the time the record was logged in the file.

The /BEFORE qualifier selects only the records time-stamped before the specified time. You can specify an absolute time, a delta time, or a combination of the two. If you omit the time, 00:00 hours on the current day is used.

See also the /SINCE qualifier, which selects records time-stamped at or after a specified time.

Example

$ ACCOUNTING /SINCE=1-NOV-2002 /BEFORE=1-DEC-2002

This example produces a brief report of all records time-stamped in the file SYS$MANAGER:ACCOUNTNG.DAT during November 2002.

/BINARY

/BINARY — Copies the selected records to a new file in binary format.

Syntax

/BINARY

Description

The /BINARY qualifier specifies that records are output in binary format to the file specified by the /OUTPUT qualifier. (/OUTPUT is Alpha and Integrity servers-only, however.) Use the Accounting utility to process this file later.

See also the /BRIEF, /FULL, and /SUMMARY qualifiers, which process the selected records to produce a report.

You cannot use the /BINARY qualifier with the /BRIEF, /FULL, or /SUMMARY qualifiers.

Examples

  1. $ ACCOUNTING /USER=SMITH /BINARY /OUTPUT=MYDISK:[ACCOUNTING]MYACC.DAT

    This example creates the file MYDISK:[ACCOUNTING]MYACC.DAT. It processes the file SYS$MANAGER:ACCOUNTNG.DAT, copying all records for the user SMITH to the new file in binary format.

  2. $ ACCOUNTING /TYPE=PRINT -
    _$ /BINARY /OUTPUT=PRINT_INFO.DAT /REJECTED=NOT_PRINT_INFO.DAT

    This example creates two files in the default directory, PRINT_INFO.DAT and NOT_PRINT_INFO.DAT. It processes the file SYS$MANAGER:ACCOUNTNG.DAT, copying print records to PRINT_INFO.DAT and other records to NOT_PRINT_INFO.DAT. These records are in binary format.

/BRIEF

/BRIEF — Produces a brief report of the selected records.

Syntax

/BRIEF (default)

Description

The /BRIEF qualifier is the default. It produces a brief report of the selected records. The report is directed to the current SYS$OUTPUT device, unless you use the /OUTPUT qualifier to write it to a file. (Note that /OUTPUT is Alpha and Integrity servers-only.)

Each line of a brief report corresponds to a record in the accounting file. It does not show resources used, but gives the information shown in the following table about each record in the accounting file:

Column

Description

Date/Time

When the record was logged in the accounting file.

Type

The type of the record.

Subtype

For records of type IMAGE, this is the name of the image (the file name portion of its file specification). For records of type PROCESS, it is the type of the process (BATCH, DETACHED, INTERACTIVE, NETWORK, or SUBPROCESS).

User name

The user name. For login failures where the user did not give a valid user name, this is shown as <login>.

ID

The process identifier (PID). For print jobs, this is the PID of the process that submitted the job.

Source

The terminal associated with an interactive process or, for DECnet for OpenVMS requests, the name of the node that issued the request.

Status

The final exit status code, expressed as a hexadecimal value.

To translate the final exit status code into the equivalent message text, use the F$MESSAGE lexical function, and precede the status code with %X, as in this example:
$ MESSAGE = F$MESSAGE(%X00000001)
$ SHOW SYMBOL MESSAGE
  MESSAGE = "%SYSTEM-S-NORMAL, normal successful completion"

See also the /BINARY qualifier, which copies the selected records to a file, and the /FULL and /SUMMARY qualifiers, which produce full and summary reports of the selected records.

You cannot use the /BRIEF qualifier with the /BINARY, /FULL, or /SUMMARY qualifiers.

Example

$ ACCOUNTING

This example produces a brief report of all records in the file SYS$MANAGER:ACCOUNTNG.DAT.

This is an example of the report that is produced:

Date / Time           Type   Subtype   Username     ID    Source   Status
--------------------------------------------------------------------------
7-JAN-2002 17:20:08 FILE_BL                      00000000         00000000
7-JAN-2002 17:22:05 PROCESS DETACHED    JONES    516000E1         02DBA002
7-JAN-2002 17:22:10 PROCESS INTERACTIVE JONES    516000DD TWA10:  00000001
7-JAN-2002 17:22:16 PROCESS INTERACTIVE JONES    51600104 TWA11:  0001C0F4
7-JAN-2002 17:22:20 PROCESS DETACHED    JONES    51600103         12DB821C
8-JAN-2002 01:06:36 PROCESS SUBPROCESS  SYSTEM   51600106         10000001
8-JAN-2002 03:09:59 PROCESS BATCH       SYSTEM   5160010F         10030001
8-JAN-2002 09:13:15 LOGFAIL                      51600105         00D3803C
8-JAN-2002 09:14:40 IMAGE   LOGINOUT    JONES    51600110         00000000
8-JAN-2002 09:28:57 PROCESS SUBPROCESS  SMITH    51600119         10000001
8-JAN-2002 09:50:18 PROCESS SUBPROCESS  SMITH    5160011A         00000001

/ENTRY

/ENTRY — Selects or rejects records for print and batch jobs with the specified queue entry numbers.

Syntax

/ENTRY ([-]entry_number[,...])

Description

The /ENTRY qualifier uses the value of the queue entry number field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about print or batch jobs, it contains the unique entry number assigned to the job in the print or batch queue.

The /ENTRY qualifier selects only records that have the specified values in the queue entry number field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See also the /JOB and /QUEUE qualifiers, which select or reject records for print and batch jobs with specified job and queue names.

Examples

  1. $ ACCOUNTING /ENTRY=(211,212,213)

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for print or batch jobs with a queue entry number of 211, 212, or 213.

  2. $ ACCOUNTING /ENTRY=(-25,50)

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for print or batch jobs with a queue entry number of 25 or 50.

/FULL

/FULL — Produces a full report of the selected records.

Syntax

/FULL

Description

The /FULL qualifier produces a full report of the selected records. The report is directed to the current SYS$OUTPUT device, unless you use the /OUTPUT qualifier to write it to a file. (Note that /OUTPUT is Alpha- and Integrity servers-only.)

Full reports display one screen of information for each selected record. The information displayed, and the way that it is laid out, depend on the type of the record and the data it contains.

The first line shows the event that caused the record to be logged in the accounting file. For example, for a record that was logged when an interactive process terminated, the first line shows INTERACTIVE Process Termination.

For subprocesses, the Owner ID field shows the process identifier (PID) of the parent process.

For records that contain information about DECnet for OpenVMS requests, the three Remote fields identify the remote user and remote node.

The Processor time field shows the total CPU time used. This includes any vector CPU time used. The Vector CPU time field is shown only if vector CPU time has been used.

Vector CPU time is the time that the process was scheduled on a vector-present CPU while that process was a vector consumer. Note that:
  • When a process is a vector consumer, it accrues vector CPU time when it is scheduled, even if it does not issue any vector instructions.

  • Processes that are scalar consumers or marginal vector consumers do not accrue vector CPU time, even when they are scheduled on vector-present CPUs.

The privilege is shown as two hexadecimal numbers that represent the first and last 32 bits of the 64-bit privilege mask. To translate the privilege bit mask into privileges, see the definitions of the symbols that begin PRV$V_ in the $PRVDEF macro in the STARLET library. For example, the $PRVDEF macro defines the PRV$V_READALL symbol to equate to 35. This means that READALL privilege is represented by bit 35 set in the privilege mask.

If you are processing only one file and you are displaying it on your screen, when you do not want to look at any more records, press Ctrl/Z to return to the DCL prompt.

See also the /BINARY qualifier, which copies the selected records to a file, and the /BRIEF and /SUMMARY qualifiers, which produce brief and summary reports of the selected records.

You cannot use the /FULL qualifier with the /BINARY, /BRIEF, or /SUMMARY qualifiers.

Examples

  1. $ ACCOUNTING /FULL
    This example displays a full report of all the records in the file SYS$MANAGER:ACCOUNTNG.DAT. This example screen shows a record that was logged when an interactive process terminated. The interactive process was created when the user JONES at the node HQ222 entered a SET HOST command to connect to the local node.
    INTERACTIVE Process Termination
    -------------------------------
    Username:         FISH        UIC:               [DOC,FISH]
    Account:          DOC         Finish time:       23-JAN-2002 15:21:23.83
    Process ID:       20A0029B    Start time:        23-JAN-2002 15:19:08.28
    Owner ID:                     Elapsed time:                0 00:02:15.55
    Terminal name:     RTA2:      Processor time:              0 00:00:04.14
    Remote node addr: 63576       Priority:          4
    Remote node name: HQ222       Privilege <31-00>: 00108000
    Remote ID:        JONES       Privilege <63-32>: 00000000
    Queue entry:                  Final status code: 00000001
    Queue name:
    Job name:
    Final status text: %SYSTEM-S-NORMAL, normal successful completion
    
    Page faults:      2043        Direct IO:              159
    Page fault reads:   68        Buffered IO:            228
    Peak working set:  852        Volumes mounted:          0
    Peak page file:   5512        Images executed:         10
                                  Vector CPU time:             0 00:00:0.54
    Press RETURN for Next Record >
  2. $ ACCOUNTING /FULL /OUTPUT=MYACC

    This example creates the output file MYACC.LIS in the default directory. It processes the file SYS$MANAGER:ACCOUNTNG.DAT, writing a full report of all records to the new output file.

/IDENT

/IDENT — Selects or rejects records for the specified processes.

Syntax

/IDENT ([-]pid[,...])

Description

The /IDENT qualifier uses the value of the process identifier (PID) field to select records for processing. This field is present in all records except file backward link and file forward link records. For print job records, it contains the PID of the process that submitted the job.

The /IDENT qualifier selects only records that have the specified values in the PID field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See also the /OWNER qualifier, which selects or rejects records for subprocesses created by specified processes.

Examples

  1. $ ACCOUNTING /IDENT=(25634,045A6B)

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for processes with a PID of 25634 or 045A6B.

  2. $ ACCOUNTING /IDENT=(-25634,045A6B)

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for processes with a PID of 25634 or 045A6B.

/IMAGE

/IMAGE — Selects or rejects records for the specified images.

Syntax

/IMAGE ([-]image_name[,...])

Description

The /IMAGE qualifier uses the value of the image name field to select records for processing. This field is present only in records of type IMAGE, and contains the name of the image.

Note that the system does not track records of type IMAGE by default. To enable the tracking of IMAGE records, use the SET ACCOUNTING command.

The /IMAGE qualifier selects only records that have the specified values in the image name field. If you precede the values with a minus sign, it selects all records except those with the specified values.

Each image name is a string that gives the file name portion of the image file specification. Do not include the device, directory, or file type.

Examples

  1. $ ACCOUNTING /IMAGE=DIRECTORY

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for the DIRECTORY.EXE image.

  2. $ ACCOUNTING /IMAGE=-DIRECTORY

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for the DIRECTORY.EXE image.

/JOB

/JOB — Selects or rejects records for print and batch jobs with the specified job names.

Syntax

/JOB ([-]job_name[,...])

Description

The /JOB qualifier uses the value of the job name field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about print and batch jobs, it contains the name of the job.

The /JOB qualifier selects only records that have the specified values in the job name field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See also the /QUEUE and /ENTRY qualifiers, which select or reject records for print and batch jobs with specified queue names and queue entry numbers.

Examples

  1. $ ACCOUNTING /JOB=(MYJOB1,MYJOB2)

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for print or batch jobs named MYJOB1 or MYJOB2.

  2. $ ACCOUNTING /JOB=(-MYJOB1,MYJOB2) /FULL

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of all records except those for print or batch jobs named MYJOB1 or MYJOB2.

/LOG

/LOG — Outputs informational messages.

Syntax

/LOG

Description

The /LOG qualifier outputs these informational messages to the current SYS$OUTPUT device:
  • For each file processed, the name of the file and the number of records selected and rejected from that file

  • If you use the /SORT qualifier, the total number of records merged in the sort (this is the total number of records selected from all the files that were processed)

  • If you process more than one file, the total number of files that were processed, and the total number of records selected and rejected

Example

$ ACCOUNTING MYFILE1.DAT,MYFILE2.DAT /TYPE=PRINT /SORT=USER /OUTPUT=OUTFILE

%ACC-I-INPUT, SYS$SYSROOT:[SYSMGR]MYFILE1.DAT;7, 297 selected, 16460 rejected
%ACC-I-INPUT, SYS$SYSROOT:[SYSMGR]MYFILE2.DAT;13,302 selected, 16388 rejected
%ACC-I-MERGE, 599 records to be merged
%ACC-I-TOTAL, 599 selected, 32848 rejected, 2 input files

This example processes two accounting files. It writes a brief report of all the records for print jobs, sorted in user name order, to an output file and displays informational messages that tell you which files were processed and how many records were selected and rejected.

/NODE

/NODE — Selects or rejects records for DECnet for OpenVMS requests made by the specified nodes.

Syntax

/NODE ([-]node_name[,...])

Description

The /NODE qualifier uses the value of the remote node name field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about DECnet for OpenVMS requests, it contains the name of the node that made the request.

The /NODE qualifier selects only records that have the specified values in the remote node name field. If you precede the values with a minus sign, it selects all records except those with the specified values.

Do not include the double colon (::) after the name of the node.

See also the /ADDRESS and /REMOTE_ID qualifiers, which select or reject records for DECnet for OpenVMS requests made by specified node addresses and remote IDs respectively.

Examples

  1. $ ACCOUNTING /NODE=HQ291 /FULL

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of all records for DECnet for OpenVMS requests made by the node HQ291.

  2. $ ACCOUNTING /NODE=(-HQ222,HQ223)

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for DECnet for OpenVMS requests made by the nodes HQ222 or HQ223.

/OUTPUT (Alpha and Integrity servers)

/OUTPUT (Alpha and Integrity servers) — Specifies the output file. Requires read and write access to the directory in which the output file is created.

Syntax

/OUTPUT =filespec

Description

The /OUTPUT qualifier creates the specified output file and writes the report or copies the selected records to that file.

If you omit the /OUTPUT qualifier, or you use the /OUTPUT qualifier and omit the file specification, the report or selected records are output to the current SYS$OUTPUT device.

If the file specification does not include the device or directory name, your current default device or directory is used. If you omit the file name, the file name of the first input file is used (the first file listed in the parameter to the ACCOUNTING command). If you omit the file type, the default file type is .LIS if you are producing reports, and .DAT if you are copying records.

Examples

  1. $ ACCOUNTING MYFILE1.DAT,MYFILE2.DAT /SORT=USER /BINARY /OUTPUT=.NEW

    This example creates the output file MYFILE1.NEW in the default directory. It processes two accounting files, MYFILE1.DAT and MYFILE2.DAT, sorting their records in user name order, then copies these records to the new output file.

  2. $ ACCOUNTING MYFILE1.NEW /FULL /OUTPUT=MYDISK:[ACCOUNTING]STAT

    This example creates the output file MYDISK:[ACCOUNTING]STAT.LIS, and writes a full report of all the records in MYFILE1.NEW to the new output file.

/OWNER

/OWNER — Selects or rejects records for subprocesses created by the specified processes.

Syntax

/OWNER ([-]owner_pid[,...])

Description

The /OWNER qualifier uses the value of the process owner field to select records for processing. This field is present in all records except file backward link and file forward link records. For a subprocess, this field contains the process identifier (PID) of the process that created it.

The /OWNER qualifier selects only records that have the specified values in the process owner field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See also the /IDENT qualifier, which selects or rejects records for specified processes.

Example

$ ACCOUNTING /OWNER=(25634,045A6B)

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for subprocesses created by processes with a PID of 25634 or 045A6B.

/PRIORITY

/PRIORITY — Selects or rejects records for the specified priority.

Syntax

/PRIORITY ([-]priority[,...])

Description

The /PRIORITY qualifier uses the value of the priority field to select records for processing. This field is present in all records except file backward link and file forward link records. For print and batch job records, this field contains the priority of the job in the print or batch queue. For other records, it contains the base process priority.

The /PRIORITY qualifier selects only records that have the specified values in the priority field. If you precede the values with a minus sign, it selects all records except those with the specified values.

Example

$ ACCOUNTING /PRIORITY=3

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for processes with a base priority of 3 and for print and batch jobs with a queue priority of 3.

/PROCESS

/PROCESS — Selects or rejects records for the specified types of process.

Syntax

/PROCESS ([-]process_type[,...])

Keyword

process_type[,...]

Specifies which types of process you want to select or reject. The following table shows the keywords available:

Keyword

Type of Process

BATCH

Batch process

DETACHED

Detached process

INTERACTIVE

Interactive process

NETWORK

Network process

SUBPROCESS

Subprocess of any of the other process types

Description

The /PROCESS qualifier uses the value of the process type field to select records for processing. This field is present only in records of type IMAGE and type PROCESS. For records of type IMAGE, this field contains the type of the process in which the image was executed.

The /PROCESS qualifier selects only records that match the specified types of process. If you precede the list with a minus sign, it selects all records except those for the specified types of process.

See also the /TYPE qualifier, which selects or rejects specified types of record.

Example

$ ACCOUNTING /TYPE=IMAGE /PROCESS=INTERACTIVE /FULL

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of the resources used by images running in interactive processes.

/QUEUE

/QUEUE — Selects or rejects records for print or batch jobs executed by the specified queues.

Syntax

/QUEUE ([-]queue_name[,...])

Description

The /QUEUE qualifier uses the value of the queue name field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about print or batch jobs, it contains the name of the queue that executed the job.

The /QUEUE qualifier selects only records that have the specified values in the queue name field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See also the /JOB and /ENTRY qualifiers.

Example

$ ACCOUNTING /QUEUE=SYS$MYNODE_BATCH

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for jobs executed by the SYS$MYNODE_BATCH queue.

/REJECTED

/REJECTED — Copies the rejected records to a new file. Requires read and write access to the directory in which the specified file is created.

Syntax

/REJECTED =filespec

Description

The /REJECTED qualifier creates the specified file, then copies the records that do not match your selection criteria to this file in binary format. Use the Accounting utility to process this file later.

If the file specification does not include the device or directory name, your current default device or directory is used. If you omit the file name, the file name of the first input file is used (the first file listed in the parameter to the ACCOUNTING command). If you omit the file type, .REJ is used.

Example

$ ACCOUNTING /TYPE=PRINT /BINARY /OUTPUT=PRINT_INFO.DAT -
_$ /REJECTED=NOT_PRINT_INFO.DAT

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It creates two files, PRINT_INFO.DAT and NOT_PRINT_INFO.DAT, in the default directory. It copies print job records to PRINT_INFO.DAT and all other records to NOT_PRINT_INFO.DAT.

/REMOTE_ID

/REMOTE_ID — Selects or rejects records for DECnet for OpenVMS requests made by the specified remote IDs.

Syntax

/REMOTE_ID ([-]remote_id[,...])

Description

The /REMOTE_ID qualifier uses the value of the remote ID field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about DECnet for OpenVMS requests, this field contains a string that identifies the user who made the request. If the remote process was on an OpenVMS node, this is the user name of the user at the remote node.

The /REMOTE_ID qualifier selects only records that have the specified values in the remote ID field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See also the /NODE and /ADDRESS qualifiers, which select or reject records for DECnet for OpenVMS requests made by nodes with specified names and addresses respectively.

Example

$ ACCOUNTING /NODE=HQ223 /REMOTE_ID=SMITH /FULL

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a full report of all the records for DECnet for OpenVMS requests made by user SMITH at the node HQ223.

/REPORT

/REPORT — Specifies the resources that you want to summarize in a summary report.

Syntax

/REPORT [=(resource[,...])]

Keyword

resource[,...]

Specifies the resources that you want to summarize in the report. The following table shows the keywords available:

Keyword

Description

How Summarized

BUFFERED_IO?

Number of buffered I/Os

Total

DIRECT_IO?

Number of direct I/Os

Total

ELAPSED?, ?

Elapsed time

Total

EXECUTION?

Number of images run by the process

Total

FAULTS?

Number of hard and soft page faults

Total

GETS?

Number of GETs from the file that was printed

Total

PAGE_FILE?

Page file usage

Maximum

PAGE_READS?

Number of hard page faults

Total

PAGES?

Number of pages printed

Total

PROCESSOR?

Total CPU time used

Total

QIOS?

Number of QIOs to the printer

Total

RECORDS

Number of accounting file records processed

Total

VECTOR_PROCESSOR?

Vector CPU time used (see the description of the /FULL qualifier for further details)

Total

VOLUMES?

Number of volumes mounted

Total

WORKING_SET?

Working set size

Maximum

The RECORDS keyword is the default if you omit either the keywords or the /REPORT qualifier. It gives the total number of records for each summary key value.

Description

The /REPORT qualifier specifies the resources that you want to summarize in a summary report. The resources are summarized, either as totals or maximum values, for each summary key value specified by the /SUMMARY qualifier.

When a record is processed that does not contain the specified resource field, a default value of 0 is used. For example, if you use the PAGES keyword to summarize the total pages printed, the value of 0 is used for each record that is not of type PRINT.

Note that the resource usage data stored in records of type IMAGE is a subset of the data stored in records of type PROCESS. For example, the CPU time stored in a record of type PROCESS includes the CPU time used by the images executed by that process. To make sure that you do not count the same resource data twice when you are summarizing process resources by totals, use the /TYPE qualifier to exclude records of type IMAGE.

You cannot use the /REPORT qualifier without the /SUMMARY qualifier.

Examples

  1. $ ACCOUNTING /SUMMARY=IMAGE /REPORT=(RECORDS,PROCESSOR)

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a summary report that shows for each image the number of times it was executed and the total CPU time consumed.

  2. $ ACCOUNTING /TYPE=-IMAGE /SUMMARY=USER /REPORT=EXECUTION

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a summary report that shows the total number of images executed by each user. Notice the use of the /TYPE qualifier to exclude records of type IMAGE to avoid double counting.

/SINCE

/SINCE — Selects all records time-stamped at or after the specified time.

Syntax

/SINCE =time

Description

All records in an accounting file are time-stamped with the time the record was logged in the file.

The /SINCE qualifier selects only the records time-stamped on or after the specified time. You can specify an absolute time, delta time, or a combination of the two. If you omit the time, 00:00 hours on the current day is used.

See also the /BEFORE qualifier, which selects records time-stamped before a specified time.

Example

$ ACCOUNTING /SINCE=5-JAN-2002

This example produces a brief report of all records time-stamped at or after 5-JAN-2002 in the file SYS$MANAGER:ACCOUNTNG.DAT.

/SORT

/SORT — Sorts the selected records.

Syntax

/SORT =([-]sort_field[,...])

Keyword

sort_field[,...]

Specifies the sort key.

The following table shows the keywords available. You can specify up to ten sort fields.

Keyword

Sorts on This Field

ACCOUNT

Account

ADDRESS

Address of the node that made the DECnet for OpenVMS request

BUFFERED_IO

Number of buffered I/Os

DIRECT_IO

Number of direct I/Os

ELAPSED

Elapsed time

ENTRY

Print or batch job queue entry number

EXECUTION

Number of images run by the process

FAULTS

Number of hard and soft page faults

FINISHED

Time record was logged in the accounting file

GETS

Number of GETs from the file that was printed

IDENT

Process identifier (PID)

IMAGE

Image name (sorts only on file name portion of the image file specification)

JOB

Name of print or batch job

NODE

Name of the node that made the DECnet for OpenVMS request

OWNER

PID of parent process

PAGE_FILE

Peak page file usage

PAGE_READS

Number of hard page faults

PAGES

Number of pages printed

PRIORITY

Base process priority, or print or batch queue priority

PROCESS

Type of process

PROCESSOR

Total CPU time used

QIOS

Number of QIOs to the printer

QUEUE

Name of print or batch queue

QUEUED

Time print job was queued

STARTED

Start time

STATUS

Final exit status code

TERMINAL

Terminal name

TYPE

Type of record

UIC

User identification code

USER

User name at local node

VECTOR_PROCESSOR

Vector CPU time (see the description of the /FULL qualifier for further details)

VOLUMES

Number of volumes mounted

WORKING_SET

Peak working set size

For each keyword, see the description of the corresponding Accounting utility qualifier or the table in the /TYPE qualifier section for details of the types of record in which the corresponding field is present.

Description

The /SORT qualifier merges the selected records from each input file (each file listed in the parameter to the ACCOUNTING command) and sorts them using the specified sort key. The records are sorted according to the value of the first sort field in the list, and when two or more records have the same value in this field, they are sorted by the value of the second sort field in the list, and so on.

The records are sorted in ascending order of the sort field value. If the keyword is preceded by a minus sign, the records are sorted in descending order.

When you use the /SORT qualifier, records are rejected if they do not contain the sort field. For example, /SORT=IMAGE rejects all records that are not of type IMAGE, because the image name field is only present in records of type IMAGE. Similarly, /SORT=PAGES rejects all records except those for print jobs.

You cannot use the /SORT qualifier with the /SUMMARY qualifier.

Examples

  1. $ ACCOUNTING /TYPE=PRINT /SORT=USER

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all the records for print jobs and displays them in user name order.

    The following example shows the report that is produced:
    Date / Time           Type  Subtype Username     ID      Source  Status
    -------------------------------------------------------------------------
    14-JAN-2002 09:53:05  PRINT         BROWN        20A00193        00040001
    13-JAN-2002 13:36:04  PRINT         BROWN        20A00442        00000001
    13-JAN-2002 12:42:37  PRINT         BROWN        20A00442        00000001
    13-JAN-2002 14:43:56  PRINT         DECNET_MAIL  20A00456        00000001
    14-JAN-2002 19:39:01  PRINT         DECNET_MAIL  20A00265        00000001
    14-JAN-2002 20:09:03  PRINT         DECNET_MAIL  20A00127        00000001
    14-JAN-2002 20:34:45  PRINT         DECNET_MAIL  20A00127        00000001
    14-JAN-2002 11:23:34  PRINT         FISH         20A0032E        00040001
    14-JAN-2002 16:43:16  PRINT         JONES        20A00070        00040001
    14-JAN-2002 09:30:21  PRINT         SMITH        20A00530        00040001
  2. $ ACCOUNTING MYFILE1.DAT,MYFILE2.DAT /SORT=IMAGE -
    _$ /FULL /REJECTED=NON_IMAGE.DAT

    This example processes two files, MYFILE1.DAT and MYFILE2.DAT, to produce a full report of records of type IMAGE, sorted in image name order. It creates the file NON_IMAGE.DAT, and copies all records except those of type IMAGE to that file. Notice that no selection qualifiers are used, and so all records are selected for processing. When the records are sorted, records that do not contain an image name are rejected.

/STATUS

/STATUS — Selects or rejects records with the specified final exit status codes.

Syntax

/STATUS ([-]status_code[,...])

Description

The /STATUS qualifier uses the value of the final status code field to select records for processing. This field is present in all records except records of type USER, file backward link records, and file forward link records.

The /STATUS qualifier selects only records that have the specified values in the final status code field. If you precede the values with a minus sign, it selects all records except those with the specified values.

See the description of the /BRIEF qualifier for details of how to convert a final exit status code to the equivalent message text.

Example

$ ACCOUNTING /STATUS=10D38064

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records with a final exit status code of 10D38064.

/SUMMARY

/SUMMARY — Produces a summary report of the selected records.

Syntax

/SUMMARY =(summary_item[,...])

Keyword

summary_item[,...]

Specifies the summary key. The following table lists keywords:

Keyword

Description

ACCOUNT

Account

DATE

Date

DAY

Day of month (1–31)

HOUR

Hour of day (0–23)

IMAGE

Image name (file name portion of image file specification)

JOB

Name of print or batch job

MONTH

Month of year (1–12)

NODE

Name of the node that issued the DECnet for OpenVMS request

PROCESS

Process type

QUEUE

Print or batch job queue name

TERMINAL

Terminal name

TYPE

Record type

UIC

User identification code

USER

User name

WEEKDAY

Day of week (0=Sunday, 1=Monday, and so on)

YEAR

Year

If you omit these keywords, the user name is used as the summary key.

Description

The /SUMMARY qualifier produces a summary report of the selected records. The report is directed to the current SYS$OUTPUT device, unless you use the /OUTPUT qualifier to write it to a file.

Summary reports give statistical summaries of the resources specified by the /REPORT qualifier for each value of the summary key specified by the /SUMMARY qualifier. If you omit the /REPORT qualifier, the summary report gives the total number of records processed for each summary key value.

The first line of the summary report shows the time span of the data processed (when the first and last records processed were logged in the input files), with a title in the middle. You can use the /TITLE qualifier to specify your own title.

The next few lines of the report are column headings. There is one column for each summary_item, then one column for each resource specified by the /REPORT qualifier. The columns are laid out in the same left-to-right sequence as the equivalent keywords in the/SUMMARY and /REPORT qualifiers.

The rest of the report uses one line for each summary key value. It gives a summary of the resources associated with that summary key value. The data is sorted in ascending order of the summary key value.

See also the /BINARY qualifier, which copies the selected records to a file, and the /BRIEF and /FULL qualifiers, which produce brief and full reports of the selected records.

You cannot use the /SUMMARY qualifier with the /BINARY, /BRIEF, or /FULL qualifiers.

Examples

  1. $ ACCOUNTING /TYPE=PRINT /SUMMARY=USER /REPORT=(PAGES,RECORDS)
    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It processes all the print job records and produces a summary report that shows, for each user, the total number of pages printed and the number of records that were added together to produce this total. This is an example of the report that is produced:
    From: 12-JAN-2002 15:55  VAX/VMS Accounting Report  To: 15-JAN-2002 15:17
    
    Username         Pages    Total
                   Printed  Records
    -------------------------------
    BROWN              115        2
    CROW                 3        1
    CUTHBERT            20        4
    FOSTER              46        1
    SMITH               50        3
    WHITE               50        7 
  2. $ ACCOUNTING /SUMMARY=IMAGE /REPORT=(PROCESSOR,RECORDS)
    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a summary report that shows the total CPU time used by each image. This is an example of the report that is produced:
    From: 12-JAN-2002 15:55  VAX/VMS Accounting Report  To: 15-JAN-2002 15:17
    Image name     Processor        Total
                      Time        Records
    -------------------------------------
                   0 00:09:09.83       51
    ACC            0 00:01:36.72       99
    AUTHORIZE      0 00:00:04.17        8
    CDU            0 00:00:33.25       21
    COPY           0 00:00:05.97       30
    DELETE         0 00:00:02.79       12
    DIRECTORY      0 00:00:09.67       38
    DUMP           0 00:00:04.51        3
    EDT            0 00:00:05.85        7
    LOGINOUT       0 00:04:03.48       75
    NETSERVER      0 00:00:00.63       23
    SHOW           0 00:00:04.80       22

/TERMINAL

/TERMINAL — Selects or rejects records for interactive sessions at the specified terminals.

Syntax

/TERMINAL ([-]terminal_name[,...])

Description

The /TERMINAL qualifier uses the value of the terminal name field to select records for processing. This field is present in all records except file backward link and file forward link records. For records that contain information about interactive sessions, this field contains the name of the terminal associated with the session.

The /TERMINAL qualifier selects only records that have the specified values in the terminal name field. If you precede the values with a minus sign, it selects all records except those with the specified values.

Give the terminal name as the standard device name and include the colon (:).

Example

$ ACCOUNTING /TERMINAL=TTB3:

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for interactive sessions at the terminal TTB3.

/TITLE

/TITLE — Specifies the title shown on the first line of a summary report.

Syntax

/TITLE title

Description

The /TITLE qualifier specifies the title shown in the center of the first line of summary reports. The title is truncated if it is too long. For reports displayed on your screen, the title is truncated if it is longer than (W–56) characters, where W is the width (in characters) of your screen.

Example

$ ACCOUNTING /SUMMARY=IMAGE /TITLE="June Accounting Report"

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a summary report that shows the number of times each image was executed. The title June Accounting Report appears at the top of the report.

/TYPE

/TYPE — Selects or rejects the specified types of record.

Syntax

/TYPE ([-]record_type[,...])

Keyword

record_type[,...]

Specifies the types of record that you want to select or reject. The following table shows the keywords available:

Keyword

Type of Record

Description of Record

FILE

FILE_BL

File backward link. This is the first record in the accounting file. It is logged when the file is created, and contains the name of the previous accounting file.

FILE_FL

File forward link. This is the last record in the file. It is logged when the file is closed, and contains the name of the next accounting file.

IMAGE

IMAGE

Image termination. It contains details of the resources used by the image.

LOGFAIL

LOGFAIL

Failed attempt to log in. It contains details of the resources used by the login attempt.

PRINT

PRINT

Print job termination. It contains details of the resources used by the print job.

PROCESS

PROCESS

Process termination. It contains details of the resources used by the process. Note that this includes the resources used by the images executed by that process.

SYSINIT

SYSINIT

System booted. It contains details of resources used to boot the system.

UNKNOWN

Record not recognized as one of the other types in this table.

USER

USER

Record logged by a program calling the $SNDJBC system service to send an accounting message.

Description

All records in an accounting file contain a type field that contains the type of the record.

The /TYPE qualifier selects the specified types of record. If you precede the list with a minus sign, it selects all records except those specified.

See also the /PROCESS qualifier, which selects or rejects records for particular types of process.

Examples

  1. $ ACCOUNTING /TYPE=PRINT

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for print jobs.

  2. $ ACCOUNTING /TYPE=-PRINT

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records except those for print jobs.

/UIC

/UIC — Selects or rejects records for the specified UICs.

Syntax

/UIC ([-]uic[,...])

Description

The /UIC qualifier uses the value of the UIC field to select records for processing. This field is present in all records except file backward link and file forward link records. It contains the value[SYSTEM] for login failure records where the user did not give a valid user name.

The /UIC qualifier selects only records that have the specified values in the UIC field. If you precede the values with a minus sign enclosed in parentheses and followed by a comma, all records except those with the specified values are accepted.

You can specify the UIC in numeric or alphanumeric format, and can use the asterisk (*) wildcard character.

Example

$ ACCOUNTING /UIC=([360,*],[ADMIN,COTTON])

This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for users in group number 360 or users whose UIC is [ADMIN,COTTON].

/USER

/USER — Selects or rejects records for the specified user names.

Syntax

/USER ([-]user name[,...])

Description

The /USER qualifier uses the value of the user name field to select records for processing. This field is present in all records except file backward link and file forward link records. It contains the value <login> for login failure records where the user did not give a valid user name.

The /USER qualifier selects only records that have the specified values in the user name field. If you precede the values with a minus sign, it selects all records except those with the specified values.

Examples

  1. $ ACCOUNTING /USER=SMITH

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all records for the user SMITH.

  2. $ ACCOUNTING /USER=(-SMITH,JONES)

    This example processes the file SYS$MANAGER:ACCOUNTNG.DAT. It produces a brief report of all the records except for those of the users SMITH and JONES.

/WIDE

/WIDE — Changes the width of Buffered I/O and Direct I/O fields in a report from 8 to 10 characters.

Syntax

/WIDE

Description

The /WIDE qualifier corrects a problem that users have had with ACCOUNTING reports: the Buffered I/O and Direct I/O fields were too small and displayed asterisks (*) when numbers exceeded 8 characters.

The /WIDE qualifier changes the widths of the Buffered I/O and Direct I/O fields in reports to 10 characters.

Example

$ ACCOUNTING /PROC=BATCH /TYP=PROC -
     /REPORT=(RECORDS,PROCESSOR,DIRECT_IO,BUFFER)  -
     /SUMM=MONTH /SIN=1-JAN /WIDE

       MM    TOTAL    PROCESSOR       DIRECT   BUFFERED
            RECORDS     TIME             I/O       I/O
  ------------------------------------------------------
       01      2043  19 06:52:40.97  532675222 551986091
       02      1767   9 00:14:34.00  183290432 420000532

  ------------------------------------------------------

Without the /WIDE qualifier, the Direct I/O or Buffered I/O fields print ***** if the field overflows. With the /WIDE qualifier, these field sprint correctly.

Chapter 3. Analyze/Disk_Structure Utility

3.1. ANALYZE/DISK_STRUCTURE Description

You can use the Analyze/Disk_Structure utility (ANALYZE/DISK_STRUCTURE) in two important ways:
  • Use the utility on a regular basis to check disks for inconsistencies and errors, and to recover lost files.

  • Use the utility with the /SHADOW qualifier to examine the entire contents of a shadow set or a specified range of blocks in a shadow set.

These two uses are explained in the following sections.

Checking Disks

ANALYZE/DISK_STRUCTURE detects problems on On-Disk Structure (ODS) Levels 1, 2, and 5 Files–11 disks; hardware errors, system errors, or user errors can cause these problems. By using ANALYZE/DISK_STRUCTURE to identify and delete lost files and files marked for deletion, you can reclaim disk space.

ANALYZE/DISK_STRUCTURE performs the verification of a volume or volume set in eight distinct stages. During these stages, ANALYZE/DISK_STRUCTURE collects information used in reporting errors or performing repairs. However, ANALYZE/DISK_STRUCTURE repairs volumes only when you specify the /REPAIR qualifier. For a complete description of each of the eight stages, and an annotated example of an ANALYZE/DISK_STRUCTURE session, see Appendix D.

ANALYZE/DISK_STRUCTURE allocates virtual memory to hold copies of the index file and storage bitmaps. With larger bitmaps introduced in OpenVMS Version 7.2, the virtual memory requirements increase correspondingly. To use this utility on volumes with large bitmaps, you might need to increase your page file quota. On OpenVMS VAX systems, you might also need to increase the system parameter VIRTUALPAGECNT.

Virtual memory size requirements for the bitmaps are in VAX pages (or Alpha and Integrity servers 512-byte pagelets) per block of bitmap. Note that the size of the index file bitmap in blocks is the maximum number of files divided by 4096. For ANALYZE/DISK_STRUCTURE, this requirement is the sum of the following across the entire volume set:
  • 3 times all the storage bitmaps plus the largest bitmap in the volume set

  • 117 times the index file bitmaps

  • An additional 96 times the index file bitmaps if /USAGE was requested

  • Approximately 600 pages additional fixed scratch space

Examining Shadow Sets

The ANALYZE/DISK_STRUCTURE/SHADOW command is especially useful if a shadow set was initialized with the INITIALIZE/SHADOW command but without the /ERASE qualifier.

Another use of the ANALYZE/DISK_STRUCTURE/SHADOW command is if an error is logged on a member device, and you do not know whether the error was caused by a disk error or by some other hardware component such as a disk controller or cable. When you use the ANALYZE/DISK_STRUCTURE/SHADOW command, every block of every member is read and compared.

For further details, see the Section 3.1.2 and to the /SHADOW qualifier documentation.

3.1.1. Disk Error Reporting and Repair

You can invoke the Analyze/Disk_Structure utility to operate in any of the following three modes for disks errors:
  • Error reporting with no repairs

  • Error reporting with repairs

  • User-controlled selective repairs

By default, ANALYZE/DISK_STRUCTURE reports errors, but does not make repairs. For example, use the following command to report all errors on device DBA1:
$ ANALYZE/DISK_STRUCTURE DBA1:
When you issue this command, ANALYZE/DISK_STRUCTURE runs through eight stages of data collection, then, by default, prints a list of all errors and lost files to your terminal. One type of problem that ANALYZE/DISK_STRUCTURE locates is an invalid directory backlink; a backlink is a pointer to the directory in which a file resides. If your disk has a file with an invalid directory backlink, ANALYZE/DISK_STRUCTURE displays the following message and the file specification to which the error applies:
%VERIFY-I-BACKLINK, incorrect directory back link [SYSEXE]SYSBOOT.EXE;1
To instruct ANALYZE/DISK_STRUCTURE to repair the errors that it detects, use the /REPAIR qualifier. For example, the following command reports and repairs all errors on the DBA1 device:
$ ANALYZE/DISK_STRUCTURE DBA1:/REPAIR

Note

VSI recommends using a colon (:) after device names in commands.

When you update the storage control block (SCB) within a BITMAP.SYS file, the VERIFY utility forces the volume to perform mount verification if the volume is controlled by host-based shadowing.

To select which errors ANALYZE/DISK_STRUCTURE repairs, use both the /REPAIR and /CONFIRM qualifiers:
$ ANALYZE/DISK_STRUCTURE DBA1:/REPAIR/CONFIRM
When you issue this command, ANALYZE/DISK_STRUCTURE displays a description of each error and prompts you for confirmation before making a repair. For example, the previous command might produce the following messages and prompts:
%VERIFY-I-BACKLINK, incorrect directory back link [SYS0]SYSMAINT.DIR;1

Repair this error? (Y or N):  Y

%VERIFY-I-BACKLINK, incorrect directory back link
[SYSEXE]SYSBOOT.EXE;1]

Repair this error? (Y or N): N

Consider running ANALYZE/DISK_STRUCTURE twice for each volume. First, invoke the utility to report all errors. Evaluate the errors and decide on an appropriate action. Then invoke the utility again with the /REPAIR qualifier to repair all errors, or with the /REPAIR and /CONFIRM qualifiers to repair selected errors.

For message descriptions, use the online Help Message (MSGHLP) utility refer to the OpenVMS system messages documentation.

Recovering Lost Files

A lost file is a file that is not linked to a directory. Under normal circumstances, files do not become lost. However, files occasionally become lost because of disk corruption, hardware problems, or user error. For example, in cleaning up files and directories, you might inadvertently delete directories that still point to files. When you delete a directory file (a file with the file type .DIR) without first deleting its subordinate files, the files referred to by that directory become lost files. Though lost, these files remain on the disk and consume space.

When you run ANALYZE/DISK_STRUCTURE specifying the /REPAIR qualifier, the utility places lost files in SYSLOST.DIR.

For example, to report and repair all errors and lost files found on the device DDA0, issue the following command:
$ ANALYZE/DISK_STRUCTURE/REPAIR/CONFIRM DDA0:
If it discovers lost files on your disk, ANALYZE/DISK_STRUCTURE issues messages similar to those that follow:
%VERIFY-W-LOSTHEADER, file (16,1,1) []X.X;1
        not found in a directory
%VERIFY-W-LOSTHEADER, file (17,1,1) []Y.Y;1
        not found in a directory
%VERIFY-W-LOSTHEADER, file (18,1,1) []Z.Z;1
        not found in a directory
%VERIFY-W-LOSTHEADER, file (19,1,1) []X.X;2
        not found in a directory
%VERIFY-W-LOSTHEADER, file (20,1,1) []Y.Y;2
        not found in a directory
%VERIFY-W-LOSTHEADER, file (21,1,1) []Z.;1
        not found in a directory
%VERIFY-W-LOSTHEADER, file (22,1,1) []Z.;2
        not found in a directory
%VERIFY-W-LOSTHEADER, file (23,1,1) LOGIN.COM;163
        not found in a directory
%VERIFY-W-LOSTHEADER, file (24,1,1) MANYACL.COM;1
        not found in a directory

All lost files in this example are automatically moved to SYSLOST.DIR.

Erasing Old Home Blocks

When you initialize a volume, the initialize operation might not erase old home blocks. These are blocks that were created by previous initialize operations. If a volume that has old home blocks is damaged, you may not be able to recover the volume without erasing the blocks.

You can erase old home blocks manually by using the /HOMEBLOCKS qualifier on the ANALYZE/DISK_STRUCTURE command as follows:
$ ANALYZE/DISK_STRUCTURE/REPAIR/HOMEBLOCKS

Note that this operation can take up to 30 minutes to complete.

ANALYZE/DISK_STRUCTURE Output

By default, the Analyze/Disk_Structure utility directs all output to your terminal. If you prefer, you can use the /LIST qualifier to generate a file containing the following information for each file on the disk:
  • File identification (FID)

  • File name

  • Owner

  • Errors associated with the file

To generate a disk usage accounting file, use the /USAGE qualifier. The first record of the file, called the identification record, contains a summary of disk and volume characteristics. The identification record is followed by a series of summary records; one summary record is created for each file on the disk. A summary record contains the owner, size, and name of the file.

For more information about the disk usage accounting file, see Appendix E.

3.1.2. Detecting Shadow Set Errors

When you enter the ANALYZE/DISK_STRUCTURE/SHADOW command, the system checks for shadow set discrepancies – to ensure that every block on the disk is identical. A discrepancy is a block that should be the same on all members but is not. For example, when you enter a WRITE command, it might not be written to all the members when the ANALYZE/DISK/SHADOW processes it.

If a discrepancy is found, a cluster wide WRITE lock is taken on the shadow set, and the questionable blocks are reread. Then either one of two actions occurs:
  • If a discrepancy is still present on the second read, the system displays the file name on the screen. The system also dumps the data block containing the discrepancy to the screen or to a file if you specify the /OUTPUT qualifier.

  • If no discrepancy is found on the second read, the system considers the error to be a transient one (for example, if a WRITE to that disk block was in progress). The system then logs the transient error in the summary displayed on the user's terminal. However, verification that all members contained the same information is considered a success – in other words, the data on the disk is actually the same, although for a brief period it was not.

In addition, this utility might report explainable discrepancies between the shadow set members if either of the following occurs:
  • The shadow set has not undergone a full merge since the shadow set was created. This occurs if the shadow set was created using the DCL command INITIALIZE/SHADOW without the /ERASE qualifier and if the disk devices had different contents.

    It is important to be aware that this is not disk corruption. The blocks that are reported as different have not been written to, but they might contain stale data; the blocks reported as inconsistent might even be allocated to a file because there might be unwritten space between the file's end-of-data location and the end of the allocated space.

  • A full merge has not occurred since the shadow set was logically expanded after a new member was added. The following example illustrates this problem:
    • Shadow set DSA1: consists of two members:
      • $1$DGA20:## (18 GB)
      • $1$DGA21:## (36 GB)
    • A second 36-GB member, $1$DGA22:, is added to the shadow set with a full copy operation.

    • After the copy completes, $1$DGA20: is removed from the shadow set.

    • At this point, if you enter the SET VOLUME/SIZE DSA1: command, the shadow set virtual unit DSA1: increases to 36 GB. Then, ANALYZE/DISK/SHADOW reports discrepancies because only the first 18 GB of the shadow set contents were copied to $1$DGA22:.

    The discrepancies reported by ANALYZE/DISK/SHADOW are harmless because the space in question has not yet been written by applications.

You can eliminate inconsistencies by performing a full merge. To initiate a full merge, enter the DCL command SET SHADOW/DEMAND_MERGEDSA xxx. If the devices are served by controllers that support controller-based minimerge (for example, HSJ50s), enter this command while the shadow set is mounted on only one node within the cluster. Otherwise, a minimerge occurs, and the discrepancy might not be resolved. When you add members to a single member shadow set, a full copy operation also ensures that the disk is consistent both within and outside the file system.

3.2. ANALYZE/DISK_STRUCTURE Usage Summary

The Analyze/Disk_Structure utility checks the readability and validity of Files–11 Structure Levels 1, 2, and 5 disk volumes, and reports errors and inconsistencies. You can detect most classes of errors by invoking the utility once and using its defaults.

Syntax

ANALYZE/DISK_STRUCTURE device-name:[/qualifier]

Parameter

device-name

Specifies the disk volume or volume set to be verified. If you specify a volume set, all volumes of the volume set must be mounted as Files–11 volumes. For information about the Mount utility, see the MOUNT documentation in this manual.

Usage Summary

Use the following command to invoke the utility:

ANALYZE/DISK_STRUCTURE device-name: /qualifiers

To terminate an ANALYZE/DISK_STRUCTURE session, press Ctrl/C or Ctrl/Y while the utility executes. You cannot resume a session by using the DCL command CONTINUE.

By default, ANALYZE/DISK_STRUCTURE directs all output to your terminal. Use the /USAGE or /LIST qualifiers to direct output to a file.

To repair a disk effectively, you must have read, write, and delete access to all files on the disk. To effectively scan a disk (/NOREPAIR), you must have read access to all files on the disk. You must also have write access to INDEXF.SYS to force the flushing of the caches for this file. You must also have write access to BITMAP.SYS for the same reason: to force the flushing of the caches for this file. (You need write access to QUOTA.SYS only if the volume is running disk quotas.)

For a complete explanation of file access, see the VSI OpenVMS Guide to System Security.

Warning

When you use the /REPAIR or /LOCK_VOLUME qualifier, only the process running the ANALYZE/DISK_STRUCTURE Utility has access to the file system. This means that active files such as SYSUAF, RIGHTSLIST, log files, and especially AUDIT_SERVER journal and log files that might exist on the target device are stalled while ANALYZE/DISK_STRUCTURE is running.

Stalling includes OPEN, CREATE, CLOSE, file EXTEND, and TRUNCATE operations. Stalling occurs on all nodes within the cluster that have the volume mounted.

If you specify /REPAIR, the utility uses the ACP control lock volume function to prevent creation, deletion, extension, and truncation activity while the volume is being rebuilt. In this way, the volume is prevented from being modified while the operation is in progress.

If you specify /NOREPAIR, the volume is not locked; the utility does not attempt to write to the disk. However, if users perform file operations while you run the utility, you might receive error messages that incorrectly indicate file damage. To avoid this problem, VSI recommends that you run ANALYZE/DISK_STRUCTURE when the disk is in a quiescent state.

3.3. ANALYZE/DISK_STRUCTURE Qualifiers

This section describes and provides examples of each ANALYZE/DISK_STRUCTURE qualifier. The following table summarizes the qualifiers:

Qualifier

Description

/CONFIRM

Determines whether ANALYZE/DISK_STRUCTURE prompts you to confirm each repair

/HOMEBLOCKS

Erases damaged home blocks on an initialized volume

/LIST[=filespec]

Determines whether ANALYZE/DISK_STRUCTURE produces a listing of the index file

/LOCK_VOLUME

(Alpha and Integrity servers) Prevents updates to a volume while you are analyzing it

/OUTPUT[=filespec]

Specifies the output file to which ANALYZE/DISK_STRUCTURE writes the disk structure errors

/READ_CHECK

Determines whether ANALYZE/DISK_STRUCTURE performs a read check of all allocated blocks on the specified disk

/RECORD_ATTRIBUTES

Determines whether ANALYZE/DISK_STRUCTURE repairs files containing erroneous settings in the record attributes section of their associated file attribute block (FAT)

/REPAIR

Determines whether ANALYZE/DISK_STRUCTURE repairs errors that are detected in the file structure of the specified device

/SHADOW

Causes the entire contents of a shadow set or a specified range of blocks in a shadow set to be checked for discrepancies.

/STATISTICS

Produces statistical information about the volume under verification and creates a file, STATS.DAT, which contains per-volume statistics

/USAGE[=filespec]

Specifies that a disk usage accounting file should be produced, in addition to the other specified functions of ANALYZE/DISK_STRUCTURE

/CONFIRM

/CONFIRM — Determines whether the Analyze/Disk_Structure utility prompts you to confirm each repair. If you respond with Y or YES, the utility performs the repair. Otherwise, the repair is not performed.

Syntax

/CONFIRM

/NOCONFIRM

Description

You can use the /CONFIRM qualifier only with the /REPAIR qualifier. The default is /NOCONFIRM.

Example

$ ANALYZE/DISK_STRUCTURE DBA0:/REPAIR/CONFIRM
%VERIFY-I-BACKLINK, incorrect directory back link [SYS0]SYSMAINT.DIR;1
Repair this error? (Y or N): Y
%VERIFY-I-BACKLINK, incorrect directory back link [SYSEXE]SYSBOOT.EXE;1
Repair this error? (Y or N): N

The command in this example causes the Analyze/Disk_Structure utility to prompt you for confirmation before performing the indicated repair operation.

/HOMEBLOCKS

/HOMEBLOCKS — Erases home blocks from a volume whose home blocks were not deleted during previous initialization operations.

Syntax

/HOMEBLOCKS

Description

You can use the /HOMEBLOCKS qualifier only with the /REPAIR qualifier. The operation can take 30 minutes to complete.

Example

$ ANALYZE/DISK_STRUCTURE DBA0:/REPAIR/HOMEBLOCKS

The command in this example causes the Analyze/Disk_Structure utility to erase home blocks on DBA0.

/LIST

/LIST — Determines whether the Analyze/Disk_Structure utility produces a listing of the index file.

Syntax

/LIST =filespec

/NOLIST

Description

If you specify /LIST, the utility produces a file that contains a listing of all file identifications (FIDs), file names, and file owners. If you omit the file specification, the default is SYS$OUTPUT. If you include a file specification without a file type, the default type is .LIS. You cannot use wildcard characters in the file specification.

The default is /NOLIST.

Example

$ ANALYZE/DISK_STRUCTURE DLA2:/LIST=INDEX
$ TYPE INDEX
Listing of index file on DLA2:
31-OCT-2002 20:54:42.22
 
(00000001,00001,001)  INDEXF.SYS;1
                              [1,1]
(00000002,00002,001)  BITMAP.SYS;1 
                              [1,1]
(00000003,00003,001)  BADBLK.SYS;1 
                              [1,1]
(00000004,00004,001)  000000.DIR;1 
                              [1,1]
(00000005,00005,001)  CORIMG.SYS;1 
                              [1,1]
. 
. 
. 
$

In this example, ANALYZE/DISK_STRUCTURE did not find errors on the device DLA2. Because the file INDEX was specified without a file type, the system assumes a default file type of .LIS. The subsequent TYPE command displays the contents of the file INDEX.LIS.

/LOCK_VOLUME (Alpha and Integrity servers)

/LOCK_VOLUME (Alpha and Integrity servers) — Prevents updates to a volume while you are analyzing it.

Syntax

/LOCK_VOLUME

/NOLOCK_VOLUME

Description

/LOCK_VOLUME provides a way to prevent file system activity on a volume while you are using the ANALYZE/DISK_STRUCTURE utility on that volume. This qualifier operates the same way as /REPAIR does: it software write-locks the file structure while the utility is running. (The qualifier does not, however, affect any repairs on the volume.) The default is /NOLOCK_VOLUME.

Using this qualifier reduces the number of false error messages that might occur when you run the utility on an active volume. /LOCK_VOLUME stops the activity of applications that open, close, or modify files on the target volume for the period the utility is running.

Note

Be careful about using this qualifier, especially for volumes that contain active system files such as SYSUAF, RIGHTSLIST, log files, and AUDIT_SERVER journal and log files. All of these files are stalled while ANALYZE/DISK_STRUCTURE is running.

Example

$ ANALYZE/DISK_STRUCTURE DBA1:/LOCK_VOLUME

The command in this example stops file system activity on DBA1: while ANALYZE/DISK_STRUCTURE is running.

/OUTPUT

/OUTPUT — Specifies the output file to which the Analyze/Disk_Structure utility is to write the disk structure errors.

Syntax

/OUTPUT =filespec

/NOOUTPUT =filespec

Description

Specifies the output file for the disk structure errors. If you omit the /OUTPUT file specification, output is directed to SYS$OUTPUT. If /NOOUTPUT is specified, no disk structure errors are displayed. If the /CONFIRM qualifier is specified, output is forced to SYS$OUTPUT regardless of whether this qualifier is used.

/READ_CHECK

/READ_CHECK — Determines whether the Analyze/Disk_Structure utility performs a read check of all allocated blocks on the specified disk. When the Analyze/Disk_Structure utility performs a read check, it reads the disk twice; this ensures that it reads the disk correctly. The default is /NOREAD_CHECK.

Syntax

/READ_CHECK

/NOREAD_CHECK

Example

$ ANALYZE/DISK_STRUCTURE DMA1:/READ_CHECK

The command in this example directs ANALYZE/DISK_STRUCTURE to perform a read check on all allocated blocks on the device DMA1.

/RECORD_ATTRIBUTES

/RECORD_ATTRIBUTES — Determines whether the Analyze/Disk_Structure utility repairs files containing erroneous settings in the record attributes section of their associated file attribute block (FAT).

Syntax

/RECORD_ATTRIBUTES

Description

You can use the /RECORD_ATTRIBUTES qualifier with the /REPAIR qualifier. If attribute repair is enabled during the repair phase, erroneous bits are cleared from a file's record attributes. This action might not correctly set a file's record attributes as it is beyond the scope of this utility to determine their correct values.

VSI recommends that system managers not perform an attribute repair; instead, they should notify the owners of the files about the inconsistencies and have the owners reset the files' attributes using the SET FILE/RECORD_ATTRIBUTES=({record-attributes}) command.

Example

$ ANALYZE/DISK_SYS$SYSDEVICE:
%ANALDISK-I-BAD_RECATTR, file (2930,1,1) [USER]ATTRIBUTES.DAT;13 
file record format: Variable 
inconsistent file attributes: Bit 5
%ANALDISK-I-BAD_RECATTR, file (2931,1,1) [USER]ATTRIBUTES.DAT;14
file record format: Variable 
inconsistent file attributes: FORTRAN carriage control, Bit 5
%ANALDISK-I-BAD_RECATTR, file (2932,1,1) [USER]ATTRIBUTES.DAT;15
file record format: Variable 
inconsistent file attributes: Implied carriage control, Bit 5
%ANALDISK-I-BAD_RECATTR, file (2933,1,1) [USER]ATTRIBUTES.DAT;16
file record format: Variable 
inconsistent file attributes: Non-spanned, Bit 5
%ANALDISK-I-BAD_RECATTR, file (2934,1,1) [USER]ATTRIBUTES.DAT;17
file record format: Variable 
inconsistent file attributes: FORTRAN carriage control,
Non-spanned, Bit 5

/REPAIR

/REPAIR — Determines whether the Analyze/Disk_Structure utility repairs errors that are detected in the file structure of the specified device.

Syntax

/REPAIR

/NOREPAIR

Description

The Analyze/Disk_Structure utility does not perform any repair operation unless you specify the /REPAIR qualifier. The default is /NOREPAIR.

If you specify /REPAIR, the utility uses the ACP control lock volume function to prevent creation, deletion, extension, and truncation activity while the volume is being rebuilt. In this way, the volume is prevented from being modified while the operation is in progress.

To effectively scan a disk (/NOREPAIR), you must have read access to all files on the disk. You must also have write access to INDEXF.SYS to force the flushing of the caches for this file. You must also have write access to BITMAP.SYS for the same reason: to force the flushing of the caches for this file. (You need write access to QUOTA.SYS only if the volume is running disk quotas.)

Example

$ ANALYZE/DISK_STRUCTURE DBA1:/REPAIR

The command in this example causes ANALYZE/DISK_STRUCTURE to perform a repair on all errors found in the file structure of device DBA1.

/SHADOW

/SHADOW — Examines the entire contents of a shadow set or a specified range of blocks in a shadow set for discrepancies.

Syntax

/SHADOW

Parameters

None.

Qualifiers

/BLOCKS={(START: n, COUNT: x, END: y,) FILE_SYSTEM, ALL}
Directs the system to compare only the range specified. The options are the following:

START: n

Number of the first block to be analyzed. The default is the first block.

COUNT: x

Number of blocks to be analyzed. You can use this option in combination with or instead of the END option.

END: y

Number of the last block to be analyzed. The default is the last block of the volume.

FILE_SYSTEM

Blocks currently in use by valid files on the disk. This is the default.

ALL

All blocks on the disk.

You can specify START, END, COUNT and either ALL or FILE_SYSTEM. For example, if you specify /BLOCKS=(START,END,COUNT:100,ALL), the software checks the first 100 blocks on the disk, whether or not the file system is using them.

If you specify /BLOCKS=(START,END,COUNT:100,FILE_SYSTEM), the software checks only those blocks that valid files on the disk are using.

/BRIEF

Displays only the logical block number (LBN) if the data in a block is found to be different. Without this qualifier, if differences exist for an LBN, the hexadecimal data of that block will be displayed for each member.

/IGNORE, [NO]IGNORE

Ignore special files that are likely to have some blocks with different data. These differences, however, are not unusual and can, therefore, be ignored.

Other special files are the following:
  • SWAPFILE*.*
  • PAGEFILE*.*
  • SYSDUMP.DMP
  • SYS$ERRLOG.DMP

IGNORE is the default.

/OUTPUT=filename

Output the information to the specified file.

/STATISTICS

Display only the file header and footer. The best use of this qualifier is with the /OUTPUT qualifier.

Description

When you enter the ANALYZE/DISK_STRUCTURE/SHADOW command, the system checks for shadow set discrepancies on the entire contents of a shadow set or a specified range of blocks in a shadow set. If a discrepancy is found, a cluster wide WRITE lock is taken on the shadow set, and the questionable blocks are reread. Then one of the following actions occurs:
  • If a member of the shadow set experiences connectivity problems for any reason, the ANALYZE/DISK_STRUCTURE command displays the error that it received and then returns the user to the DCL prompt.

    To correct the connectivity problem and run the utility again on the same shadow set, you might need to create a temporary file on the virtual unit before reissuing the ANALYZE/DISK/SHADOW command.

  • If a discrepancy is still present on the second read, the system displays the file name on the screen. The system also dumps the data block containing the discrepancy to the screen or to a file if you specify the /OUTPUT qualifier.

  • If no discrepancy is found on the second read, the system considers the error to be a transient one (for example, a WRITE to that disk block was in progress).

See Section 3.1.2 for more details.

Example

$ ANALYZE/DISK_STRUCTURE/SHADOW/BRIEF/BLOCKS=COUNT:1000 dsa716:
Starting to check _DSA716: at 14-MAY-2002 13:42:52.43
Members of shadow set _DSA716: are _$252$MDA0: _$252$DUA716:
and the number of blocks to be compared is 1000.
Checking LBN #0 (approx 0%)
Checking LBN #127 (approx 12%)
Checking LBN #254 (approx 25 %)
Checking LBN #381 (approx 38%)
Checking LBN #508 (approx 50%)
Checking LBN #635 (approx 63%)
Checking LBN #762 (approx 76%)
Checking LBN #889 (approx 88%)
 
Run statistics for _DSA716: are as follows:
         Finish Time = 14-MAY-2002 13:42:52.73
         ELAPSED TIME =    0 00:00:00.29 
         CPU TIME = 0:00:00.02 
         BUFFERED I/O COUNT = 10 
         DIRECT I/O COUNT = 16 
         Failed LBNs = 0 
         Transient LBN compare errors = 0
$

The command in this example causes ANALYZE/DISK_STRUCTURE/SHADOW to examine the first 1000 blocks of the DSA716: virtual unit to ensure that the device $252$MDAO: and $252$DUA716: have identical data in those blocks.

/STATISTICS

/STATISTICS — Produces statistical information about the volume under verification and creates a file, STATS.DAT, which contains per-volume statistics.

Syntax

/STATISTICS

Description

The following information is placed in the STATS.DAT file:
  • The number of ODS-2 and ODS-5 headers on the volume

  • The number of special headers on ODS-5 volumes

  • The distribution of file name lengths

  • The distribution of extension header chain lengths

  • The distribution of header identification area free space

  • The distribution of header map area and ACL area free space

  • The totals of header space that is in use and header space that is not in use

Example

$ ANALYZE/DISK_STRUCTURE MDA2000: /STATISTICS
The OpenVMS Alpha volume in this example, which is on device MDA2000:, has been converted from ODS-2 to ODS-5 using the SET VOLUME command. The STATS.DAT file created contains the following information:
********** Statistics for volume 001 of 001 **********
 
Volume is ODS level 5.
 
Volume has 00000004 ODS-2 primary headers.
Volume has 00000003 ODS-5 primary headers.
Volume has 00000000 ODS-5 -1 segnum headers.
 
00000001 filenames of length 009 bytes.
00000002 filenames of length 011 bytes.
00000001 filenames of length 013 bytes.
00000002 filenames of length 015 bytes.
00000001 filenames of length 073 bytes.

00000007 extension header chains of length 00000.
 
00000001 ODS-2 headers have  071 ident area free bytes.
00000001 ODS-2 headers have  073 ident area free bytes.
00000001 ODS-2 headers have  075 ident area free bytes.
00000001 ODS-2 headers have  077 ident area free bytes.
 
Total ODS-2 ident area free bytes is 00000296. 
 
00000001 ODS-5 headers have  001 ident area free bytes.
00000001 ODS-5 headers have  029 ident area free bytes.
00000001 ODS-5 headers have  033 ident area free bytes.
 
Total ODS-5 ident area free bytes is 00000063.

00000001 headers have 277 free bytes in total.
00000001 headers have 335 free bytes in total.
00000001 headers have 339 free bytes in total.
00000001 headers have 377 free bytes in total.
00000001 headers have 379 free bytes in total.
00000001 headers have 381 free bytes in total.
00000001 headers have 383 free bytes in total.

Total header area in bytes is   00003584.
Total header area free bytes is 00002791.
Total header area used bytes is 00000793.

/USAGE[=filespec]

/USAGE[=filespec] — Specifies that a disk usage accounting file should be produced, in addition to the other specified functions of the Analyze/Disk_Structure utility.

Syntax

/USAGE =filespec

Description

If all or part of the file specification is omitted, ANALYZE/DISK_STRUCTURE assumes a default file specification of USAGE.DAT. The file is placed in the current default directory.

Example

$ ANALYZE/DISK_STRUCTURE DBA1:/USAGE
$ DIRECTORY USAGE

Directory DISK$DEFAULT:[ACCOUNT]

USAGE.DAT;1

Total of 1 file.

The first command in this example causes ANALYZE/DISK_STRUCTURE to produce a disk usage accounting file. Because a file specification was not provided in the command line, ANALYZE/DISK_STRUCTURE uses both the default file name and directory [ACCOUNT]USAGE.DAT. The DIRECTORY command instructs the system to display all files with a file name of usage in the current directory. The OpenVMS Alpha device in this example, MDA2000:, has been converted from ODS-2 to ODS-5 using the SET VOLUME command.

Chapter 4. Audit Analysis Utility

4.1. ANALYZE/AUDIT Description

The Audit Analysis utility (ANALYZE/AUDIT) is a system management tool that enables system managers or site security administrators to produce reports from security audit log files.

The OpenVMS operating system automatically audits a limited number of events, such as changes to the authorization database and use of the SET AUDIT command. Depending on your site's requirements, you may want to enable other forms of reporting. However, collecting security audit messages is useful only if you develop and implement a procedure to periodically review the audit log file for suspicious activity. Use ANALYZE/AUDIT to examine the data in security audit log files or security archive files.

The ANALYZE/AUDIT command's different qualifiers allow you to specify the type of information the utility extracts from the security audit log file. The utility can produce an audit report in a variety of formats and direct a report to a file or a terminal.

A description of the format of the auditing messages written to the security auditing file appears in Appendix F.

In a mixed-version cluster, an audit log file contains entries from systems running different versions of the operating system. To analyze the log file, you must invoke the Audit Analysis utility (ANALYZE/AUDIT) from a node running Version 6.1 or later.

For information about how to generate audit messages records and how to use ANALYZE/AUDIT, see the VSI OpenVMS Guide to System Security.

4.2. ANALYZE/AUDIT Usage Summary

The Audit Analysis utility (ANALYZE/AUDIT) processes event messages in security audit log files to produce reports of security-related events on the system.

Syntax

ANALYZE/AUDIT file-spec[,...]

Parameter

file-spec[,...]

Specifies one or more security audit log files as input to ANALYZE/AUDIT. If you specify more than one file name, separate the names with commas.

If you omit the file-spec parameter, the utility searches for the default audit log file SECURITY.AUDIT$JOURNAL.

The default audit log file is created in the SYS$COMMON:[SYSMGR] directory. To use the file, specify SYS$MANAGER on the ANALYZE/AUDIT command line. If you do not specify a directory, the utility searches for the file in the current directory.

You can include wildcard characters, such as the asterisk (*) or percent sign (%), in the file specification.

The audit log file can be located in any directory. To display the current location, use the DCL command SHOW AUDIT/ALL.

Description

Use the DCL command ANALYZE/AUDIT to analyze security audit log files or security archive files. An ANALYZE/AUDIT command line can specify the name of one or more log files, as follows:
ANALYZE/AUDIT [file-spec,...]

You can also use the ANALYZE/AUDIT command to extract security event messages from security archive files or from binary files (created with previous ANALYZE/AUDIT commands).

Each ANALYZE/AUDIT request runs until the log file is completely processed. You can interrupt the processing to modify the display or to change position in the report if you activate command mode by pressing Ctrl/C. To terminate an ANALYZE/AUDIT request before completion, press Ctrl/Z.

You can direct ANALYZE/AUDIT output to any supported terminal device or to a disk or tape file by specifying the file specification as an argument to the/OUTPUT qualifier. By default, the output is directed to SYS$OUTPUT.

Use of ANALYZE/AUDIT requires no special privileges other than access to the files specified in the command line.

4.3. ANALYZE/AUDIT Qualifiers

This section describes ANALYZE/AUDIT and provides examples of each qualifier. The following table summarizes the ANALYZE/AUDIT qualifiers:

Qualifier

Description

/BEFORE

Controls whether records dated earlier than the specified time are selected

/BINARY

Controls whether output is a binary file

/BRIEF

Controls whether a brief, single-line record format is used in ASCII displays

/EVENT_TYPE

Selects the classes of events to be extracted from the security log file

/FULL

Controls whether a full format is used in ASCII displays

/IGNORE

Excludes records from the report that match the specified criteria

/INTERACTIVE

Controls whether interactive command mode is enabled when ANALYZE/AUDIT is invoked

/OUTPUT

Specifies where to direct output from ANALYZE/AUDIT

/PAUSE

Specifies the length of time each record is displayed in a full format display

/SELECT

Specifies the criteria for selecting records

/SINCE

Indicates that the utility must operate on records dated with the specified time or after the specified time

/SUMMARY

Specifies that a summary of the selected records be produced after all records are processed

/BEFORE

/BEFORE — Controls whether records dated earlier than the specified time are selected.

Syntax

/BEFORE =time

/NOBEFORE

Keyword

time

Specifies the time used to select records. Records dated earlier than the specified time are selected. You can specify an absolute time, delta time, or a combination of the two. Observe the syntax rules for date and time described in the VSI OpenVMS User's Manual.

Description

By default, all records in the security audit log file may be examined. You must specify /BEFORE to exclude records created after a specific point in time.

Examples

  1. $ ANALYZE/AUDIT /BEFORE=25-NOV-2005 -
    _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

    The command in this example selects all records dated earlier than November 25, 2005.

  2. $ ANALYZE/AUDIT /BEFORE=14:00/SINCE=12:00 -
    _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

    The command in this example selects all records generated between noon and 2 P.M. today.

/BINARY

/BINARY — Controls whether output is a binary file.

Syntax

/BINARY

/NOBINARY

Description

When you use /BINARY, the output file you specify with the /OUTPUT qualifier contains image copies of the selected input records. If you specify /NOBINARY or omit the qualifier, the output file contains ASCII records.

By default, if you specify /BINARY and do not include the /OUTPUT qualifier, an output file named AUDIT.AUDIT$JOURNAL is created.

The /BINARY, /BRIEF, and /FULL qualifiers cannot be used in combination.

Example

$ ANALYZE/AUDIT /BINARY/SINCE=TODAY/OUTPUT=25OCT05.AUDIT -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

The command in this example selects all audit records generated today and writes the records in binary format to 25OCT05.AUDIT.

/BRIEF

/BRIEF — Controls whether a brief, single-line record format is used in ASCII displays.

Syntax

/BRIEF (default)

Keywords

None.

Description

By default, records are displayed in the brief format. You must specify /FULL to have the full contents of each selected audit event record displayed.

The /BINARY, /BRIEF, and /FULL qualifiers cannot be used in combination.

Example

$ ANALYZE/AUDIT /OUTPUT=AUDIT.LIS -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

The command in this example produces an ASCII file in brief format by default. The report is written to the AUDIT.LIS file.

/EVENT_TYPE

/EVENT_TYPE — Selects the classes of events to be extracted from the security log file. If you omit the qualifier or specify the ALL keyword, the utility includes all enabled event classes in the report.

Syntax

/EVENT_TYPE =(event-type[,...])

Keyword

event type[,...]

Specifies the classes of events used to select records. You can specify any of the following event types:

[NO]ACCESS

Access to an object, such as a file

[NO]ALL

All event types

[NO]AUDIT

Use of the SET AUDIT command

[NO]AUTHORIZATION

Change to the authorization database (SYSUAF.DAT, RIGHTSLIST.DAT, NETPROXY.DAT, or NET$PROXY.DAT)

[NO]BREAKIN

Break-in detection

[NO]CONNECTION

Establishment of a network connection through the System Management utility (SYSMAN), DECwindows, or interprocess communication (IPC) software

[NO]CREATE

Creation of an object

[NO]DEACCESS

Completion of access to an object

[NO]DELETE

Deletion of an object

[NO]INSTALL

Modification of the known file list with the Install utility (INSTALL)

[NO]LOGFAIL

Unsuccessful login attempt

[NO]LOGIN

Successful login

[NO]LOGOUT

Successful logout

[NO]MOUNT

Execution of DCL commands MOUNT or DISMOUNT

[NO]NCP

Modification of the DECnet network configuration databases

[NO]NETPROXY

Modification of the network proxy authorization file (NETPROXY.DAT or NET$PROXY.DAT)

[NO]PRIVILEGE

Privilege auditing

[NO]PROCESS

Use of one or more of the process control system services: $CREPRC, $DELPRC, $SCHDWK, $CANWAK, $WAKE, $SUSPND, $RESUME,$GRANTID, $REVOKID, $GETJPI, $FORCEX, $SETPRI

[NO]RIGHTSDB

Modification of the rights database (RIGHTSLIST.DAT)

[NO]SYSGEN

Modification of system parameters through the System Generation utility (SYSGEN) or AUTOGEN

[NO]SYSUAF

Modification of the system user authorization file (SYSUAF.DAT)

[NO]TIME

Change in system or cluster time

Specifying the negated form of an event class (for example, NOLOGFAIL) excludes the specified event class from the audit report.

Examples

  1. $ ANALYZE/AUDIT/EVENT_TYPE=LOGFAIL -
    _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

    The command in this example extracts all records of unsuccessful login attempts, which match the LOGFAIL class, and compiles a brief report.

  2. $ ANALYZE/AUDIT/EVENT_TYPE=(NOLOGIN,NOLOGOUT) -
    _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

    The command in this example builds a report in brief format of all audit records except those in the LOGIN and LOGOUT event classes.

/FULL

/FULL — Controls whether a full format is used in ASCII displays. If you specify /NOFULL or omit the qualifier, records are displayed in the brief format.

Syntax

/FULL

/NOFULL (default)

Keywords

None.

Description

By default, records are displayed in the brief format. You must specify /FULL (or enter command mode by pressing Ctrl/C) to have the full contents of each selected record displayed.

The /BINARY, /BRIEF, and /FULL qualifiers cannot be used in combination.

Example

$ ANALYZE/AUDIT /FULL -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

The command in this example displays the full contents of each selected record.

/IGNORE

/IGNORE — Excludes records from the report that match the specified criteria.

Syntax

/IGNORE =criteria[,...]

Keyword

criteria[,...]

Specifies that all records are selected except those matching any of the specified exclusion criteria. See the /SELECT qualifier description for a list of the possible criteria to use with the /IGNORE qualifier.

Description

Use the /IGNORE qualifier to exclude specific groups of audit records from the audit report. When more than one keyword from the list of possible exclusion criteria are specified, records that meet any of these criteria are excluded by default.

Examples

  1. $ ANALYZE/AUDIT/IGNORE=(SYSTEM=NAME=WIPER,USERNAME=MILANT) -
    _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

    The command in this example excludes from the audit analysis report all records in the audit log file generated from node WIPER or from user MILANT (on any node).

  2. $ ANALYZE/AUDIT/IGNORE=SUBTYPE=(DIALUP,REMOTE)

    The command in this example excludes dialup and remote processes.

/INTERACTIVE

/INTERACTIVE — Controls whether interactive command mode is enabled when ANALYZE/AUDIT is invoked.

Syntax

/INTERACTIVE (default)

/NOINTERACTIVE

Keywords

None.

Description

Interactive command mode, which is enabled by default, allows you to interrupt the audit report being displayed on the terminal and to enter commands either to modify the criteria used to select records for the report or to reposition the display.

To interrupt a full or brief audit report, press Ctrl/C and enter commands at the COMMAND> prompt. Once in command mode, the utility displays the current record in full format. Note that the record might not match the selection or exclusion criteria specified in the previous ANALYZE/AUDIT command.

The NEXT RECORD command is the default when you enter command mode. When ANALYZE/AUDIT reaches the end of the log file, it prompts for the next command. To verify the current log file name and your position within the file, press Ctrl/T.

Enter the CONTINUE command to leave interactive command mode and to resume display of the audit report. Enter the EXIT command to terminate the session. See the ANALYZE/AUDIT Commands section for a description of each interactive command.

To disable interactive mode, specify /NOINTERACTIVE. In this mode, the utility displays audit records one at a time and prompts you to advance the display by pressing the Return key.

Examples

  1. $ ANALYZE/AUDIT/FULL -
    _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

    The command in this example produces a full format display of the selected records. New records are displayed every 3 seconds. (See the /PAUSE qualifier description to find how to modify the duration of each record display.) Press Ctrl/C to interrupt the display and to enter interactive commands.

  2. $ ANALYZE/AUDIT/FULL/NOINTERACTIVE -
    _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

    The command in this example invokes the utility in non interactive mode. It displays the first record selected and prompts you to press the Return key to display each additional selected record. Control returns to the DCL command level when all selected records have been displayed.

/OUTPUT

/OUTPUT — Specifies where to direct output from ANALYZE/AUDIT. If you omit the qualifier, the report is sent to SYS$OUTPUT.

Syntax

/OUTPUT =file-spec

/NOOUTPUT

Keyword

file-spec[,...]

Specifies the name of the file that is to contain the selected records. If you omit the device and directory specification, the utility uses the current device and directory specification. If you omit the file name and type, the default file name AUDIT.LIS is used. If the output is binary (/BINARY) and you omit the /OUTPUT qualifier, the binary information is written to the file AUDIT.AUDIT$JOURNAL.

Example

$ ANALYZE/AUDIT /BINARY/OUTPUT=BIN122588.DAT -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

The command in this example selects audit records from the system audit log file and writes them to the binary file BIN122588.DAT.

/PAUSE

/PAUSE — Specifies the length of time each record is displayed in a full-format display.

Syntax

/PAUSE =seconds

Keyword

=seconds

Specifies the duration (in seconds) of the full-screen display. A value of 0 specifies that the system should not pause before displaying the next record. By default, the utility displays a record for 3 seconds.

Description

The /PAUSE qualifier can be used only with full-format (/FULL) displays to specify the length of time each record is displayed. By default, each record is displayed for a period of 3 seconds. A value of 0 results in a continuous display of audit records.

Example

$ ANALYZE/AUDIT /FULL/PAUSE=1 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

The command in this example displays a selected record in full format every second. You can interrupt the display and enter interactive commands at any time by pressing Ctrl/C. (See the ANALYZE/AUDIT Commands section for more information.)

/SELECT

/SELECT — Specifies the criteria for selecting records from the audit log file. For a description of how to generate audit records, see the VSI OpenVMS Guide to System Security.

Syntax

/SELECT =criteria[,...]

/NOSELECT

Keyword

=criteria[,...]

Specifies the criteria for selecting records. For each specified criterion, ANALYZE/AUDIT has two selection requirements:
  • The packet corresponding to the criterion must be present in the record.

  • One of the specified values must match the value in that packet.

For example, if you specify (USER=(PUTNAM,WU),SYSTEM=DBASE) as the criteria, ANALYZE/AUDIT selects an event record containing the SYSTEM=DBASE packet and a USER packet with either the PUTNAM value or the WU value.

If you omit the /SELECT qualifier, all event records selected through the /EVENT_TYPE qualifier are extracted from the audit log file and included in the report.

You can specify any of the following criteria:

ACCESS=(type,...)

Specifies the type of object access upon which the selection is based. Access is object-specific and includes the following types:

Associate

Execute

Read

Control

Lock

Submit

Create

Logical

Use

Delete

Manage

Write

Physical

The VSI OpenVMS Guide to System Security describes each of these types.

ACCOUNT=(name,...)

Specifies the account name upon which selection is based. You can use wild cards, such as an asterisk (*) or percent sign (%), to represent all or part of the name.

ALARM_NAME=(alarm-name,...)

Specifies the alarm journal name on which selection is based. You can use wild cards to represent all or part of the alarm name.

ASSOCIATION_NAME=(IPC-name,...)

Specifies the name of the interprocess communication (IPC) association.

AUDIT_NAME=(journal-name,...)

Specifies the audit journal name on which selection is based. You can use wild cards to represent all or part of the audit journal name.

COMMAND_LINE=(command,...)

Specifies the command line that the user entered.

CONNECTION_IDENTIFICATION=(IPC-name,...)

Specifies the name for the interprocess communication (IPC) connection.

DECNET_LINK_IDENTIFICATION=(value,...)

Specifies the number of the DECnet logical link.

DECNET_OBJECT_NAME=(object-name,...)

Specifies the name of the DECnet object.

DECNET_OBJECT_NUMBER=(value,...)

Specifies the number of the DECnet object.

DEFAULT_USERNAME=(username,...)

Specifies the default local user name for incoming network proxy requests.

DEVICE_NAME=(device-name,...)

Specifies the name of a device in audit records that have a DEVICE_NAME packet. Note that this does not select the device name when it occurs in other packet types, such as in a file name or in the TARGET_DEVICE_NAME packet.

DIRECTORY_ENTRY=(directory,...)

Specifies the directory entry associated with file system operation.

DIRECTORY_NAME=(directory,...)

Specifies the name of the directory file.

DISMOUNT_FLAGS=(flag-name,...)

Identifies the names of the volume dismounting flags to be used in selecting records. Specify one or more of the following flag names: Abort, Cluster, Nounload, and Unit.

EVENT_CLUSTER_NAME=(event-flag-cluster-name,...)

Specifies the name of the event flag cluster.

FACILITY=(facility-name,...)

Specifies that only events audited by the named facility be selected. Provide a name or a number but, in either case, the facility has to be defined through the logical AUDSERV$FACILITY_NAME as a decimal number; the system uses the number 0.

FIELD_NAME=(field-name,...)

Specifies the name of the field that was modified. ANALYZE/AUDIT uses the FIELD_NAME criterion with packets containing the original data and the new data (specified by the NEW_DATA criterion).

A FIELD_NAME is a character string that describes the content of the field. A search for NEW: in a full audit report will display records that contain the FIELD_NAME values that can be specified for this option. Examples of FIELD_NAME values are Account, Default Directory, Flags, and Password Date.

For sensitive information, see SENSITIVE_FIELD_NAME.

FILE_NAME=(file-name)

Specifies the name of the file that caused the audit. Describes audit records for the specified file by using a slightly different display format than is provided by the /OBJECT=NAME=object-name keyword.

FILE_IDENTIFICATION=(identification-value)

Specifies the value of the file's identification. To calculate the value, start with the value listed for File ID when you use the FILE_NAME keyword. For example, the display lists the File ID as:

File ID:   (3024,5,0)

Use the following formula to calculate the value:

((0 * 65536) + 5)* 65536 + 3024 = 330704

FLAGS=(flag-name,...)

Identifies the names of the audit event flags associated with the audited event. These names should be used in selecting records. Specify one or more of the following flags: ACL, Alarm, Audit, Flush, Foreign, Internal, and Mandatory. (For a description of these flags, see Table F.3.)

HOLDER=keyword(,...)

Specifies the characteristics of the identifier holder to be used when selecting event records. Choose from the following keywords:
NAME=usernameSpecifies the name of the holder. You can represent all or part of the name with a wildcard.
OWNER=uicSpecifies the user identification code (UIC) of the holder.

IDENTIFIER=keyword(,...)

Identifies which attributes of an identifier should be used when selecting event records. Choose from the following keywords:

ATTRIBUTES=nameSpecifies the name of the particular attribute. Valid attribute names are as follows: Dynamic, Holder_Hidden, Name_Hidden, NoAccess, Resource, and Subsystem.
NAME=identifierSpecifies the original name of the identifier. You can represent all or part of the name with a wildcard.
NEW_NAME=identifierSpecifies the new name of the identifier. You can represent all or part of the name with a wildcard.
NEW_ATTRIBUTES=nameSpecifies the name of the new attribute. Valid attribute names are Dynamic, Holder_Hidden, Name_Hidden, NoAccess, Resource, and Subsystem.
VALUE=valueSpecifies the original value of the identifier.
NEW_VALUE=valueSpecifies the new value of the identifier.

IDENTIFIERS_MISSING=(identifier,...)

Specifies the identifiers missing in a failure to access an object.

IDENTIFIERS_USED=(identifier,...)

Specifies the identifiers used to gain access to an object. An event record matches if the specified list is a subset of the identifiers recorded in the event record.

IMAGE_NAME=(image-name,...)

Identifies the name of the image to be used when selecting event records. You can represent all or part of the image name with a wildcard.

INSTALL=keyword(,...)

Specifies that installation event packets are to be considered when selecting event records. Choose from the following keywords:

FILE=filename

Specifies the name of the installed file. You can represent all or part of the name with a wildcard.

Note that on Alpha systems prior to Version 6.1 and on VAX systems prior to Version 6.0, audit log files record the installed file name within an object name packet. To select the installed file, you must use the expression OBJECT=(NAME=object-name) instead of FILE=filename.

FLAGS=flag-nameSpecifies the names of the flags, which correspond to qualifiers of the Install utility (INSTALL); for example, OPEN corresponds to /OPEN.
PRIVILEGES=privilege-nameSpecifies the names of the privileges with which the file was installed.

LNM_PARENT_NAME=(table-name,...)

Specifies the name of the parent logical name table.

LNM_TABLE_NAME=(table-name,...)

Specifies the name of the logical name table.

LOCAL=(characteristic,...)

Specifies the characteristics of the local (proxy) account to be used when selecting event records. The following characteristic is supported:

USERNAME=username

Specifies the name of the local account. You can represent all or part of the name with a wildcard.

LOGICAL_NAME=(logical-name,...)

Specifies the logical name of the mounted (or dismounted) volume upon which selection is based. You can represent all or part of the logical name with a wildcard.

MAILBOX_UNIT=(number,...)

Specifies the number of the mailbox unit.

MOUNT_FLAGS=(flag-name,...)

Specifies the names of the volume mounting flags upon which selection is based. Possible flag names include the following names:
  • CACHE=(NONE,WRITETHROUGH)

  • CDROM

  • CLUSTER

  • COMPACTION

  • DATACHECK=(READ,WRITE)

  • DSI

  • FOREIGN

  • GROUP

  • INCLUDE

  • INITIALIZATION=(ALLOCATE,CONTINUATION)

  • MESSAGE

  • NOASSIST

  • NOAUTOMATIC

  • NOCOMPACTION

  • NOCOPY

  • NOHDR3

  • NOJOURNAL

  • NOLABEL

  • NOMOUNT_VERIFICATION

  • NOQUOTA

  • NOREBUILD

  • NOUNLOAD

  • NOWRITE

  • OVERRIDE=(options[,...])

    • ACCESSIBILITY

    • EXPIRATION

    • IDENTIFICATION

    • LIMITED_SEARCH

    • LOCK

    • NO_FORCED_ERROR

    • OWNER_IDENTIFIER

    • SECURITY

    • SETID

  • POOL

  • QUOTA

  • SHARE

  • SUBSYSTEM

  • SYSTEM

  • TAPE_DATA_WRITE

  • XAR

The names NOLABEL and FOREIGN each point to the FOREIGN flag. The reason for this is that the MOUNT/NOLABEL and MOUNT/FOREIGN commands each set the FOREIGN flag. Therefore, if you used MOUNT/NOLABEL, and you use ANALYZE/AUDIT/SELECT/MOUNT_FLAGS=NOLABEL, the audit record will display the FOREIGN flag.

NEW_DATA=(value,...)

Specifies the value to use after the event occurs. Use this criterion with the FIELD_NAME criterion.

When you use the Authorize utility (AUTHORIZE) to copy a user name, NEW_DATA specifies the newly created user name.

For sensitive information, see SENSITIVE_NEW_DATA.

NEW_IMAGE_NAME=(image-name,...)

Specifies the name of the image to be activated in the newly created process, as supplied to the $CREPRC system service.

NEW_OWNER=(uic,...)

Specifies the user identification code (UIC) to be assigned to the created process, as supplied to the $CREPRC system service.

OBJECT=keyword(,...)

Specifies which characteristics of an object should be used when selecting event records. Choose any of the following keywords:

CLASS=class-nameSpecifies the general object class as one of the following classes:
Capability Device Event_cluster File Group_global_section Logical_name_table Queue Resource_domain Security_class System_global_section Volume
You must enter the full class name (for example, CLASS=logical_name_table) or use wildcard characters to supply a portion of the class name (for example, CLASS=log*).
NAME=object-nameSpecifies the name of the object. You can represent all or part of the name with a wildcard. If you do not use a wildcard, specify the full object name (for example, BOSTON$DUA0:[RWOODS]MEMO.MEM;1).
OWNER=valueSpecifies the UIC or general identifier of the object.
TYPE=typeSpecifies the general object class (type of object). The available classes are as follows:
Capability Device File Group_global_section Logical_name_table Queue System_global_section
The CLASS keyword supersedes the TYPE keyword. However, TYPE is required to select audit records in files created prior to OpenVMS Alpha Version 6.1 and OpenVMS VAX Version 6.0.

PARENT=keyword(,...)

Specifies which characteristics of the parent process are used when selecting event records generated by a subprocess. Choose from the following keywords:

IDENTIFICATION=valueSpecifies the process identifier (PID) of the parent process.
NAME=process-nameSpecifies the name of the parent process. You can represent all or part of the name with a wildcard.
OWNER=valueSpecifies the owner (identifier value) of the parent process.
USERNAME=usernameSpecifies the user name of the parent process. You can represent all or part of the name with a wildcard.

PASSWORD=(password,...)

Specifies the password used when the system detected a break-in attempt.

PRIVILEGES_MISSING=(privilege-name,...)

Specifies privileges the caller needed to perform the operation successfully. Specify any of the system privileges, as described in the VSI OpenVMS Guide to System Security.

PRIVILEGES_USED=(privilege-name,...)

Specifies the privileges of the process to be used when selecting event records. Specify any of the system privileges, as described in the VSI OpenVMS Guide to System Security. Also include the STATUS keyword in the selection criteria so the report can demonstrate whether the privilege was involved in a successful or an unsuccessful operation.

PROCESS=(characteristic,...)

Specifies the characteristics of the process to be used when selecting event records. Choose from the following characteristics:

IDENTIFICATION=value

Specifies the PID of the process.

NAME=process-name

Specifies the name of the process. You can represent all or part of the name with a wildcard.

REMOTE=keyword(,...)

Specifies that some characteristic of the network request is to be used when selecting event records. Choose from the following keywords:

ASSOCIATION_NAME=IPC-name

Specifies the interprocess communication (IPC) association name.

LINK_IDENTIFICATION=value

Specifies the number of the DECnet logical link.

IDENTIFICATION=value

Specifies the DECnet node address.

NODENAME=node-name

Specifies the DECnet node name. You can represent all or part of the name with a wildcard.

USERNAME=username

Specifies the remote user name. You can represent all or part of the remote user name with a wildcard.

REQUEST_NUMBER=(value,...)

Specifies the request number associated with the DCL command REQUEST/REPLY.

SECTION_NAME=(global-section-name,...)

Specifies the name of the global section.

SENSITIVE_FIELD_NAME=(field-name,...)

Specifies the name of the field that was modified. ANALYZE/AUDIT uses the SENSITIVE_FIELD_NAME criterion, such as PASSWORD, with packets containing the original data and the new data (specified by the SENSITIVE_NEW_DATA criterion).

SENSITIVE_NEW_DATA=(value,...)

Specifies the value to use after the event occurs. Use this criterion with the SENSITIVE_FIELD_NAME criterion.

SNAPSHOT_BOOTFILE=(filename,...)

Specifies the name of the file containing a snapshot of the system.

SNAPSHOT_SAVE_FILENAME=(filename,...)

Specifies the name of the system snapshot file for a save operation that is in progress.

STATUS=(type,...)

Specifies the type of success status to be used when selecting event records. Choose from the following status types:

SUCCESSFUL

Specifies any success status.

FAILURE

Specifies any failure status.

CODE=(value)

Specifies a specific completion status.

Note that if you specify CODE more than once, only the last value is matched.

SUBJECT_OWNER=(uic,...)

Specifies the owner (UIC) of the process causing the event.

SUBTYPE=(subtype,...)

Specifies that the criteria be limited to the value or values specified as a subtype.

For valid subtype values, see Table F.2.

SYSTEM=keyword(,...)

Specifies the characteristics of the system to be used when selecting event records. Choose from the following keywords:

IDENTIFICATION=value

Specifies the numeric identification of the system.

NAME=nodename

Specifies the node name of the system.

SYSTEM_SERVICE_NAME=(service-name,...)

Specifies the name of the system service associated with the event.

TARGET_DEVICE_NAME=(device-name,...)

Specifies the target device name used by a process control system service.

TARGET_PROCESS_IDENTIFICATION=(value,...)

Specifies the target process identifier (PID) used by a process control system service.

TARGET_PROCESS_NAME=(process-name,...)

Specifies the target process name used by a process control system service.

TARGET_PROCESS_OWNER=(uic,...)

Specifies the target process owner (UIC) used by a process control system service.

TARGET_USERNAME=(username,...)

Specifies the target user name used by a process control system service.

TERMINAL=(device-name,...)

Specifies the name of the terminal to be used when selecting event records. You can represent all or part of the terminal name with a wildcard.

TRANSPORT_NAME=(transport-name,...)

Specifies the name of the transport: interprocess communication (IPC) or System Management Integrator (SMI), which handles requests from the System Management utility.

On VAX systems, it also can specify the DECnet transport name (NSP).

UAF_SOURCE=(record-name,...)

Specifies the user name of the source record for an Authorize utility (AUTHORIZE) add, modify, or delete operation.

USERNAME=(username,...)

Specifies the user name to be used when selecting event records. You can represent all or part of the user name with a wildcard.

VOLUME_NAME=(volume-name,...)

Specifies the name of the mounted (or dismounted) volume to be used when selecting event records. You can represent all or part of the volume name with a wildcard.

VOLUME_SET_NAME=(volume-set-name,...)

Specifies the name of the mounted (or dismounted) volume set to be used when selecting event records. You can represent all or part of the volume set name with a wildcard.

Examples

  1. $ ANALYZE/AUDIT /FULL/SELECT=USERNAME=JOHNSON -
    _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

    The command in this example selects all records written to the security audit log file that were generated by user JOHNSON.

  2. $ ANALYZE/AUDIT/FULL/SELECT=PRIVILEGES_USED=(SYSPRV,-
    _$ BYPASS)  SYS$MANAGER:SECURITY.AUDIT$JOURNAL

    The command in this example selects all records written to the security audit log file that were generated by events through the use of either SYSPRV or BYPASS privilege.

  3. $ ANALYZE/AUDIT/FULL/EVENT=SYSUAF/SELECT= -
    _$ IMAGE=("*:[SYS*SYSEXE]SETP0.EXE","*:[SYS*SYSEXE]LOGINOUT.EXE") -
    _$ SYS$MANAGER:SECURITY

    The command in this example selects all records that involve password changes written to the security audit log file.

    The following example is a command procedure that you could run at midnight to select all SYSUAF, AUDIT, and BREAKIN events (excluding password changes) and mail the result to the system manager:
    $! DAILY_AUDIT.COM
    $
    $   mail_list = "SYSTEM"
    $   audsrv$_noselect = %X003080A0
    $   audit_events = "SYSUAF,BREAKIN,AUDIT"
    $
    $   analyze /audit /full -
     /event=('audit_events') -
     /output=audit.tmp -
     /ignore=image=("*:[SYS*SYSEXE]SETP0.EXE","*:[SYS*SYSEXE]LOGINOUT.EXE") -
     sys$manager:SECURITY.AUDIT$JOURNAL
    $
    $   status = $status
    $   if (status.and.%XFFFFFFF) .eq. audsrv$_noselect then goto no_records
    $   if .not. status then goto error_analyze
    $   if f$file("audit.tmp","eof") .eq. 0 then goto no_records
    $   mail /subject="''audit_events' listing from ''f$time()'" -
     audit.tmp 'mail_list'
    $   goto new_log
    $
    $ no_records:
    $   mail /subject="No interesting security events" nl: 'mail_list'
    $
    $ new_log:
    $   if f$search("audit.tmp") .nes. "" then delete audit.tmp;*
    $   set audit /server=new_log
    $   rename sys$manager:SECURITY.AUDIT$JOURNAL;-1 -
     sys$common:[sysmgr]'f$element(0," ",f$edit(f$time(),"TRIM"))'
    $   exit
    $
    $ error_analyze:
    $   mail/subj="Error analyzing auditing information" nl: 'mail_list'
    $   exit 

/SINCE

/SINCE — Indicates the utility must operate on records dated with the specified time or after the specified time.

Syntax

/SINCE =time

/NOSINCE

Keyword

time

Specifies the time used to select records. Records dated the same or later than the specified time are selected. You can specify an absolute time, a delta time, or a combination of the two. Observe the syntax rules for date and time described in the VSI OpenVMS User's Manual.

If you specify /SINCE without the time, the utility uses the beginning of the current day.

Examples

  1. $ ANALYZE/AUDIT /SINCE=25-NOV-2005 -
    _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

    The command in this example selects records dated later than November 25, 2005.

  2. $ ANALYZE/AUDIT /SINCE=25-NOV-2005:15:00 -
    _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

    The command in this example selects records written after 3 P.M. on November 25, 2005.

/SUMMARY

/SUMMARY — Specifies that a summary of the selected records be produced after all records are processed. Note that the /SUMMARY qualifier code is executed after the Audit Analyzer is finished, that is, after all the records to be analyzed have been collected and processed. When you specify the /INTERACTIVE qualifier (which is the default), the Audit Analyzer never reaches the finished state because /INTERACTIVE prompts you repeatedly to enter another command (which might result in a new set of records to be analyzed). To use the /SUMMARY qualifier, you must also specify /NOINTERACTIVE, which ensures that the Audit Analyzer reaches the finished state that allows the SUMMARY code to be executed and to display the proper information. In a future version of OpenVMS, the Audit Analyzer will return an error when /SUMMARY and /INTERACTIVE are specified together. You can use the /SUMMARY qualifier alone or in combination with the /BRIEF, the /BINARY, or the /FULL qualifier.

Syntax

/SUMMARY =presentation

/NOSUMMARY

Keyword

presentation

Specifies the presentation of the summary. If you do not specify a presentation criterion, ANALYZE/AUDIT summarizes the number of audits.

You can specify either of the following presentations:

COUNT

Lists the total number of audit messages for each class of security event that have been extracted from the security audit log file. This is the default.

PLOT

Displays a plot showing the class of the audit event, the time of day when the audit was generated, and the name of the system where the audit was generated.

Examples

  1. $ ANALYZE/AUDIT/SUMMARY SYS$MANAGER:SECURITY.AUDIT$JOURNAL
    The command in this example generates a summary report of all records processed.
    Total records read:        9701          Records selected:          9701
    Record buffer size:        1031
    Successful logins:          542          Object creates:            1278
    Successful logouts:         531          Object accesses:           3761
    Login failures:              35          Object deaccesses:         2901
    Breakin attempts:             2          Object deletes:             301
    System UAF changes:          10          Volume (dis)mounts:          50
    Rights db changes:            8          System time changes:          0
    Netproxy changes:             5          Server messages:              0
    Audit changes:                7          Connections:                  0
    Installed db changes:        50          Process control audits:       0
    Sysgen changes:               9          Privilege audits:            91
    NCP command lines:          120
  2. $ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY -
    _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

    The command in this example generates a full format listing of all logged audit messages that match the break-in or log failure event classes. A summary report is included at the end of the listing.

  3. $ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY=PLOT -
    _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

    This command generates a histogram that you can display on a character-cell terminal.

4.4. ANALYZE/AUDIT Commands

This section describes the interactive commands available with the Audit Analysis utility (ANALYZE/AUDIT). The qualifiers for this section follow the standard rules of DCL grammar.

The utility runs interactively by default; you disable the feature with the /NOINTERACTIVE qualifier to the ANALYZE/AUDIT command. To enter interactive commands, press Ctrl/C at any time during the processing of a full or brief interactive display. At the COMMAND> prompt, you can enter any command listed in this section. Use the CONTINUE command to resume processing of the event records, or use the EXIT command to terminate the session.

CONTINUE

CONTINUE — Resumes processing of event records.

Syntax

CONTINUE

Parameters

None.

Qualifiers

None.

Example

COMMAND> DISPLAY/SINCE=25-JAN-2005/SELECT=USERNAME=JOHNSON
COMMAND> CONTINUE

The first command in this example selects only event records generated by user JOHNSON after January 25, 2005. The second command in the example displays a report based on the new selection criteria.

DISPLAY

DISPLAY — Changes the criteria used to select event records.

Syntax

DISPLAY

Parameters

None.

For a more complete description of any one of the following qualifiers, refer to the description of the qualifier in the preceding ANALYZE/AUDIT Qualifiers section.

Qualifiers

/BEFORE=time

Controls whether only those records dated earlier than the specified time are selected.

/BRIEF

Controls whether a brief (one-line-per-record) format is used in ASCII displays.

/EVENT_TYPE=event-type[,...]

Controls whether only those records matching the specified event type are selected.

/FULL

Controls whether a full format for each record is used in ASCII displays.

/IGNORE=criteria[,...]

Controls whether records matching the specified criteria are excluded. If you specify /IGNORE two or more times, the criteria are combined. To specify a new set of exclusion criteria, include the /REMOVE qualifier with the /IGNORE qualifier.

/PAUSE=seconds

For full-format displays (/FULL), specifies the length of time each record is displayed.

/REMOVE

Controls whether the criteria specified by the /IGNORE and the /SELECT qualifiers are no longer to be used to select event records to be displayed.

/SELECT=criteria[,...]

Controls whether only those records matching the specified criteria are selected. If you specify /SELECT two or more times, the criteria are combined. To specify a new set of selection criteria, include the /REMOVE qualifier with the /SELECT qualifier.

/SINCE[=time]

Controls whether only those records dated the same or later than the specified time are selected.

Examples

  1. COMMAND> DISPLAY/EVENT_TYPE=SYSUAF
    COMMAND> CONTINUE

    The first command in this example selects records that were generated as a result of a modification to the system user authorization file (SYSUAF). The second command displays the selected records.

  2. COMMAND> DISPLAY/SELECT=USERNAME=CRICK
    COMMAND> CONTINUE
    .
    .
    .
    Ctrl/C
    COMMAND> DISPLAY/SELECT=USERNAME=WATSON
    COMMAND> CONTINUE

    The first DISPLAY command in this example selects records that were generated by user CRICK. The second command displays the selected records. The next DISPLAY command selects records that were generated by user WATSON. The last command in the example displays all records generated by users CRICK and WATSON.

EXIT

EXIT — Terminates the session.

Syntax

EXIT

Parameters

None.

Qualifiers

None.

HELP

HELP — Provides online help information for using ANALYZE/AUDIT commands.

Syntax

HELP topic

Parameter

topic

Specifies the command for which help information is to be displayed. If you omit the keyword, HELP displays a list of available help topics and prompts you for a particular keyword.

Qualifiers

None.

Example

COMMAND> HELP DISPLAY

The command in this example displays help information about the DISPLAY command.

LIST

LIST — Changes the criteria used to select event records. The LIST command is synonymous with the DISPLAY command.

Syntax

LIST

Parameters

None.

Qualifiers

See the description of the DISPLAY command.

Example

COMMAND> LIST/EVENT_TYPE=SYSUAF
COMMAND> CONTINUE

The first command in this example selects records that were generated as a result of a modification to the system user authorization file (SYSUAF). The second command displays the selected records.

NEXT FILE

NEXT FILE — Controls whether the current security audit log file is closed and the next log file opened. The command is useful when you supply a wildcard file specification to the ANALYZE/AUDIT command; for example *.AUDIT$JOURNAL. If there are no other audit log files to open, the audit analysis session terminates and control returns to DCL.

Syntax

NEXT FILE

Parameters

None.

Qualifiers

None.

NEXT RECORD

NEXT RECORD — Controls whether the next audit record is displayed. The NEXT RECORD command is the default for interactive mode. This command is synonymous with the POSITION command.

Syntax

NEXT RECORD

Parameters

None.

Qualifiers

None.

POSITION

POSITION — Moves the full-format display forward or backward the specified number of event records.

Syntax

POSITION number

Parameter

number

For positive numbers, displays the record that is the specified number of records after the current record. For negative numbers, displays the record that is the specified number of records before the current record.

Qualifiers

None.

Examples

  1. COMMAND> POSITION 100

    The command in this example moves the display forward 100 event records.

  2. COMMAND> POSITION -100

    The command in this example moves the display back 100 event records.

SHOW

SHOW — Displays information about the selection or exclusion criteria currently being used to select event records.

Syntax

SHOW option[,...]

Parameter

option[,...]

Displays information about selection or exclusion criteria currently being used to select records. Specify one or more of the following options:

ALL

Displays all criteria being used to select event records.

EXCLUSION_CRITERIA

Displays the criteria being used to exclude event records.

SELECTION_CRITERIA

Displays the criteria being used to select event records.

Qualifiers

None.

Example

COMMAND> SHOW SELECTION_CRITERIA

The command in this example displays the selection criteria currently in use to select records.

Chapter 5. Authorize Utility

5.1. AUTHORIZE Description

The Authorize utility (AUTHORIZE) is a system management tool used to control access to the system and to allocate resources to users.

AUTHORIZE creates new records or modifies existing records in the following files:
  • System user authorization file (SYSUAF.DAT)

    You can use AUTHORIZE to assign values to various fields within each SYSUAF record. The values you assign identify the user and the user's work environment, and control use of system resources.

    You can redirect SYSUAF logical access by defining a logical in your local process logical table; for example:

    $ DEFINE/PROCESS/EXEC SYSUAF DISK$USER:[MYPROCESSTABLE]SYSUAF.DAT

    You can, if you like, define the SYSUAF logical in user mode.

    If you move the SYSUAF.DAT file, be sure the logical name SYSUAF is defined and points to an existing file. If AUTHORIZE is unable to locate the SYSUAF.DAT file, it displays the following error message:
    %UAF-E-NAOFIL, unable to open SYSUAF.DAT
    -RMS-E-FNF, file not found
    Do you want to create a new file?

    A response of YES results in creation of a new SYSUAF file containing a SYSTEM record and a DEFAULT record. These records are initialized with the same values set when the system was installed.

  • Network proxy authorization file

    The default network proxy authorization file is NET$PROXY.DAT. However, AUTHORIZE maintains the file NETPROXY.DAT for compatibility. In a mixed-version cluster where systems are running OpenVMS Alpha or a version of OpenVMS VAX earlier than Version 6.1, you must make all proxy modifications on an OpenVMS VAX Version 6.1 or later system.

    You can redirect NETPROXY logical access by defining a logical in your local process logical table; for example:
    $ DEFINE/PROCESS/EXEC NETPROXY DISK$USER:[MYPROCESSTABLE]NETPROXY.DAT
  • Rights database file (RIGHTSLIST.DAT)

    You can redirect RIGHTSLIST logical access by defining a logical in your local process logical table; for example:
    $ DEFINE/PROCESS/EXEC RIGHTSLIST DISK$USER:[MYPROCESSTABLE]RIGHTSLIST.DAT
These files store system authorization information. By default, they are owned by the system (UIC of [SYSTEM]) and are created with the following protection:
SYSUAF.DAT      S:RWED, O:RWED, G, W
NETPROXY.DAT    S:RWED, O:RWED, G, W
NET$PROXY.DAT   S, O, G, W
RIGHTSLIST.DAT  S:RWED, O:RWED, G, W: 

To use AUTHORIZE, you must have write access to all three of these files (you must have an account with the user identification code (UIC) of [SYSTEM] or the SYSPRV privilege).

Note that you must have read access to the RIGHTSLIST.DAT file (or sufficient privileges) to display the rights identifiers held by other users.

Because certain images (such as MAIL and SET) require access to the system user authorization file (UAF) and are normally installed with the SYSPRV privilege, ensure that you always grant system access to SYSUAF.DAT.

When you install a new system, the software distribution kit provides the following records in the system user authorization file in SYS$SYSTEM:

On Alpha and Integrity server systems:
  • DEFAULT
  • SYSTEM
If the SYSUAF.DAT becomes corrupted or is accidentally deleted, you can use the template file SYSUAF.TEMPLATE in the SYS$SYSTEM directory to recreate the file, as follows:
$ SET DEFAULT SYS$SYSTEM
$ COPY SYSUAF.TEMPLATE SYSUAF.DAT

The file SYSUAF.TEMPLATE contains records that are identical to those defined when the system was installed.

To make an emergency backup for the system SYSUAF file, you can create a private copy of SYSUAF.DAT. To affect future logins, copy a private version of SYSUAF.DAT to the appropriate directory, as shown in the following example:
$ COPY MYSYSUAF.DAT SYS$COMMON:[SYSEXE]:SYSUAF.DAT-
_$ /PROTECTION=(S:RWED,O:RWED,G,W)

Updated Quotas for the DEFAULT and SYSTEM Accounts

In OpenVMS Version 8.2 the quotas associated with the DEFAULT and SYSTEM accounts were updated. These updated quotas are seen only on fresh installations of OpenVMS or on the creation of a new SYSUAF data file. Existing SYSUAF data files are not updated.

The updates to the DEFAULT account are as follows:

Quota

Old Value

New Value

ASTLM

250

300

BYTLM

64,000

128,000

ENQLM

2,000

4,000

FILLM

100

128

PGFLQUOTA

50,000

256,000

TQELM

10

100

WSDEFAULT

2000

4,096

WSQUOTA

4000

8,192

The updates to the SYSTEM account are the same as the DEFAULT account with the exception of the following two quotas:

Quota

Old Value

New Value

BYTLM

64,000

256,000

PGFLQUOTA

50,000

700,000

For upgraded systems with existing SYSUAF files, you might want to update the DEFAULT and SYSTEM account quotas to these new values.

5.1.1. AUTHORIZE Usage Summary

The Authorize utility (AUTHORIZE) is a system management tool that enables you to control access to the system and to allocate resources to users.

Syntax

RUN SYS$SYSTEM:AUTHORIZE

Parameters

None.

Description

To invoke AUTHORIZE, set your default device and directory to SYS$SYSTEM and enter RUN AUTHORIZE at the DCL command prompt.

At the UAF> prompt, you can enter any AUTHORIZE command described in the following section.

To exit from AUTHORIZE, enter the EXIT command at the UAF> prompt or press Ctrl/Z.

5.1.2. AUTHORIZE Commands

This section describes the AUTHORIZE commands and provides examples of their use. You can abbreviate any command, keyword, or qualifier as long as the abbreviation is not ambiguous. The asterisk (*) and the percent sign (%) can be used as wildcard characters to specify user names, node names, and UICs.

AUTHORIZE commands fall into the following four categories:
  • Commands that allow you to manage user authorization records. By specifying appropriate qualifiers, you can use these commands to act upon individual fields of SYSUAF records. You can identify the user and the user's work environment and control use of system resources.

  • Commands that build and maintain the network proxy authorization file (NETPROXY.DAT or NET$PROXY.DAT).

  • Commands that create and maintain the rights database (RIGHTSLIST.DAT).

  • Commands that perform general utility functions or modify the system password.

The following table summarizes the AUTHORIZE commands according to these categories:
CommandDescription
Managing System Resources and User Accounts with SYSUAF
ADDAdds a user record to the SYSUAF and corresponding identifiers to the rights database.
COPYCreates a new SYSUAF record that duplicates an existing record.
DEFAULTModifies the default SYSUAF record.
LISTWrites reports for selected UAF records to a listing file, SYSUAF.LIS.
MODIFYChanges values in a SYSUAF user record. Qualifiers not specified in the command remain unchanged.
REMOVEDeletes a SYSUAF user record and corresponding identifiers in the rights database. The DEFAULT and SYSTEM records cannot be deleted.
RENAMEChanges the user name of the SYSUAF record (and, if specified, the corresponding identifier) while retaining the characteristics of the old record.
SHOWDisplays reports for selected SYSUAF records.
Managing Network Proxies with NETPROXY.DAT or NET$PROXY.DAT
ADD/PROXYAdds proxy access for the specified user.
CREATE/PROXYCreates a network proxy authorization file.
LIST/PROXYCreates a listing file of all proxy accounts and all remote users with proxy access to the accounts.
MODIFY/PROXYModifies proxy access for the specified user.
REMOVE/PROXYDeletes proxy access for the specified user.
SHOW/PROXYDisplays proxy access allowed for the specified user.
Managing Identifiers with RIGHTSLIST.DAT
ADD/IDENTIFIERAdds an identifier name to the rights database.
CREATE/RIGHTSCreates a new rights database file.
GRANT/IDENTIFIERGrants an identifier name to a UIC identifier.
LIST/IDENTIFIERCreates a listing file of identifier names and values.
LIST/RIGHTSCreates a listing file of all identifiers held by the specified user.
MODIFY/IDENTIFIERModifies the named identifier in the rights database.
REMOVE/IDENTIFIERRemoves an identifier from the rights database.
RENAME/IDENTIFIERRenames an identifier in the rights database.
REVOKE/IDENTIFIERRevokes an identifier name from a UIC identifier.
SHOW/IDENTIFIERDisplays identifier names and values on the current output device.
SHOW/RIGHTSDisplays on the current output device the names of all identifiers held by the specified user.
General Commands
EXITReturns the user to DCL command level.
HELPDisplays HELP text for AUTHORIZE commands.
MODIFY/SYSTEM_PASSWORDSets the system password (equivalent to the DCL command SET PASSWORD/SYSTEM).

ADD

ADD — Adds a user record to the SYSUAF and corresponding identifiers to the rights database. ADD/IDENTIFIER and ADD/PROXY are documented as separate commands.

Syntax

ADD newusername

Parameter

newusername

Specifies the name of the user record to be included in the SYSUAF. The newusername parameter is a string of 1 to 12 alphanumeric characters and can contain underscores. Although dollar signs are permitted, they are usually reserved for system names.

Avoid using fully numeric user names (for example, 89560312). A fully numeric user name cannot receive a corresponding identifier because fully numeric identifiers are not permitted.

Qualifiers

/ACCESS[=(range[,...]), /NOACCESS[=(range[,...])]

Specifies hours of access for all modes of access. The syntax for specifying the range is:

/[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])

Specify hours as integers from 0 to 23, inclusive. You can specify single hours (n) or ranges of hours (n-m). If the ending hour of a range is earlier than the starting hour, the range extends from the starting hour through midnight to the ending hour. The first set of hours after the keyword PRIMARY specifies hours on primary days; the second set of hours after the keyword SECONDARY specifies hours on secondary days. Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour.

By default, a user has full access every day. See the DCL command SET DAY in the VSI OpenVMS DCL Dictionary for information about overriding the defaults for primary and secondary day types.

All the list elements are optional. Unless you specify hours for a day type, access is permitted for the entire day. By specifying an access time, you prevent access at all other times. Adding NO to the qualifier denies the user access to the system for the specified period of time. See the following examples.

/ACCESSAllows unrestricted access
/NOACCESS=SECONDARYAllows access on primary days only
/ACCESS=(9-17)Allows access from 9 A.M. to 5:59 P.M. on all days
/NOACCESS=(PRIMARY, 9-17, SECONDARY, 18-8)Disallows access between 9 A.M. to 5:59 P.M. on primary days but allows access during these hours on secondary days

To specify access hours for specific types of access, see the /BATCH, /DIALUP, /INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.

Refer to VSI OpenVMS Guide to System Security for information about the effects of login class restrictions.

/ACCOUNT=account-name

Specifies the default name for the account (for example, a billing name or number). The name can be a string of 1 to 8 alphanumeric characters. By default, AUTHORIZE does not assign an account name.

/ADD_IDENTIFIER (default), /NOADD_IDENTIFIER

Adds an identifier to the rights database file, RIGHTSLIST.DAT, and also adds a user to the user authorization file, SYSUAF. The /NOADD_IDENTIFIER qualifier does not add an identifier to the RIGHTSLIST.DAT file but does, however, add a user to the SYSUAF user record file. Note that the AUTHORIZE command ADD/IDENTIFIER is quite different: it only adds an entry to the rights database file, RIGHTSLIST.DAT.

/ALGORITHM=keyword=type [=value]

Sets the password encryption algorithm for a user. The keyword VMS refers to the algorithm used in the operating system version that is running on your system, whereas a customer algorithm is one that is added through the $HASH_PASSWORD system service by a customer site, by a layered product, or by a third party. The customer algorithm is identified in $HASH_PASSWORD by an integer in the range of 128 to 255. It must correspond with the number used in the AUTHORIZE command MODIFY/ALGORITHM. By default, passwords are encrypted with the VMS algorithm for the current version of the operating system.

KeywordFunction
BOTHSet the algorithm for primary and secondary passwords.
CURRENTSet the algorithm for the primary, secondary, both, or no passwords, depending on account status. CURRENT is the default value.
PRIMARYSet the algorithm for the primary password only.
SECONDARYSet the algorithm for the secondary password only.

The following table lists password encryption algorithms:

TypeDefinition
VMSThe algorithm used in the version of the operating system that is running on your system.
CUSTOMERA numeric value in the range of 128 to 255 that identifies a customer algorithm.

The following example selects the VMS algorithm for Sontag's primary password:

UAF>  MODIFY SONTAG/ALGORITHM=PRIMARY=VMS

If you select a site-specific algorithm, you must give a value to identify the algorithm, as follows:

UAF>  MODIFY SONTAG/ALGORITHM=CURRENT=CUSTOMER=128
/ASTLM=value

Specifies the AST queue limit, which is the total number of asynchronous system trap (AST) operations and scheduled wake-up requests that the user can have queued at one time. The default is 40 on VAX systems and 250 on Alpha systems.

/BATCH[=(range[,...])]

Specifies the hours of access permitted for batch jobs. For a description of the range specification, see the /ACCESS qualifier. By default, a user can submit batch jobs any time.

/BIOLM=value

Specifies a buffered I/O count limit for the BIOLM field of the UAF record. The buffered I/O count limit is the maximum number of buffered I/O operations, such as terminal I/O, that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems.

/BYTLM=value

Specifies the buffered I/O byte limit for the BYTLM field of the UAF record. The buffered I/O byte limit is the maximum number of bytes of nonpaged system dynamic memory that a user's job can consume at one time. Nonpaged dynamic memory is used for operations such as I/O buffering, mailboxes, and file-access windows. The default is 128,000 on Alpha and Integrity server systems.

/CLI=cli-name

Specifies the name of the default command language interpreter (CLI) for the CLI field of the UAF record. The cli-name is a string of 1 to 31 alphanumeric characters and should be DCL, which is the default. This setting is ignored for network jobs.

/CLITABLES=filespec

Specifies user-defined CLI tables for the account. The filespec can contain 1 to 31 characters. The default is SYS$LIBRARY:DCLTABLES. Note that this setting is ignored for network jobs to guarantee that the system-supplied command procedures used to implement network objects function properly.

/CPUTIME=time

Specifies the maximum process CPU time for the CPU field of the UAF record. The maximum process CPU time is the maximum amount of CPU time a user's process can take per session. You must specify a delta time value. For a discussion of delta time values, refer to the VSI OpenVMS User's Manual. The default is 0, which means an infinite amount of time.

/DEFPRIVILEGES, =([NO] privname[,...])

Specifies default privileges for the user; that is, those enabled at login time. A NO prefix removes a privilege from the user. By specifying the keyword [NO]ALL with the /DEFPRIVILEGES qualifier, you can disable or enable all user privileges. The default privileges are TMPMBX and NETMBX. Privname is the name of the privilege.

/DEVICE=device-name

Specifies the name of the user's default device at login. The device-name is a string of 1 to 31 alphanumeric characters. If you omit the colon from the device-name value, AUTHORIZE appends a colon. The default device is SYS$SYSDISK.

If you specify a logical name as the device-name (for example, DISK1: for DUA1:), you must make an entry for the logical name in the LNM$SYSTEM_TABLE in executive mode by using the DCL command DEFINE/SYSTEM/EXEC.

/DIALUP[=(range[,...])]

Specifies hours of access permitted for dialup logins. For a description of the range specification, see the /ACCESS qualifier. The default is full access.

/DIOLM=value

Specifies the direct I/O count limit for the DIOLM field of the UAF record. The direct I/O count limit is the maximum number of direct I/O operations (usually disk) that can be outstanding at one time. The default is 150 on Alpha and Integrity server systems.

/DIRECTORY=directory-name

Specifies the default directory name for the DIRECTORY field of the UAF record. The directory-name can be 1 to 39 alphanumeric characters. If you do not enclose the directory name in brackets, AUTHORIZE adds the brackets for you. The default directory name is [USER].

/ENQLM=value

Specifies the lock queue limit for the ENQLM field of the UAF record. The lock queue limit is the maximum number of locks that can be queued by the user at one time. The default is 4000 on Alpha and Integrity server systems.

/EXPIRATION=time , (default), /NOEXPIRATION

Specifies the expiration date and time of the account. The /NOEXPIRATION qualifier removes the expiration date on the account. If you do not specify an expiration time when you add a new account, AUTHORIZE copies the expiration time from the DEFAULT account. (The expiration time on the DEFAULT account is "none" by default.)

/FILLM=value

Specifies the open file limit for the FILLM field of the UAF record. The open file limit is the maximum number of files that can be open at one time, including active network logical links. The default is 128 on Alpha and Integrity server systems.

/FLAGS=([NO]option[,...])

Specifies login flags for the user. The prefix NO clears the flag. The options are as follows:

AUDITEnables or disables mandatory security auditing for a specific user. By default, the system does not audit the activities of specific users (NOAUDIT).
AUTOLOGINRestricts the user to the automatic login mechanism when logging in to an account. When set, the flag disables login by any terminal that requires entry of a user name and password. The default is to require a user name and password (NOAUTOLOGIN).
CAPTIVE

Prevents the user from changing any defaults at login, for example, /CLI or /LGICMD. It prevents the user from escaping the captive login command procedure specified by the /LGICMD qualifier and gaining access to the DCL command level. Refer to the VSI OpenVMS Guide to System Security.

The CAPTIVE flag also establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. By default, an account is not captive (NOCAPTIVE).

DEFCLIRestricts the user to the default command interpreter by prohibiting the use of the /CLI qualifier at login. By default, a user can choose a CLI (NODEFCLI).
DISCTLYEstablishes an environment where Ctrl/Y interrupts are initially turned off and are invalid until a SET CONTROL=Y is encountered. This could happen in SYLOGIN.COM or in a procedure called by SYLOGIN.COM. Once a SET CONTROL=Y is executed (which requires no privilege), a user can enter a Ctrl/Y and reach the DCL prompt ($). If the intent of DISCTLY is to force execution of the login command files, then SYLOGIN.COM should issue the DCL command SET CONTROL=Y to turn on Ctrl/Y interrupts before exiting. By default, Ctrl/Y is enabled (NODISCTLY).

DISFORCE_PW_CHANGE

Removes the requirement that a user must change an expired password at login. By default, a person can use an expired password only once (NODISFORCE_PWD_CHANGE) and then is forced to change the password after logging in. If the user does not select a new password, the user is locked out of the system. To use this feature, set a password expiration date with the /PWDLIFETIME qualifier.
DISIMAGEPrevents the user from executing RUN and foreign commands. By default, a user can execute RUN and foreign commands (NODISIMAGE).
DISMAILDisables mail delivery to the user. By default, mail delivery is enabled (NODISMAIL).
DISNEWMAILSuppresses announcements of new mail at login. By default, the system announces new mail (NODISNEWMAIL).
DISPWDDICDisables automatic screening of new passwords against a system dictionary. By default, passwords are automatically screened (NODISPWDDIC).
DISPWDHISDisables automatic checking of new passwords against a list of the user's old passwords. By default, the system screens new passwords (NODISPWDHIS).
DISPWDSYNCHSuppresses synchronization of the external password for this account. See bit 9 in the SECURITY_POLICY system parameter for systemwide password synchronization control.
DISRECONNECTDisables automatic reconnection to an existing process when a terminal connection has been interrupted. By default, automatic reconnection is enabled (NODISRECONNECT).
DISREPORTSuppresses reports of the last login time, login failures, and other security reports. By default, login information is displayed (NODISREPORT).
DISUSERDisables the account so the user cannot log in. For example, the DEFAULT account is disabled. By default, an account is enabled (NODISUSER).
DISWELCOMESuppresses the welcome message (an informational message displayed during a local login). This message usually indicates the version number of the operating system that is running and the name of the node on which the user is logged in. By default, a system login message appears (NODISWELCOME).
EXTAUTHConsiders user to be authenticated by an external user name and password, not by the SYSUAF user name and password. (The system still uses the SYSUAF record to check a user's login restrictions and quotas and to create the user's process profile.)
GENPWDRestricts the user to generated passwords. By default, users choose their own passwords (NOGENPWD).
LOCKPWDPrevents the user from changing the password for the account. By default, users can change their passwords (NOLOCKPWD).
PWD_EXPIREDMarks a password as expired. The user cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not expired after login (NOPWD_EXPIRED).
PWD2_EXPIREDMarks a secondary password as expired. Users cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not set to expire after login (NOPWD2_EXPIRED).
PWDMIX

Enables case-sensitive and extended-character passwords.

After PWDMIX is specified, you can then use mixed-case and extended characters in passwords. Be aware that before the PWDMIX flag is enabled, the system stores passwords in all upper-case. Therefore, until you change passwords, you must enter your pre-PWDMIX passwords in upper-case.

To change the password after PWDMIX is enabled:

  • You (the user) can use the DCL command SET PASSWORD, specifying the new mixed-case password (omitting quotation marks).

  • You (the system manager) can use the AUTHORIZE command MODIFY/PASSWORD, and enclose the user's new mixed-case password in quotation marks " ".

RESTRICTEDPrevents the user from changing any defaults at login (for example, by specifying /LGICMD) and prohibits user specification of a CLI with the /CLI qualifier. The RESTRICTED flag establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. Typically, this flag is used to prevent an applications user from having unrestricted access to the CLI. By default, a user can change defaults (NORESTRICTED).
VMSAUTHAllows account to use standard (SYSUAF) authentication when the EXTAUTH flag would otherwise require external authentication. This depends on the application. An application specifies the VMS domain of interpretation when calling SYS$ACM to request standard VMS authentication for a user account that normally uses external authentication.
/GENERATE_PASSWORD, [=keyword], /NOGENERATE_PASSWORD, (default)

Invokes the password generator to create user passwords. Generated passwords can consist of 1 to 10 characters. Specify one of the following keywords:

BOTHGenerate primary and secondary passwords.
CURRENTDo whatever the DEFAULT account does (for example, generate primary, secondary, both, or no passwords). This is the default keyword.
PRIMARYGenerate primary password only.
SECONDARYGenerate secondary password only.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, users are forced to change their passwords (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

/IDENTIFIER

Adds an identifier to the rights database, RIGHTSLIST.DAT. The ADD/IDENTIFIER command does not add a user account to the authorization file, SYSUAF.

The ADD/ADD_IDENTIFIER command, however, adds a user account to the authorization file, SYSUAF, and also adds an identifier to the rights database, RIGHTSLIST.DAT.

/INTERACTIVE[ =(range[,...])], /NOINTERACTIVE

Specifies the hours of access for interactive logins. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on interactive logins.

/JTQUOTA=value

Specifies the initial byte quota with which the jobwide logical name table is to be created. By default, the value is 4096 on Alpha and Integrity server systems.

/LGICMD=filespec

Specifies the name of the default login command file. The file name defaults to the device specified for /DEVICE, the directory specified for /DIRECTORY, a file name of LOGIN, and a file type of .COM. If you select the defaults for all these values, the file name is SYS$SYSTEM:[USER]LOGIN.COM.

/LOCAL[=(range[,...])]

Specifies hours of access for interactive logins from local terminals. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on local logins.

/MAXACCTJOBS=value

Specifies the maximum number of batch, interactive, and detached processes that can be active at one time for all users of the same account. By default, a user has a maximum of 0, which represents an unlimited number.

/MAXDETACH=value

Specifies the maximum number of detached processes with the cited user name that can be active at one time. To prevent the user from creating detached processes, specify the keyword NONE. By default, a user has a value of 0, which represents an unlimited number.

/MAXJOBS=value

Specifies the maximum number of processes (interactive, batch, detached, and network) with the cited user name that can be active simultaneously. The first four network jobs are not counted. By default, a user has a maximum value of 0, which represents an unlimited number.

/NETWORK[=(range[,...])]

Specifies hours of access for network batch jobs. For a description of how to specify the range, see the /ACCESS qualifier. By default, network logins have no access restrictions.

/OWNER=owner-name

Specifies the name of the owner of the account. You can use this name for billing purposes or similar applications. The owner name is 1 to 31 characters. No default owner name exists.

/PASSWORD=, (password1 [,password2]), /NOPASSWORD

Specifies up to two passwords for login. Passwords can be from 0 to 32 alphanumeric characters in length. The dollar sign ($) and underscore (_) are also permitted.

Uppercase and lowercase characters are equivalent. All lowercase characters are converted to uppercase before the password is encrypted. Avoid using the word password as the actual password.

Use the /PASSWORD qualifier as follows:

  • To set only the first password and clear the second, specify /PASSWORD=password.

  • To set both the first and second password, specify /PASSWORD=(password1, password2).

  • To change the first password without affecting the second, specify /PASSWORD=(password, "").

  • To change the second password without affecting the first, specify /PASSWORD=("", password).

  • To set both passwords to null, specify /NOPASSWORD.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, the user is forced to change the password (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

By default, the ADD command assigns the password USER. When you create a new UAF record with the COPY or RENAME command, you must specify a password. Avoid using the word password as the actual password.

/PBYTLM

This flag is reserved for VSI.

/PGFLQUOTA=value

Specifies the paging file limit. This is the maximum number of pages that the person's process can use in the system paging file. By default, the value is 256,000 pagelets on Alpha and Integrity server systems.

If decompressing libraries, make sure to set PGFLQUOTA to twice the size of the library.

/PRCLM=value

Specifies the subprocess creation limit. This is the maximum number of subprocesses that can exist at one time for the specified user's process. By default, the value is 8 on Alpha and Integrity server systems.

/PRIMEDAYS=([NO]day[,...])

Defines the primary and secondary days of the week for logging in. Specify the days as a list separated by commas, and enclose the list in parentheses. To specify a secondary day, prefix the day with NO (for example, NOFRIDAY). To specify a primary day, omit the NO prefix.

By default, primary days are Monday through Friday and secondary days are Saturday and Sunday. If you omit a day from the list, AUTHORIZE uses the default value. (For example, if you omit Monday from the list, AUTHORIZE defines Monday as a primary day.)

Use the primary and secondary day definitions in conjunction with such qualifiers as /ACCESS, /INTERACTIVE, and /BATCH.

/PRIORITY=value

Specifies the default base priority. The value is an integer in the range of 0 to63 on Alpha and Integrity server systems. By default, the value is set to 4 for timesharing users.

/PRIVILEGES=([NO]privname[,...])

Specifies which privileges the user is authorized to hold, although these privileges are not necessarily enabled at login. (The /DEFPRIVILEGES qualifier determines which ones are enabled.) A NO prefix removes the privilege from the user. The keyword NOALL disables all user privileges. Many privileges have varying degrees of power and potential system impact (see the VSI OpenVMS Guide to System Security for a detailed discussion). By default, a user holds TMPMBX and NETMBX privileges. Privname is the name of the privilege.

/PWDEXPIRED (default), /NOPWDEXPIRED

Specifies the password is valid for only one login. A user must change a password immediately after login or be locked out of the system. The system warns users of password expiration. A user can either specify a new password, with the DCL command SET PASSWORD, or wait until expiration and be forced to change. By default, a user must change a password when first logging in to an account. The default is applied to the account only when the password is being modified.

/PWDLIFETIME=time (default), /NOPWDLIFETIME

Specifies the length of time a password is valid. Specify a delta time value in the form [dddd-] [hh:mm:ss.cc]. For example, for a lifetime of 120 days, 0 hours, and 0 seconds, specify /PWDLIFETIME="120-". For a lifetime of 120 days 12 hours, 30 minutes and 30 seconds, specify /PWDLIFETIME="120-12:30:30". If a period longer than the specified time elapses before the user logs in, the system displays a warning message. The password is marked as expired.

To prevent a password from expiring, specify the time as NONE. By default, a password expires in 90 days.

/PWDMINIMUM=value

Specifies the minimum password length in characters. Note that this value is enforced only by the DCL command SET PASSWORD. It does not prevent you from entering a password shorter than the minimum length when you use AUTHORIZE to create or modify an account. By default, a password must have at least 6 characters. The value specified by the /PWDMINIMUM qualifier conflicts with the value used by the /GENERATE_PASSWORD qualifier or the DCL command SET PASSWORD/GENERATE, the operating system chooses the lesser value. The maximum value for generated passwords is 10.

/QUEPRIO=value

Reserved for future use.

/REMOTE[=(range[,...])]

Specifies hours during which access is permitted for interactive logins from network remote terminals (with the DCL command SET HOST). For a description of the range specification, see the /ACCESS qualifier. By default, remote logins have no access restrictions.

/SHRFILLM=value

Specifies the maximum number of shared files that the user can have open at one time. By default, the system assigns a value of 0, which represents an infinite number.

/TQELM

Specifies the total number of entries in the timer queue plus the number of temporary common event flag clusters that the user can have at one time. By default, a user can have 10.

/UIC=value

Specifies the user identification code (UIC). The UIC value is a group number in the range from 1 to 37776 (octal) and a member number in the range from 0 to 177776 (octal), which are separated by a comma and enclosed in brackets. VSI reserves group 1 and groups 300--377 for its own use.

Each user must have a unique UIC. By default, the UIC value is [200,200].

/WSDEFAULT=value

Specifies the default working set limit. This represents the initial limit to the number of physical pages the process can use. (The user can alter the default quantity up to WSQUOTA with the DCL command SET WORKING_SET.) By default, a user has 4096 pagelets on Alpha and Integrity server systems.

The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSDEFAULT.

/WSEXTENT=value

Specifies the working set maximum. This represents the maximum amount of physical memory allowed to the process. The system provides memory to a process beyond its working set quota only when it has excess free pages. The additional memory is recalled by the system if needed.

The value is an integer equal to or greater than WSQUOTA. By default, the value is 16384 pagelets on Alpha and Integrity server systems. The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSEXTENT.

/WSQUOTA=value

Specifies the working set quota. This is the maximum amount of physical memory a user process can lock into its working set. It also represents the maximum amount of swap space that the system reserves for this process and the maximum amount of physical memory that the system allows the process to consume if the systemwide memory demand is significant.

The value cannot be greater than the value of WSMAX and cannot exceed 8,192 pagelets on Alpha and Integrity server systems. This quota value replaces smaller values of PQL_MWSQUOTA.

Description

When you do not specify a value for a field, AUTHORIZE uses values from the DEFAULT record (excluding the default password, which is always USER).The DEFAULT account serves as a template for creating user records in the system user authorization file.

On Alpha and Integrity servers, the DEFAULT account is as follows:
Username: DEFAULT                          Owner:
Account:                                   UIC:    [200,200] ([FIELD,USERP])
CLI:      DCL                              Tables: DCLTABLES
Default:  SYS$SYSDEVICE:[USER]
LGICMD:   LOGIN
Flags:  DisUser
Primary days:   Mon Tue Wed Thu Fri
Secondary days:                     Sat Sun
No access restrictions
Expiration:            (none)    Pwdminimum:  6   Login Fails:     0
Pwdlifetime:         90 00:00    Pwdchange:      (pre-expired)
Last Login:            (none) (interactive),            (none) (non-interactive)
Maxjobs:         0  Fillm:       100  Bytlm:        64000
Maxacctjobs:     0  Shrfillm:      0  Pbytlm:           0
Maxdetach:       0  BIOlm:       150  JTquota:       4096
Prclm:           8  DIOlm:       150  WSdef:         2000
Prio:            4  ASTlm:       250  WSquo:         4000
Queprio:         0  TQElm:        10  WSextent:     16384
CPU:        (none)  Enqlm:      2000  Pgflquo:      50000
Authorized Privileges:
  NETMBX     TMPMBX
Default Privileges:
  NETMBX     TMPMBX
When you add a new account, specify values for fields that you want to be different. Typically, changing the default values for limits priority, privileges, or the command interpreter is not necessary. As a result, you enter only the password, UIC, directory, owner, account, and device.

Note

Limits are also set by system parameters. To be effective, the limits you set through AUTHORIZE must be within the minimum limits determined by the corresponding system parameters (particularly those beginning with the PQL prefix).

When you add a record to the UAF, create a directory for the new user. Specify the device name, directory name, and UIC in the UAF record. The following DCL command creates a directory for user ROBIN:
$ CREATE/DIRECTORY SYS$USER:[ROBIN] /OWNER_UIC=[ROBIN]

Note

When you add a new record to the UAF and a rights database exists, an identifier with the user name is added to the rights database automatically (unless you specify the /NOADD_IDENTIFIER qualifier). Similarly, when you specify an account name (other than the user name) that does not yet have an identifier, AUTHORIZE creates a group identifier in the rights database.

Examples

  1. UAF> ADD ROBIN /PASSWORD=SP0152/UIC=[014,006] -
    _/DEVICE=SYS$USER/DIRECTORY=[ROBIN]/OWNER="JOSEPH ROBIN" /ACCOUNT=INV
    %UAF-I-ADDMSG, user record successfully added
    %UAF-I-RDBADDMSGU, identifier ROBIN value: [000014,000006] added to
      RIGHTSLIST.DAT
    %UAF-I-RDBADDMSGU, identifier INV value: [000014,177777] added to
      RIGHTSLIST.DAT

    This example illustrates the typical ADD command and qualifiers. The resulting record from this command appears in the description of the SHOW command.

  2. UAF> ADD WELCH /PASSWORD=SP0158/UIC=[014,051] -
    _/DEVICE=SYS$USER/DIRECTORY=[WELCH]/OWNER="ROB WELCH"/FLAGS=DISUSER -
    _/ACCOUNT=INV/LGICMD=SECUREIN
    %UAF-I-ADDMSG, user record successfully added
    %UAF-I-RDBADDMSGU, identifier WELCH value: [000014,000051] added to
          RIGHTSLIST.DAT
    UAF> MODIFY WELCH/FLAGS=(RESTRICTED,DISNEWMAIL,DISWELCOME, -
    _NODISUSER,EXTAUTH)/NODIALUP=SECONDARY/NONETWORK=PRIMARY -
    /CLITABLES=DCLTABLES/NOACCESS=(PRIMARY, 9-16, SECONDARY, 18-8)
    %UAF-I-MDFYMSG, user records updated

    The commands in this example add a record for a restricted account. Because of the number of qualifiers required, a MODIFY command is used in conjunction with the ADD command. This helps to minimize the possibility of typing errors.

    In the ADD command line, setting the DISUSER flag prevents the user from logging in until all the account parameters are set up. In the MODIFY command line, the DISUSER flag is disabled (by specifying NODISUSER) to allow access tothe account. The EXTAUTH flag causes the system to consider the user as authenticated by an external user name and password, not by the SYSUAF user name and password.

    The record that results from these commands and an explanation of the restrictions the record imposes appear in the description of the SHOW command.

ADD/IDENTIFIER

ADD/IDENTIFIER — Adds only an identifier to the rights database. It does not add a user account.

Syntax

ADD/IDENTIFIER [id-name]

Parameter

[id-name]

Specifies the name of the identifier to be added to the rights database. If you omit the name, you must specify the /USER qualifier. The identifier name is a string of 1 to 32 alphanumeric characters. The name can contain underscores and dollar signs. It must contain at least one non numeric character.

Qualifiers

/ATTRIBUTES=(keyword[,...])

Specifies attributes to be associated with the new identifier. The following keywords are valid:

DYNAMICAllows unprivileged holders of the identifier to remove and to restore the identifier from the process rights list by using the DCL command SET RIGHTS_LIST.
HOLDER_HIDDENPrevents people from getting a list of users who hold an identifier, unless they own the identifier themselves.
NAME_HIDDENAllows holders of an identifier to have it translated, either from binary to ASCII or from ASCII to binary, but prevents unauthorized users from translating the identifier.
NOACCESSMakes any access rights of the identifier null and void. If a user is granted an identifier with the No Access attribute, that identifier has no effect on the user's access rights to objects. This attribute is a modifier for an identifier with the Resource or Subsystem attribute.
RESOURCEAllows holders of an identifier to charge disk space to the identifier. Used only for file objects.
SUBSYSTEMAllows holders of the identifier to create and maintain protected subsystems by assigning the Subsystem ACE to the application images in the subsystem. Used only for file objects.

By default, none of these attributes is associated with the new identifier.

/USER=user-spec

Scans the UAF record for the specified user and creates the corresponding identifier. Specify user-spec by user name or UIC. You can use the asterisk wildcard to specify multiple user names or UICs. Full use of the asterisk and percent wild cards is permitted for user names; UICs must be in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard username specification (*) creates identifiers alphabetically by username; a wildcard UIC specification ([*,*]) creates them in numerical order by UIC.

/VALUE=value-specifier
Specifies the value to be attached to the identifier. The following formats are valid for the value-specifier:

IDENTIFIER:n

An integer value in the range of 65,536 to 268,435,455. You can also specify the value in hexadecimal (precede the value with %X) or octal (precede the value with %O).

The system displays this type of identifier in hexadecimal. To differentiate general identifiers from UIC identifiers, the system adds %X80000000 to the value you specify.

GID:n

GID is the POSIX group identifier. It is an integer value in the range 0 to 16,777,215 (%XFFFFFF). The system will add %XA400.0000 to the value you specify and then enter this new value into the system RIGHTSLIST as an identifier.

UIC:uic

A UIC value in standard UIC format consists of a member name and, optionally, a group name enclosed in brackets. For example, [360,031].

In numeric UICs, the group number is an octal number in the range of 1 to 37776; the member number is an octal number in the range of 0 to 177776. You can omit leading zeros when you are specifying group and member numbers.

Regardless of the UIC format you use, the system translates a UIC to a 32-bit numeric value.

Alphanumeric UICs are not allowed.

Typically, system managers add identifiers as UIC values to represent system users; the system applies identifiers in integer format to system resources.

Examples

  1. UAF> ADD/IDENTIFIER/VALUE=UIC:[300,011] INVENTORY
    %UAF-I-RDBADDMSGU, identifier INVENTORY value: [000300,000011]
    added to RIGHTSLIST.DAT

    The command in this example adds an identifier named INVENTORY to the rights database. By default, the identifier is not marked as a resource.

  2. UAF> ADD/IDENTIFIER/ATTRIBUTES=(RESOURCE) -
    _/VALUE=IDENTIFIER:%X80011 PAYROLL
    %UAF-I-RDBADDMSGU, identifier PAYROLL value: %X80080011 added to
    RIGHTSLIST.DAT  

    This command adds the identifier PAYROLL and marks it as a resource. To differentiate identifiers with integer values from identifiers with UIC values, %X80000000 is added to the specified code.

ADD/PROXY

ADD/PROXY — Adds an entry to the network proxy authorization files, NETPROXY.DAT and NET$PROXY.DAT, and signals DECnet to update its volatile database. Proxy additions take effect immediately on all nodes in a cluster that share the proxy database.

Syntax

ADD/PROXY node::remote-user local-user[,...]

Parameters

node

Specifies a DECnet node name. If you provide a wildcard character (*), the specified remote user on all nodes is served by the account defined as local-user.

remote-user

Specifies the user name of a user at a remote node. If you specify an asterisk, all users at the specified node are served by the local user.

For systems that are not OpenVMS and that implement DECnet, specifies the UIC of auser at a remote node. You can specify a wildcard character (*) in the group and member fields of the UIC.

local-user

Specifies the user names of 1 to 16 users on the local node. If you specify an asterisk, a local-user name equal to remote-user name will be used.

Positional Qualifier

/DEFAULT

Establishes the specified user name as the default proxy account. The remote user can request proxy access to an authorized account other than the default proxy account by specifying the name of the proxy account in the access control string of the network operation.

Description

The ADD/PROXY command adds an entry to the network proxy authorization files, NETPROXY.DAT and NET$PROXY.DAT, and signals DECnet to update its volatile database. Proxy additions take effect immediately on all nodes in a cluster that share the proxy database.

You can grant a remote user access to one default proxy account and up to 15 other local accounts. To access proxy accounts other than the default proxy account, remote users specify the requested account name in an access control string. To change the default proxy account, use the AUTHORIZE command MODIFY/PROXY.

Proxy login is an effective way to avoid specifying (and, possibly, revealing) passwords in command lines. However, you must use caution in granting access to remote users. While logged in to the local system, remote users can apply the full DCL command set (with the exception of SET HOST). A remote user receives the default privileges of the local user and, therefore, becomes the owner of the local user's files when executing any DCL commands.

To avoid potential security compromises, VSI recommends that you create proxy accounts on the local node that are less privileged than a user's normal account on the remote node. By adding an extension such as _N, you can identify the account as belonging to a remote user, while distinguishing it from a native account with the same name on the local node. For example, the following command creates a JONES_N proxy account on the local node that allows the user JONES to access the account from the remote node SAMPLE:
UAF> ADD/PROXY SAMPLE::JONES JONES_N/DEFAULT
%UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT

For more information about creating proxy accounts, see the VSI OpenVMS Guide to System Security.

Examples

  1. UAF> ADD/PROXY  SAMPLE::WALTER   ROBIN/DEFAULT
    %UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT

    Specifies that user WALTER on remote node SAMPLE has proxy access to user ROBIN's account on local node AXEL. Through proxy login, WALTER receives the default privileges of user ROBIN when he accesses node AXEL remotely.

  2. UAF> ADD/PROXY MISHA::* MARCO/DEFAULT, OSCAR
    %UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT

    Specifies that any user on the remote node MISHA can, by default, use the MARCO account on the local node for DECnet tasks such as remote file access. Remote users can also access the OSCAR proxy account by specifying the user name OSCAR in the access control string.

  3. UAF> ADD/PROXY MISHA::MARCO */DEFAULT
    %UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT

    Specifies that user MARCO on the remote node MISHA can use only the MARCO account on the local node for remote file access.

  4. UAF> ADD/PROXY TAO::MARTIN  MARTIN/D,SALES_READER
    %UAF-I-NAFADDMSG, proxy from TAO:.TWA.RAN::MARTIN to MARTIN added
    %UAF-I-NAFADDMSG, proxy from TAO:.TWA.RAN::MARTIN to SALES_READER
    added

    Adds a proxy from TAO::MARTIN to the local accounts MARTIN (the default) and SALES_READER on a system running DECnet-Plus.

COPY

COPY — Creates a new SYSUAF record that duplicates an existing UAF record.

Syntax

COPY oldusername newusername

Parameters

oldusername

Name of an existing user record to serve as a template for the new record.

newusername

Name for the new user record. The user name is a string of 1 to 12 alphanumeric characters.

Qualifiers

/ACCESS[=(range[,...])], /NOACCESS[=(range[,...])]

Specifies hours of access for all modes of access. The syntax for specifying the range is:

/[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])

Specify hours as integers from 0 to 23, inclusive. You can specify single hours (n) or ranges of hours (n-m). If the ending hour of a range is earlier than the starting hour, the range extends from the starting hour through midnight to the ending hour. The first set of hours after the keyword PRIMARY specifies hours on primary days; the second set of hours after the keyword SECONDARY specifies hours on secondary days. Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour.

By default, a user has full access every day. See the DCL command SET DAY in the VSI OpenVMS DCL Dictionary for information about overriding the defaults for primary and secondary day types.

All the list elements are optional. Unless you specify hours for a day type, access is permitted for the entire day. By specifying an access time, you prevent access at all other times. Adding NO to the qualifier denies the user access to the system for the specified period of time. See the following examples.

/ACCESSAllows unrestricted access
/NOACCESS=SECONDARYAllows access on primary days only
/ACCESS=(9-17)Allows access from 9 A.M. to 5:59 P.M. on all days
/NOACCESS=(PRIMARY, 9-17, SECONDARY, 18-8)Disallows access between 9 A.M. to 5:59 P.M. on primary days but allows access during these hours on secondary days

To specify access hours for specific types of access, see the /BATCH, /DIALUP, /INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.

Refer to VSI OpenVMS Guide to System Security for information about the effects of login class restrictions.

/ACCOUNT=account-name

Specifies the default name for the account (for example, a billing name or number). The name can be a string of 1 to 8 alphanumeric characters. By default, AUTHORIZE does not assign an account name.

/ADD_IDENTIFIER (default), /NOADD_IDENTIFIER

Adds an identifier to the rights database file, RIGHTSLIST.DAT, and also adds a user to the user authorization file, SYSUAF. The /NOADD_IDENTIFIER qualifier does not add an identifier to the RIGHTSLIST.DAT file but does, however, add a user to the SYSUAF user record file. Note that the AUTHORIZE command ADD/IDENTIFIER is quite different: it only adds an entry to the rights database file, RIGHTSLIST.DAT.

/ALGORITHM=keyword=type [=value]

Sets the password encryption algorithm for a user. The keyword VMS refers to the algorithm used in the operating system version that is running on your system, whereas a customer algorithm is one that is added through the $HASH_PASSWORD system service by a customer site, by a layered product, or by a third party. The customer algorithm is identified in $HASH_PASSWORD by an integer in the range of 128 to 255. It must correspond with the number used in the AUTHORIZE command MODIFY/ALGORITHM. By default, passwords are encrypted with the VMS algorithm for the current version of the operating system.

KeywordFunction
BOTHSet the algorithm for primary and secondary passwords.
CURRENTSet the algorithm for the primary, secondary, both, or no passwords, depending on account status. CURRENT is the default value.
PRIMARYSet the algorithm for the primary password only.
SECONDARYSet the algorithm for the secondary password only.

The following table lists password encryption algorithms:

TypeDefinition
VMSThe algorithm used in the version of the operating system that is running on your system.
CUSTOMERA numeric value in the range of 128 to 255 that identifies a customer algorithm.

The following example selects the VMS algorithm for Sontag's primary password:

UAF> MODIFY SONTAG/ALGORITHM=PRIMARY=VMS

If you select a site-specific algorithm, you must give a value to identify the algorithm, as follows:

UAF> MODIFY SONTAG/ALGORITHM=CURRENT=CUSTOMER=128
/ASTLM=value

Specifies the AST queue limit, which is the total number of asynchronous system trap (AST) operations and scheduled wake-up requests that the user can have queued at one time. The default is 300 on Alpha and Integrity server systems.

/BATCH[=(range[,...])]

Specifies the hours of access permitted for batch jobs. For a description of the range specification, see the /ACCESS qualifier. By default, a user can submit batch jobs any time.

/BIOLM=value

Specifies a buffered I/O count limit for the BIOLM field of the UAF record. The buffered I/O count limit is the maximum number of buffered I/O operations, such as terminal I/O, that can be outstanding at one time. The default is 150 on Alpha and Integrity server systems.

/BYTLM=value

Specifies the buffered I/O byte limit for the BYTLM field of the UAF record. The buffered I/O byte limit is the maximum number of bytes of nonpaged system dynamic memory that a user's job can consume at one time. Nonpaged dynamic memory is used for operations such as I/O buffering, mailboxes, and file-access windows. The default is 128,000 on Alpha and Integrity server systems.

/CLI=cli-name

Specifies the name of the default command language interpreter (CLI) for the CLI field of the UAF record. The cli-name is a string of 1 to 31 alphanumeric characters and should be DCL, which is the default. This setting is ignored for network jobs.

/CLITABLES=filespec

Specifies user-defined CLI tables for the account. The filespec can contain 1 to 31 characters. The default is SYS$LIBRARY:DCLTABLES. Note that this setting is ignored for network jobs to guarantee that the system-supplied command procedures used to implement network objects function properly.

/CPUTIME=time

Specifies the maximum process CPU time for the CPU field of the UAF record. The maximum process CPU time is the maximum amount of CPU time a user's process can take per session. You must specify a delta time value. For a discussion of delta time values, refer to the VSI OpenVMS User's Manual. The default is 0, which means an infinite amount of time.

/DEFPRIVILEGES=, ([NO]privname[,...])

Specifies default privileges for the user; that is, those enabled at login time. A NO prefix removes a privilege from the user. By specifying the keyword [NO]ALL with the /DEFPRIVILEGES qualifier, you can disable or enable all user privileges. The default privileges are TMPMBX and NETMBX. Privname is the name of the privilege.

/DEVICE=device-name

Specifies the name of the user's default device at login. The device-name is a string of 1 to 31 alphanumeric characters. If you omit the colon from the device-name value, AUTHORIZE appends a colon. The default device is SYS$SYSDISK.

If you specify a logical name as the device-name (for example, DISK1: for DUA1:), you must make an entry for the logical name in the LNM$SYSTEM_TABLE in executive mode by using the DCL command DEFINE/SYSTEM/EXEC.

/DIALUP[=(range[,...])]

Specifies hours of access permitted for dialup logins. For a description of the range specification, see the /ACCESS qualifier. The default is full access.

/DIOLM=value

Specifies the direct I/O count limit for the DIOLM field of the UAF record. The direct I/O count limit is the maximum number of direct I/O operations (usually disk) that can be outstanding at one time. The default is 150 on Alpha and Integrity server systems.

/DIRECTORY=directory-name

Specifies the default directory name for the DIRECTORY field of the UAF record. The directory-name can be 1 to 39 alphanumeric characters. If you do not enclose the directory name in brackets, AUTHORIZE adds the brackets for you. The default directory name is [USER].

/ENQLM=value

Specifies the lock queue limit for the ENQLM field of the UAF record. The lock queue limit is the maximum number of locks that can be queued by the user at one time. The default is 4000 on Alpha and Integrity server systems.

/EXPIRATION=time (default), /NOEXPIRATION

Specifies the expiration date and time of the account. The /NOEXPIRATION qualifier removes the expiration date on the account. If you do not specify an expiration time when you add a new account, AUTHORIZE copies the expiration time from the DEFAULT account. (The expiration time on the DEFAULT account is "none" by default.)

/FILLM=value

Specifies the open file limit for the FILLM field of the UAF record. The open file limit is the maximum number of files that can be open at one time, including active network logical links. The default is 128 on Alpha and Integrity server systems.

/FLAGS=([NO]option[,...])

Specifies login flags for the user. The prefix NO clears the flag. The options are as follows:

AUDITEnables or disables mandatory security auditing for a specific user. By default, the system does not audit the activities of specific users (NOAUDIT).
AUTOLOGINRestricts the user to the automatic login mechanism when logging in to an account. When set, the flag disables login by any terminal that requires entry of a user name and password. The default is to require a user name and password (NOAUTOLOGIN).
CAPTIVE

Prevents the user from changing any defaults at login, for example, /CLI or /LGICMD. It prevents the user from escaping the captive login command procedure specified by the /LGICMD qualifier and gaining access to the DCL command level. Refer to the VSI OpenVMS Guide to System Security.

The CAPTIVE flag also establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. By default, an account is not captive (NOCAPTIVE).

DEFCLIRestricts the user to the default command interpreter by prohibiting the use of the /CLI qualifier at login. By default, a user can choose a CLI (NODEFCLI).
DISCTLYEstablishes an environment where Ctrl/Y interrupts are initially turned off and are invalid until a SET CONTROL=Y is encountered. This could happen in SYLOGIN.COM or in a procedure called by SYLOGIN.COM. Once a SET CONTROL=Y is executed (which requires no privilege), a user can enter a Ctrl/Y and reach the DCL prompt ($). If the intent of DISCTLY is to force execution of the login command files, then SYLOGIN.COM should issue the DCL command SET CONTROL=Y to turn on Ctrl/Y interrupts before exiting. By default, Ctrl/Y is enabled (NODISCTLY).
DISFORCE_PWD_CHANGERemoves the requirement that a user must change an expired password at login. By default, a person can use an expired password only once (NODISFORCE_PWD_CHANGE) and then is forced to change the password after logging in. If the user does not select a new password, the user is locked out of the system. To use this feature, set a password expiration date with the /PWDLIFETIME qualifier.
DISIMAGEPrevents the user from executing RUN and foreign commands. By default, a user can execute RUN and foreign commands (NODISIMAGE).
DISMAILDisables mail delivery to the user. By default, mail delivery is enabled (NODISMAIL).
DISNEWMAILSuppresses announcements of new mail at login. By default, the system announces new mail (NODISNEWMAIL).
DISPWDDICDisables automatic screening of new passwords against a system dictionary. By default, passwords are automatically screened (NODISPWDDIC).
DISPWDHISDisables automatic checking of new passwords against a list of the user's old passwords. By default, the system screens new passwords (NODISPWDHIS).
DISPWDSYNCHSuppresses synchronization of the external password for this account. See bit 9 in the SECURITY_POLICY system parameter for system wide password synchronization control.
DISRECONNECTDisables automatic reconnection to an existing process when a terminal connection has been interrupted. By default, automatic reconnection is enabled (NODISRECONNECT).
DISREPORTSuppresses reports of the last login time, login failures, and other security reports. By default, login information is displayed (NODISREPORT).
DISUSERDisables the account so the user cannot log in. For example, the DEFAULT account is disabled. By default, an account is enabled (NODISUSER).
DISWELCOMESuppresses the welcome message (an informational message displayed during a local login). This message usually indicates the version number of the operating system that is running and the name of the node on which the user is logged in. By default, a system login message appears (NODISWELCOME).
EXTAUTHConsiders user to be authenticated by an external user name and password, not by the SYSUAF user name and password. (The system still uses the SYSUAF record to check a user's login restrictions and quotas and to create the user's process profile.)
GENPWDRestricts the user to generated passwords. By default, users choose their own passwords (NOGENPWD).
LOCKPWDPrevents the user from changing the password for the account. By default, users can change their passwords (NOLOCKPWD).
PWD_EXPIREDMarks a password as expired. The user cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not expired after login (NOPWD_EXPIRED).
PWD2_EXPIREDMarks a secondary password as expired. Users cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not set to expire after login (NOPWD2_EXPIRED).
PWDMIX

Enables case-sensitive and extended-character passwords.

After PWDMIX is specified, you can then use mixed-case and extended characters in passwords. Be aware that before the PWDMIX flag is enabled, the system stores passwords in all upper-case. Therefore, until you change passwords, you must enter your pre-PWDMIX passwords in upper-case.

To change the password after PWDMIX is enabled:

  • You (the user) can use the DCL command SET PASSWORD, specifying the new mixed-case password (omitting quotation marks).

  • You (the system manager) can use the AUTHORIZE command MODIFY/PASSWORD, and enclose the user's new mixed-case password in quotation marks " ".

RESTRICTEDPrevents the user from changing any defaults at login (for example, by specifying /LGICMD) and prohibits user specification of a CLI with the /CLI qualifier. The RESTRICTED flag establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. Typically, this flag is used to prevent an applications user from having unrestricted access to the CLI. By default, a user can change defaults (NORESTRICTED).
VMSAUTHAllows account to use standard (SYSUAF) authentication when the EXTAUTH flag would otherwise require external authentication. This depends on the application. An application specifies the VMS domain of interpretation when calling SYS$ACM to request standard VMS authentication for a user account that normally uses external authentication.
/GENERATE_PASSWORD, [=keyword], /NOGENERATE_PASSWORD, (default)

Invokes the password generator to create user passwords. Generated passwords can consist of 1 to 10 characters. Specify one of the following keywords:

BOTHGenerate primary and secondary passwords.
CURRENTDo whatever the DEFAULT account does (for example, generate primary, secondary, both, or no passwords). This is the default keyword.
PRIMARYGenerate primary password only.
SECONDARYGenerate secondary password only.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, users are forced to change their passwords (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

/IDENTIFIER

Adds an identifier to the rights database, RIGHTSLIST.DAT. The ADD/IDENTIFIER command does not add a user account to the authorization file, SYSUAF.

The ADD/ADD_IDENTIFIER command, however, adds a user account to the authorization file, SYSUAF, and also adds an identifier to the rights database, RIGHTSLIST.DAT.

/INTERACTIVE[ =(range[,...])], /NOINTERACTIVE

Specifies the hours of access for interactive logins. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on interactive logins.

/JTQUOTA=value

Specifies the initial byte quota with which the jobwide logical name table is to be created. By default, the value is 4096 on Alpha and Integrity server systems.

/LGICMD=filespec

Specifies the name of the default login command file. The file name defaults to the device specified for /DEVICE, the directory specified for /DIRECTORY, a file name of LOGIN, and a file type of .COM. If you select the defaults for all these values, the file name is SYS$SYSTEM:[USER]LOGIN.COM.

/LOCAL[=(range[,...])]

Specifies hours of access for interactive logins from local terminals. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on local logins.

/MAXACCTJOBS=value

Specifies the maximum number of batch, interactive, and detached processes that can be active at one time for all users of the same account. By default, a user has a maximum of 0, which represents an unlimited number.

/MAXDETACH=value

Specifies the maximum number of detached processes with the cited user name that can be active at one time. To prevent the user from creating detached processes, specify the keyword NONE. By default, a user has a value of 0, which represents an unlimited number.

/MAXJOBS=value

Specifies the maximum number of processes (interactive, batch, detached, and network) with the cited user name that can be active simultaneously. The first four network jobs are not counted. By default, a user has a maximum value of 0, which represents an unlimited number.

/NETWORK[=(range[,...])]

Specifies hours of access for network batch jobs. For a description of how to specify the range, see the /ACCESS qualifier. By default, network logins have no access restrictions.

/OWNER=owner-name

Specifies the name of the owner of the account. You can use this name for billing purposes or similar applications. The owner name is 1 to 31 characters. No default owner name exists.

/PASSWORD=, (password1 [,password2]), /NOPASSWORD

Specifies up to two passwords for login. Passwords can be from 0 to 32 alphanumeric characters in length. The dollar sign ($) and underscore (_) are also permitted.

Uppercase and lowercase characters are equivalent. All lowercase characters are converted to uppercase before the password is encrypted. Avoid using the word password as the actual password.

Use the /PASSWORD qualifier as follows:

  • To set only the first password and clear the second, specify /PASSWORD=password.

  • To set both the first and second password, specify /PASSWORD=(password1, password2).

  • To change the first password without affecting the second, specify /PASSWORD=(password, "").

  • To change the second password without affecting the first, specify /PASSWORD=("", password).

  • To set both passwords to null, specify /NOPASSWORD.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, the user is forced to change the password (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

When you create a new UAF record with the COPY command, you must specify a password.

/PBYTLM

This flag is reserved for VSI.

/PGFLQUOTA=value

Specifies the paging file limit. This is the maximum number of pages that the person's process can use in the system paging file. By default, the value is 256,000 pagelets on Alpha and Integrity server systems.

If decompressing libraries, make sure to set PGFLQUOTA to twice the size of the library.

/PRCLM=value

Specifies the subprocess creation limit. This is the maximum number of subprocesses that can exist at one time for the specified user's process. By default, the value is 8 on Alpha and Integrity server systems.

/PRIMEDAYS=([NO]day[,...])

Defines the primary and secondary days of the week for logging in. Specify the days as a list separated by commas, and enclose the list in parentheses. To specify a secondary day, prefix the day with NO (for example, NOFRIDAY). To specify a primary day, omit the NO prefix.

By default, primary days are Monday through Friday and secondary days are Saturday and Sunday. If you omit a day from the list, AUTHORIZE uses the default value. (For example, if you omit Monday from the list, AUTHORIZE defines Monday as a primary day.)

Use the primary and secondary day definitions in conjunction with such qualifiers as /ACCESS, /INTERACTIVE, and /BATCH.

/PRIORITY=value

Specifies the default base priority. The value is an integer in the range of 0 to 63 on Alpha and Integrity server systems. By default, the value is set to 4 for timesharing users.

/PRIVILEGES=([NO]privname[,...])

Specifies which privileges the user is authorized to hold, although these privileges are not necessarily enabled at login. (The /DEFPRIVILEGES qualifier determines which ones are enabled.) A NO prefix removes the privilege from the user. The keyword NOALL disables all user privileges. Many privileges have varying degrees of power and potential system impact (see the VSI OpenVMS Guide to System Security for a detailed discussion). By default, a user holds TMPMBX and NETMBX privileges. Privname is the name of the privilege.

/PWDEXPIRED (default), /NOPWDEXPIRED

Specifies the password is valid for only one login. A user must change a password immediately after login or be locked out of the system. The system warns users of password expiration. A user can either specify a new password, with the DCL command SET PASSWORD, or wait until expiration and be forced to change. By default, a user must change a password when first logging in to an account. The default is applied to the account only when the password is being modified.

/PWDLIFETIME=time (default), /NOPWDLIFETIME

Specifies the length of time a password is valid. Specify a delta time value in the form [dddd-] [hh:mm:ss.cc]. For example, for a lifetime of 120 days, 0 hours, and 0 seconds, specify /PWDLIFETIME="120-". For a lifetime of 120 days 12 hours, 30 minutes and 30 seconds, specify /PWDLIFETIME="120-12:30:30". If a period longer than the specified time elapses before the user logs in, the system displays a warning message. The password is marked as expired.

To prevent a password from expiring, specify the time as NONE. By default, a password expires in 90 days.

/PWDMINIMUM=value

Specifies the minimum password length in characters. Note that this value is enforced only by the DCL command SET PASSWORD. It does not prevent you from entering a password shorter than the minimum length when you use AUTHORIZE to create or modify an account. By default, a password must have at least 6 characters. The value specified by the /PWDMINIMUM qualifier conflicts with the value used by the /GENERATE_PASSWORD qualifier or the DCL command SET PASSWORD/GENERATE, the operating system chooses the lesser value. The maximum value for generated passwords is 10.

/QUEPRIO=value

Reserved for future use.

/REMOTE[=(range[,...])]

Specifies hours during which access is permitted for interactive logins from network remote terminals (with the DCL command SET HOST). For a description of the range specification, see the /ACCESS qualifier. By default, remote logins have no access restrictions.

/SHRFILLM=value

Specifies the maximum number of shared files that the user can have open at one time. By default, the system assigns a value of 0, which represents an infinite number.

/TQELM

Specifies the total number of entries in the timer queue plus the number of temporary common event flag clusters that the user can have at one time. By default, a user can have 10.

/UIC=value

Specifies the user identification code (UIC). The UIC value is a group number in the range from 1 to 37776 (octal) and a member number in the range from 0 to 177776 (octal), which are separated by a comma and enclosed in brackets. VSI reserves group 1 and groups 300--377 for its own use.

Each user must have a unique UIC. By default, the UIC value is [200,200].

/WSDEFAULT=value

Specifies the default working set limit. This represents the initial limit to the number of physical pages the process can use. (The user can alter the default quantity up to WSQUOTA with the DCL command SET WORKING_SET.) By default, a user has 4096 pagelets on Alpha and Integrity server systems.

The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSDEFAULT.

/WSEXTENT=value

Specifies the working set maximum. This represents the maximum amount of physical memory allowed to the process. The system provides memory to a process beyond its working set quota only when it has excess free pages. The additional memory is recalled by the system if needed.

The value is an integer equal to or greater than WSQUOTA. By default, the value is 16384 pagelets on Alpha and Integrity server systems. The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSEXTENT.

/WSQUOTA=value

Specifies the working set quota. This is the maximum amount of physical memory a user process can lock into its working set. It also represents the maximum amount of swap space that the system reserves for this process and the maximum amount of physical memory that the system allows the process to consume if the systemwide memory demand is significant.

The value cannot be greater than the value of WSMAX and cannot exceed 8,192 pagelets on Alpha and Integrity server systems. This quota value replaces smaller values of PQL_MWSQUOTA.

Description

The COPY command creates a new SYSUAF record that duplicates an existing SYSUAF record. The command requires the /PASSWORD qualifier. If you do not specify additional qualifiers to the COPY command, the fields in the record you create are the same as those in the record being copied.

For example, you could add a record for a new user named Thomas Sparrow that is identical to that of Joseph Robin (but presumably different from the default record), as follows:
UAF> COPY ROBIN SPARROW /PASSWORD=SP0152
However, to add a record for Thomas Sparrow that differs from Joseph Robin's in the UIC, directory name, password, and owner, specify the following command:
UAF> COPY ROBIN SPARROW /UIC=[200,13]/DIRECTORY=[SPARROW] -
_/PASSWORD=THOMAS/OWNER="THOMAS SPARROW"

You can also use the COPY command to create a set of template records to meet the specific needs of various user groups. For example, if you have programmers, administrators, and data entry personnel working on the same system, you can create records such as PROGRAMMER, ADMINISTRATOR, and DATA_ENTRY, each tailored to the needs of a particular group. To add an account for a new user in one of these groups, copy the appropriate template record and specify a new user name, password, UIC, directory, and owner.

If you omit the /PASSWORD qualifier when you create an account, AUTHORIZE displays the following error message:
%UAF-W-DEFPWD, copied or renamed records must receive new password

To specify a password for the account, use the MODIFY command with the /PASSWORD qualifier.

Examples

  1. UAF> COPY ROBIN SPARROW /PASSWORD=SP0152
    %UAF-I-COPMSG, user record copied
    %UAF-E-RDBADDERRU, unable to add SPARROW value: [000014,00006] to
           RIGHTSLIST.DAT   -SYSTEM-F-DUPIDENT, duplicate identifier

    The command in this example adds a record for Thomas Sparrow that is identical, except for the password, to that of Joseph Robin. Note that because the UIC value has no change, no identifier is added to RIGHTSLIST.DAT.AUTHORIZE issues a duplicate identifier error message.

  2. UAF> COPY ROBIN SPARROW /UIC=[200,13]/DIRECTORY=[SPARROW] -
    _/PASSWORD=THOMAS/OWNER="THOMAS SPARROW"
    %UAF-I-COPMSG, user record copied
    %UAF-I-RDBADDMSGU, identifier SPARROW value: [000200,000013] added to
           RIGHTSLIST.DAT

    The command in this example adds a record for Thomas Sparrow that is the same as Joseph Robin's except for the UIC, directory name, password, and owner. Note that you could use a similar command to copy a template record when adding a record for a new user in a particular user group.

CREATE/PROXY

CREATE/PROXY — Creates and initializes the network proxy authorization files. The primary network proxy authorization file is NET$PROXY.DAT. The file NETPROXY.DAT is maintained for compatibility. Do not delete NETPROXY.DAT because DECnet Phase IV and many layered products still use it.

Syntax

CREATE/PROXY

Parameters

None.

Qualifiers

None.

Description

NETPROXY.DAT is created with no records and is assigned the following protection:
S:RWED,O:RWED,G,W
NET$PROXY.DAT is created with no records and is assigned the following protection:
S:RWED,O,G,W
If NETPROXY.DAT or NET$PROXY.DAT already exist, AUTHORIZE reports the following error message:
%UAF-W-NAFAEX, NETPROXY.DAT already exists

To create a new file, you must either delete or rename the old one.

Example

UAF> CREATE/PROXY
UAF>

The command in this example creates and initializes the network proxyauthorization file.

CREATE/RIGHTS

CREATE/RIGHTS — Creates and initializes the rights database, RIGHTSLIST.DAT.

Syntax

CREATE/RIGHTS

Parameters

None.

Qualifiers

None.

Description

RIGHTSLIST.DAT is created with no records and is assigned the following protection:
S:RWED,O:RWED,G:R,W:

Note that the file is created only if the file does not already exist.

Example

UAF> CREATE/RIGHTS
%UAF-E-RDBCREERR, unable to create RIGHTSLIST.DAT
-RMS-E-FEX, file already exists, not superseded

You can use the command in this example to create and initialize a new rights database. Note, however, that RIGHTSLIST.DAT is created automatically during the installation process. Thus, you must delete or rename the existing file before creating a new one. For more information about rights database management, see the VSI OpenVMS Guide to System Security.

DEFAULT

DEFAULT — Modifies the SYSUAF's DEFAULT record.

Syntax

DEFAULT

Parameters

None.

Qualifiers

/ACCESS[=(range[,...])], /NOACCESS[=(range[,...])]

Specifies hours of access for all modes of access. The syntax for specifying the range is:

/[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])

Specify hours as integers from 0 to 23, inclusive. You can specify single hours (n) or ranges of hours (n-m). If the ending hour of a range is earlier than the starting hour, the range extends from the starting hour through midnight to the ending hour. The first set of hours after the keyword PRIMARY specifies hours on primary days; the second set of hours after the keyword SECONDARY specifies hours on secondary days. Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour.

By default, a user has full access every day. See the DCL command SET DAY in the VSI OpenVMS DCL Dictionary for information about overriding the defaults for primary and secondary day types.

All the list elements are optional. Unless you specify hours for a day type, access is permitted for the entire day. By specifying an access time, you prevent access at all other times. Adding NO to the qualifier denies the user access to the system for the specified period of time. See the following examples.

/ACCESSAllows unrestricted access
/NOACCESS=SECONDARYAllows access on primary days only
/ACCESS=(9-17)Allows access from 9 A.M. to 5:59 P.M. on all days
/NOACCESS=(PRIMARY, 9-17, SECONDARY, 18-8)Disallows access between 9 A.M. to 5:59 P.M. on primary days but allows access during these hours on secondary days

To specify access hours for specific types of access, see the /BATCH, /DIALUP, /INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.

Refer to VSI OpenVMS Guide to System Security for information about the effects of login class restrictions.

/ACCOUNT=account-name

Specifies the default name for the account (for example, a billing name or number). The name can be a string of 1 to 8 alphanumeric characters. By default, AUTHORIZE does not assign an account name.

/ALGORITHM=keyword=type [=value]

Sets the password encryption algorithm for a user. The keyword VMS refers to the algorithm used in the operating system version that is running on your system, whereas a customer algorithm is one that is added through the $HASH_PASSWORD system service by a customer site, by a layered product, or by a third party. The customer algorithm is identified in $HASH_PASSWORD by an integer in the range of 128 to 255. It must correspond with the number used in the AUTHORIZE command MODIFY/ALGORITHM. By default, passwords are encrypted with the VMS algorithm for the current version of the operating system.

KeywordFunction
BOTHSet the algorithm for primary and secondary passwords.
CURRENTSet the algorithm for the primary, secondary, both, or no passwords, depending on account status. CURRENT is the default value.
PRIMARYSet the algorithm for the primary password only.
SECONDARYSet the algorithm for the secondary password only.
The following table lists password encryption algorithms:
TypeDefinition
VMSThe algorithm used in the version of the operating system that is running on your system.
CUSTOMERA numeric value in the range of 128 to 255 that identifies a customer algorithm.

The following example selects the VMS algorithm for Sontag's primary password:

UAF> MODIFY SONTAG/ALGORITHM=PRIMARY=VMS

If you select a site-specific algorithm, you must give a value to identify the algorithm, as follows:

UAF> MODIFY SONTAG/ALGORITHM=CURRENT=CUSTOMER=128
/ASTLM=value

Specifies the AST queue limit, which is the total number of asynchronous system trap (AST) operations and scheduled wake-up requests that the user can have queued at one time. The default is 300 on Alpha and Integrity server systems.

/BATCH[=(range[,...])]

Specifies the hours of access permitted for batch jobs. For a description of the range specification, see the /ACCESS qualifier. By default, a user can submit batch jobs any time.

/BIOLM=value

Specifies a buffered I/O count limit for the BIOLM field of the UAF record. The buffered I/O count limit is the maximum number of buffered I/O operations, such as terminal I/O, that can be outstanding at one time. The default is 150 on Alpha and Integrity server systems.

/BYTLM=value

Specifies the buffered I/O byte limit for the BYTLM field of the UAF record. The buffered I/O byte limit is the maximum number of bytes of nonpaged system dynamic memory that a user's job can consume at one time. Nonpaged dynamic memory is used for operations such as I/O buffering, mailboxes, and file-access windows. The default is 128,000 on Alpha and Integrity server systems.

/CLI=cli-name

Specifies the name of the default command language interpreter (CLI) for the CLI field of the UAF record. The cli-name is a string of 1 to 31 alphanumeric characters and should be DCL, which is the default. This setting is ignored for network jobs.

/CLITABLES=filespec

Specifies user-defined CLI tables for the account. The filespec can contain 1 to 31 characters. The default is SYS$LIBRARY:DCLTABLES. Note that this setting is ignored for network jobs to guarantee that the system-supplied command procedures used to implement network objects function properly.

/CPUTIME=time

Specifies the maximum process CPU time for the CPU field of the UAF record. The maximum process CPU time is the maximum amount of CPU time a user's process can take per session. You must specify a delta time value. For a discussion of delta time values, refer to the VSI OpenVMS User's Manual. The default is 0, which means an infinite amount of time.

/DEFPRIVILEGES=([NO]privname[,...])

Specifies default privileges for the user; that is, those enabled at login time. A NO prefix removes a privilege from the user. By specifying the keyword [NO]ALL with the /DEFPRIVILEGES qualifier, you can disable or enable all user privileges. The default privileges are TMPMBX and NETMBX. Privname is the name of the privilege.

/DEVICE=device-name

Specifies the name of the user's default device at login. The device-name is a string of 1 to 31 alphanumeric characters. If you omit the colon from the device-name value, AUTHORIZE appends a colon. The default device is SYS$SYSDISK.

If you specify a logical name as the device-name (for example, DISK1: for DUA1:), you must make an entry for the logical name in the LNM$SYSTEM_TABLE in executive mode by using the DCL command DEFINE/SYSTEM/EXEC.

/DIALUP[=(range[,...])]

Specifies hours of access permitted for dialup logins. For a description of the range specification, see the /ACCESS qualifier. The default is full access.

/DIOLM=value

Specifies the direct I/O count limit for the DIOLM field of the UAF record. The direct I/O count limit is the maximum number of direct I/O operations (usually disk) that can be outstanding at one time. The default is 150 on Alpha and Integrity server systems.

/DIRECTORY=directory-name

Specifies the default directory name for the DIRECTORY field of the UAF record. The directory-name can be 1 to 39 alphanumeric characters. If you do not enclose the directory name in brackets, AUTHORIZE adds the brackets for you. The default directory name is [USER].

/ENQLM=value

Specifies the lock queue limit for the ENQLM field of the UAF record. The lock queue limit is the maximum number of locks that can be queued by the user at one time. The default is 4000 on Alpha and Integrity server systems.

/EXPIRATION=time (default), /NOEXPIRATION

Specifies the expiration date and time of the account. The /NOEXPIRATION qualifier removes the expiration date on the account. If you do not specify an expiration time when you add a new account, AUTHORIZE copies the expiration time from the DEFAULT account. (The expiration time on the DEFAULT account is "none" by default.)

/FILLM=value

Specifies the open file limit for the FILLM field of the UAF record. The open file limit is the maximum number of files that can be open at one time, including active network logical links. The default is 128 on Alpha and Integrity server systems.

/FLAGS=([NO]option[,...])

Specifies login flags for the user. The prefix NO clears the flag. The options are as follows:

AUDITEnables or disables mandatory security auditing for a specific user. By default, the system does not audit the activities of specific users (NOAUDIT).
AUTOLOGINRestricts the user to the automatic login mechanism when logging in to an account. When set, the flag disables login by any terminal that requires entry of a user name and password. The default is to require a user name and password (NOAUTOLOGIN).
CAPTIVE

Prevents the user from changing any defaults at login, for example, /CLI or /LGICMD. It prevents the user from escaping the captive login command procedure specified by the /LGICMD qualifier and gaining access to the DCL command level. Refer to the VSI OpenVMS Guide to System Security.

The CAPTIVE flag also establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. By default, an account is not captive (NOCAPTIVE).

DEFCLIRestricts the user to the default command interpreter by prohibiting the use of the /CLI qualifier at login. By default, a user can choose a CLI (NODEFCLI).
DISCTLYEstablishes an environment where Ctrl/Y interrupts are initially turned off and are invalid until a SET CONTROL=Y is encountered. This could happen in SYLOGIN.COM or in a procedure called by SYLOGIN.COM. Once a SET CONTROL=Y is executed (which requires no privilege), a user can enter a Ctrl/Y and reach the DCL prompt ($). If the intent of DISCTLY is to force execution of the login command files, then SYLOGIN.COM should issue the DCL command SET CONTROL=Y to turn on Ctrl/Y interrupts before exiting. By default, Ctrl/Y is enabled (NODISCTLY).
DISFORCE_PWD_CHANGERemoves the requirement that a user must change an expired password at login. By default, a person can use an expired password only once (NODISFORCE_PWD_CHANGE) and then is forced to change the password after logging in. If the user does not select a new password, the user is locked out of the system. To use this feature, set a password expiration date with the /PWDLIFETIME qualifier.
DISIMAGEPrevents the user from executing RUN and foreign commands. By default, a user can execute RUN and foreign commands (NODISIMAGE).
DISMAILDisables mail delivery to the user. By default, mail delivery is enabled (NODISMAIL).
DISNEWMAILSuppresses announcements of new mail at login. By default, the system announces new mail (NODISNEWMAIL).
DISPWDDICDisables automatic screening of new passwords against a system dictionary. By default, passwords are automatically screened (NODISPWDDIC).
DISPWDHISDisables automatic checking of new passwords against a list of the user's old passwords. By default, the system screens new passwords (NODISPWDHIS).
DISPWDSYNCHSuppresses synchronization of the external password for this account. See bit 9 in the SECURITY_POLICY system parameter for systemwide password synchronization control.
DISRECONNECTDisables automatic reconnection to an existing process when a terminal connection has been interrupted. By default, automatic reconnection is enabled (NODISRECONNECT).
DISREPORTSuppresses reports of the last login time, login failures, and other security reports. By default, login information is displayed (NODISREPORT).
DISUSERDisables the account so the user cannot log in. For example, the DEFAULT account is disabled. By default, an account is enabled (NODISUSER).
DISWELCOMESuppresses the welcome message (an informational message displayed during a local login). This message usually indicates the version number of the operating system that is running and the name of the node on which the user is logged in. By default, a system login message appears (NODISWELCOME).
EXTAUTHConsiders user to be authenticated by an external user name and password, not by the SYSUAF user name and password. (The system still uses the SYSUAF record to check a user's login restrictions and quotas and to create the user's process profile.)
GENPWDRestricts the user to generated passwords. By default, users choose their own passwords (NOGENPWD).
LOCKPWDPrevents the user from changing the password for the account. By default, users can change their passwords (NOLOCKPWD).
PWD_EXPIREDMarks a password as expired. The user cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not expired after login (NOPWD_EXPIRED).
PWD2_EXPIREDMarks a secondary password as expired. Users cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not set to expire after login (NOPWD2_EXPIRED).
PWDMIX

Enables case-sensitive and extended-character passwords.

After PWDMIX is specified, you can then use mixed-case and extended characters in passwords. Be aware that before the PWDMIX flag is enabled, the system stores passwords in all upper-case. Therefore, until you change passwords, you must enter your pre-PWDMIX passwords in upper-case.

To change the password after PWDMIX is enabled:

  • You (the user) can use the DCL command SET PASSWORD, specifying the new mixed-case password (omitting quotation marks).

  • You (the system manager) can use the AUTHORIZE command MODIFY/PASSWORD, and enclose the user's new mixed-case password in quotation marks " ".

RESTRICTEDPrevents the user from changing any defaults at login (for example, by specifying /LGICMD) and prohibits user specification of a CLI with the /CLI qualifier. The RESTRICTED flag establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. Typically, this flag is used to prevent an applications user from having unrestricted access to the CLI. By default, a user can change defaults (NORESTRICTED).
VMSAUTHAllows account to use standard (SYSUAF) authentication when the EXTAUTH flag would otherwise require external authentication. This depends on the application. An application specifies the VMS domain of interpretation when calling SYS$ACM to request standard VMS authentication for a user account that normally uses external authentication.
/GENERATE_PASSWORD[=keyword], /NOGENERATE_PASSWORD (default)

Invokes the password generator to create user passwords. Generated passwords can consist of 1 to 10 characters. Specify one of the following keywords:

BOTHGenerate primary and secondary passwords.
CURRENTDo whatever the DEFAULT account does (for example, generate primary, secondary, both, or no passwords). This is the default keyword.
PRIMARYGenerate primary password only.
SECONDARYGenerate secondary password only.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, users are forced to change their passwords (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

/IDENTIFIER

Adds an identifier to the rights database, RIGHTSLIST.DAT. The ADD/IDENTIFIER command does not add a user account to the authorization file, SYSUAF.

The ADD/ADD_IDENTIFIER command, however, adds a user account to the authorization file, SYSUAF, and also adds an identifier to the rights database, RIGHTSLIST.DAT.

/INTERACTIVE[ =(range[,...])], /NOINTERACTIVE

Specifies the hours of access for interactive logins. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on interactive logins.

/JTQUOTA=value

Specifies the initial byte quota with which the jobwide logical name table is to be created. By default, the value is 4096 on Alpha and Integrity server systems.

/LGICMD=filespec

Specifies the name of the default login command file. The file name defaults to the device specified for /DEVICE, the directory specified for /DIRECTORY, a file name of LOGIN, and a file type of .COM. If you select the defaults for all these values, the file name is SYS$SYSTEM:[USER]LOGIN.COM.

/LOCAL[=(range[,...])]

Specifies hours of access for interactive logins from local terminals. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on local logins.

/MAXACCTJOBS=value

Specifies the maximum number of batch, interactive, and detached processes that can be active at one time for all users of the same account. By default, a user has a maximum of 0, which represents an unlimited number.

/MAXDETACH=value

Specifies the maximum number of detached processes with the cited user name that can be active at one time. To prevent the user from creating detached processes, specify the keyword NONE. By default, a user has a value of 0, which represents an unlimited number.

/MAXJOBS=value

Specifies the maximum number of processes (interactive, batch, detached, and network) with the cited user name that can be active simultaneously. The first four network jobs are not counted. By default, a user has a maximum value of 0, which represents an unlimited number.

/MODIFY_IDENTIFIER (default), /NOMODIFY_IDENTIFIER

Specifies whether the identifier associated with the user is to be modified in the rights database. This qualifier applies only when you modify the UIC or user name in the UAF record. By default, the associated identifiers are modified.

/NETWORK[=(range[,...])]

Specifies hours of access for network batch jobs. For a description of how to specify the range, see the /ACCESS qualifier. By default, network logins have no access restrictions.

/OWNER=owner-name

Specifies the name of the owner of the account. You can use this name for billing purposes or similar applications. The owner name is 1 to 31 characters. No default owner name exists.

/PASSWORD=(password1[,password2]), /NOPASSWORD

Specifies up to two passwords for login. Passwords can be from 0 to 32 alphanumeric characters in length. The dollar sign ($) and underscore (_) are also permitted.

Uppercase and lowercase characters are equivalent. All lowercase characters are converted to uppercase before the password is encrypted. Avoid using the word password as the actual password.

Use the /PASSWORD qualifier as follows:

  • To set only the first password and clear the second, specify /PASSWORD=password.

  • To set both the first and second password, specify /PASSWORD=(password1, password2).

  • To change the first password without affecting the second, specify /PASSWORD=(password, "").

  • To change the second password without affecting the first, specify /PASSWORD=("", password).

  • To set both passwords to null, specify /NOPASSWORD.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, the user is forced to change the password (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

/PBYTLM

This flag is reserved for VSI.

/PGFLQUOTA=value

Specifies the paging file limit. This is the maximum number of pages that the person's process can use in the system paging file. By default, the value is 256,000 pagelets on Alpha and Integrity server systems.

If decompressing libraries, make sure to set PGFLQUOTA to twice the size of the library.

/PRCLM=value

Specifies the subprocess creation limit. This is the maximum number of subprocesses that can exist at one time for the specified user's process. By default, the value is 8 on Alpha and Integrity server systems.

/PRIMEDAYS=([NO]day[,...])

Defines the primary and secondary days of the week for logging in. Specify the days as a list separated by commas, and enclose the list in parentheses. To specify a secondary day, prefix the day with NO (for example, NOFRIDAY). To specify a primary day, omit the NO prefix.

By default, primary days are Monday through Friday and secondary days are Saturday and Sunday. If you omit a day from the list, AUTHORIZE uses the default value. (For example, if you omit Monday from the list, AUTHORIZE defines Monday as a primary day.)

Use the primary and secondary day definitions in conjunction with such qualifiers as /ACCESS, /INTERACTIVE, and /BATCH.

/PRIORITY=value

Specifies the default base priority. The value is an integer in the range of 0 to63 on Alpha and Integrity server systems. By default, the value is set to 4 for timesharing users.

/PRIVILEGES=([NO]privname[,...])

Specifies which privileges the user is authorized to hold, although these privileges are not necessarily enabled at login. (The /DEFPRIVILEGES qualifier determines which ones are enabled.) A NO prefix removes the privilege from the user. The keyword NOALL disables all user privileges. Many privileges have varying degrees of power and potential system impact (see the VSI OpenVMS Guide to System Security for a detailed discussion). By default, a user holds TMPMBX and NETMBX privileges. Privname is the name of the privilege.

/PWDEXPIRED (default), /NOPWDEXPIRED

Specifies the password is valid for only one login. A user must change a password immediately after login or be locked out of the system. The system warns users of password expiration. A user can either specify a new password, with the DCL command SET PASSWORD, or wait until expiration and be forced to change. By default, a user must change a password when first logging in to an account. The default is applied to the account only when the password is being modified.

/PWDLIFETIME=time (default), /NOPWDLIFETIME

Specifies the length of time a password is valid. Specify a delta time value in the form [dddd-] [hh:mm:ss.cc]. For example, for a lifetime of 120 days, 0 hours, and 0 seconds, specify /PWDLIFETIME="120-". For a lifetime of 120 days 12 hours, 30 minutes and 30 seconds, specify /PWDLIFETIME="120-12:30:30". If a period longer than the specified time elapses before the user logs in, the system displays a warning message. The password is marked as expired.

To prevent a password from expiring, specify the time as NONE. By default, a password expires in 90 days.

/PWDMINIMUM=value

Specifies the minimum password length in characters. Note that this value is enforced only by the DCL command SET PASSWORD. It does not prevent you from entering a password shorter than the minimum length when you use AUTHORIZE to create or modify an account. By default, a password must have at least 6 characters. The value specified by the /PWDMINIMUM qualifier conflicts with the value used by the /GENERATE_PASSWORD qualifier or the DCL command SET PASSWORD/GENERATE, the operating system chooses the lesser value. The maximum value for generated passwords is 10.

/QUEPRIO=value

Reserved for future use.

/REMOTE[=(range[,...])]

Specifies hours during which access is permitted for interactive logins from network remote terminals (with the DCL command SET HOST). For a description of the range specification, see the /ACCESS qualifier. By default, remote logins have no access restrictions.

/SHRFILLM=value

Specifies the maximum number of shared files that the user can have open at one time. By default, the system assigns a value of 0, which represents an infinite number.

/TQELM

Specifies the total number of entries in the timer queue plus the number of temporary common event flag clusters that the user can have at one time. By default, a user can have 10.

/UIC=value

Specifies the user identification code (UIC). The UIC value is a group number in the range from 1 to 37776 (octal) and a member number in the range from 0 to 177776 (octal), which are separated by a comma and enclosed in brackets. VSI reserves group 1 and groups 300--377 for its own use.

Each user must have a unique UIC. By default, the UIC value is [200,200].

/WSDEFAULT=value

Specifies the default working set limit. This represents the initial limit to the number of physical pages the process can use. (The user can alter the default quantity up to WSQUOTA with the DCL command SET WORKING_SET.) By default, a user has 4096 pagelets on Alpha and Integrity server systems.

The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSDEFAULT.

/WSEXTENT=value

Specifies the working set maximum. This represents the maximum amount of physical memory allowed to the process. The system provides memory to a process beyond its working set quota only when it has excess free pages. The additional memory is recalled by the system if needed.

The value is an integer equal to or greater than WSQUOTA. By default, the value is 16384 pagelets on Alpha and Integrity server systems. The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSEXTENT.

/WSQUOTA=value

Specifies the working set quota. This is the maximum amount of physical memory a user process can lock into its working set. It also represents the maximum amount of swap space that the system reserves for this process and the maximum amount of physical memory that the system allows the process to consume if the systemwide memory demand is significant.

The value cannot be greater than the value of WSMAX and cannot exceed 8,192 pagelets on Alpha and Integrity server systems. This quota value replaces smaller values of PQL_MWSQUOTA.

Description

Modify the DEFAULT record when qualifiers normally assigned to a new user differ from the VSI-supplied values. The following qualifiers correspond to fields in the default record that are commonly modified:

Qualifier

Reason for Modification

/CLI

Specifies the default Command Line Interpreter to be used for this user. (Most OpenVMS users use the DCL command interpreter.)

/DEVICE

If most users have the same default login device, allows you to specify a default login device for newly-created users.

The use of a logical name is recommended.

/LGICMD

Specifies the file name of a command procedure to be invoked during the login of the user.
  1. OpenVMS first looks for a systemwide login command procedure, using the systemwide logical name SYS$SYLOGIN. If this logical name successfully translates to a valid file specification, the command interpreter invokes the resulting command procedure during login.

    If the file specification does not include a file extension, the command interpreter applies a default value that is specific to that command interpreter. In the case of the DCL interpreter, the default file extension is .COM.

  2. OpenVMS then looks for a LGICMD specification. If it finds this specification, OpenVMS invokes the command procedure.

    If the LGICMD specification does not include a file extension, the current command interpreter applies a default value. In the case of the DCL interpreter, the default file extension is .COM.

You can disable or override the command procedure invocation during login by specifying qualifiers such as /NOCOMMAND or /LGICMD at the login username prompt.

Also see the CAPTIVE and RESTRICTED flags.

/PRIVILEGES

When users are given different privileges than those supplied by VSI.

Quota qualifiers

When the default quotas are insufficient or inappropriate for mainstream work.

Example

UAF> DEFAULT /DEVICE=SYS$USER/LGICMD=SYS$MANAGER:SECURELGN -
_UAF> /PRIVILEGES=(TMPMBX,GRPNAM,GROUP)
%UAF-I-MDFYMSG, user record(s) updated

The command in this example modifies the DEFAULT record, changing the default device, default login command file, and default privileges.

EXIT

EXIT — Enables you to exit from AUTHORIZE and return to DCL command level. You can also return to command level by pressing Ctrl/Z.

Syntax

EXIT

Parameters

None.

Qualifiers

None.

GRANT/IDENTIFIER

GRANT/IDENTIFIER — Assigns the specified identifier to the user and documents the user as a holder of the identifier in the rights database.

Syntax

GRANT/IDENTIFIER id-name user-spec

Parameters

id-name

Specifies the identifier name. The identifier name is a string of 1 to 31 alphanumeric characters that can contain underscores and dollar signs. The name must contain at least one nonnumeric character.

user-spec

Specifies the UIC identifier that uniquely identifies the user on the system. This type of identifier appears in alphanumeric format. For example: [GROUP1,JONES].

Qualifier

/ATTRIBUTES=(keyword[,...])

Specifies attributes to be associated with the identifier. The following are valid keywords:

DYNAMICAllows unprivileged holders of the identifier to remove and to restore the identifier from the process rights list by using the DCL command SET RIGHTS_LIST.
HOLDER_HIDDENPrevents people from getting a list of users who hold an identifier, unless they own the identifier themselves.
NAME_HIDDENAllows holders of an identifier to have it translated, either from binary to ASCII or from ASCII to binary, but prevents unauthorized users from translating the identifier.
NOACCESSMakes any access rights of the identifier null and void. If a user is granted an identifier with the No Access attribute, that identifier has no effect on the user's access rights to objects. This attribute is a modifier for an identifier with the Resource or Subsystem attribute.
RESOURCEAllows holders of an identifier to charge disk space to the identifier. Used only for file objects.
SUBSYSTEMAllows holders of the identifier to create and maintain protected subsystems by assigning the Subsystem ACE to the application images in the subsystem. Used only for file objects.

To remove an attribute from the identifier, add a NO prefix to the attribute keyword. For example, to remove the Resource attribute, specify /ATTRIBUTES=NORESOURCE.

Example

UAF> GRANT/IDENTIFIER INVENTORY [300,015]
%UAF-I-GRANTMSG, identifier INVENTORY granted to CRAMER
The command in this example grants the identifier INVENTORY to the user named Cramer who has UIC [300,015]. Cramer becomes the holder of the identifier and any resources associated with it. The following command produces the same result:
UAF> GRANT/IDENTIFIER INVENTORY CRAMER

HELP

HELP — Displays information concerning the use of AUTHORIZE, including formats and explanations of commands, parameters, and qualifiers.

Syntax

HELP keyword[,...]

Parameter

keyword[,...]

Specifies one or more keywords that refer to the topic, command, qualifier, or parameter on which you want information from the AUTHORIZE HELP command.

Qualifiers

None.

Description

If you do not specify a keyword, HELP displays information about the topics and commands for which help is available. It then prompts you with Topic?. You can supply a topic or a command name, or press Return. When you specify a command name and qualifiers, you get detailed information about that command. If you respond by pressing Return, you exit from help. You can also exit from help by pressing Ctrl/Z.

If the command you request accepts qualifiers, the display of the help information about the command is followed by the prompt Subtopic?. Respond to this prompt with a qualifier name, or press Return. If you respond by pressing Return, HELP prompts with Topic?. If you want to exit from help directly from this level, press Ctrl/Z.

Examples

  1. UAF> HELP ADD
    The HELP command in this example displays information about the ADD command:
    ADD
    
       Adds a user record to the SYSUAF and corresponding identifiers to
       the rights database.
    
       Format
    
         ADD  newusername
    
      Additional information available:
    
    Parameter  Qualifiers
    /ACCESS    /ACCOUNT   /ADD_IDENTIFIER       /ALGORITHM /ASTLM     /BATCH
    /BIOLM     /BYTLM     /CLI       /CLITABLES /CPUTIME   /DEFPRIVILEGES
    /DEVICE    /DIALUP    /DIOLM     /DIRECTORY /ENQLM     /EXPIRATION
    /FILLM     /FLAGS     /GENERATE_PASSWORD    /INTERACTIVE          /JTQUOTA
    /LGICMD    /LOCAL     /MAXACCTJOBS          /MAXDETACH /MAXJOBS   /NETWORK
    /OWNER     /PASSWORD  /PBYTLM    /PGFLQUOTA /PRCLM     /PRIMEDAYS /PRIORITY
    /PRIVILEGES           /PWDEXPIRED           /PWDLIFETIME
    /PWDMINIMUM           /REMOTE    /SHRFILLM  /TQELM     /UIC
    /WSDEFAULT /WSEXTENT  /WSQUOTA
    Examples   /IDENTIFIER           /PROXY
    
    ADD Subtopic?
  2. UAF> HELP ADD/ACCOUNT
    The command in this example displays information about the /ACCOUNT qualifier:
    ADD
    
      /ACCOUNT=account-name
    
       Specifies the default name for the account (for example, a billing
       name or number). The name can be a string of 1 to 8 alphanumeric
       characters. By default, AUTHORIZE does not assign an account name.

LIST

LIST — Writes reports for selected UAF records to a listing file, SYSUAF.LIS, which his placed in the current default directory. LIST/IDENTIFIER, LIST/PROXY, and LIST/RIGHTS are documented as separate commands.

Syntax

LIST user-spec

Parameter

user-spec

Specifies the user name or UIC of the requested UAF record. Without the user-spec parameter, AUTHORIZE lists the user records of all users. The asterisk (*) and percent sign (%) wild cards are permitted in the user name.

Qualifiers

/BRIEF

Specifies that a brief report be written to SYSUAF.LIS. The /BRIEF qualifier is the default qualifier. SYSUAF.LIS is placed in the default directory.

/FULL

Specifies that a full report be written to SYSUAF.LIS, including identifiers held by the user. SYSUAF.LIS is placed in the SYS$SYSTEM directory.

Description

The LIST command creates a listing file of reports for selected UAF records. Print the listing file, SYSUAF.LIS, with the DCL command PRINT.

Specification of a user name results in a single-user report. Specification of the asterisk wildcard character following the LIST command results in reports for all users in ascending sequence by user name. Specification of a UIC results in reports for all users with that UIC. (VSI recommends that you assign each user a unique UIC, but if users share a UIC, the report will show all users with that UIC.) You can use the asterisk wildcard character to specify the UIC.

The following table shows how to specify a UIC with the LIST command and use the asterisk wildcard character with the UIC specification to produce various types of reports:

Command

Description

LIST [14,6]

Lists a full report for the user (or users) with member number 6 in group 14.

LIST [14,*] /BRIEF

Lists a brief report for all users in group 14, in ascending sequence by member number.

LIST [*,6] /BRIEF

Lists a brief report for all users with a member number of 6.

LIST [*,*] /BRIEF

Lists a brief report for all users, in ascending sequence by UIC.

Although you must provide separate UICs for each user, the LIST command reports users with the same UIC in the order in which they were added to the SYSUAF. Full reports list the details of the limits, privileges, login flags, and command interpreter. Brief reports do not include the limits, login flags, or command interpreter, nor do they summarize the privileges. AUTHORIZE never displays the password for an account.

See the SHOW command for examples of brief and full reports.

Examples

  1. UAF> LIST ROBIN/FULL
    %UAF-I-LSTMSG1, writing listing file
    %UAF-I-LSTMSG2, listing file SYSUAF.LIS complete

    This command lists a full report for the user record ROBIN.

  2. UAF> LIST *
    %UAF-I-LSTMSG1, writing listing file
    %UAF-I-LSTMSG2, listing file SYSUAF.LIS complete

    This command results in brief reports for all users in ascending sequence by user name. Note, however, that this is the same result you would produce had you omitted the asterisk wildcard.

  3. UAF> LIST [300,*]
    %UAF-I-LSTMSG1, writing listing file
    %UAF-I-LSTMSG2, listing file SYSUAF.LIS complete

    This command lists a brief report for all user records with a group UIC of 300.

LIST/IDENTIFIER

LIST/IDENTIFIER — Creates a listing file (RIGHTSLIST.LIS) in which identifier names, attributes, values, and holders are written.

Syntax

LIST/IDENTIFIER id-name

Parameter

id-name

Specifies an identifier name. You can specify the asterisk wildcard character (*) to list all identifiers. If you omit the identifier name, you must specify /USER or /VALUE.

Qualifiers

/BRIEF

Specifies a brief listing in which only the identifier name, value, and attributes appear.

/FULL

Specifies a full listing, in which the names of the identifier's holders are displayed along with the identifier's name, value, and attributes. The /FULL qualifier specifies the default listing format.

/USER=user-spec

Specifies one or more users whose identifiers are to be listed. The user-spec can be a user name or UIC. You can use the asterisk wildcard character (*) to specify multiple user names or UICs. UICs must be in the form [*,*],[n,*], [*,n], or [n,n]. A wildcard user name specification (*) lists identifiers alphabetically by user name; a wildcard UIC specification ([*,*]) lists them numerically by UIC.

/VALUE=value-specifier
Specifies the value of the identifier to be listed. The following formats are valid for the value-specifier:

IDENTIFIER:n

An integer value in the range 65,536 to 268,435,455. You can also specify the value in hexadecimal (precede the value with %X) or octal (precede the value with %O).

To differentiate general identifiers from UIC identifiers, %X80000000 is added to the value you specify.

GID:n

GID is the POSIX group identifier. It is an integer value in the range 0 to 16,777,215 (%XFFFFFF). The system will add %XA400.0000 to the value you specify and then enter this new value into the system RIGHTSLIST as an identifier.

UIC:uic

A UIC value in the standard UIC format.

Description

The LIST/IDENTIFIER command creates a listing file in which identifier names, attributes, values, and holders are displayed in various formats depending on the qualifiers specified. Two of these formats are illustrated in the description of the SHOW/IDENTIFIER command.

Print the listing file named RIGHTSLIST.LIS with the DCL command PRINT.

Examples

  1. UAF> LIST/IDENTIFIER INVENTORY
    %UAF-I-LSTMSG1, writing listing file
    %UAF-I-RLSTMSG, listing file RIGHTSLIST.LIS complete

    The command in this example generates a full listing for the identifier INVENTORY, including its value (in hexadecimal), holders, and attributes.

  2. UAF> LIST/IDENTIFIER/USER=ANDERSON
    %UAF-I-LSTMSG1, writing listing file
    %UAF-I-RLSTMSG, listing file RIGHTSLIST.LIS complete
    This command lists an identifier associated with the user ANDERSON, along with its value and attributes. Note, however, that this is the same result you would produce had you specified ANDERSON's UIC with the following forms of the command:
    UAF> LIST/IDENTIFIER/USER=[300,015]

    UAF> LIST/IDENTIFIER/VALUE=UIC:[300,015]

LIST/PROXY

LIST/PROXY — Creates a listing file of the network proxy database entries from the network database file NET$PROXY.DAT.

Syntax

LIST/PROXY

Parameters

None.

Qualifiers

/OLD

Directs AUTHORIZE to display information from the NETPROXY.DAT file rather than from the default file NET$PROXY.DAT.

If someone modifies the proxy database on a cluster node that is not running the current OpenVMS VAX system, then you can use the /OLD qualifier to list the contents of the old database: NETPROXY.DAT.

Description

Use the DCL command PRINT to print the listing file, NETPROXY.LIS. The output assumes the same format as that of the SHOW/PROXY command. For an example of the output format, see the description of the SHOW/PROXY command.

Example

UAF> LIST/PROXY/OLD
%UAF-I-LSTMSG1, writing listing file
%UAF-I-NETLSTMSG, listing file NETPROXY.LIS complete

The command in this example creates a listing file of all the entries in the network proxy database NETPROXY.DAT.

LIST/RIGHTS

LIST/RIGHTS — Lists identifiers held by the specified identifier or, if /USER is specified, all identifiers held by the specified users.

Syntax

LIST/RIGHTS id-name

Parameter

id-name

Specifies the name of the identifier associated with the user. If you omit the identifier name, you must specify the /USER qualifier.

Qualifier

/USER=user-spec

Specifies a user whose identifiers are to be listed. The user-spec can be a user name or UIC. You can use the asterisk wildcard character (*) to specify multiple UICs or all user names. UICs must be in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard user name specification (*) or wildcard UIC specification ([*,*]) lists all identifiers held by users. The wildcard user name specification lists holders' user names alphabetically; the wildcard UIC specification lists them in the numerical order of their UICs.

Description

Use the DCL command PRINT to print the listing file (RIGHTSLIST.LIS) produced by the LIST/RIGHTS command. For an example of the output format, see the description of the SHOW/RIGHTS command.

Example

UAF> LIST/RIGHTS PAYROLL
%UAF-I-LSTMSG1, writing listing file
%UAF-I-RLSTMSG, listing file RIGHTSLIST.LIS complete

The command in this example lists identifiers held by PAYROLL, providing PAYROLL is the name of a UIC format identifier.

MODIFY

MODIFY — Changes values in a SYSUAF user record. Qualifiers not specified in the command remain unchanged. MODIFY/IDENTIFIER, MODIFY/PROXY, and MODIFY/SYSTEM_PASSWORD are documented as separate commands.

Syntax

MODIFY username /qualifier[,...]

Parameter

username

Specifies the name of a user in the SYSUAF. The asterisk (*) and percent sign (%) wildcard characters are permitted in the user name. When you specify a single asterisk for the user name, you modify the records of all users.

Qualifiers

/ACCESS[=(range[,...])], /NOACCESS[=(range[,...])]

Specifies hours of access for all modes of access. The syntax for specifying the range is:

/[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])

Specify hours as integers from 0 to 23, inclusive. You can specify single hours (n) or ranges of hours (n-m). If the ending hour of a range is earlier than the starting hour, the range extends from the starting hour through midnight to the ending hour. The first set of hours after the keyword PRIMARY specifies hours on primary days; the second set of hours after the keyword SECONDARY specifies hours on secondary days. Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour.

By default, a user has full access every day. See the DCL command SET DAY in the VSI OpenVMS DCL Dictionary for information about overriding the defaults for primary and secondary day types.

All the list elements are optional. Unless you specify hours for a day type, access is permitted for the entire day. By specifying an access time, you prevent access at all other times. Adding NO to the qualifier denies the user access to the system for the specified period of time. See the following examples.

/ACCESSAllows unrestricted access
/NOACCESS=SECONDARYAllows access on primary days only
/ACCESS=(9-17)Allows access from 9 A.M. to 5:59 P.M. on all days
/NOACCESS=(PRIMARY, 9-17, SECONDARY, 18-8)Disallows access between 9 A.M. to 5:59 P.M. on primary days but allows access during these hours on secondary days

To specify access hours for specific types of access, see the /BATCH, /DIALUP, /INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.

Refer to VSI OpenVMS Guide to System Security for information about the effects of login class restrictions.

/ACCOUNT=account-name

Specifies the default name for the account (for example, a billing name or number). The name can be a string of 1 to 8 alphanumeric characters. By default, AUTHORIZE does not assign an account name.

/ALGORITHM=keyword=type [=value]

Sets the password encryption algorithm for a user. The keyword VMS refers to the algorithm used in the operating system version that is running on your system, whereas a customer algorithm is one that is added through the $HASH_PASSWORD system service by a customer site, by a layered product, or by a third party. The customer algorithm is identified in $HASH_PASSWORD by an integer in the range of 128 to 255. It must correspond with the number used in the AUTHORIZE command MODIFY/ALGORITHM. By default, passwords are encrypted with the VMS algorithm for the current version of the operating system.

KeywordFunction
BOTHSet the algorithm for primary and secondary passwords.
CURRENTSet the algorithm for the primary, secondary, both, or no passwords, depending on account status. CURRENT is the default value.
PRIMARYSet the algorithm for the primary password only.
SECONDARYSet the algorithm for the secondary password only.
The following table lists password encryption algorithms:
TypeDefinition
VMSThe algorithm used in the version of the operating system that is running on your system.
CUSTOMERA numeric value in the range of 128 to 255 that identifies a customer algorithm.

The following example selects the VMS algorithm for Sontag's primary password:

UAF> MODIFY SONTAG/ALGORITHM=PRIMARY=VMS

If you select a site-specific algorithm, you must give a value to identify the algorithm, as follows:

UAF> MODIFY SONTAG/ALGORITHM=CURRENT=CUSTOMER=128
/ASTLM=value

Specifies the AST queue limit, which is the total number of asynchronous system trap (AST) operations and scheduled wake-up requests that the user can have queued at one time. The default is 40 on VAX systems and 250 on Alpha systems.

/BATCH[=(range[,...])]

Specifies the hours of access permitted for batch jobs. For a description of the range specification, see the /ACCESS qualifier. The default is 300 on Alpha and Integrity server systems.

/BIOLM=value

Specifies a buffered I/O count limit for the BIOLM field of the UAF record. The buffered I/O count limit is the maximum number of buffered I/O operations, such as terminal I/O, that can be outstanding at one time. The default is 150 on Alpha and Integrity server systems.

/BYTLM=value

Specifies the buffered I/O byte limit for the BYTLM field of the UAF record. The buffered I/O byte limit is the maximum number of bytes of nonpaged system dynamic memory that a user's job can consume at one time. Nonpaged dynamic memory is used for operations such as I/O buffering, mailboxes, and file-access windows. The default is 128,000 on Alpha and Integrity server systems.

/CLI=cli-name

Specifies the name of the default command language interpreter (CLI) for the CLI field of the UAF record. The cli-name is a string of 1 to 31 alphanumeric characters and should be DCL, which is the default. This setting is ignored for network jobs.

/CLITABLES=filespec

Specifies user-defined CLI tables for the account. The filespec can contain 1 to 31 characters. The default is SYS$LIBRARY:DCLTABLES. Note that this setting is ignored for network jobs to guarantee that the system-supplied command procedures used to implement network objects function properly.

/CPUTIME=time

Specifies the maximum process CPU time for the CPU field of the UAF record. The maximum process CPU time is the maximum amount of CPU time a user's process can take per session. You must specify a delta time value. For a discussion of delta time values, refer to the OpenVMS User's Manual. The default is 0, which means an infinite amount of time.

/DEFPRIVILEGES=, ([NO]privname[,...])

Specifies default privileges for the user; that is, those enabled at login time. A NO prefix removes a privilege from the user. By specifying the keyword [NO]ALL with the /DEFPRIVILEGES qualifier, you can disable or enable all user privileges. The default privileges are TMPMBX and NETMBX. Privname is the name of the privilege.

/DEVICE=device-name

Specifies the name of the user's default device at login. The device-name is a string of 1 to 31 alphanumeric characters. If you omit the colon from the device-name value, AUTHORIZE appends a colon. The default device is SYS$SYSDISK.

If you specify a logical name as the device-name (for example, DISK1: for DUA1:), you must make an entry for the logical name in the LNM$SYSTEM_TABLE in executive mode by using the DCL command DEFINE/SYSTEM/EXEC.

/DIALUP[=(range[,...])]

Specifies hours of access permitted for dialup logins. For a description of the range specification, see the /ACCESS qualifier. The default is full access.

/DIOLM=value

Specifies the direct I/O count limit for the DIOLM field of the UAF record. The direct I/O count limit is the maximum number of direct I/O operations (usually disk) that can be outstanding at one time. The default is 150 on Alpha and Integrity server systems.

/DIRECTORY=directory-name

Specifies the default directory name for the DIRECTORY field of the UAF record. The directory-name can be 1 to 39 alphanumeric characters. If you do not enclose the directory name in brackets, AUTHORIZE adds the brackets for you. The default directory name is [USER].

/ENQLM=value

Specifies the lock queue limit for the ENQLM field of the UAF record. The lock queue limit is the maximum number of locks that can be queued by the user at one time. The default is 4000 on Alpha and Integrity server systems.

/EXPIRATION=time (default), /NOEXPIRATION

Specifies the expiration date and time of the account. The /NOEXPIRATION qualifier removes the expiration date on the account. If you do not specify an expiration time when you add a new account, AUTHORIZE copies the expiration time from the DEFAULT account. (The expiration time on the DEFAULT account is "none" by default.)

/FILLM=value

Specifies the open file limit for the FILLM field of the UAF record. The open file limit is the maximum number of files that can be open at one time, including active network logical links. The default is 128 on Alpha and Integrity server systems..

/FLAGS=([NO]option[,...])

Specifies login flags for the user. The prefix NO clears the flag. The options are as follows:

AUDITEnables or disables mandatory security auditing for a specific user. By default, the system does not audit the activities of specific users (NOAUDIT).
AUTOLOGINRestricts the user to the automatic login mechanism when logging in to an account. When set, the flag disables login by any terminal that requires entry of a user name and password. The default is to require a user name and password (NOAUTOLOGIN).
CAPTIVE

Prevents the user from changing any defaults at login, for example, /CLI or /LGICMD. It prevents the user from escaping the captive login command procedure specified by the /LGICMD qualifier and gaining access to the DCL command level. Refer to the VSI OpenVMS Guide to System Security.

The CAPTIVE flag also establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. By default, an account is not captive (NOCAPTIVE).

DEFCLIRestricts the user to the default command interpreter by prohibiting the use of the /CLI qualifier at login. By default, a user can choose a CLI (NODEFCLI).
DISCTLYEstablishes an environment where Ctrl/Y interrupts are initially turned off and are invalid until a SET CONTROL=Y is encountered. This could happen in SYLOGIN.COM or in a procedure called by SYLOGIN.COM. Once a SET CONTROL=Y is executed (which requires no privilege), a user can enter a Ctrl/Y and reach the DCL prompt ($). If the intent of DISCTLY is to force execution of the login command files, then SYLOGIN.COM should issue the DCL command SET CONTROL=Y to turn on Ctrl/Y interrupts before exiting. By default, Ctrl/Y is enabled (NODISCTLY).
DISFORCE_PWD_CHANGERemoves the requirement that a user must change an expired password at login. By default, a person can use an expired password only once (NODISFORCE_PWD_CHANGE) and then is forced to change the password after logging in. If the user does not select a new password, the user is locked out of the system. To use this feature, set a password expiration date with the /PWDLIFETIME qualifier.
DISIMAGEPrevents the user from executing RUN and foreign commands. By default, a user can execute RUN and foreign commands (NODISIMAGE).
DISMAILDisables mail delivery to the user. By default, mail delivery is enabled (NODISMAIL).
DISNEWMAILSuppresses announcements of new mail at login. By default, the system announces new mail (NODISNEWMAIL).
DISPWDDICDisables automatic screening of new passwords against a system dictionary. By default, passwords are automatically screened (NODISPWDDIC).
DISPWDHISDisables automatic checking of new passwords against a list of the user's old passwords. By default, the system screens new passwords (NODISPWDHIS).
DISPWDSYNCHSuppresses synchronization of the external password for this account. See bit 9 in the SECURITY_POLICY system parameter for systemwide password synchronization control.
DISRECONNECTDisables automatic reconnection to an existing process when a terminal connection has been interrupted. By default, automatic reconnection is enabled (NODISRECONNECT).
DISREPORTSuppresses reports of the last login time, login failures, and other security reports. By default, login information is displayed (NODISREPORT).
DISUSERDisables the account so the user cannot log in. For example, the DEFAULT account is disabled. By default, an account is enabled (NODISUSER).
DISWELCOMESuppresses the welcome message (an informational message displayed during a local login). This message usually indicates the version number of the operating system that is running and the name of the node on which the user is logged in. By default, a system login message appears (NODISWELCOME).
EXTAUTHConsiders user to be authenticated by an external user name and password, not by the SYSUAF user name and password. (The system still uses the SYSUAF record to check a user's login restrictions and quotas and to create the user's process profile.)
GENPWDRestricts the user to generated passwords. By default, users choose their own passwords (NOGENPWD).
LOCKPWDPrevents the user from changing the password for the account. By default, users can change their passwords (NOLOCKPWD).
PWD_EXPIREDMarks a password as expired. The user cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not expired after login (NOPWD_EXPIRED).
PWD2_EXPIREDMarks a secondary password as expired. Users cannot log in if this flag is set. The LOGINOUT.EXE image sets the flag when both of the following conditions exist: a user logs in with the DISFORCE_PWD_CHANGE flag set, and the user's password expires. A system manager can clear this flag. By default, passwords are not set to expire after login (NOPWD2_EXPIRED).
PWDMIX

Enables case-sensitive and extended-character passwords.

After PWDMIX is specified, you can then use mixed-case and extended characters in passwords. Be aware that before the PWDMIX flag is enabled, the system stores passwords in all upper-case. Therefore, until you change passwords, you must enter your pre-PWDMIX passwords in upper-case.

To change the password after PWDMIX is enabled:

  • You (the user) can use the DCL command SET PASSWORD, specifying the new mixed-case password (omitting quotation marks).

  • You (the system manager) can use the AUTHORIZE command MODIFY/PASSWORD, and enclose the user's new mixed-case password in quotation marks " ".

RESTRICTEDPrevents the user from changing any defaults at login (for example, by specifying /LGICMD) and prohibits user specification of a CLI with the /CLI qualifier. The RESTRICTED flag establishes an environment where Ctrl/Y interrupts are initially turned off; however, command procedures can still turn on Ctrl/Y interrupts with the DCL command SET CONTROL=Y. Typically, this flag is used to prevent an applications user from having unrestricted access to the CLI. By default, a user can change defaults (NORESTRICTED).
VMSAUTHAllows account to use standard (SYSUAF) authentication when the EXTAUTH flag would otherwise require external authentication. This depends on the application. An application specifies the VMS domain of interpretation when calling SYS$ACM to request standard VMS authentication for a user account that normally uses external authentication.
/GENERATE_PASSWORD, [=keyword], /NOGENERATE_PASSWORD, (default)

Invokes the password generator to create user passwords. Generated passwords can consist of 1 to 10 characters. Specify one of the following keywords:

BOTHGenerate primary and secondary passwords.
CURRENTDo whatever the DEFAULT account does (for example, generate primary, secondary, both, or no passwords). This is the default keyword.
PRIMARYGenerate primary password only.
SECONDARYGenerate secondary password only.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, users are forced to change their passwords (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

/IDENTIFIER

Adds an identifier to the rights database, RIGHTSLIST.DAT. The ADD/IDENTIFIER command does not add a user account to the authorization file, SYSUAF.

The ADD/ADD_IDENTIFIER command, however, adds a user account to the authorization file, SYSUAF, and also adds an identifier to the rights database, RIGHTSLIST.DAT.

/INTERACTIVE[ =(range[,...])], /NOINTERACTIVE

Specifies the hours of access for interactive logins. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on interactive logins.

/JTQUOTA=value

Specifies the initial byte quota with which the jobwide logical name table is to be created. By default, the value is 4096 on Alpha and Integrity server systems.

/LGICMD=filespec

Specifies the name of the default login command file. The file name defaults to the device specified for /DEVICE, the directory specified for /DIRECTORY, a file name of LOGIN, and a file type of .COM. If you select the defaults for all these values, the file name is SYS$SYSTEM:[USER]LOGIN.COM.

/LOCAL[=(range[,...])]

Specifies hours of access for interactive logins from local terminals. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on local logins.

/MAXACCTJOBS=value

Specifies the maximum number of batch, interactive, and detached processes that can be active at one time for all users of the same account. By default, a user has a maximum of 0, which represents an unlimited number.

/MAXDETACH=value

Specifies the maximum number of detached processes with the cited user name that can be active at one time. To prevent the user from creating detached processes, specify the keyword NONE. By default, a user has a value of 0, which represents an unlimited number.

/MAXJOBS=value

Specifies the maximum number of processes (interactive, batch, detached, and network) with the cited user name that can be active simultaneously. The first four network jobs are not counted. By default, a user has a maximum value of 0, which represents an unlimited number.

/MODIFY_IDENTIFIER (default), /NOMODIFY_IDENTIFIER

Specifies whether the identifier associated with the user is to be modified in the rights database. This qualifier applies only when you modify the UIC or user name in the UAF record. By default, the associated identifiers are modified.

/NETWORK[=(range[,...])]

Specifies hours of access for network batch jobs. For a description of how to specify the range, see the /ACCESS qualifier. By default, network logins have no access restrictions.

/OWNER=owner-name

Specifies the name of the owner of the account. You can use this name for billing purposes or similar applications. The owner name is 1 to 31 characters. No default owner name exists.

/PASSWORD=, (password1[,password2]), /NOPASSWORD

Specifies up to two passwords for login. Passwords can be from 0 to 32 alphanumeric characters in length. The dollar sign ($) and underscore (_) are also permitted.

Uppercase and lowercase characters are equivalent. All lowercase characters are converted to uppercase before the password is encrypted. Avoid using the word password as the actual password.

Use the /PASSWORD qualifier as follows:

  • To set only the first password and clear the second, specify /PASSWORD=password.

  • To set both the first and second password, specify /PASSWORD=(password1, password2).

  • To change the first password without affecting the second, specify /PASSWORD=(password, "").

  • To change the second password without affecting the first, specify /PASSWORD=("", password).

  • To set both passwords to null, specify /NOPASSWORD.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, the user is forced to change the password (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

/PBYTLM

This flag is reserved for VSI.

/PGFLQUOTA=value

Specifies the paging file limit. This is the maximum number of pages that the person's process can use in the system paging file. By default, the value is 256,000 pagelets on Alpha and Integrity server systems..

If decompressing libraries, make sure to set PGFLQUOTA to twice the size of the library.

/PRCLM=value

Specifies the subprocess creation limit. This is the maximum number of subprocesses that can exist at one time for the specified user's process. By default, the value is 8 on Alpha and Integrity server systems.

/PRIMEDAYS=([NO]day[,...])

Defines the primary and secondary days of the week for logging in. Specify the days as a list separated by commas, and enclose the list in parentheses. To specify a secondary day, prefix the day with NO (for example, NOFRIDAY). To specify a primary day, omit the NO prefix.

By default, primary days are Monday through Friday and secondary days are Saturday and Sunday. If you omit a day from the list, AUTHORIZE uses the default value. (For example, if you omit Monday from the list, AUTHORIZE defines Monday as a primary day.)

Use the primary and secondary day definitions in conjunction with such qualifiers as /ACCESS, /INTERACTIVE, and /BATCH.

/PRIORITY=value

Specifies the default base priority. The value is an integer in the range of 0 to 63 on Alpha and Integrity server systems. By default, the value is set to 4 for timesharing users.

/PRIVILEGES=([NO]privname[,...])

Specifies which privileges the user is authorized to hold, although these privileges are not necessarily enabled at login. (The /DEFPRIVILEGES qualifier determines which ones are enabled.) A NO prefix removes the privilege from the user. The keyword NOALL disables all user privileges. Many privileges have varying degrees of power and potential system impact (see the VSI OpenVMS Guide to System Security for a detailed discussion). By default, a user holds TMPMBX and NETMBX privileges. Privname is the name of the privilege.

/PWDEXPIRED (default), /NOPWDEXPIRED

Specifies the password is valid for only one login. A user must change a password immediately after login or be locked out of the system. The system warns users of password expiration. A user can either specify a new password, with the DCL command SET PASSWORD, or wait until expiration and be forced to change. By default, a user must change a password when first logging in to an account. The default is applied to the account only when the password is being modified.

/PWDLIFETIME=time (default), /NOPWDLIFETIME

Specifies the length of time a password is valid. Specify a delta time value in the form [dddd-] [hh:mm:ss.cc]. For example, for a lifetime of 120 days, 0 hours, and 0 seconds, specify /PWDLIFETIME="120-". For a lifetime of 120 days 12 hours, 30 minutes and 30 seconds, specify /PWDLIFETIME="120-12:30:30". If a period longer than the specified time elapses before the user logs in, the system displays a warning message. The password is marked as expired.

To prevent a password from expiring, specify the time as NONE. By default, a password expires in 90 days.

/PWDMINIMUM=value

Specifies the minimum password length in characters. Note that this value is enforced only by the DCL command SET PASSWORD. It does not prevent you from entering a password shorter than the minimum length when you use AUTHORIZE to create or modify an account. By default, a password must have at least 6 characters. The value specified by the /PWDMINIMUM qualifier conflicts with the value used by the /GENERATE_PASSWORD qualifier or the DCL command SET PASSWORD/GENERATE, the operating system chooses the lesser value. The maximum value for generated passwords is 10.

/QUEPRIO=value

Reserved for future use.

/REMOTE[=(range[,...])]

Specifies hours during which access is permitted for interactive logins from network remote terminals (with the DCL command SET HOST). For a description of the range specification, see the /ACCESS qualifier. By default, remote logins have no access restrictions.

/SHRFILLM=value

Specifies the maximum number of shared files that the user can have open at one time. By default, the system assigns a value of 0, which represents an infinite number.

/TQELM

Specifies the total number of entries in the timer queue plus the number of temporary common event flag clusters that the user can have at one time. By default, a user can have 10.

/UIC=value

Specifies the user identification code (UIC). The UIC value is a group number in the range from 1 to 37776 (octal) and a member number in the range from 0 to 177776 (octal), which are separated by a comma and enclosed in brackets. VSI reserves group 1 and groups 300--377 for its own use.

Each user must have a unique UIC. By default, the UIC value is [200,200].

/WSDEFAULT=value

Specifies the default working set limit. This represents the initial limit to the number of physical pages the process can use. (The user can alter the default quantity up to WSQUOTA with the DCL command SET WORKING_SET.) By default, a user has 4096 pagelets on Alpha and Integrity server systems.

The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSDEFAULT.

/WSEXTENT=value

Specifies the working set maximum. This represents the maximum amount of physical memory allowed to the process. The system provides memory to a process beyond its working set quota only when it has excess free pages. The additional memory is recalled by the system if needed.

The value is an integer equal to or greater than WSQUOTA. By default, the value is 16384 pagelets on Alpha and Integrity server systems. The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSEXTENT.

/WSQUOTA=value

Specifies the working set quota. This is the maximum amount of physical memory a user process can lock into its working set. It also represents the maximum amount of swap space that the system reserves for this process and the maximum amount of physical memory that the system allows the process to consume if the systemwide memory demand is significant.

The value cannot be greater than the value of WSMAX and cannot exceed 8,192 pagelets on Alpha and Integrity server systems. This quota value replaces smaller values of PQL_MWSQUOTA.

Description

The MODIFY command changes values in a SYSUAF user record. Most values not in the command remain unchanged. If the UIC is changed, the value of the corresponding identifier is also changed.

Modifications to the user record are not retroactive; thus, any changes to quota values apply to the next process that is created but not to the current one.

Examples

  1. UAF> MODIFY ROBIN /PASSWORD=SP0172
    %UAF-I-MDFYMSG, user record(s) updated

    The command in this example changes the password for user ROBIN without altering any other values in the record.

  2. UAF> MODIFY ROBIN/FLAGS=RESTRICTED
    %UAF-I-MDFYMSG, user record(s) updated

    The command in this example modifies the UAF record for user ROBIN by adding the login flag RESTRICTED.

MODIFY/IDENTIFIER

MODIFY/IDENTIFIER — Modifies an identifier name, its associated value, or its attributes in the rights database.

Syntax

MODIFY/IDENTIFIER id-name

Parameter

id-name

Specifies the name of an identifier to be modified.

Qualifiers

/ATTRIBUTES=(keyword[,...])

Specifies attributes to be associated with the modified identifier. The following keywords are valid:

DYNAMICAllows unprivileged holders of the identifier to remove and to restore the identifier from the process rights list by using the DCL command SET RIGHTS_LIST.
HOLDER_HIDDENPrevents people from getting a list of users who hold an identifier, unless they own the identifier themselves.
NAME_HIDDENAllows holders of an identifier to have it translated, either from binary to ASCII or from ASCII to binary, but prevents unauthorized users from translating the identifier.
NOACCESSMakes any access rights of the identifier null and void. If a user is granted an identifier with the No Access attribute, that identifier has no effect on the user's access rights to objects. This attribute is a modifier for an identifier with the Resource or Subsystem attribute.
RESOURCEAllows holders of an identifier to charge disk space to the identifier. Used only for file objects.
SUBSYSTEMAllows holders of the identifier to create and maintain protected subsystems by assigning the Subsystem ACE to the application images in the subsystem. Used only for file objects.
To remove an attribute from the identifier, add a NO prefix to the attribute keyword. For example, to remove the Resource attribute, specify /ATTRIBUTES=NORESOURCE.

Note

If you specify the NORESOURCE keyword without naming any holder with the /HOLDER qualifier, all holders lose the right to charge resources.

/HOLDER=username

Specifies the holder of an identifier whose attributes are to be modified. The /HOLDER qualifier is used only in conjunction with the/ATTRIBUTES qualifier.

If you specify /HOLDER, the /NAME and /VALUE qualifiers are ignored.

/NAME=new-id-name

Specifies a new identifier name to be associated with the identifier.

/VALUE=value-specifier
Specifies a new identifier value. Note that an identifier value cannot be modified from a UIC to a non-UIC format or vice versa. The following formats are valid for the value-specifier:

IDENTIFIER:n

An integer value in the range of 65,536 to 268,435,455. You can also specify the value in hexadecimal (precede the value with %X) or octal (precede the value with %O).

To differentiate general identifiers from UIC identifiers, %X80000000is added to the value you specify.

GID:n

GID is the POSIX group identifier. It is an integer value in the range 0 to 16,777,215 (%XFFFFFF). The system will add %XA400.0000 to the value you specify and then enter this new value into the system RIGHTSLIST as an identifier.

UIC:uic

A UIC value in the standard UIC format.

Description

The MODIFY/IDENTIFIER command changes identifier names, associated values, and attributes in the rights database. Values not specified in the command remain unchanged.

Example

  1. UAF> MODIFY/IDENTIFIER OLD_ID /NAME=NEW_ID
    %UAF-I-RDBMDFYMSG, identifier OLD_ID modified

    The command in this example changes the name of the OLD_ID identifier to NEW_ID.

  2. UAF> MODIFY/IDENTIFIER/VALUE=UIC:[300,21] ACCOUNTING
    %UAF-I-RDBMDFYMSG, identifier ACCOUNTING modified

    The command in this example changes the old UIC value of the identifier ACCOUNTING to a new value.

  3. UAF> MODIFY/IDENTIFIER/ATTRIBUTES=NORESOURCE-
    _UAF> /HOLDER=CRAMER ACCOUNTING
    %UAF-I-RDBMDFYMSG, identifier ACCOUNTING modified

    The command in this example associates the attribute NORESOURCE with the identifier ACCOUNTING in CRAMER's holder record. The identifier ACCOUNTING is not changed.

MODIFY/PROXY

MODIFY/PROXY — Modifies an entry in the network proxy authorization file to specify a different local account as the default proxy account for the remote user or to specify no default proxy account for the remote user. The command modifies an entry in the network proxy authorization file NET$PROXY.DAT and, to maintain compatibility with other systems, modifies an entry in NETPROXY.DAT. You must modify the proxy database from a system running the current OpenVMS system.

Syntax

MODIFY/PROXY node::remote-user

Parameters

node

Specifies a node name. If you specify an asterisk wildcard character (*), the specified remote user on all nodes is served by the local user.

remote-user

Specifies the user name of a user at a remote node. If you specify an asterisk wildcard character, all users at the specified node are served by the local user.

For systems that are not OpenVMS systems that implement DECnet, specifies the UIC of a user at a remote node. You can specify an asterisk wildcard in the group and member fields of the UIC.

Qualifier

/DEFAULT[=local-user], /NODEFAULT

Designates the default user name on the local node through which proxy access from the remote user is directed. If /NODEFAULT is specified, removes the default designation.

Description

Use the MODIFY/PROXY command to specify a different local account as the default proxy account for the remote user or to specify that there is no default proxy account for the remote user. Whenever you modify user entries, AUTHORIZE signals DECnet to update its volatile database. Proxy modifications take effect immediately on all nodes in a cluster that share the proxy database.

The first command in the following example grants remote user STIR::YETTA proxy access to the PROXY1 and PROXY2 local accounts. The default proxy account is PROXY1. The second command changes the default proxy account to PROXY2.
UAF> ADD/PROXY STIR::YETTA  PROXY1/DEFAULT, PROXY2
.
.
.
UAF> MODIFY/PROXY STIR::YETTA /DEFAULT=PROXY2
The next example shows the command used to remove the default proxy designation.
UAF> MODIFY/PROXY STIR::YETTA /NODEFAULT

If you remove the default proxy designation as shown in the last command, remote user STIR::YETTA must include the name of the proxy account (PROXY1 or PROXY2) in the access control string of each network operation to gain proxy access to the local system.

If no default proxy account is specified either in the network proxy database or in the access control string of the DCL command, the system attempts to perform the network operation using the default DECnet account.

Example

UAF> MODIFY/PROXY MISHA::MARCO /DEFAULT=JOHNSON
%UAF-I-NAFADDMSG, record successfully modified in NETPROXY.DAT

The command in this example changes the default proxy account for user MARCO on the remote node MISHA to the JOHNSON account.

MODIFY/SYSTEM_PASSWORD

MODIFY/SYSTEM_PASSWORD — Changes the systemwide password. The systemwide password is different from the password for the SYSTEM user name. See the note in the Description. This command operates similarly to the DCL command SET PASSWORD/SYSTEM.

Syntax

MODIFY/SYSTEM_PASSWORD=system-password

Parameter

system-password

Specifies the new systemwide password.

Qualifiers

None.

Description

For a detailed description of the effects of this command, see the discussion of the SET PASSWORD/SYSTEM command in the VSI OpenVMS Guide to System Security.

Example

UAF> MODIFY/SYSTEM_PASSWORD=ABRACADABRA
UAF>

This command changes the systemwide password to ABRACADABRA.

REMOVE

REMOVE — Deletes a SYSUAF user record and corresponding identifiers in the rights database. The DEFAULT and SYSTEM records cannot be deleted. REMOVE/IDENTIFIER and REMOVE/PROXY are documented as separate commands.

Syntax

REMOVE username

Parameter

username

Specifies the name of a user in the SYSUAF.

Qualifier

/REMOVE_IDENTIFIER (default), /NOREMOVE_IDENTIFIER

Specifies whether the user name and account name identifiers should be removed from the rights database when a record is removed from the UAF. If two UAF records have the same UIC, the user name identifier is removed only when the second record is deleted. Similarly, the account name identifier is removed only if there are no remaining UAF records with the same group as the deleted record.

Description

If you remove a SYSUAF record for a user who also appears as a local user in the network user authorization file, every network authorization record for that user is also removed.

Example

UAF> REMOVE ROBIN
%UAF-I-REMMSG, record removed from SYSUAF.DAT
%UAF-I-RDBREMMSGU, identifier ROBIN value: [000014,000006] removed from
   RIGHTSLIST.DAT

The command in this example deletes the record for user ROBIN from the SYSUAF and ROBIN's UIC identifier from RIGHTSLIST.DAT.

REMOVE/IDENTIFIER

REMOVE/IDENTIFIER — Removes an identifier from the rights database.

Syntax

REMOVE/IDENTIFIER id-name

Parameter

id-name

Specifies the name of an identifier in the rights database.

Qualifiers

None.

Example

UAF> REMOVE/IDENTIFIER Q1SALES
%UAF-I-RDBREMMSGU, identifier Q1SALES value %X80010024 removed from
   RIGHTSLIST.DAT

The command in this example removes the identifier Q1SALES from the rights database. All of its holder records are removed with it.

REMOVE/PROXY

REMOVE/PROXY — Deletes network proxy access for the specified remote user.

Syntax

REMOVE/PROXY node::remote-user [local-user,...]

Parameters

node

Specifies the name of a network node in the network proxy authorization file.

remote-user

Specifies the user name or UIC of a user on a remote node. The asterisk wildcard character (*) is permitted in the remote-user specification.

local-user

Specifies the user name of from 1 to 16 users on the local node. If no local user is specified, proxy access to all local accounts is removed.

Qualifiers

None.

Example

UAF> REMOVE/PROXY MISHA::MARCO
%UAF-I-NAFREMMSG, proxy from MISHA::MARCO to * removed

The command in this example deletes the record for MISHA::MARCO from the network proxy authorization file, removing all proxy access to the local node for user MARCO on node MISHA.

RENAME

RENAME — Changes the user name of the SYSUAF record (and, if specified, the corresponding identifier) while retaining the characteristics of the old record. RENAME/IDENTIFIER is documented as a separate command.

Syntax

RENAME oldusername newusername

Parameters

oldusername

Specifies the current user name in the SYSUAF.

newusername

Specifies the new name for the user. It can contain 1 to 12 alphanumeric characters and underscores. Although dollar signs are permitted, they are usually reserved for system names.

Qualifiers

/GENERATE_PASSWORD, [=keyword], /NOGENERATE_PASSWORD, (default)

Invokes the password generator to create user passwords. Generated passwords can consist of 1 to 10 characters. Specify one of the following keywords:

BOTHGenerate primary and secondary passwords.
CURRENTDo whatever the DEFAULT account does (for example, generate primary, secondary, both, or no passwords). This is the default keyword.
PRIMARYGenerate primary password only.
SECONDARYGenerate secondary password only.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, users are forced to change their passwords (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

/MODIFY_IDENTIFIER, (default), /NOMODIFY_IDENTIFIER

Specifies whether the identifier associated with the user is to be modified in the rights database. This qualifier applies only when you modify the UIC or user name in the UAF record. By default, the associated identifiers are modified.

/PASSWORD=, (password1 [,password2]), /NOPASSWORD

Specifies up to two passwords for login. Passwords can be from 0 to 32 alphanumeric characters in length. The dollar sign ($) and underscore (_) are also permitted.

Uppercase and lowercase characters are equivalent. All lowercase characters are converted to uppercase before the password is encrypted. Avoid using the word password as the actual password.

Use the /PASSWORD qualifier as follows:

  • To set only the first password and clear the second, specify /PASSWORD=password.

  • To set both the first and second password, specify /PASSWORD=(password1, password2).

  • To change the first password without affecting the second, specify /PASSWORD=(password, "").

  • To change the second password without affecting the first, specify /PASSWORD=("", password).

  • To set both passwords to null, specify /NOPASSWORD.

When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, the user is forced to change the password (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).

Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.

When you create a new UAF record with the RENAME command, you must specify a password.

Description

The RENAME command renames a SYSUAF record. It changes the user name of the SYSUAF record (and, if specified, the corresponding identifier) while retaining the characteristics of the old record. Retention of these characteristics can be particularly helpful when a user's name changes.

Note that because password verification includes the user name as well as the password, an attempted login will fail when the user whose name has been changed attempts to log in with an old password. (Only null passwords can be effectively transferred from one user record to another by the RENAME command.) Make it a practice to include a new password when you use the RENAME command, and notify the user of the change. If you omit the /PASSWORD qualifier, you receive a warning message reminding you that the old password must be changed.

The user's network authorization records are automatically changed to the new name.

Examples

  1. UAF> RENAME HAWKES KRAMERDOVE/PASSWORD=MARANNKRA
    %UAF-I-PRACREN, proxies to HAWKES renamed
    %UAF-I-RENMSG, user record renamed
    %UAF-I-RDBMDFYMSG, identifier HAWKES modified

    The command in this example changes the name of the account Hawkes to Kramerdove, modifies the user name identifier for the account, and renames all proxies to the account.

  2. UAF> RENAME HAWKES KRAMERDOVE
    %UAF-I-PRACREN, proxies to HAWKES renamed
    %UAF-I-RENMSG, user record renamed
    %UAF-W-DEFPWD, Warning: copied or renamed records must receive
      new password
    %UAF-I-RDBMDFYMSG, identifier HAWKES modified

    This example shows the warning message that the system displays if you fail to specify a new password with the RENAME command.

RENAME/IDENTIFIER

RENAME/IDENTIFIER — Renames an identifier in the rights database.

Syntax

RENAME/IDENTIFIER current-id-name new-id-name

Parameters

current-id-name

Specifies the name of an identifier to be renamed.

new-id-name

Specifies the new name for the identifier.

Qualifiers

None.

Description

The RENAME/IDENTIFIER command is functionally equivalent to the following AUTHORIZE command:
MODIFY/IDENTIFIER/NAME=new-id-name id-name

Example

UAF> RENAME/IDENTIFIER Q1SALES Q2SALES
%UAF-I-RDBMDFYMSG, identifier Q1SALES modified

The command in this example renames the identifier Q1SALES to Q2SALES.

REVOKE/IDENTIFIER

REVOKE/IDENTIFIER — Takes an identifier away from a user.

Syntax

REVOKE/IDENTIFIER id-name user-spec

Parameters

id-name

Specifies the identifier name. The identifier name is a string of 1 to 31 alphanumeric characters. The name can contain underscores and dollar signs. It must contain at least one nonnumeric character.

user-spec

Specifies the UIC identifier that uniquely identifies the user on the system. This type of identifier appears in alphanumeric format, not numeric format; for example, [GROUP1,JONES].

Description

The REVOKE/IDENTIFIER command edits RIGHTSLIST.DAT, removing the user's name from the list of those who hold a given identifier. The change does not affect the process rights list of any current processes.

Example

UAF> REVOKE/IDENTIFIER INVENTORY CRAMER
%UAF-I-REVOKEMSG, identifier INVENTORY revoked from CRAMER

The command in this example revokes the identifier INVENTORY from the user Cramer. Cramer loses the identifier and any resources associated with it.

Note that because rights identifiers are stored in numeric format, it is not necessary to change records for users holding a renamed identifier.

SHOW

SHOW — Displays reports for selected UAF records on the current SYS$OUTPUT device. SHOW/IDENTIFIER, SHOW/PROXY, and SHOW/RIGHTS are documented as separate commands.

Syntax

SHOW user-spec

Parameter

user-spec

Specifies the user name or UIC of the requested UAF record. If you omit the user-spec parameter, the UAF records of all users are listed. The asterisk (*) and percent sign (%) wildcard characters are permitted in the user name.

Qualifiers

/BRIEF
Specifies that a brief report be displayed. In the report, the Directory field displays one of the following items:
  • Disuser—The account has been disabled.

  • Expired—The account has expired.

  • A device and directory name—The login device and directory for the account (for example, DOCD$:[SMITH]).

If you omit the /BRIEF qualifier, AUTHORIZE displays a full report.

/FULL

Specifies that a full report be displayed, including identifiers held by the user. Full reports include the details of the limits, privileges, login flags, and the command interpreter as well as the identifiers held by the user. The password is not listed.

/EXACT

Controls whether the SHOW command matches the search string exactly or treats uppercase and lowercase letters as equivalents. Enclose the specified string within quotation marks (" "). Use /EXACT with the /PAGE=SAVE and /SEARCH qualifiers.

/HIGHLIGHT[=keyword], /NOHIGHLIGHT (default)

Identifies how to display the line that contains a string once it is found. The following keywords are valid:

  • BLINK
  • BOLD (default)
  • REVERSE
  • UNDERLINE

Use the /HIGHLIGHT qualifier with the /PAGE=SAVE and /SEARCH qualifiers.

/PAGE[=keyword], /NOPAGE (default)
Controls the information display on a screen. The following keywords are valid:
CLEAR_SCREENClear the screen before displaying the next page.
SCROLLDisplay a continuous stream of information.
SAVE[= n]Store information and enable the navigational keys listed in Table 5.1. By default, the command saves 5 pages. The maximum page width is 255 columns.
Table 5.1. Screen Control Keys
Key or Key SequenceAction Taken When Key or Key Sequence Is Pressed
DOWN ARROW KEYScroll the display down one line
LEFT ARROW KEYScroll the display one column to the left
RIGHT ARROW KEYScroll the display one column to the right
UP ARROW KEYScroll the display up one line
Find (E1)Search for a new string in the information being displayed
Insert Here (E2)Move the display to the right by half a screen
Remove (E3)Move the display to the left by half a screen
Select (E4)Switch from 80-column displays to 132-column displays
Prev Screen (E5)Return to the previous page
Next Screen (E6)Display the next page
Ctrl/ZReturn to the UAF> prompt
HelpDisplay AUTHORIZE help text
F16 (Do)Switch from the oldest to the newest page
Ctrl/WRefresh the display
/SEARCH=string

Used with the /PAGE=SAVE qualifier to specify a string to find in the information being displayed. You can dynamically change the search string by pressing the Find key (E1) while the information is being displayed.

/WRAP, /NOWRAP (default)

Used with the /PAGE=SAVE qualifier to limit the number of columns to the width of the screen and wrap lines that extend beyond the width of the screen to the next line.

The /NOWRAP qualifier extends lines beyond the width of the screen. Use the /PAGE=SAVE qualifier and the screen control keys listed in Table 5.1 to view the entire screen.

Description

The SHOW command produces reports on user authorization records. You can select the reports to be displayed, as follows:
  • To display a single-user report, specify a user name.

  • To display reports for all users in ascending sequence by user name, specify an asterisk wildcard character (*).

  • To display reports for all users with a common UIC, specify the UIC. Users with the same UIC are listed in the order in which they were added to the SYSUAF.

    You can also use the asterisk wildcard character to specify all or part of the UIC, as shown in the following examples:

    Command

    Description

    SHOW [14,*] /BRIEF

    Displays a brief report for all users in group 14, in ascending sequence by member number.

    SHOW [*,6] /BRIEF

    Displays a brief report for all users with a member number of 6.

    SHOW [*,*] /BRIEF

    Displays a brief report for all users, in ascending sequence by UIC.

Examples

  1. UAF> SHOW ROBIN
    The command in this example displays a full report for the user ROBIN. The display corresponds to the first example in the description of the ADD command. Most defaults are in effect.
    Username: ROBIN                       Owner:  JOSEPH ROBIN
    Account:  VMS                         UIC:    [14,6] ([INV,ROBIN])
    CLI:      DCL                         Tables: DCLTABLES
    Default:  SYS$USER:[ROBIN]
    LGICMD:
    Login Flags:
    Primary days:   Mon Tue Wed Thu Fri
    Secondary days:                     Sat Sun
    No access restrictions
    Expiration:    (none)    Pwdminimum:  6   Login Fails:     0
    Pwdlifetime:   (none)    Pwdchange:   15-JAN-2000 14:08
    Last Login:    (none) (interactive),      (none) (non-interactive)
    Maxjobs:         0  Fillm:       300  Bytlm:        32768
    Maxacctjobs:     0  Shrfillm:      0  Pbytlm:           0
    Maxdetach:       0  BIOlm:        40  JTquota:       4096
    Prclm:           2  DIOlm:        40  WSdef:          256
    Prio:            4  ASTlm:        40  WSquo:          512
    Queprio:         0  TQElm:        10  WSextent:      1024
    CPU:        (none)  Enqlm:       200  Pgflquo:      32768
    Authorized Privileges:
      TMPMBX NETMBX
    Default Privileges:
      TMPMBX NETMBX
    Identifier                  Value            Attributes
      CLASS_CA101               %X80010032       NORESOURCE NODYNAMIC
      CLASS_PY102               %X80010049       NORESOURCE NODYNAMIC

    Note

    The quotas Pbytlm and Queprio are placeholders only.

  2. UAF> SHOW [360,*] /BRIEF
    The command in this example displays a brief report for every user with a group UIC of 360.
    Owner       Username UIC       Account  Privs Pri Default Directory
    JOHN JAMES  JAMES    [360,201] USER     Normal  4 DOCD$:[JAMES]
    SUZY JONES  JONES    [360,203] DOC      Devour  4 DOCD$:[JONES]
    CLIFF BROWN BROWN    [360,021] DOC      All     4 disuser
    JOY CARTER  CARTER   [360,005] DOCSEC   Group   4 expired 
  3. UAF> SHOW WELCH
    This command displays a full report for the restricted user WELCH. This display corresponds to the second example in the description of the ADD command.
    Username: WELCH                   Owner:  ROB WELCH
    Account:  INV                     UIC:    [14,51] ([14,51])
    CLI:      DCL                     Tables: DCLTABLES
    Default:  SYS$USER:[WELCH]
    LGICMD:   SECUREIN
    Login Flags:  Restricted Diswelcome Disnewmail ExtAuth
    Primary days:   Mon Tue Wed Thu Fri
    Secondary days:                     Sat Sun
    Primary   000000000011111111112222  Secondary 000000000011111111112222
    Day Hours 012345678901234567890123  Day Hours 012345678901234567890123
    Network:  -----  No access  ------            ##### Full access ######
    Batch:    #########--------#######            ---------#########------
    Local:    #########--------#######            ---------#########------
    Dialup:   ##### Full access ######            -----  No access  ------
    Remote:   #########--------#######            ---------#########------
    Expiration:        (none)    Pwdminimum:  6  Login Fails:     0
    Pwdlifetime:       (none)    Pwdchange:      (pre-expired)
    Last Login:        (none) (interactive),     (none) (non-interactive)
    Maxjobs:         0  Fillm:       300  Bytlm:        32768
    Maxacctjobs:     0  Shrfillm:      0  Pbytlm:           0
    Maxdetach:       0  BIOlm:        40  JTquota:       4096
    Prclm:           2  DIOlm:        40  WSdef:          256
    Prio:            4  ASTlm:        40  WSquo:          512
    Queprio:         4  TQElm:        10  WSextent:      1024
    CPU:        (none)  Enqlm:       200  Pgflquo:      32768
    Authorized Privileges:
      TMPMBX NETMBX
    Default Privileges:
      TMPMBX NETMBX  

    Note that WELCH is a captive user who does not receive announcements of new mail or the welcome message when logging in. His login command file, SECUREIN.COM, is presumably a captive command file that controls all of his operations. (Such a command file never exits, but performs operations for its user and logs him out when appropriate.) The CAPTIVE flag prevents WELCH from escaping control of the command file by using Ctrl/Y or other means. Furthermore, he is restricted to logging in between the hours of 5:00 P.M. and 8:59 A.M. on weekdays and 9:00 A.M. and 5:59 P.M. on weekends. Although he is allowed to use dial-up lines at all times during the week, he is not allowed to log in over the network. On weekends, he is further restricted so that he cannot dial in at any time or use the DCL command SET HOST between the hours of 6:00 P.M. and 8:59 A.M.

SHOW/IDENTIFIER

SHOW/IDENTIFIER — Displays information about an identifier, such as its name, value, attributes, and holders, on the current SYS$OUTPUT device.

Syntax

SHOW/IDENTIFIER id-name

Parameter

id-name

Specifies an identifier name. The identifier name is a string of 1 to 31 alphanumeric characters. The name can contain underscores and dollar signs. It must contain at least one nonnumeric character. If you omit the identifier name, you must specify /USER or /VALUE.

Qualifiers

/BRIEF

Specifies a brief listing in which only the identifier name, value, and attributes are displayed. The default format is /BRIEF.

/FULL

Specifies a full listing in which the names of the identifier's holders are displayed along with the identifier's name, value, and attributes.

/USER=user-spec

Specifies one or more users whose identifiers are to be displayed. The user-spec can be a user name or a UIC. You can use the asterisk wildcard character (*) to specify multiple UICs or all user names. UICs must be in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard user name specification (*) displays identifiers alphabetically by user name; a wildcard UIC specification ([*,*]) displays them numerically by UIC.

/VALUE=value-specifier
Specifies the value of the identifier to be listed. The following formats are valid for the value-specifier:

IDENTIFIER:n

An integer value in the range of 65,536 to 268,435,455. You can also specify the value in hexadecimal (precede the value with %X) or octal (precede the value with %O).

To differentiate general identifiers from UIC identifiers, %X80000000 is added to the value you specify.

GID:n

GID is the POSIX group identifier. It is an integer value in the range 0 to 16,777,215 (%XFFFFFF). The system will add %XA400.0000 to the value you specify and then enter this new value into the system RIGHTSLIST as an identifier.

UIC:uic

A UIC value in the standard UIC format.

See also the screen control qualifiers listed under the SHOW command:
  • /EXACT
  • /HIGHLIGHT[=keyword]
  • /NOHIGHLIGHT (default)
  • /PAGE[=keyword]
  • /NOPAGE (default)
  • /SEARCH=string
  • /WRAP
  • /NOWRAP (default)

Description

The SHOW/IDENTIFIER command displays identifier names, values, attributes, and holders in various formats depending on the qualifiers specified. Two of these formats are illustrated in the following examples.

Examples

  1. UAF> SHOW/IDENTIFIER/FULL INVENTORY
    This command would produce output similar to the following example:
    Name               Value           Attributes
    INVENTORY          %X80010006      NORESOURCE NODYNAMIC
      Holder            Attributes
      ANDERSON          NORESOURCE NODYNAMIC
      BROWN             NORESOURCE NODYNAMIC
      CRAMER            NORESOURCE NODYNAMIC 
  2. UAF> SHOW/IDENTIFIER/USER=ANDERSON
    This command displays the identifier associated with the user ANDERSON, as follows:
    Name                       Value           Attributes
    ANDERSON                   [000300,000015] NORESOURCE NODYNAMIC
    The identifier is shown, along with its value and attributes. Note, however, that this is the same result you would produce had you specified ANDERSON's UIC with the following forms of the command:
    UAF> SHOW/IDENTIFIER/USER=[300,015]

    UAF> SHOW/IDENTIFIER/VALUE=UIC:[300,015]

SHOW/PROXY

SHOW/PROXY — Displays all authorized proxy access for the specified remote user.

Syntax

SHOW/PROXY node::remote-user

Parameters

node

Specifies the name of a network node in the network proxy authorization file. The asterisk wildcard character (*) is permitted in the node specification.

remote-user

Specifies the user name or UIC of a user on a remote node. The asterisk wildcard character (*) is permitted in the remote-user specification.

Qualifiers

/OLD

Directs AUTHORIZE to display information from NETPROXY.DAT rather than the default file NET$PROXY.DAT.

If someone modifies the proxy database on a cluster node that is running an OpenVMS system prior to Version 6.1, you can use the /OLD qualifier to display the contents of the old database, NETPROXY.DAT.

See also the screen control qualifiers listed under the SHOW command:
  • /EXACT
  • /HIGHLIGHT[=keyword]
  • /NOHIGHLIGHT (default)
  • /PAGE[=keyword]
  • /NOPAGE (default)
  • /SEARCH=string
  • /WRAP
  • /NOWRAP (default)

Description

The SHOW/PROXY command displays the first 255 characters of a node name although the command can handle a maximum of 1024 characters.

Examples

  1. UAF> SHOW/PROXY SAMPLE::[200,100]
     Default proxies are flagged with an *
    
    SAMPLE::[200,100]
         MARCO *                              PROXY2
         PROXY3

    The command in this example displays all authorized proxy access for the user on node SAMPLE with a UIC of [200,100]. The default proxy account can be changed from MARCO to PROXY2 or PROXY3 with the MODIFY/PROXY command.

  2. UAF> SHOW/PROXY *::*
     Default proxies are flagged with (D)
    
    TAO:.TWA.RANCH::MARTINEZ
        MARTINEZ (D)                        SALES_READER
    
    UAF> show/proxy/old *::*
    
     Default proxies are flagged with (D)
    
    RANCH::MARTINEZ
        MARTINEZ (D)                        SALES_READER

    The command in this example displays information about local authorized proxy access on a system running DECnet-Plus. The first command draws information from the file NET$PROXY.DAT. By including the /OLD qualifier on the SHOW/PROXY command, AUTHORIZE displays information from the file NETPROXY.DAT.

SHOW/RIGHTS

SHOW/RIGHTS — Displays the identifiers held by the specified identifiers or, if /USER is specified, all identifiers held by the specified users.

Syntax

SHOW/RIGHTS id-name

Parameter

id-name

Specifies the name of the identifier associated with the user. If you omit the identifier name, you must specify the /USER qualifier.

Qualifier

/USER=user-spec

Specifies one or more users whose identifiers are to be listed. The user-spec can be a user name or a UIC. You can use the asterisk wildcard character (*) to specify multiple UICs or all user names. UICs must be in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard user name specification (*) or wildcard UIC specification ([*,*]) displays all identifiers held by users. The wildcard user name specification displays holders' user names alphabetically; the wildcard UIC specification displays them in the numerical order of their UICs.

See also the screen control qualifiers listed under the SHOW command:
  • /EXACT
  • /HIGHLIGHT[=keyword]
  • /NOHIGHLIGHT (default)
  • /PAGE[=keyword]
  • /NOPAGE (default)
  • /SEARCH=string
  • /WRAP
  • /NOWRAP (default)

Description

Output displayed from the SHOW/RIGHTS command is identical to that written to RIGHTSLIST.LIS when you use the LIST/RIGHTS command.

Example

UAF> SHOW/RIGHTS ANDERSON
This command displays all identifiers held by the user ANDERSON. For example:
Name                Value           Attributes
INVENTORY           %X80010006      NORESOURCE NODYNAMIC
PAYROLL             %X80010022      NORESOURCE NODYNAMIC
Note that the following formats of the command produce the same result:
SHOW/RIGHTS/USER=ANDERSON

SHOW/RIGHTS/USER=[300,015]

Chapter 6. AUTOGEN Command Procedure

6.1. AUTOGEN Description

The AUTOGEN command procedure (SYS$UPDATE:AUTOGEN.COM) sets appropriate values for system parameters and sizes for system page, swap, and dump files. AUTOGEN runs automatically when you install or upgrade the operating system.

In addition, you can use AUTOGEN to reset system parameter values, system file sizes, or both. The new values and file sizes take effect the next time the system is booted.

VSI recommends that you run AUTOGEN on a weekly basis to adjust system parameters according to your system's work load. For a list and description of all system parameters, see the VSI OpenVMS System Management Utilities Reference Manual, Volume 2: M-Z.

AUTOGEN executes in phases, with each phase performing a separate task. You control which tasks AUTOGEN performs by specifying a start phase and an end phase when you invoke AUTOGEN. For more information about the AUTOGEN phases, see Section 6.4.

You can add commands to the file SYS$SYSTEM:MODPARAMS.DAT to control the system parameter values and file sizes that AUTOGEN sets. AUTOGEN uses the information in this file to determine final values for system parameters or page, swap or dump file sizes. For more information, see the chapter about managing system parameters in the VSI OpenVMS System Manager's Manual.

AUTOGEN can improve system performance by using dynamic information, called feedback, which is gathered from the running system.

Note

When making major configuration changes, do not use feedback. Specify nofeedback to assure the use of the initial AUTOGEN settings. See Table 6.2 for more information about nofeedback.

You control how AUTOGEN uses feedback by specifying an execution mode when you invoke AUTOGEN. To direct AUTOGEN to use feedback to make its calculations, run AUTOGEN in feedback mode. After a period of time, you can execute AUTOGEN in feedback mode to further refine system parameter settings. For more information about AUTOGEN feedback, see Section 6.3.

6.1.1. NEWPARAMS.DAT

The following sections explain how AUTOGEN uses NEWPARAMS.DAT and how layered product installation procedures can use it. If you are not involved in making layered product kits, you might not be interested in the sections preceding Section 6.1.1.3.

The basic reason for developing NEWPARAMS.DAT has been to provide a way for layered product installation procedures to easily supply AUTOGEN with the necessary parameter changes for the product. NEWPARAMS.DAT greatly reduces (if not eliminates) the need to modify MODPARAMS.DAT after installing a new layered product and avoids having installation procedures attempt to edit MODPARAMS.DAT.

NEWPARAMS.DAT does not replace or make MODPARAMS.DAT obsolete, and it does not remove the requirement to run AUTOGEN after installing a layered product. (AUTOGEN can, however, process several versions of NEWPARAMS.DAT, which you might have if you install several layered products without running AUTOGEN between installations).

6.1.1.1. How NEWPARAMS.DAT Works

Three files are involved in the operation of NEWPARAMS.DAT:
  • NEWPARAMS.DAT

    This file contains the parameter requirements for a particular layered product.

  • NEWPARAMS.DONE

    AUTOGEN renames each NEWPARAMS.DAT to NEWPARAMS.DONE as soon as it has finished processing the file.

    Note

    If AUTOGEN finds three versions of NEWPARAMS.DAT, it processes version 3, then version 2, and then version 1. After AUTOGEN has renamed the files to NEWPARAMS.DONE, their version numbers ARE reversed, reflecting the fact that the oldest file was processed and renamed the most recently.

    The system manager can purge these files at any time. AUTOGEN, however, does not delete these files immediately so that you can examine them if some problem occurs with the layered product installation or with a subsequent run of AUTOGEN.

  • CLU$PARAMS.DAT

    This file receives the parameter values of the NEWPARAMS.DAT files that AUTOGEN processes.

In NEWPARAMS.DAT the AUTOGEN code expects to find records that are comments (which are not passed to CLU$PARAMS.DAT), and parameter assignments very much like those in MODPARAMS.DAT. These are usually assignments similar to ADD_parameter and MIN_parameter:
  • The first setting, ADD_parameter, defines the amount of a particular resource (for example, NPAGEDYN, GBLPAGES) the layered product requires.

  • The second setting, MIN_parameter, provides floor for the calculation of a parameter (for example, PQL_DWSDEFAULT).

The parameter settings in NEWPARAMS.DAT are integrated into CLU$PARAMS.DAT. This file is then used, along with MODPARAMS.DAT and the feedback and hardware configuration data, to calculate parameter values in the GENPARAMS phase. System managers do not need to modify CLU$PARAMS.DAT;MODPARAMS.DAT continues to be the proper file to contain system-specific parameter changes.

6.1.1.2. What Goes into NEWPARAMS.DAT

The following sections describe what is placed in the NEWPARAMS.DAT file.

6.1.1.2.1. Product Name
A very important difference between the parameter assignments in MODPARAMS.DAT, which is familiar to most system managers, and those in NEWPARAMS.DAT: the name of the layered product that makes the assignments.

Note

If the name of the product changes from one kit to the next, the system ends up with parameter changes made under both names. Therefore, choose the name carefully so that you do not need to change it in future kits. In addition, do not include version numbers.

AUTOGEN no longer allows layered product kits to provide NEWPARAMS.DAT records that do not include a product name.

You can pass the layered product name to AUTOGEN in either of the following ways:
  • Prepend the name and a dollar-sign ($) to each parameter name; for example:
        DW-MOTIF$ADD_GBLPAGES=28000
  • Include the name as a comment, which must begin as follows:
        !Set by
    The entire remainder of the comment is used as the product name for example:
        MIN_GBLPAGES=62000         !Set by DW-MOTIF

    In this example, DW-MOTIF becomes the product name.

The first method takes precedence over the second method. For example, someone might enter a value like the following:
ABBOTT$add_npagedyn=1000000   !Set by COSTELLO

In this example, the prefix (ABBOTT) will be used, and the product name specified in the comment (COSTELLO) will be ignored.

VSI recommends that you use one method or the other to avoid confusion.

6.1.1.2.2. Parameter Assignment
Except for specifying the product name, parameter assignment with NEWPARAMS.DAT works the same as it does in MODPARAMS.DAT, where you can set values, floors and ceilings, and specify amounts to add to a parameter; for example:
        WINDOW_SYSTEM = 1
        MIN_GBLSECTIONS = 600
        MAX_WSMAX = 250000
        ADD_GBLPAGES = 25000
6.1.1.2.3. How to Remove Assignments from CLU$PARAMS.DAT

You might want to remove one or more parameter assignments from CLU$PARAMS.DAT for a number of reasons. A layered product might no longer need to use a value other than the default value of a parameter. Also, occasionally OpenVMS Engineering makes a parameters obsolete (for example, VIRTUALPAGECNT), and layered product kits need to include a way to remove these parameters from a system.

To remove an assignment from CLU$PARAMS.DAT, create a NEWPARAMS.DAT that includes either of the following syntaxes:
   AGEN$REMOVE_PARAM  <parameter>  !Set by <product>
   AGEN$REMOVE_PARAM  <product>$<parameter> 

The rules explained in Section 6.1.1.2.1 for specifying product names also apply here. Also, you can mix such removals with assignments in a single NEWPARAMS.DAT file. Use removals to remove assignments of parameters that will no longer be needed; to change a parameter value, simply assign the new value to the parameter in NEWPARAMS.DAT, and the new value will replace the old value.

Note that AUTOGEN does not parse anything between the parameter name and the !Set by comment. This allows the kit producer to use NEWPARAMS.DAT for installation and to create a NEWPARAMS.DAT for deinstallation by prepending "AGEN$REMOVE_PARAM" to the beginning of each line.

6.1.1.3. What CLU$PARAMS.DAT Looks Like

The format of CLU$PARAMS.DAT, which is used to define layered-product-driven parameter modifications, is as follows:
!   The file contains parameters supplied by layered products.
!  It should not be modified.  Customer parameters should be placed in
!  SYS$SYSTEM:MODPARAMS.DAT.
!=================================================================
!
DW_MOTIF$MIN_CHANNELCNT = 255                     !Set by DW-MOTIF
DW_MOTIF$ADD_GBLPAGES = 28000                     !Set by DW-MOTIF
DW_MOTIF$MIN_GBLPAGES = 62000                     !Set by DW-MOTIF
DW_MOTIF$ADD_GBLPAGFIL = 5000                     !Set by DW-MOTIF
DW_MOTIF$MIN_GBLPAGFIL = 6024                     !Set by DW-MOTIF
DECNET_PLUS$MIN_GBLPAGES = 55000                  !Set by DECnet-Plus
DECNET_PLUS$ADD_GBLPAGES = 24000                  !Set by DECnet-Plus

This example shows two layered product installations that use NEWPARAMS.DAT: one is DW-MOTIF (the DEC Windows kit), and the other is DECnet-Plus.

A subsequent installation of DW-MOTIF replaces the value of each parameter assignment in CLU$PARAMS.DAT with the value found in NEWPARAMS.DAT. Whether the new kit has 255, 200 or 300 for MIN_CHANNELCNT, the value that is supplied is the value found in the new copy of CLU$PARAMS.DAT.

Similarly, the new value that DW_MOTIF provides for ADD_GBLPAGES replaces the 28000 in the assignment of ADD_GBLPAGES shown in the last example. These values are not cumulative for a given product; they do, however, accumulate across layered products; therefore, the total ADD_GBLPAGES value are as follows:
28000 + 24000, or 52000

Both NEWPARAMS.DAT and CLU$PARAMS.DAT are ordinary text files created by text editors. VSI does not recommend editing these files.

6.2. AUTOGEN Usage Summary

VSI recommends that you run AUTOGEN in the following circumstances:
  • During a new installation or upgrade.

  • Whenever your work load changes significantly.

  • When you add an optional (layered) software product. Certain layered products might require you to execute AUTOGEN to adjust parameter values and page and swap file sizes. (For information about using AUTOGEN to modify page and swap files, see the chapter on managing page, swap, and dump files in the VSI OpenVMS System Manager's Manual.) For installation requirements, see specific product documentation.

  • When you install images with the /SHARED attribute. The GBLSECTIONS and GBLPAGES parameters might need to be increased to accommodate additional use of global pages and global sections.

  • During normal operation, as part of a batch-oriented command procedure that runs AUTOGEN on a regular basis and automatically sends a report to an appropriate Mail account. The recommended procedure is described in the chapter on managing system parameters in the VSI OpenVMS System Manager's Manual.

After a new operating system installation or upgrade, examine the results of calculations that AUTOGEN made to determine whether AUTOGEN has set system parameter values that are appropriate for your workload requirements.

The system parameters listed in an appendix to this manual indicate whether they are affected by AUTOGEN calculations. AUTOGEN calculations also affect the size of page, swap and dump files.

6.3. Feedback

AUTOGEN feedback minimizes the necessity to modify parameter values or system file sizes. Feedback allows AUTOGEN to automatically size the operating system based on your actual work load. Sizing is the process of matching the allocation of system resources (memory and disk space) with the workload requirements of your site.

Feedback is information about how various resources are used by the system's work load. This information is continuously collected by the operating system executive. Because the system collects feedback when exception events occur, feedback collection does not affect system performance.

You control how AUTOGEN uses feedback by specifying an execution mode when you invoke AUTOGEN. When run in feedback mode, AUTOGEN analyzes this information and adjusts any related parameter values. For information about controlling AUTOGEN's use of feedback, see Section 6.5.

AUTOGEN collects feedback during the SAVPARAMS phase by executing the image SYS$SYSTEM:AGEN$FEEDBACK.EXE. AUTOGEN writes feedback information to the file SYS$SYSTEM:AGEN$FEEDBACK.DAT. This file is then read during the GETDATA phase. For more information about AUTOGEN phases, see Section 6.4.

The system parameters listed in an appendix to this manual indicate whether they are affected by AUTOGEN feedback.

6.4. Phases

AUTOGEN executes in phases. You control which tasks AUTOGEN performs by specifying a start phase and an end phase when you invoke AUTOGEN. Table 6.1 lists the phases AUTOGEN can execute in order.
Table 6.1. AUTOGEN Phases

Phase

Description

SAVPARAMS

Saves dynamic feedback from the running system.

GETDATA

Collects all data to be used in AUTOGEN calculations.

GENPARAMS

Generates new system parameters; creates the installed image list.

TESTFILES

Displays the system page, swap, and dump file sizes calculated by AUTOGEN (cannot be used as a start phase).

GENFILES

Generates new system page, swap, and dump files if appropriate (cannot be used as a start phase).

SETPARAMS

Runs SYSMAN to set the new system parameters in the default parameter file, saves the original parameters, and generates a new parameter file, AUTOGEN.PAR.

SHUTDOWN

Prepares the system to await a manual reboot.

REBOOT

Automatically shuts down and reboots the system.

HELP

Displays help information to the screen.

The following sections describe each phase in detail.

6.4.1. SAVPARAMS

The SAVPARAMS phase records feedback in the file AGEN$FEEDBACK.DAT, which can be used in subsequent AUTOGEN phases. If you specify NOFEEDBACK as the execution-mode parameter, the information collected is not used.

The SAVPARAMS phase is valid as a start phase and end phase. SAVPARAMS requires the SYSPRV and CMKRNL privileges.

Note

You can specify the SAVE_FEEDBACK option during an interactive orderly shutdown with SYS$SYSTEM:SHUTDOWN.COM. Entering this option in response to the prompt Shutdown options: records feedback collected since the system was last booted. Using the SAVE_FEEDBACK option creates a new version of SYS$SYSTEM:AGEN$FEEDBACK.DAT. Run AUTOGEN from the GETDATA phase after the system reboots to use this new version of the feedback.

6.4.2. GETDATA

The GETDATA phase collects the following information required for AUTOGEN calculations and places it in the file PARAMS.DAT:
  • Hardware configuration data

  • VSI-supplied data from CLU$PARAMS.DAT

  • Feedback from AGEN$FEEDBACK.DAT (if run in feedback mode)

  • User-supplied data from MODPARAMS.DAT

The GETDATA phase also attempts to configure devices on the system, by executing the following procedure and command:
  • The command procedure SYS$MANAGER:SYCONFIG.COM. (For more information about this procedure, see the chapter on managing devices in the VSI OpenVMS System Manager's Manual.)

  • The SYSGEN command AUTOCONFIGURE ALL (unless the symbol STARTUP$AUTOCONFIGURE_ALL is set to 0 in SYCONFIG.COM).

The GETDATA phase is valid as a start phase and an end phase. GETDATA requires the SYSPRV and CMKRNL privileges.

6.4.3. GENPARAMS

In the GENPARAMS phase, AUTOGEN calculates the parameter values based on data stored in PARAMS.DAT and produces SETPARAMS.DAT as output. AUTOGEN checks to see if feedback is included, and if so, uses it in the calculations unless the NOFEEDBACK execution mode was specified when AUTOGEN was invoked. Also during this phase, AUTOGEN generates the known image file list (VMSIMAGES.DAT).

The GENPARAMS phase is valid as a start phase and an end phase. GENPARAMS requires SYSPRV, OPER, and CMKRNL privileges.

6.4.4. TESTFILES

The TESTFILES phase displays system page, swap, and dump file sizes calculated by AUTOGEN. (This phase does not change the file sizes.)

File sizes for all currently installed primary and secondary page and swap files are displayed. The information is directed to SYS$OUTPUT and the AGEN$PARAMS.REPORT file by default.

Specify the TESTFILES phase to display AUTOGEN's file size calculations; to generate new sized files, specify the GENFILES phase. You cannot specify both of these phases when invoking AUTOGEN. VSI recommends that you use TESTFILES to display the file size changes before actually generating new sized files on your system.

The TESTFILES phase is valid only as an end phase. TESTFILES requires the SYSPRV privilege.

6.4.5. GENFILES

The GENFILES phase generates the new page, swap, and dump files on the system. This phase changes the file sizes based on AUTOGEN's calculations.

The GENFILES phase does not modify a file if the calculated size change is within ten percent of the existing file size. The following files are affected: PAGEFILE.SYS, SWAPFILE.SYS, SYSDUMP.DMP, and all other currently installed page and swap files. For more information, see the chapter on managing page, swap and dump files in the VSI OpenVMS System Manager's Manual.

GENFILES is valid only as an end phase. GENFILES requires the SYSPRV privilege.

6.4.6. SETPARAMS

The SETPARAMS phase uses as its input the SETPARAMS.DAT file created during the GENPARAMS phase. In this phase, AUTOGEN runs SYSMAN to update the system parameter values in the default parameter file.

On Alpha systems, SYS$SYSTEM:ALPHAVMSSYS.PAR is the default parameter file. AUTOGEN saves the current system parameters in the file SYS$SYSTEM:ALPHAVMSSYS.OLD before updating these parameters in SYS$SYSTEM:ALPHAVMSSYS.PAR. The new values are also saved in SYS$SYSTEM:AUTOGEN.PAR.

On Integrity servers, SYS$SYSTEM:IA64VMSSYS.PAR is the default parameter file. AUTOGEN saves the current system parameters in the file SYS$SYSTEM:IA64VMSSYS.OLD before updating these parameters in SYS$SYSTEM:IA64VMSSYS.PAR. The new values are also saved in SYS$SYSTEM:AUTOGEN.PAR.

The SETPARAMS phase is valid as a start phase and an end phase. SETPARAMS requires the SYSPRV and OPER privileges.

6.4.7. SHUTDOWN

SHUTDOWN shuts down the system and awaits a manual reboot. To use the new system parameter values generated in the SETPARAMS phase, specify either SHUTDOWN or REBOOT as the end phase. You can define the logical name AGEN$SHUTDOWN_TIME (using the DCL command DEFINE) to specify the number of minutes before shutdown occurs.

SHUTDOWN requires the SETPRV privilege.

6.4.8. REBOOT

REBOOT automatically shuts down and reboots the system, thus installing the new parameter values. To install the new system parameter values generated in the SETPARAMS phase, specify either SHUTDOWN or REBOOT as the end phase. You can define the logical name AGEN$SHUTDOWN_TIME (using the DCL command DEFINE) to specify the number of minutes before shutdown occurs.

REBOOT requires the SETPRV privilege.

6.4.9. HELP

HELP displays help information about AUTOGEN to the screen. The HELP phase is only valid as the start phase command line parameter. When you specify HELP for the start phase, the end phase and execution mode parameters are ignored.

6.5. Execution Modes

Specify an execution mode when you invoke AUTOGEN to control how AUTOGEN uses feedback. Table 6.2 lists the execution-mode options.
Table 6.2. AUTOGEN Execution Modes

Option

Description

FEEDBACK

Specifies that AUTOGEN run in feedback mode, using dynamic feedback collected during the SAVPARAMS phase to make its calculations.

NOFEEDBACK

Specifies that AUTOGEN not use feedback in the calculations. The feedback from the SAVPARAMS phase is ignored. Use NOFEEDBACK mode for the initial system installation or upgrade. NOFEEDBACK supersedes the execution-mode option INITIAL, which was used in a previous version of the operating system.

CHECK_FEEDBACK

Specifies that AUTOGEN use feedback in its calculations as long as the feedback is valid. If feedback is suspect, AUTOGEN does not use feedback in the calculations, but continues through the specified end phase.

Blank

If you do not specify an execution mode, AUTOGEN uses feedback in the calculations by default. However, if AUTOGEN determines that the feedback might be suspect, it performs the calculations, issues the feedback report, and stops before modifying any parameters or system files, even if you specified an end phase of GENFILES, SETPARAMS, SHUTDOWN or REBOOT.

6.6. Files Used by AUTOGEN

Table 6.3 lists the files AUTOGEN uses during each phase.
Table 6.3. Files Used by AUTOGEN

AUTOGEN Phase

Input Files ?

Output Files ?

SAVPARAMS

None

AGEN$FEEDBACK.DAT

GETDATA

NEWPARAMS.DAT?

CLU$PARAMS.DAT

CLU$PARAMS.DAT

AGEN$FEEDBACK.DAT

CLU$PARAMS.DAT

MODPARAMS.DAT

PARAMS.DAT?

GENPARAMS

PARAMS.DAT

SETPARAMS.DAT

VMSIMAGES.DAT

AGEN$PARAMS.REPORT

TESTFILES

PARAMS.DAT

SYS$OUTPUT

GENFILES

PARAMS.DAT

PAGEFILE.SYS

SWAPFILE.SYS

SYSDUMP.DMP

AGEN$PARAMS.REPORT

SETPARAMS

SETPARAMS.DAT

ALPHAVMSSYS.PAR (Alpha)?

IA64VMSSYS.PAR (Integrity servers)?

AUTOGEN.PAR

ALPHAVMSSYS.OLD (Alpha)?

IA64VMSSYS.OLD (Integrity servers)?

SHUTDOWN

None

None

REBOOT

None

None

6.7. AUTOGEN Usage Summary

The AUTOGEN command procedure runs automatically when your system is installed or upgraded to set appropriate values for system parameters and sizes for system page, swap, and dump files. Execute AUTOGEN to reset system parameter values and system file sizes. The new values and file sizes take effect the next time the system is booted.

Syntax

@SYS$UPDATE:AUTOGEN [start-phase] [end-phase] [execution-mode]

Parameters

start-phase

Specify the phase where AUTOGEN is to begin executing. Table 6.1 lists the options for the end-phase parameter.

The phase specified for start-phase must either precede or be identical to the phase specified for end-phase, according to the sequence shown in Table 6.1. If you do not supply an option for the start-phase parameter, enter a null argument (that is, " ").If you do not specify a start phase, GENPARAMS is the default.

end-phase

Specify the phase where AUTOGEN is to complete executing. Table 6.1 lists the options for the end-phase parameter. If you do not specify an end phase, the end phase has the same value as the start phase by default.

execution-mode

Specify one of the following execution-mode options to control how AUTOGEN uses feedback:
  • FEEDBACK

  • NOFEEDBACK

  • CHECK_FEEDBACK

  • Blank

Table 6.2 describes each execution-mode option.

Description

To invoke AUTOGEN, use the following syntax to enter a command at the DCL command prompt:
$ @SYS$UPDATE:AUTOGEN [start-phase] [end-phase] [execution-mode]

You are returned to DCL level when the command has finished processing unless you specify SHUTDOWN or REBOOT as the end-phase parameter.

Chapter 7. Backup Utility

7.1. BACKUP Description

The Backup utility (BACKUP) helps you prevent data loss or corruption by creating copies of your files, directories, and disks. In case of a problem, for example, a disk drive failure, you can restore the backup copy and continue your work with minimal disruption.

When you save files with BACKUP, it writes the files to a special file called a save set. Save sets are written in a format that only BACKUP can interpret. (A save set stored on a Files–11 disk is a standard OpenVMS file, however, and can be copied, renamed, deleted, or backed up. A save set stored on magnetic tape should only be processed with the BACKUP command; do not use the DCL command COPY to copy a magnetic tape save set to disk.)

Use BACKUP to perform the following tasks:
  • Save disk files to a BACKUP save set.

  • Restore files to disk from a BACKUP save set.

  • Copy disk files to disk files.

  • Compare disk files created by BACKUP or files in a BACKUP save set with disk files.

  • List information about the files in a BACKUP save set.

  • Create and list journal files that record the results of BACKUP save operations.

  • Convert ODS-5 file names to ODS-2 file names.

For specific information about performing these tasks, see the VSI OpenVMS System Manager's Manual.

Note

Some layered products have their own special backup procedures. For more information, see the layered product documentation.

Also, when a symbolic link is encountered during a backup operation, the symbolic link itself is copied. This is true for all backup types — physical, image, and file. For more information, see the VSI C Run-Time Library Reference Manual for OpenVMS Systems.

Using BACKUP eliminates disk fragmentation. Fragmentation can occur as you create and extend files on a disk. If the file system cannot store files in contiguous blocks, it stores them in noncontiguous pieces. Eventually, the disk can become severely fragmented and system performance suffers. To eliminate fragmentation, perform an image backup of the disk and restore the backup copy. When you restore the image backup, BACKUP places the files on the disk contiguously.

Besides backing up your own files, directories, and disks, remember to back up your OpenVMS system disk. Depending on the policy at your site, individuals may be responsible for backing up their system disks, or an operator or system manager may perform the backup (as would likely be the case in a large, clustered computer system).

If you have access to the OpenVMS Alpha or Integrity servers CD–ROM, you can use a menu system supplied on the CD–ROM to back up your system disk.

For more information about standalone BACKUP and the menu-driven procedure, see the VSI OpenVMS System Manager's Manual.

Types of backup operations are:
  • An image backup (also called a full backup) saves a copy of all the files on a disk (or volume) to a save set. The first backup that you do on a disk must be an image backup; you cannot perform an incremental backup first.

  • An image restore initializes the output disk and restores an entire volume.

  • An image copy operation initializes the output disk and copies an entire volume; the image backup is a logical duplicate of the contents of the disk.

  • An image compare operation compares the contents of entire volumes.

    Note

    Because an image copy or backup operation processes all files on the input volume, you cannot specify file-selection qualifiers for these operations. You can, however, restore files and directories selectively from an image save set.

    If the output volume of an image operation is a disk, BACKUP stores all files on the output volume contiguously, eliminating disk fragmentation and creating contiguous free blocks of disk space.

  • An incremental backup saves only those files that have been created or modified since the most recent backup that was performed using the /RECORD qualifier. (The /RECORD qualifier records the date and time that the files are backed up.)

  • An incremental restore operation restores an incremental save set. Specify the command qualifier /INCREMENTAL in an incremental restore operation.

  • A file operation processes individual files or directories.

  • A selective operation process files or volumes selectively, according to criteria such as version number, file type, UIC, date and time of creation, expiration date, or modification date.

    Perform selective save operations by using wildcard characters and input file-selection qualifiers (for example, /BACKUP, /BEFORE, /BY_OWNER (use instead of /OWNER_UIC), /CREATED, /EXCLUDE, /EXPIRED, /MODIFIED, and /SINCE).

  • A physical operation copies, saves, restores, or compares an entire volume in terms of logical blocks, ignoring any file structure.

    Note

    Beginning in Version 8.2, a restore of a physical backup no longer requires the output disk to have the same geometry (tracks, cylinders). The restore operation works as long as the output has the same or larger capacity.

The following sections describe the BACKUP command line format.

7.2. BACKUP Command Line Format

To perform BACKUP operations, enter the DCL command BACKUP in the following format:
BACKUP input-specifier output-specifier

BACKUP evaluates the input and output specifiers to determine which type of operation to perform. BACKUP also uses the input specifier to locate the input and directs output to the output specifier.

7.3. BACKUP Input and Output Specifiers

BACKUP can process several different types of input and output. Depending on the type of operation being executed, input and output specifiers can be standard OpenVMS file specifications, BACKUP save-set specifications, or device specifications. Device specifications can refer to disk or magnetic tape volumes.

You can specify any valid OpenVMS file specification as BACKUP input or output specifiers; however, BACKUP does not allow node names in BACKUP file specifications. You can use wildcard characters, and you can also list multiple file specifications as input to a single BACKUP operation.

A BACKUP save-set specification is the file specification of a BACKUP save set. When you use BACKUP to save files or volumes, BACKUP writes your files to a save set. You can specify the save set as input to other BACKUP operations. When specifying a save set, follow the rules for specifying a OpenVMS file. The VSI OpenVMS User's Manual describes valid specifications for disk files; the VSI OpenVMS System Manager's Manual explains the rules for specifying magnetic tape files. A save-set specification has no default file type, although you can use BCK or SAV.

The save-set name can be any valid OpenVMS file name and type. However, when you create a save set on magnetic tape, the save-set name has the following restrictions:
  • The entire save-set name cannot exceed 17 characters, including the period delimiter.

  • You cannot specify a version number.

  • You cannot specify a directory name.

Device specifications used as BACKUP input or output specifiers follow the conventions for specifying devices outlined in the VSI OpenVMS User's Manual.

By default, BACKUP treats an input or output specifier referring to a Files–11 disk as a file specification. Therefore, to identify a save set on a Files–11 volume, you must include the /SAVE_SET qualifier with the specifier (see /SAVE_SET). BACKUP treats input and output specifiers referring to magnetic tape as save sets.

Note

You cannot specify a save set for both the input and output specifier of a BACKUP command. For this reason, you cannot perform a BACKUP operation from one magnetic tape to another.

Table 7.1 shows input and output specifiers for each type of BACKUP operation.
Table 7.1. BACKUP Input and Output by Operation Type

Operation

Format

Save

BACKUP file-spec save-set-spec

Save (image)

BACKUP/IMAGE device-spec save-set-spec

Save (physical to disk)

BACKUP/PHYSICAL device-spec device-spec

Restore

BACKUP save-set-spec file-spec

Restore (image)

BACKUP/IMAGE save-set-spec device-spec

Restore (physical from disk)

BACKUP/PHYSICAL save-set-spec device-spec

Restore (physical from tape)

BACKUP/PHYSICAL save-set-spec device-spec

Copy

BACKUP file-spec file-spec

Copy (image)

BACKUP/IMAGE device-spec device-spec

Copy (physical to tape)

BACKUP/PHYSICAL device-spec save-set-spec

Compare

BACKUP/COMPARE file-spec file-spec

BACKUP/COMPARE save-set-spec file-spec

Compare (image)

BACKUP/COMPARE/IMAGE save-set-spec device-spec

BACKUP/COMPARE/IMAGE device-spec device-spec

Compare (physical)

BACKUP/COMPARE/PHYSICAL device-spec device-spec

BACKUP/COMPARE/PHYSICAL save-set-spec device-spec

List?

BACKUP/LIST[=file-spec] save-set-spec

BACKUP/LIST[=file-spec] device-spec

Create Journal

BACKUP/JOURNAL[=file-spec] file-spec save-set-spec

List Journal

BACKUP/JOURNAL[=file-spec]/LIST[=file-spec]

7.3.1. Input and Output Specifier Element Lists

An element list is a list of arguments specified with a command or qualifier. The arguments, or elements, in the list are separated by commas. Element lists relating to input or output specifiers are allowed only in the following circumstances:
  • If an input specifier refers to a Files–11 disk, you can construct lists from standard OpenVMS file specifications, as follows:
    $ BACKUP
    _From: DUA0:[DATA]A.DAT,B.DAT,[PROGRAMS]TEST.EXE
    _To: MSA0:TEST.SAV/LABEL=DLY101
  • If an input specifier or an output specifier refers to a BACKUP save set on magnetic tape or sequential disk, you can specify more than one device name to be used in the operation. This allows you to process multivolume save sets efficiently by specifying the order in which devices will be used. The first volume is processed until it is full. The second (or subsequent) volume is processed while the media in the first (or previous) volume is being changed. However, the save-set name must appear with the first element in the list and must not appear in subsequent elements in the list.

    In the following example, BACKUP first saves data to a tape in drive MSA0, then to a tape in drive MSA1. When the tape in drive MSA1 is full, BACKUP saves data to a fresh tape in MSA0.
    $ BACKUP
    _From: DUA0:[DATA]*.*,DUA0:[PROGRAMS]*.*
    _To: MSA0:TEST.SAV,MSA1:/LABEL=WKLY01
  • If you are performing an image operation on a volume set, you can specify element lists in the input and output specifiers. In the following example, BACKUP first restores the save set TEST.SAV from the tape in drive MSA0, and then continues to restore the save set from the tape in drive MSA1. BACKUP first restores this save set to DUA0. When DUA0 is full, BACKUP continues the restore operation to DUA1.
    $ BACKUP/IMAGE
    _From: MSA0:TEST.SAV,MSA1:
    _To: DUA0:[DATA...],DUA1:

7.3.2. Using Wildcard Characters with BACKUP

BACKUP allows you to use wildcard characters in file specifications to represent directories, file names, file types, and version numbers. Omitted file names, file types, or version numbers are assumed to be the asterisk wildcard character (*). For instance, if you omit the version number, BACKUP processes all versions. (For introductory information about wildcard characters, see the VSI OpenVMS User's Manual.)

You can use any valid DCL wildcard character with input specifiers that are Files–11 media or with the /SELECT and /EXCLUDE qualifiers. Note, however, that the symbols denoting the latest versions of files (;) and relative versions of files (;-n) are processed as the asterisk wildcard character (;*) when they are used with the /EXCLUDE and /SELECT qualifiers.

You cannot use wildcard characters in BACKUP save-set specifications unless the save sets are input specifiers on tape.

Using Wildcard Characters to Represent Directories

The following table lists the types of directory wildcards allowed for output specifiers that are Files–11 media:

Directory Wildcard

Result

omitted

If a directory name is omitted, BACKUP restores file to the current default directory [].

[* …]

BACKUP restores files to the directory from which they were saved.

[directory]

BACKUP restores files to the named directory.

[directory …]

The wildcard characters used in the specification of the input files determine the directory to which BACKUP restores the files.


Note

If you specify directory wildcard characters incorrectly and your directories contain many levels of subdirectories, you risk losing the lower level subdirectories in BACKUP operations because OpenVMS directory trees can have only 8 levels with ODS-2 files. ODS-5 files, however, do not have this 8-level restriction.

The following example uses the directory wildcard format [directory …] for both the input and the output specifiers:
$ BACKUP [OSCAR...] [JOE.RECEIVED...]

In this example, BACKUP creates a directory named [JOE.RECEIVED] (if it does not already exist) as well as subdirectories that correspond to the subdirectories of [OSCAR]. BACKUP copies all files from the directory [OSCAR] and its subdirectories to [JOE.RECEIVED] and its subdirectories. If [OSCAR] has 8 levels of directories, however, and files in it are ODS-2, BACKUP is unable to create a corresponding 9-level subdirectory to [JOE.RECEIVED]; the 8-level subdirectory to [OSCAR] is not copied. (This restriction does not apply to ODS-5 files.)

If you use the asterisk wildcard character (*) to represent subdirectories in the input specifier of a copy operation, BACKUP creates subdirectories to the directory specified in the output specifier that correspond to the subdirectories in the input specifier. BACKUP then copies all files from the lowest level subdirectory in the input specifier to the lowest level subdirectory in the output specifier. In the following example, the asterisk represents subdirectories named MONDAY and TUESDAY:
$ BACKUP [SAM.WORK.*.WEDNESDAY] [JAMES...]
In this example, BACKUP creates a subdirectory named [JAMES.MONDAY.TUESDAY.WEDNESDAY]. In doing so, BACKUP:
  1. Copies the file MONDAY.DIR to [JAMES]

  2. Copies the file TUESDAY.DIR to [JAMES.MONDAY], and

  3. Copies the file WEDNESDAY.DIR to [JAMES.MONDAY.TUESDAY].

  4. Copies all files from [SAM.WORK.MONDAY.TUESDAY.WEDNESDAY] to [JAMES.MONDAY.TUESDAY.WEDNESDAY].

In a restore operation, the input specifier defaults to [* …] if the input save-set qualifier /SELECT is not used; this is important if you use the form [directory …] in the output specifier. The function of the wildcard [* …] is to carry over the entire directory name from the first level on and to place it before the ellipsis in the output specifier. Thus, if the save set in the following example contains the directory tree [SAVE …], the restored directory tree will be [WORK.SAVE …]:
$ BACKUP MTA0:SAVE.BCK [WORK...]
Note that the result will be the same, even if your output specifier has the same name as the directory in the input specifier, as shown in the following example:
$ BACKUP MTA0:SAVE.BCK [SAVE...]

The preceding command restores the directory tree [SAVE …] to a directory tree named [SAVE.SAVE …].

The following command restores the directory tree [SAVE …] to a directory tree named [WORK …]:
$ BACKUP MTA0:SAVE.BCK/SELECT=[SAVE...] [WORK...]
There are two ways to retain the original directory name when you restore files. You must either use the form [* …] for the output specifier, or you must specify the input save-set qualifier /SELECT. The following example uses the form [* …] in the output specifier to restore the directory tree [SAVE …] in save set SAVE.BCK to the directory tree [SAVE …]:
$ BACKUP MTA0:SAVE.BCK [*...]
The input save-set qualifier /SELECT causes only the ellipsis portion of the selected file specification to be carried over to the directory tree named in the output specifier [directory …]. The following command restores [SAVE …] to [SAVE …]:
$ BACKUP MTA0:SAVE.BCK/SELECT=[SAVE...] [SAVE...]

7.4. BACKUP Qualifiers

You can also affect BACKUP operations by specifying qualifiers. BACKUP has five types of qualifiers:
  • Command qualifiers modify the default action of a BACKUP command. You can place command qualifiers anywhere in the command line. Command qualifiers act upon every file in the input or output specifier.

  • Input file-selection qualifiers select files from the input specifier. Place them immediately after the input specifier.

  • Output file qualifiers change the way output files are restored. Place them immediately after the output specifier.

  • Input save-set qualifiers affect the way BACKUP handles an input save set during a restore or compare operation. Place them immediately after the input specifier.

  • Output save-set qualifiers affect the way BACKUP processes an output save set during a save operation. Place them immediately after the output specifier.


Note

You cannot use input and output qualifiers in image operations.

It is important to understand the differences between the types of qualifiers. The position of qualifiers in the BACKUP command line affects the results of the command. Although command qualifiers can be placed anywhere in the command line, input- and output-specifier qualifiers are position-dependent. That is, input-specifier qualifiers must be placed immediately after the input specifier, and output-specifier qualifiers must be placed immediately after the output specifier.

Additionally, several BACKUP qualifiers are both input-specifier qualifiers and output-specifier qualifiers. To achieve the results you want from a BACKUP command, ensure that you place position-dependent qualifiers correctly. For example, use the /SAVE_SET qualifier as an output save-set qualifier in a BACKUP save operation and as an input save-set qualifier in a BACKUP restore operation.

Appendix G contains more information about valid combinations of BACKUP qualifiers. Table 7.2 summarizes BACKUP qualifiers by type.
Table 7.2. Summary of BACKUP Qualifiers by Type

Qualifier

Description

Command Qualifiers

/[NO]ALIAS

Specifies whether to maintain the previous behavior of multiple processing of alias and primary file entries.

/[NO]ASSIST

Allows operator or user intervention if a request to mount a magnetic tape fails during a BACKUP operation.

/BRIEF

Causes the /LIST qualifier to display the file specification, size (in blocks), and creation date for each file in the save set.

/COMPARE

Causes BACKUP to compare the contents of the first parameter with the contents of the second parameter.

/DELETE

Specifies that a BACKUP save or copy operation is to delete the selected input files from the input volume after all files have been successfully processed.

/ENCRYPT

Creates and restores encrypted save sets.

/FAST

Processes the input specifier using a fast file scan to reduce processing time.

/FULL

Displays the information produced by the /LIST command qualifier in a format similar to that displayed by the DCL command DIRECTORY/FULL.

/IGNORE

Specifies that a BACKUP save or copy operation overrides restrictions placed on files or is not to perform tape label processing checks.

/IMAGE

Directs BACKUP to process an entire volume or volume set.

/INCREMENTAL

Allows you to restore a disk volume from a series of incremental save sets. (Unrelated to /NOINCREMENTAL.)

/[NO]INITIALIZE

Initializes an output disk volume, making its entire previous contents unavailable.

/INTERCHANGE

Directs BACKUP to process files in a manner suitable for data interchange (software distribution) by excluding information that would prevent other utilities or sites from reading the BACKUP save set.

/IO_LOAD

Increases or decreases the number of simultaneous I/Os issued by the BACKUP utility. The default is 8 I/Os. The minimum is 2 I/Os.

/JOURNAL

Specifies that a BACKUP save operation is to create, or append information to, a BACKUP journal file.

/LIMIT

Specifies the expansion size limit during restore or save operations.

/LIST

Lists information about a BACKUP save set and about the files in a save set.

/[NO]LOG

Displays the file specification of each file processed during the operation on SYS$OUTPUT.

/NOINCREMENTAL

Allows you to control the amount of file data that is saved in a save operation. (Unrelated to /INCREMENTAL.)

/PHYSICAL

Specifies that a BACKUP operation is to ignore any file structure on the input volume and to process the volume in terms of logical blocks.

/PROGRESS_REPORT

Displays the progress of a backup operation on the current output device.

/RECORD

Records the current date and time in the BACKUP date field of each file header once a file is successfully saved or copied.

/RELEASE_TAPE

Dismounts and unloads a tape after a BACKUP save operation either writes and verifies the save set, or reaches the end of the tape.

/SIZE

Preserves the logical volume size on the target device or allows you to specify the logical size of the target device.

/[NO]TRUNCATE

Controls whether a copy or restore operation truncates a sequential output file at the end-of-file (EOF) when creating it.

/VERIFY

Specifies that the contents of the output specifier be compared with the contents of the input specifier after a save, restore, or copy operation is completed.

/VOLUME

Indicates that a specific disk volume in a disk volume set is to be processed.

Input File-Selection Qualifiers

/BACKUP

Selects files according to the BACKUP date written in the file header record by the BACKUP/RECORD command.

/BEFORE

Selects files dated earlier than the date and time you specify.

/BY_OWNER

Causes BACKUP to process files owned by the specified UIC.

/CONFIRM

Displays prompts on your terminal for confirmation before processing each file.

/CONVERT

Converts ODS-5 file names to ODS-2 file names.

/CREATED

Selects files according to the value of the creation date field in each file header record.

/EXCLUDE

Excludes files from processing that otherwise meet the selection criteria for a save or copy operation.

/EXPIRED

Selects files according to the value of the expiration date field in each file header record.

/FILES_SELECTED

Specifies a file that contains a list of the files that are to be selected when a save set is restored.

/HEADER_ONLY

Controls whether BACKUP saves only the file header of shelved and preshelved files.

/MODIFIED

Selects files according to the value of the modified date field (the date the file was last modified) in each file header record.

/SINCE

Selects files dated equal to or later than the specified date and time.

Output File Qualifiers

/BY_OWNER

Redefines the owner user identification code (UIC) for restored files.

/NEW_VERSION

Creates a new version of a file if a file with an identical specification already exists at the location to which the file is being restored or copied.

/OVERLAY

Writes over an existing file when an identically named file is encountered during the restore operation.

/REPLACE

Replaces a file on the output specifier with an identically named file from the input specifier.

Input Save-Set Qualifiers

/[NO]CRC

Checks the software cyclic redundancy check (CRC) encoded in the save set's data blocks.

/INPUT_FILES

Directs BACKUP to treat the input-specifier as the file name of a list of files. This file specifies the input files for a BACKUP operation.

/[NO]REWIND

Rewinds the input tape reel to the beginning-of-tape marker before reading the input volume.

/SAVE_SET

Directs BACKUP to treat the input file as a BACKUP save set.

/SELECT

Selects the specified files for processing.

Output Save-Set Qualifiers

/BLOCK_SIZE

Specifies the output block size, in bytes, for data records in BACKUP save sets and in disk-to-disk copies.

/BY_OWNER

Specifies the owner user identification code (UIC) of the save set.

/COMMENT

Places the string that you supply into the BACKUP summary record of the output save set.

/[NO]CRC

Specifies that the CRC is to be computed and stored in the data blocks of the output save set.

/DENSITY

Specifies the recording density of the output magnetic tape.

/EXACT_ORDER

Specifies the exact order of tape volume labels that you want to use in a BACKUP operation.

/GROUP_SIZE

Defines the number of blocks BACKUP places in each redundancy group.

/LABEL

Specifies the 1- to 6- character volume labels for the magnetic tapes and 1- to 12- character volume labels for disks to which the save set is written.

/MEDIA_FORMAT

Controls whether data records are automatically compacted and blocked together.

/PROTECTION

When you create a save set on disk, this qualifier defines the protection to be applied to an output save set. When you create a save set on magnetic tape, this qualifier defines the protection to be applied to the magnetic tape volume.

/[NO]REWIND

Rewinds the output tape to the beginning-of-tape marker and initializes the output tape.

/SAVE_SET

Directs BACKUP to treat the output file as a BACKUP save set.

/TAPE_EXPIRATION

Writes a file expiration date other than the current date to the file header label of the save set.

7.5. BACKUP Usage Summary

By duplicating files or volumes of files, the Backup utility (BACKUP) protects data from loss or corruption.

BACKUP is intended for use primarily by system managers and operators to protect public media. However, anyone can use BACKUP to make personal BACKUP copies and to transport files between OpenVMS systems.

The two ways to back up your system disk are:
  • If you have access to the CD–ROM of the current version of OpenVMS Alpha or Integrity servers, you can use a menu-driven procedure to back up your system disk.

  • If you do not have access to the CD–ROM of the current version of OpenVMS Alpha or Integrity servers, you must use standalone BACKUP to back up your system disk.

Syntax

BACKUP input-specifier output-specifier

Parameters

input specifier

Specifies the input for the BACKUP operation. The input specifier can be a standard OpenVMS file specification, a BACKUP save-set specification, or a device name. If the input specifier is a save-set specification on disk, it must include the input save-set qualifier /SAVE_SET.

DECnet node names are allowed only in save-set specifications.

Wildcards are permitted in standard OpenVMS file specifications and in save-set specifications if they are on magnetic tape.

output specifier

Specifies the output for the BACKUP operation. The output specifier, like the input specifier, can be either a standard OpenVMS file specification, a BACKUP save-set specification, or a device name. If the output specifier is a save set on disk, it must include the output save-set qualifier /SAVE_SET.

DECnet node names are allowed only in save-set specifications.

You can use wildcard characters if the output specifier is a Files–11 volume. You cannot use wildcard characters if the output specifier is a BACKUP save set or a volume created by a BACKUP/PHYSICAL or BACKUP/IMAGE operation. For restrictions on the use of wildcard characters in BACKUP commands, see Section 7.3.2.

Description

To invoke online BACKUP, enter an appropriate BACKUP command at the DCL prompt. For instructions on invoking standalone BACKUP, refer to the VSI OpenVMS System Manager's Manual.

When you enter a BACKUP command, BACKUP evaluates the input and output specifier and qualifiers to determine the type of operation to perform. BACKUP uses the input specifier to locate the input to the utility and directs output to the output specifier, which can be a file or a save set on disk or a save set on magnetic tape.

After executing the command, BACKUP returns to DCL command level. If you want to halt the execution of a BACKUP command prematurely, press Ctrl/Y. If BACKUP is creating a file when you press Ctrl/Y, the file is closed immediately and only partially created.

You need the user privilege TMPMBX to send messages to operator terminals when using BACKUP in batch mode. If you are performing a save operation to a volume set of sequential disks, you must have the user privilege PHY_IO or LOG_IO to write to a continuation volume. The use of several BACKUP qualifiers also requires privileges; these are noted in the appropriate qualifier descriptions.

/ALIAS

/ALIAS — Command Qualifier: Specifies that the previous behavior of multiple processing of alias and primary file entries be maintained. Use the /ALIAS qualifier only when you are restoring very old save sets (from OpenVMS Version 6.2 or earlier). The current default behavior is correct in nearly every other situation. If you are in doubt about using this qualifier, contact your VSI support representative.

Syntax

/ALIAS save-set-spec (default)

/NOALIAS

Description

The /ALIAS qualifier maintains the previous BACKUP behavior of treating alias file entries the same as primary file entries. Therefore, a primary file may be processed multiple times by BACKUP if one or more alias file entries reference the same primary file entry.

If you specify /NOALIAS, alias directory and file entries are ignored. Therefore, multiple processing of primary files may be avoided, which saves time and save-set file space. If a restore operation is performed using the /ALIAS qualifier but the save set was created by using the /NOALIAS qualifier, a message is displayed that the /ALIAS qualifier will be ignored.

/ASSIST

/ASSIST — Command Qualifier: Allows operator or user intervention during a BACKUP operation if a magnetic tape mount request fails or if an operation requires another volume.

Syntax

/[NO]ASSIST input-specifier output-specifier

Description

The /ASSIST qualifier causes BACKUP to send messages to operator terminals when a failure occurs during a BACKUP mount request or when an operation requires another volume. BACKUP sends messages to operator terminals enabled to receive TAPES and CENTRAL messages. (See the description of the REPLY command in the VSI OpenVMS DCL Dictionary for information about enabling and disabling operator terminals.) If a failure occurs, the operator can either abort the operation or correct the error condition and allow the operation to continue.

If no operator terminal is enabled to receive TAPES and CENTRAL messages and to respond to a mount assist request, a message is displayed informing the user of the situation. If a volume is placed in the requested drive, no additional operator response is necessary. Any operator reply to a mount request is written to SYS$OUTPUT. When BACKUP is run interactively, SYS$OUTPUT is the user's terminal. When BACKUP is run in batch mode, SYS$OUTPUT is the batch job log file.

If you specify /NOASSIST, mount messages appear on your terminal and are not sent to the operator.

The default is /ASSIST. The /NOASSIST qualifier has no effect if the logical name SYS$COMMAND points to a device that is not a terminal (as is the case when you run BACKUP in a batch job). Specifying /NOASSIST when BACKUP is run in batch mode has no effect.

Example

$ BACKUP/NOASSIST [PAYROLL]*.*;* MTA1:PAYROLL.BCK/LABEL=WKY101

This command mounts the volume labeled WKY101 on the MTA1 tape drive and copies all files in the [PAYROLL] directory to a save set named PAYROLL.BCK. The /NOASSIST qualifier directs BACKUP to send mount messages to your terminal rather than to the operator terminal. The WKY101 label indicates that WKY101 is a weekly BACKUP tape in group 1, volume number 01. (If the volume label of the tape is not WKY101, you can direct BACKUP to write the save set to the tape by choosing the OVERWRITE option at the BACKUP> prompt.)

/BACKUP

/BACKUP — Input File-Selection Qualifier: Selects files according to the BACKUP date written in the file header record by the BACKUP/RECORD command.

Syntax

input-specifier/BEFORE=time/BACKUP output-specifier

input-specifier/SINCE=time/BACKUP output-specifier

Description

The /BACKUP qualifier is valid with Files–11 Structure Levels 2 and 5 volumes only and must be used with either the /BEFORE or /SINCE qualifier. You cannot use /BACKUP with the /CREATED, /MODIFIED, or /EXPIRED qualifiers in an image operation or in a physical operation.

The /BACKUP qualifier selects files by comparing the date and time recorded in the BACKUP field of the file header record with the date and time specified with the /BEFORE or /SINCE qualifier. The date and time recorded in the file header record is the date and time the file was last saved or copied using the /RECORD command qualifier.

When you use /BACKUP with /BEFORE, files with a BACKUP date prior to the specified date or time are selected. Files with no BACKUP date (that is, /RECORD was not specified when the file was saved or copied) are also selected.

When you use /BACKUP with /SINCE, files with a BACKUP date equal to or later than the specified date or time are selected. Files with no BACKUP date (that is, /RECORD was not specified when the file was saved or copied) are not selected.

Examples

  1. $ BACKUP/RECORD
    _From: [PAYROLL]*.*;*/BEFORE=01-SEP-2002/BACKUP
    _To: MTA1:SEP01.BCK

    In this command, the /BACKUP qualifier combined with the /BEFORE qualifier saves all versions of all files in the directory [PAYROLL] that have a BACKUP date written before September 1, 2002. The command qualifier /RECORD writes the date and time of the save operation to the file header record of each saved file.

  2. $ BACKUP/RECORD [ACCOUNTS...]/SINCE=YESTERDAY/BACKUP MTA1:ACC.BCK

    In this command, the /BACKUP qualifier combined with the /SINCE qualifier saves all files in all subdirectories of [ACCOUNTS] that have a BACKUP date written since yesterday (24 hours before midnight last night). The command qualifier /RECORD writes the date and time of the save operation to the file header record of each saved file.

/BEFORE

/BEFORE — Input File-Selection Qualifier: Selects files dated earlier than the date and time you specify.

Syntax

input-specifier/BEFORE=time output-specifier

Description

The /BEFORE qualifier selects files by comparing the date and time in the specified field of each file header record with the date and time you specify in the command line. The following list shows the other input file-selection qualifiers (and their functions) that you can use with the /BEFORE qualifier. Use these other qualifiers only one at a time in your command line.

/BACKUP

Selects files last saved or copied by BACKUP/RECORD before the date specified. Also selects files with no BACKUP date.

/CREATED

Selects files created before the date specified.

/EXPIRED

Selects files that have expired as of the date specified.

/MODIFIED

Selects files last modified before the date specified. If you specify /BEFORE without another qualifier, /MODIFIED is used by default.

Specify the date and time as a delta time or as an absolute time using the format [dd-mmm-yyyy[:]][hh:mm:ss.cc]. You can also use one of the following reserved words to specify the date and time:

BACKUP

The BACKUP date of the file written by a previous BACKUP/RECORD operation (available only on Files–11 Structure Levels 2 or 5 volumes)

TODAY

The current day, month, and year at 00:00:00.0 o'clock

TOMORROW

24 hours after midnight last night

YESTERDAY

24 hours before midnight last night

The /BEFORE qualifier is not valid in incremental restore operations.

Example

$ BACKUP [POLICIES]*.*;*/BEFORE=TODAY/EXPIRED
DMA1:OLDPOL.BCK/SAVE_SET

This command saves all files in the directory [POLICIES] that have expiration dates preceding today's date.

/BLOCK_SIZE

/BLOCK_SIZE — Output Save-Set Qualifier: Specifies the output block size, in bytes, for data records in BACKUP save sets and in disk-to-disk copies.

Syntax

input-specifier output-save-set-spec/BLOCK_SIZE=n

Description

You can specify a block size between 2048 and 65,535 bytes. BACKUP may adjust this value according to the constraints of the BACKUP format. Although BACKUP may adjust the block size you specify, it does not adjust the block size over the maximum of 65,535.

If you specify /BLOCK_SIZE in a magnetic tape save operation, BACKUP ignores any block size defined by the /BLOCK_SIZE qualifier to the DCL command MOUNT.

If the block size is set to a large value for a save set on magnetic tape, it is possible for the magnetic tape to run off its reel or for a large number of write errors to be logged. If this occurs, avoid using large block sizes. If the problem recurs with the same magnetic tape, avoid using that tape for future BACKUP operations.

The default block size for magnetic tape is 8192 bytes; the default for disk is 32,256 bytes.

Example

$ BACKUP/RECORD DRA2:[LEE...]/SINCE=BACKUP MTA0:SAVEWORK.BCK/BLOCK_SIZE=10000

This command saves a directory tree on DRA2 to a magnetic tape mounted on drive MTA0. The input file-selection qualifier /SINCE=BACKUP instructs BACKUP to process only those files in the specified directory tree that have been modified since the last BACKUP/RECORD operation. The output save-set qualifier /BLOCK_SIZE directs BACKUP to assign a block size of 10,240 (BACKUP rounds the specified block size of 10,000 up to the next multiple of 512).

/BRIEF

/BRIEF — Command Qualifier: Lists the file specification, size, and creation date for each file in the save set. (The size listed is the actual size of the file saved, rather than the number of blocks allocated to the file.) The /BRIEF qualifier is valid only with the /LIST qualifier and is the default format for BACKUP listings. Specify the /FULL qualifier to list the information in a format similar to that displayed by the DCL command DIRECTORY/FULL.

Syntax

/LIST/BRIEF save-set-spec

Example

$ BACKUP/LIST/BRIEF DBA2:[SAVE]23MAR02.BCK/SAVE_SET
Listing of save set(s)
Save set:          23MAR02.BCK
Written by:        MOROCI
UIC:               [000200,000200]
Date:              23-MAR-2002 14:18:16.00
Command:           BACKUP [SAVE] DBA2:[SAVE]23MAR02.BCK/SAVE_SET
Operating system:  OpenVMS Alpha Version 7.3-1
BACKUP version:    V7.3-1
CPU ID register:   08000000
Node name:         _SUZI::
Written on:        _DBA2: 
Block size:        32,256 
Group size:        10
Buffer count:      3
[SAVE]INFO.TXT;4                  5   4-FEB-2002 13:12
[SAVE]LAST.DAT;1                  1  18-JAN-2002 14:11
[SAVE]WORK.DAT;3                 33   1-JAN-2002 10:02
Total of 3 files, 39 blocks
End of save set

This command lists the BACKUP summary information and the file name, size, and creation date for each file in the save set. Note that the input save-set qualifier /SAVE_SET is required to identify the input specifier as a save set on a Files–11 medium.

/BUFFER_COUNT

/BUFFER_COUNT — Command Qualifier: This qualifier is obsolete. You can still specify the /BUFFER_COUNT qualifier, although it has no effect. (This ensures that command procedures containing this qualifier will still operate correctly.) VSI recommends that you remove the /BUFFER_COUNT qualifier from command procedures.

Syntax

/BUFFER_COUNT

/BY_OWNER (Select Input File by UIC)

/BY_OWNER (Select Input File by UIC) — Input or Output File Qualifier, or Output Save-Set Qualifier: Input File-Selection Qualifier As an input file-selection qualifier, /BY_OWNER causes BACKUP to process files owned by the specified UIC.

Syntax

input-specifier/BY_OWNER[=[uic]] output-specifier

Description

Specify the UIC as octal numbers or in alphanumeric format (in the form [g,m]). Note that the UIC specification must include the brackets. UIC formats are described in the VSI OpenVMS User's Manual. If you specify this qualifier without a UIC, the default UIC is the current process UIC. If you do not specify this qualifier, BACKUP processes all files on the volume. Output File Qualifier As an output file qualifier, /BY_OWNER redefines the owner UIC for each file restored during the operation. You can use one of the following options:

DEFAULT

Sets the owner UIC to the user's current default UIC. This option is the default if you do not specify the /BY_OWNER qualifier, except in image and incremental restore operations, when ORIGINAL is the default option.

ORIGINAL

Retains the owner UIC of the file being restored. This option is the default if you specify the /BY_OWNER qualifier with no option. This option is also the default for incremental restore operations. To use this option, the UIC must be yours, or you must have the SYSPRV user privilege or be the owner of the output volume.

PARENT

Sets the owner UIC to the owner UIC of the directory to which the file is being restored or copied. To use this option, the parent UIC must be yours, or you must have the SYSPRV user privilege or be the owner of the output volume.

[uic]

Sets the owner UIC to the UIC specified. To use this option, the UIC must be yours, or you must have the SYSPRV user privilege or be the owner of the output volume.

Output Save-Set Qualifier As an output save-set qualifier, /BY_OWNER specifies the owner UIC of the save set. If you omit the /BY_OWNER qualifier, the save set receives the UIC of the current process. To use /BY_OWNER as an output save-set qualifier, you must have the SYSPRV user privilege or the UIC must be your own.

Input File-Selection Qualifier

See separate descriptions for /BY_OWNER as an output file qualifier and an output save-set qualifier.

Selects files for processing according to the user identification code (UIC). If you specify /BY_OWNER without a UIC, BACKUP selects all files whose UIC matches that of the current process.

Specify either a numeric UIC as octal numbers or an alphanumeric UIC in the form [g,m]. Wildcards are permitted. Note that the brackets are required.

g

An octal number in the range 0 to 37776 representing the group number or an alphanumeric group name

m

An octal number in the range 0 to 177776 representing the member number or an alphanumeric member name

If you do not specify /BY_OWNER, BACKUP processes all files specified by the input specifier.

Examples

  1. $ BACKUP [SNOW...]/BY_OWNER MT$DRIVE:SNOW.BCK/LABEL=TAPE01

    In this example, BACKUP mounts the tape with the label TAPE01 on drive MT$DRIVE and saves all files in the directory and subdirectories of [SNOW] with the UIC of the current default process to the save set SNOW.BCK.

  2. $ BACKUP [SUNDANCE]/BY_OWNER=[727,46]  DBA1:STABLE.BCK/SAVE_SET

    In this example, all files in the directory [SUNDANCE] with an owner UIC of [727,46] are saved to the sequential-disk save set STABLE.BCK on DBA1.

/BY_OWNER (Redefine Owner UIC for Restored File)

/BY_OWNER (Redefine Owner UIC for Restored File) — Output File Qualifier: See separate descriptions for /BY_OWNER as an input file-selection qualifier and an output save-set qualifier. Redefines the owner user identification code (UIC) for restored files.

Syntax

input-specifier output-specifier/BY_OWNER=option

Description

The following options are available:

DEFAULT

Sets the owner UIC to the user's current default UIC. This option is the default if you do not specify the /BY_OWNER qualifier, except in image and incremental restore operations, when ORIGINAL is the default option.

ORIGINAL

Retains the owner UIC of the file being restored. This option is the default if you specify the /BY_OWNER qualifier with no option. This option is also the default for incremental restore operations. To use this option, the UIC must be yours, or you must have the SYSPRV user privilege or be the owner of the output volume.

PARENT

Sets the owner UIC to the owner UIC of the directory to which the file is being restored or copied. To use this option, the parent UIC must be yours, or you must have the SYSPRV user privilege or be the owner of the output volume.

[uic]

Sets the owner UIC to the UIC specified. Use the [g,m] format (as described in the input file-selection qualifier /BY_OWNER). To use this option, the UIC must be yours, or you must have the SYSPRV user privilege or be the owner of the output volume.

In restore operations where the command qualifier /IMAGE or /INCREMENTAL is specified, the default is /BY_OWNER=ORIGINAL.

Example

$ BACKUP DBA2:ACCOUNTS.BCK/SAVE_SET  [CLEAVER...]/BY_OWNER=PARENT

In this example, the sequential-disk save set ACCOUNTS.BCK is restored to the directory tree [CLEAVER...], assigning each restored file the owner UIC of the [CLEAVER] directory.

/BY_OWNER (Specify Owner UIC for Save Set)

/BY_OWNER (Specify Owner UIC for Save Set) — Output Save-Set Qualifier: See separate descriptions for /BY_OWNER as an input file-selection qualifier and an output file qualifier. Specifies the owner user identification code (UIC) of the save set.

Syntax

input-specifier output-save-set-spec/BY_OWNER=uic

Description

If the /BY_OWNER qualifier is omitted, the UIC of the current process is used. To use this qualifier on Files–11 save sets, you need the user privilege SYSPRV, or the UIC must be your own.

Specify either a numeric UIC as octal numbers or an alphanumeric UIC in the form [g,m]. Wildcards are permitted. Note that the brackets are required.

[g,m]

g

An octal number in the range 0 to 37776 representing the group number or alphanumeric group name

m

An octal number in the range 0 to 177776 representing the member number or alphanumeric member name

Example

$ BACKUP [CLEAVER...] MFA2:ACCOUNTS.BCK/BY_OWNER=[301,310]/LABEL=TAPE01

In this example, BACKUP mounts the tape with the label TAPE01 on drive MFA2. Next, BACKUP saves the directory tree [CLEAVER...] to a save set named ACCOUNTS.BCK. The output save-set qualifier /BY_OWNER assigns an owner UIC of [301,310] to the save set.

/COMMENT

/COMMENT — Places a comment in an output save set. If the comment string is longer than one word or if it contains non-alphanumeric characters, you must enclose it in quotation marks (" "). A DCL command can contain a maximum of 1024 characters.

Syntax

input-specifier output-save-set-spec /COMMENT=string

Example

$ BACKUP [REMARKS] DMA1:20JULREM.BCK/SAVE_SET -
_$ /COMMENT="Remote operations for July 20, 2002"
$ BACKUP/LIST DMA1:20JULREM.BCK/SAVE_SET
Listing of save set
 
Save set:          20JULREM.BCK
Written by:        WALRUS
UIC:               [360,054]
Date:              20-JUL-2002 15:22:06.62
Command:           BACKUP [REMARKS] DMA1:20JULREM.BCK/SAVE_SET/COMMENT=Remote
operations for July 20, 2002
Operating system:  OpenVMS Alpha Version V7.3-1
BACKUP version:    V7.3-1
CPU ID register:   0138084C
Node name:         _ABBEY::
Written on:        _ABBEY$DMA1:
Block size:        32256
Group size:        10
Buffer count:      3
 
[REMARKS]BAC.RES;1                                       2  20-JUL-2002 14:13
[REMARKS]COM.LIS;1                                       1  20-JUL-2002 14:04
[REMARKS]DTOP.DIR;1                                      1  20-JUL-2002 14:18
 .
 .
 .
Total of 40 files, 535 blocks
End of save set

The first BACKUP command saves the directory [REMARKS] to a sequential-disk save set and records a comment. The BACKUP/LIST command displays the contents of the newly created save set. Note that the /SAVE_SET qualifier is required when creating a save set on disk.

/COMPARE

/COMPARE — Command Qualifier: Compares the save set, device, file, or files specified by the first parameter with the contents of the Files–11 device, file, or files specified by the second parameter and displays an error message if it finds a difference.

Syntax

/COMPARE file-spec file-spec

/COMPARE save-set-spec file-spec

/IMAGE/COMPARE device-spec device-spec

/IMAGE/COMPARE save-set-spec device-spec

/PHYSICAL/COMPARE device-spec device-spec

/PHYSICAL/COMPARE save-set-spec device-spec

Description

In a BACKUP compare operation, the first parameter can be a Files–11 file or a wildcard character representing a set of files, a BACKUP save set on disk or magnetic tape, a tape device, or a disk device. The second parameter must be a Files–11 disk file, a wildcard character representing a set of files or a Files–11 disk device, unless you specify the command qualifier /PHYSICAL. When you specify /PHYSICAL, and the first parameter specifies a disk device, both disks in the compare operation must be mounted with the /FOREIGN qualifier.

BACKUP displays the following error message if it encounters a difference between files it compares:
%BACKUP-E-VERIFYERR, verification error for …

Use the /COMPARE qualifier to compare a save set with original files or to compare files or volumes copied using BACKUP with original files. Because BACKUP processes files by blocks, comparing files not produced by BACKUP is likely to cause mismatch errors in files that are apparently identical.

If you do not specify a version number with the file specification, the default is ;* (the asterisk wildcard character), which processes all versions of the file.

Both parameters in a compare operation are input specifiers.

If you are comparing two entire Files–11 volumes, use an image compare operation, as follows:
$ BACKUP/IMAGE/COMPARE DBA1: DBA2:

You cannot use the command qualifier /DELETE or /RECORD in compare operations.

Do not perform compare operations on files that were restored or copied using the output file qualifier /NEW_VERSION because this qualifier causes version numbers to change.

Examples

  1. $ BACKUP/COMPARE JAZZ.DAT BLUES.DAT

    This example compares two Files–11 files. Because no version number is specified, BACKUP compares all versions of each file.

  2. $ BACKUP/COMPARE/IMAGE MTA0:SWING.BCK DBA2:

    This example compares an image save set stored on magnetic tape and a Files–11 volume.

/CONFIRM

/CONFIRM — Input File-Selection Qualifier: Displays prompts on your terminal for confirmation before processing each file. If you want the file to be processed, enter Y or YES and press Return.

Syntax

input-specifier/CONFIRM output-specifier

Example

$ BACKUP *.LIS/CONFIRM/LOG  DLA2:LIST.BCK/SAVE_SET
DISK$DEFAULT:[WONDER]CRE.LIS;1, copy? (Y or N): Y
%BACKUP-S-COPIED, copied DISK$DEFAULT:[WONDER]CRE.LIS;1
DISK$DEFAULT:[WONDER]CRETIME.LIS;1, copy? (Y or N): Y
%BACKUP-S-COPIED, copied DISK$DEFAULT:[WONDER]CRETIME.LIS;1
DISK$DEFAULT:[WONDER]EXC.LIS;1, copy? (Y or N): Y
%BACKUP-S-COPIED, copied DISK$DEFAULT:[WONDER]EXC.LIS;1
DISK$DEFAULT:[WONDER]REB.LIS;1, copy? (Y or N): N
DISK$DEFAULT:[WONDER]SETREB.LIS;1, copy? (Y or N): Y
%BACKUP-S-COPIED, copied DISK$DEFAULT:[WONDER]SETREB.LIS;1
DISK$DEFAULT:[WONDER]VERS.LIS;1, copy? (Y or N): N
 .
 .
 .
$

This command locates all files with a file type of .LIS and prompts for confirmation before saving each file to LIST.BCK on DLA2. The command qualifier /LOG displays information about each file as it is processed. Note that you must use the output save-set qualifier /SAVE_SET when creating a save set on disk.

/CONVERT

/CONVERT — Input File-Selection Qualifier: Converts ODS-5 file names to ODS-2 file names. To preserve the output volume as ODS-2, you must also use the /NOINIT qualifier. Be aware that all ODS-5 file attributes are lost if you convert from an ODS-5 file name to an ODS-2 file name. You can also use the /NOCONVERT qualifier.

Syntax

input-specifier/CONVERT output-specifier

Example

$ BACKUP/LOG/CONVERT/IMAGE DKA500: DKA200:[000000]IMAGE.BCK/SAVE

The command in this example creates an ODS-2 image save set from an ODS-5 disk. The save set can be read by a system running a version of OpenVMS prior to Version 7.2.

/CRC

/CRC — Input or Output Save-Set Qualifier: As an input save-set qualifier, /CRC causes the software cyclic redundancy check (CRC) encoded in the save set's data blocks to be checked (/CRC) or ignored (/NOCRC). If you ignore the CRC encoding, you reduce processing time at the risk of increasing data error. As an output save-set qualifier, /CRC specifies that software CRC checking code is to be computed and stored in the data blocks of the output save set. To disable CRC checking, use the /NOCRC qualifier. Input Save-Set Qualifier: See a separate description of /CRC as an output save-set qualifier. Specifies that the software cyclic redundancy check (CRC) is to be performed.

Syntax

input-save-set-spec/[NO]CRC output-specifier

Description

The default is /CRC. To disable CRC checking, specify /NOCRC; note that use of /NOCRC reduces processing time but increases the risk of data loss.

Example

$ BACKUP MTA2:988SAVE.BCK/NOCRC []

This command restores the save set 988SAVE.BCK to the current default directory, indicated by ([]); the input save-set qualifier /NOCRC disables CRC.

/CRC

/CRC — Output Save-Set Qualifier: See a separate description of /CRC as an input save-set qualifier. Specifies whether the software cyclic redundancy check (CRC) is to be computed and stored in the data blocks of the output save set.

Syntax

input-specifier output-save-set-spec/[NO]CRC

Description

The default is /CRC. To disable checking, use /NOCRC; note that use of /NOCRC reduces processing time but increases the risk of data loss.

Example

$ BACKUP/RECORD []/SINCE=BACKUP MTA2:988SAVE.BCK/NOCRC

This command saves all files in the current default directory that have been created or modified since the last BACKUP/RECORD operation to the save set 988SAVE.BCK; the output save-set qualifier /NOCRC disables cyclic redundancy checking.

/CREATED

/CREATED — Input File-Selection Qualifier: Selects files according to the value of the creation date field in each file header record.

Syntax

input-specifier/BEFORE=time/CREATED output-specifier

input-specifier/SINCE=time/CREATED output-specifier

Description

You must use either the /BEFORE qualifier or the /SINCE qualifier with /CREATED. The date and time you specify with /BEFORE or /SINCE determine which files should be processed.

You cannot use /CREATED with the /BACKUP, /MODIFIED, or /EXPIRED qualifiers.

Example

$ BACKUP *.SDML/SINCE=YESTERDAY/CREATED DLA2:[SAVEDIR]/SAVE_SET

The command in this example saves all files with a file type of .SDML created since yesterday (24 hours before midnight last night).

/DATA_FORMAT

/DATA_FORMAT — Command Qualifier: Creates and restores compressed save sets. You can specify the /DATA_FORMAT qualifier anywhere on the BACKUP command line.

Syntax

/DATA_FORMAT=COMPRESS=algorithm

Description

For compression support specify /DATA_FORMAT=COMPRESS with the algorithm name. The compression algorithm should be mentioned with the qualifier, as of now only one algorithm is supported (that is DEFLATE) and used as default.

Note

The BACKUP compression is supported only for save set file operation on disk and sequential devices.

Examples

  1. $ BACKUP/DATA_FORMAT=COMPRESS SYS$SYSTEM:*.EXE DKA0:[000000]SAVESET.BCK/SAVE

    This command saves the system executable file (SYS$SYSTEM:*.EXE) to a save set named SAVESET.BCK on to the disk DKA0. Since, no compression algorithm is specified the default DEFLATE compression algorithm is used to compress the data.

  2. $ BACKUP/DATA_FORMAT=COMPRESS=DEFLATE /IMAGE/RECORD DKA0: $2$MGA0:SUT746.BCK/SAVE

    This command creates the image backup of the disk DKA0 in the save set named SUT746.BCK on the magnetic tape labeled SUT746. Since the qualifier /DATA_FORMAT=COMPRESS is mentioned the created save set is compressed with this algorithm.

  3. $ BACKUP/DATA_FORMAT=COMPRESS SAVESET.BCK/SAVE DKA100:[000000...]

    In this command, the save set SAVESET.BCK is restored to the directory tree DKA0:[000000]. /DATA_FORMAT=COMPRESS qualifier is specified here, in case if the save set is an uncompressed save set the qualifier is ignored and restore operation is continued.

    On the other hand, if save set is compressed and /DATA_FORMAT= COMPRESS is not specified during restore, BACKUP identifies the save set as a compressed save set and restores it successfully.

/DELETE

/DELETE — Command Qualifier: Specifies that a BACKUP save or copy operation is to delete the selected input files from the input volume after all files have been successfully processed.

Syntax

/DELETE file-spec save-set-spec

Description

The /DELETE qualifier is valid only when used in a BACKUP save or copy operation. You must have sufficient privilege to delete files; if you do not, files protected against deletion are not deleted. If you use the command qualifier /VERIFY with /DELETE, files that fail verification are not deleted.

You cannot use /DELETE with the /PHYSICAL, /RECORD or /COMPARE command qualifiers.

Examples

  1. $ BACKUP/DELETE BOP.DAT MTA0:BOP.BCK/LABEL=DANCE

    In this example, the file BOP.DAT will be deleted after the save set BOP.BCK is successfully created on MTA0.

  2. $ BACKUP/VERIFY/DELETE RAY.DAT,JOE.DAT,ELLA.DAT MTA0:OSCAR.BCK/LABEL=FRIEND

    The BACKUP command deletes the selected list of files in this example after saving them to OSCAR.BCK on MTA0 and comparing the output save set with the input files. If BACKUP detects a difference between the contents of the output save set and the input file, the input file is not deleted.

/DENSITY

/DENSITY — Output Save-Set Qualifier: Specifies the recording density of the output magnetic tape. Use a value that is supported by the magnetic tape drive. If you do not specify the /DENSITY qualifier, the default density is the current density of the magnetic tape drive. You must specify the output save-set qualifier /REWIND with /DENSITY.

Syntax

input-specifier output-save-set-spec/DENSITY=keyword

Description

The following table shows the densities that are supported for tapes.

Keyword

Meaning

DEFAULT

Default density

800

NRZI 800 bits per inch (BPI)

1600

PE 1600 BPI

6250

GRC 6250 BPI

3480

IBM 3480 HPC 39872 BPI

3490E

IBM 3480 compressed

833

DLT TK50: 833 BPI

TK50

DLT TK50: 833 BPI

TK70

DLT TK70: 1250 BPI

6250

RV80 6250 BPI EQUIVALENT

NOTE: Only the symbols listed above are understood by TMSCP/TUDRIVER code prior to OpenVMS Version 7.2. The remaining values in this table are supported only on Alpha and Integrity server systems.

TK85

DLT Tx85: 10625 BPI – Cmpt III - Alpha and Integrity servers only

TK86

DLT Tx86: 10626 BPI – Cmpt III - Alpha and Integrity servers only

TK87

DLT Tx87: 62500 BPI – Cmpt III - Alpha and Integrity servers only

TK88

DLT Tx88: (Quantum 4000) – Cmpt IV - Alpha and Integrity servers only

TK89

DLT Tx89: (Quantum 7000) – Cmpt IV - Alpha and Integrity servers only

QIC

All QIC drives are drive-settable only - Alpha and Integrity servers only

8200

Exa-Byte 8200 - Alpha and Integrity servers only

8500

Exa-Byte 8500 - Alpha and Integrity servers only

DDS1

Digital Data Storage 1 – 2G - Alpha and Integrity servers only

DDS2

Digital Data Storage 2 – 4G - Alpha and Integrity servers only

DDS3

Digital Data Storage 3 – 8-10G - Alpha and Integrity servers only

DDS4

Digital Data Storage 4 - Alpha and Integrity servers only

AIT1

Sony Advanced Intelligent Tape 1 - Alpha and Integrity servers only

AIT2

Sony Advanced Intelligent Tape 2 - Alpha and Integrity servers only

AIT3

Sony Advanced Intelligent Tape 3 - Alpha and Integrity servers only

AIT4

Sony Advanced Intelligent Tape 4 - Alpha and Integrity servers only

DLT8000

DLT 8000 - Alpha and Integrity servers only

8900

Exabyte 8900 - Alpha and Integrity servers only

SDLT

SuperDLT1 - Alpha and Integrity servers only

SDLT320

SuperDLT320 - Alpha and Integrity servers only

Note that tape density keywords cannot be abbreviated.

The value that you specify must be supported by your magnetic tape hardware. If you omit this qualifier, the default density is the current density on the output tape drive.

The /DENSITY qualifier is incompatible with the output save-set qualifier /NOREWIND. You must specify the output save-set qualifier /REWIND to initialize the magnetic tape when using the /DENSITY qualifier. When you specify /DENSITY/REWIND, BACKUP rewinds the tape to the beginning-of-tape. Then BACKUP initializes the tape with the new density, removing access to all data that previously resided on the tape.

Example

$ BACKUP *.PAS MTA2:SAVEPAS.BCK/DENSITY=1600/REWIND/LABEL=PASCAL

The magnetic tape on drive MTA2: is initialized. All files with a file type of .PAS in the current default directory are saved to the save set SAVEPAS.BCK. The /DENSITY qualifier sets the recording density to 1600 bits/in.

/ENCRYPT

/ENCRYPT — Command Qualifier: Creates and restores encrypted save sets. Specify the /ENCRYPT qualifier anywhere on the BACKUP command line. Standalone BACKUP, which is a version of the BACKUP utility that runs without the support of the OpenVMS operating system, does not support the /ENCRYPT qualifier.

Syntax

/ENCRYPT=([key] [,ALGORITHM=algorithm])

Description

Optionally, you can specify either a key name or a key value, but not both. If you have already defined a key value using the DCL command ENCRYPT/CREATE_KEY, you can specify /ENCRYPT=NAME= key-name to identify the key name that was created and stored in the key storage table.

To define a key value interactively, specify /ENCRYPT=VALUE= key-value, where key-value is one of the following:
  • 1 to 243 alphanumeric characters enclosed in quotation marks ( ). Dollar signs ($) and underscores (_) are valid characters. The key is not case sensitive.

  • A hexadecimal constant using the digits 0 to 9 and A to F.


Note

For additional security, specify the /ENCRYPT qualifier with no parameters and press Return. The command prompts you for a key value. When you enter a value, the software does not echo what you type and, for verification, prompts you to retype the value.

ALGORITHM Keyword

Optionally, you can use ALGORITHM= algorithm to specify DES or AES algorithms:
  • Data encryption standard (DES)

    Use DES to encrypt the initialization vector and the key you supply. Possible values for algorithm are as follows:
    • DESCBC (default) — Cipher block chaining

    • DESECB — Electronic code book

    • DESCFB — Cipher feedback

  • Advanced encryption standard (AES)

    Use an AES algorithm to encrypt both the data and the user-provided key using the AES algorithm. Possible values for algorithm are as follows:
    • AESCBC — Cipher block chaining

    • AESECB — Electronic code book

    • AESCFB — Cipher feedback

    • AESOFB — Output feedback

    You can also specify one of the following three lengths for AES:
    • 128
    • 192
    • 256

    When you use an AES value, BACKUP places the result of the encryption operation in the save set as a BACKUP attribute subrecord of the BACKUP summary record. At the time of a save set restore or listing operation, BACKUP uses the key you supplied to get to the encrypted key to decrypt the data key and the initialization vector value.

Using /ENCRYPT and /SAVE_SET Qualifiers

The BACKUP command qualifier /SAVE_SET is both an input save set qualifier and an output save set qualifier, as follows:
  • When you specify the /SAVE_SET and /ENCYRPT qualifiers with an output save set specification, BACKUP writes file data (including file names and attributes) in an encrypted form into the save set.

  • When you specify /SAVE_SET with an input save set specification, BACKUP uses the decryption key specified to access the file name, attributes, and data from the save set records. The ENCRYPT option decrypts the data files after BACKUP reads the data files from the save set media and processes them according to the remaining qualifiers of the BACKUP command.

Restoring Files

When you encrypt a save set, BACKUP does not store the encryption key in the save set header. Consequently, to decrypt an encrypted save set, specify /ENCRYPT in the restore operation so that BACKUP searches for the data encryption control record.

If you restore an unencrypted save set and mistakenly specify /ENCRYPT, BACKUP ignores the incorrect qualifier. If you try to restore an encrypted save set without the /ENCRYPT qualifier or with a key name, the system displays the following error message:
 %BACKUP-F-ENCSAVSET, save set is encrypted, /ENCRYPT must be specified.
BACKUP tries to decrypt an encrypted save set by:
  1. Decrypting the encryption data saved in an attribute subrecord.

  2. Comparing a 32-bit checksum of the decrypted data key with the stored value.

  3. If there is a match, BACKUP assumes the data key is valid and restores the save set.

  4. If BACKUP finds a mismatch, which is likely if the data key or algorithm you specified in the BACKUP command is incorrect, the utility displays the following error message:


%BACKUP-F-ENCKEYMAT, the supplied decryption key does not yield a readable  save set

Examples

  1. $ ENCRYPT/CREATE_KEY my_key "This is my private encryption key"/AES/LOG
    %ENCRYPT-S-KEYDEF, key defined for key name = MY_KEY
    $ BACKUP *.COM COMS.BCK/SAVE/ENCRYPT=(name=my_key,alg=AES_/LOG)

    This example creates an encrypted save set.

  2. $ BACKUP *.COM COMS.BCK/SAVE/ENCRY=ALG=AES
    Enter key value:
    Verification:
    $

    In this example, the BACKUP command line does not contain a key name or key value; therefore, BACKUP prompts for an encryption key.

  3. $ BACKUP DKA100: DKA100.BCK/SAV/IMA/ENCRY=(VALUE="THIS IS MY  ENCRYPTION KEY")

    In this example, the image BACKUP of DKA100 is encrypted in a save set with a key value that uses the default DESCBC algorithm.

  4. $ BACKUP DKA100: DKA100.BCK/SAV/IMA/ENCRY=(VALUE="THIS IS MY  ENCRYPTION KEY",ALGO=AESCFB192)

    In this example, the image BACKUP of DKA100 is encrypted in a saveset with a key value that uses the AESCFB algorithm with a 192-bit encryption key.

/EXACT_ORDER

/EXACT_ORDER — Output Save-Set Qualifier: Depending on the other qualifiers you specify on the command line, the /EXACT_ORDER qualifier allows you to perform the following actions: specify the exact order of tape volume labels that you want to use in a BACKUP operation, preserve the existing volume label on a tape, prevent previous volumes of a multivolume save operation from being overwritten.

Syntax

input-specifier output-save-set-spec/EXACT_ORDER

Description

The /EXACT_ORDER qualifier allows you to perform the following actions:
  • Specify the exact order of tape volume labels that you want to use in a BACKUP operation. You must use the /LABEL=(label1,label2,...) qualifier to specify the order of the labels. BACKUP continues the operation as long as the label of the tape in the drive matches the corresponding label on the command line. If you do not specify enough labels on the command line to complete the operation, BACKUP prompts you to enter a label for the tape in the drive.

  • Preserve the existing volume label on a tape. If you do not use the /LABEL qualifier on the command line and the tape has an ANSI label, BACKUP uses the existing label.

  • Prevent previous volumes of a multivolume save operation from being overwritten. BACKUP keeps track of the volume labels you have already used in the operation. If you accidentally mount one of the previous volumes, BACKUP displays the following error message:
    %BACKUP-W-MOUNTERR, volume 1 on MKB100: was not mounted
      because its label does not match the one requested
      Volume with label TAPE1 was already used in this save
      operation. Specify option (QUIT or NEW tape)
      BACKUP>
Note the following restrictions when you use the /EXACT_ORDER output qualifier:
  • If you use the /EXACT_ORDER qualifier, you cannot specify a label longer than six characters on the command line. If you specify a label longer than six characters, BACKUP displays the following error message:
    %BACKUP-F-INVQUAVAL, value 'label_name' invalid for
     /LABEL qualifier
  • You cannot use the /IGNORE=LABEL_PROCESSING qualifier with the /EXACT_ORDER qualifier.

  • If you use the /LABEL qualifier with the /EXACT_ORDER qualifier, you cannot specify duplicate labels.

The default is /NOEXACT_ORDER.

Examples

  1. $ BACKUP/IMAGE/RECORD/VERIFY/NOASSIST
    _From: DKA100:
    _To: MKB100:MAR11.SAV/LABEL=(TAPE1,TAPE2,TAPE3)/EXACT_ORDER
    This example uses the /EXACT_ORDER qualifier to specify the exact order of labels for the BACKUP operation. Note that if you specify the /ASSIST qualifier, BACKUP would display messages on the operator terminal. BACKUP performs the following actions:
    1. Compares the volume label of the tape in MKB100: with the first label that you specified on the command line (TAPE1). If the labels match exactly, BACKUP begins the save operation. If the labels do not match or if the tape does not have an ANSI label, BACKUP displays the following message:
      %BACKUP-W-MOUNTERR, volume 1 on MKB100: was not mounted
        because its label does not match the one requested
       %BACKUP-W-EXLABEER, volume label processing failed
        because volume TAPE4 is out of order, Volume label
        TAPE1 was expected. Specify option (QUIT, NEW tape,
        OVERWRITE tape, USE loaded tape)
       BACKUP> OVERWRITE

      Depending on the option you specify, you can quit the backup operation (QUIT), dismount the old tape and mount a new one (NEW), overwrite the label and the data on the tape (OVERWRITE), or write the data to the tape using the loaded tape's label (USE).

    2. When the operation fills the first tape, it displays the following message:
      %BACKUP-I-RESUME, resuming operation on volume 2
      %BACKUP-I-READYWRITE, mount volume TAPE2 on MKB100:
        for writing. Respond with YES when ready:
    3. When you load the second tape and enter YES, BACKUP compares the label of the second tape with the second label you specified on the command line (TAPE2) just as it did in step 1a.

    4. Assuming the volume labels match, BACKUP continues processing until it completes the operation or runs out of volume labels. If you do not specify enough labels on the command line to complete the operation, BACKUP prompts you to enter a label for the tape in the drive as follows:
      %BACKUP-W-MOUNTERR, volume 4 on MKB100: was not mounted
        because the label was not specified
        Specify EXACT_ORDER label (up to 6 characters)
      BACKUP>

      BACKUP then compares the label on the tape with label you specify as described previously.

  2. $ BACKUP/IMAGE/RECORD/VERIFY/NOASSIST
    _From: DKA100:[TEST]
    _To: MKB100:MAR11.SAV/EXACT_ORDER
    Because this example does not use the /LABEL qualifier, BACKUP uses the existing label on the tape. If the tape does not have an ANSI label, and it is the first tape in the operation, BACKUP displays the following error message:
    %BACKUP-F-NOTANSI, tape is not valid ANSI format
    If the tape does not have an ANSI label, and is not the first tape in the operation, BACKUP displays the following error message prompting you to specify a label:
    %BACKUP-W-MOUNTERR, volume 2 on MKB100: was not mounted
      because the label was not specified
      Specify EXACT_ORDER label (up to 6 characters)
    BACKUP>

    BACKUP checks to make sure you specify a valid label. If the label is not valid (for example, longer than six characters), BACKUP displays an error message. In previous versions of the OpenVMS operating system, BACKUP truncated long volume labels.

/EXCLUDE

/EXCLUDE — Input File-Selection Qualifier: Excludes files that otherwise meet the selection criteria for a save or copy operation. The excluded files are not processed.

Syntax

input-specifier/EXCLUDE=(file-spec[,...]) output-specifier

Description

If you specify more than one file, separate the file specifications with commas and enclose the list in parentheses. Do not use a device specification when defining the files to be excluded. You can use most standard wildcard characters, but you cannot use wildcard characters denoting latest versions of files (;) or relative versions of files (;-n).

Note that BACKUP does not apply temporary file specification defaults within the list. Each file specification independently takes its defaults from the file specification [000000 …]*.*;*.

If you specify directory files (files with the file type .DIR), your command is processed but the directory files are not excluded (they are processed). BACKUP uses directory files to facilitate incremental restore operations.

You cannot use the /EXCLUDE qualifier in image restore operations.

Example

$ BACKUP
_From: DRA2:[CONTRACTS]/BEFORE=TODAY/EXCLUDE=(*.OBJ,*.MAI)
_To: MFA0:CONTRACT.BCK/LABEL=DLY102

All files in the directory [CONTRACTS] that have a modification date prior to today (the current day, month, and year at 00:00:00.0 o'clock) are saved to the save set CONTRACT.BCK on drive MFA0, except for those with a file type of .OBJ or .MAI.

/EXPIRED

/EXPIRED — Input File-Selection Qualifier: Selects files according to the value of the expiration date field in each file header record.

Syntax

input-specifier/BEFORE=time /EXPIRED output-specifier

input-specifier/SINCE=time /EXPIRED output-specifier

Description

You must use the input file-selection qualifier /BEFORE or /SINCE with /EXPIRED. The date and time you specify to /BEFORE or /SINCE determines which files are processed.

You cannot use /EXPIRED with the input file-selection qualifiers /BACKUP, /MODIFIED, or /CREATED.

Example

$ BACKUP [CONTRACTS]/BEFORE=TOMORROW/EXPIRED MTA1:30DEC.BCK/LABEL=WK04 

This command saves all files in the directory [CONTRACTS] that have an expiration date prior to tomorrow (24 hours after midnight last night) to a save set named 30DEC.BCK.

/FAST

/FAST — Command Qualifier: Processes the input specifier using a fast file scan to reduce processing time. The input specifier must be a Files–11 disk.

Syntax

/FAST input-specifier output-specifier

Description

The fast file scan reads the index file on the Files–11 disk specified by the input specifier and creates a table of files that match the qualifiers you specified.

When you use the /FAST qualifier to save a disk, ALIAS directory trees are not processed. Only the primary files that the ALIAS points to are saved. Depending on the number of ALIAS directory specifications there are on the disk, this may increase performance by reducing the number of files BACKUP checks for processing. A message is displayed for each ALIAS directory or file that is not processed.

To perform a fast file scan, you need write access to the INDEXF.SYS file on the input medium, or the input medium must be write-locked. This requirement is necessary because BACKUP opens the index file to synchronize with the file system, whether or not any update is made.

A fast file scan is most useful when the input specifier includes most of the files on the volume, and file-selection qualifiers (such as those that pertain to date or owner) specify a relatively small set of the files named. Because image operations implicitly use the fast file scan, the /FAST qualifier is ignored if used with the command qualifier /IMAGE.

You cannot use /FAST in restore operations.

Example

$ BACKUP/FAST
_From: DBA1:[*...]/MODIFIED/SINCE=TODAY
_To: MTA0:13NOVBAK.BCK,MTA1:/LABEL=WK201

In this example, all files on the disk DBA1 that have been modified today are saved to a multireel tape save set named 13NOVBAK.BCK. The /FAST qualifier is used to reduce processing time.

/FILES_SELECTED

/FILES_SELECTED — Input File-Selection Qualifier: Specifies a file that contains a list of the files that will be selected when a save set is restored.

Syntax

input-specifier /FILES_SELECTED=file-spec output-specifier

Description

The /FILES_SELECTED qualifier allows you to specify a file that contains a list of the files that are to be selected when a save set is restored. You can use this qualifier in place of the /SELECT qualifier to select files to restore from a save set.

Do not use a device specification when you list the files to be selected. In the list of files, enter one OpenVMS file specification per line. You can use most standard wildcard characters, but you cannot use wildcard characters denoting the latest version of files (;) and relative versions of files (;- n).

Example

$ BACKUP INFO.BCK/SAVE_SET/FILES_SELECTED=RFILE.DAT []
The command in this example selects the files in RFILE.DAT and restores them to the current default directory. The RFILE.DAT file contains the following entries:
    [INFO]RESTORE.COM
    [PAYROLL]BADGE.DAT
    EMPLOYEE.DAT

/FULL

/FULL — Command Qualifier: Lists the file information produced by the command qualifier /LIST in the format provided by the DCL command DIRECTORY/FULL.

Syntax

/LIST/FULL input-specifier output-specifier

Description

The /FULL qualifier is valid only with the command qualifier /LIST.

If you do not specify /FULL with /LIST, the /LIST qualifier uses the default command qualifier /BRIEF and lists only the file specification, size, and creation date of each file. When you specify /FULL, the list includes more information from the file header records, such as the BACKUP date, date of last modification, number of blocks allocated to the file, file protection and organization, and record attributes.

Example

$ BACKUP/LIST/FULL MTA1:ROCK.BCK
Listing of save set(s)

Save set:          ROCK.BCK
Written by:        RINGO
UIC:               [000200,000300]
Date:              20-AUG-2002 15:39:38.89
Command:           BACKUP [.STONES] MTA0:ROCK.BCK/LABEL=BACKUP
Operating system:  OpenVMS Alpha Version V7.3-1
BACKUP version:    V7.3-1
CPU ID register:   08000000
Node name:         _SUZI::
Written on:        _MTA0:
Block size:        8192
Group size:        10
Buffer count:      30

[RINGO.STONES]GRAPHITE.DAT;1
                  Size:       1/1         Created: 18-AUG-2002 14:10
                  Owner: [000200,000200]  Revised: 18-AUG-2002 14:10 (2)
                  File ID: (91,7,1)       Expires: [None specified]
                                          Backup:  [No backup done]
  File protection:    System:RWED, Owner:RWED, Group:RE, World:
  File organization:  Sequential
  File attributes:    Allocation = 1, Extend = 0
                      Global Buffer Count = 0
  Record format:      Variable length, maximum 255 bytes
  Record attributes:  Carriage return

[RINGO.STONES]GRANITE.DAT;1 
                      Size:    1/1        Created: 18-AUG-2002 14:11
                      Owner: [000200,000200]  Revised: 18-AUG-2002 14:11 (2)
                      File ID: (92,9,1)       Expires: [None specified]
                                              Backup:  [No backup done]
  File protection:    System:RWED, Owner:RWED, Group:RE, World:
  File organization:  Sequential
  File attributes:    Allocation = 1, Extend = 0
                      Global Buffer Count = 0
  Record format:      Variable length, maximum 255 bytes
  Record attributes:  Carriage return
 .
 .
 .
Total of 4 files, 16 blocks
End of save set

The command in this example lists the files in save set MTA1:ROCK.BCK in full format.

/GROUP_SIZE

/GROUP_SIZE — Output Save-Set Qualifier: Defines the number of blocks BACKUP places in each redundancy group.

Syntax

input-specifier output-save-set-spec/GROUP_SIZE=n

Description

BACKUP writes redundant information to output save sets to protect against data loss. Using the redundant information, BACKUP can correct one uncorrectable read error in each redundancy group.

The /GROUP_SIZE qualifier specifies the number of output blocks written to each redundancy group. The value of n can be 0 to 100. The default value is 10. If you define a value of 0 for /GROUP_SIZE, no redundancy groups are created for the save set.

Example

$ BACKUP/RECORD DBA1:[*...]/SINCE=BACKUP TAPE:SAVEWORK.BCK/GROUP_SIZE=5

This BACKUP command saves all files in the current default directory tree that have been modified since the last BACKUP/RECORD operation; the /GROUP_SIZE defines the redundancy group size as 5 blocks.

/HEADER_ONLY

/HEADER_ONLY — Input File-Selection Qualifier: Specifies that only the file headers of a file are to be saved in a BACKUP operation.

Syntax

input-specifier /HEADER_ONLY=option output-specifier

Description

The /HEADER_ONLY qualifier specifies that the Backup utility is to save only the file header of a shelved or a preshelved file in a BACKUP operation.

When a file is shelved, the data in the file is shelved, but the file header is retained. Users shelve files to save disk space. (In addition, users might preshelve files to save time by performing shelving operations ahead of time.)

In a BACKUP save operation, the default behavior is to unshelve files before backing them up. This brings back the file data online, so that, when the BACKUP operation is performed, the entire file is backed up (not just the file header). The only exception to the BACKUP default behavior is in operations that use the /PHYSICAL or /IMAGE qualifier. For those operations, the file remains in the file shelved state.

For more information about file shelving and preshelving, see the Hierarchical Storage Management (HSM) documentation.

Use the following options with the /HEADER_ONLY qualifier:

Option

Description

SHELVED

Saves only the file header of a shelved file.

NOSHELVED

Saves both the file header and the file data of a shelved file. (This causes the file to be unshelved.)

PRESHELVED

Saves only the file header of a preshelved file.

NOPRESHELVE

Saves both the file header and the file data of a preshelved file.

Examples

  1. $ BACKUP [INFO]/HEADER_ONLY=(SHELVED) MKA600:INFO.BCK/SAVE_SET

    The command in this example saves all files in the directory [INFO] to a tape drive save set named INFO.BCK. The shelved files in [INFO] will not be unshelved. Only their file headers will be saved to save set INFO.BCK because the /HEADER_ONLY=(SHELVED) qualifier is specified.

  2. $ BACKUP [INFO]/HEADER_ONLY=(SHELVED,PRESHELVED)  MKA600:INFO.BCK/SAVE_SET

    This command saves all files in the directory [INFO] to a tape drive save set named INFO.BCK. The files saved from [INFO] will not be unshelved because the HEADER_ONLY=(SHELVED,PRESHELVED) qualifier is specified. The save set INFO.BCK will contain only the file headers of files that are shelved or preshelved.

  3. $ BACKUP/IMAGE DUA0: MKA600:INFO.BCK/SAVE_SET

    The command in this example saves all files on the disk DKA0:. Because the /IMAGE qualifier is specified, only the file headers of files that are shelved or preshelved are saved to INFO.BCK.

  4. $ BACKUP [INFO] MKA600:INFO.BCK/SAVE_SET

    The command in this example saves all files in the directory [INFO] to a tape drive save set named INFO.BCK. The files saved from [INFO] will be unshelved (the default). The save set INFO.BCK will contain both the file header and the data of files that are shelved or preshelved.

/IGNORE

/IGNORE — Command Qualifier: Specifies that a BACKUP save or copy operation will override restrictions placed on files or will not perform tape label processing checks. File system interlocks are expressly designed to prevent data corruptions, and to allow applications to detect and report data access conflicts. Use of the INTERLOCK keyword overrides these file data integrity interlocks. The data that BACKUP subsequently transfers can then contain corrupted data for open files. Also, all cases in which these data corruptions can occur in the data that BACKUP transfers are not reliably reported to you; in other words, silent data corruptions are possible within the transferred data.

Syntax

/IGNORE=option input-specifier output-specifier

Description

The /IGNORE= qualifier has the following options:

ACCESSIBILITY

Processes files on a tape that is protected by a volume accessibility character, or on a tape created by HSC Backup. The option applies only to tapes. It affects the first tape mounted and all subsequent tapes in the save set.

INTERLOCK

Processes files that otherwise cannot be processed due to file access conflicts. Use this option to save or copy files currently open for writing. No synchronization is made with the process writing the file, so the file data that is copied might be inconsistent with the input file, depending on the circumstances (for example, if another user is editing the file, the contents might change). When a file open for writing is processed, BACKUP issues the following message:
%BACKUP-W-ACCONFLICT, 'filename' is open for write by another user.

The INTERLOCK option is especially useful if you have files that are open so much of the time that they might not otherwise be saved. The use of this option requires the user privilege SYSPRV, a system UIC, or ownership of the volume.

See the Note before this table for more information about this keyword.

LABEL_PROCESSING

Saves or copies the contents of files to the specified magnetic tape volume regardless of the information contained in the volume header record. BACKUP does not verify the volume label or expiration date before writing information to the tape volume. Note that you cannot use this option with the /EXACT_ORDER qualifier.

LIMIT

Prevents the target device from inheriting the volume expansion limit.

NOBACKUP

Saves or copies both the file header record and the contents of files marked with the NOBACKUP flag by the /NOBACKUP qualifier of the DCL command SET FILE. If you do not specify this option, BACKUP saves only the file header record of files marked with the NOBACKUP flag.

Examples

  1. $ BACKUP/IGNORE=INTERLOCK
    _From: DUA0:[SUSAN...]
    _To: MTA0:SONGBIRD.BCK/LABEL=TAPE01

    This command saves an entire directory tree and the files in all subdirectories, including any files that are open.

  2. $ BACKUP/IGNORE=LABEL_PROCESSING *.*;* MFA1:MYFILES.BCK/REWIND

    This command rewinds the tape in drive MFA1 to the beginning-of-tape marker, initializes the tape, and creates a save set containing all files in the user's current directory. The command qualifier /IGNORE=LABEL_PROCESSING specifies that no tape label processing checks are done before BACKUP initializes the tape. When the tape is initialized, access to data that previously resided on the tape is lost.

  3. $ INITIALIZE/LABEL=VOLUME_ACCESSIBILITY:"K" MUA1: 29JUN
    $ BACKUP/IGNORE=(ACCESSIBILITY)
    _From:  DUA0:[BOOKS...]
    _To: MUA1:BACKUP.SAV /LABEL=29JUN

    The INITIALIZE command in this example initializes the tape with an accessibility character (K) and a volume label (29JUN). The BACKUP command mounts the tape, regardless of the accessibility, and performs the BACKUP operation. For more information about tape protection, see the VSI OpenVMS System Manager's Manual.

  4. $ BACKUP/LOG/IMAGE/CONVERT DKA500:[000000]IMAGE.BCK/SAVE DKA200:/NOINIT
    %BACKUP-I-ODS5CONV, structure level 5 files will be converted to structure
            level 2 on DKA200:
    -BACKUP-I-ODS5LOSS, conversion may result in loss of structure level 5
            file attributes
    %BACKUP-S-CREATED, created DKA200:[000000]000000.DIR;1
    %BACKUP-S-CREATED, created DKA200:[000000]BACKUP.SYS;1
    %BACKUP-S-CREATED, created DKA200:[000000]CONTIN.SYS;1
    %BACKUP-S-CREATED, created DKA200:[000000]CORIMG.SYS;1
    %BACKUP-S-CREATED, created DKA200:[000000]SECURITY.SYS;1
    %BACKUP-S-CREATED, created MDA2:[000000]TEST_FILES.DIR;1
    %BACKUP-S-CREATEDAS, created DKA200:[TEST_FILES]SUB^_^{DIR^}.DIR;1 as
            DKA200:[TEST_FILES]SUB$$DIR$.DIR;1

    You can use commands like the ones in the example if you have an image backup of an ODS-5 disk, and you want to restore it to an ODS-2 disk. In the command line in the example, IMAGE.BCK is the ODS-5 save set, and DKA200: is the ODS-2 disk. When you use this conversion method, you must preinitialize the output disk to ODS-2 and then include the /NOINIT qualifier in your command line.

/IMAGE

/IMAGE — Command Qualifier: Directs BACKUP to process an entire volume or volume set. Beginning in Version 8.2, this qualifier has been supported for Integrity servers disk. The image of an Integrity servers disk can be saved and restored on either Alpha or Integrity servers.

Syntax

/IMAGE input-specifier output-specifier

Description

To use the /IMAGE qualifier, you need write access to the volume index file (INDEXF.SYS) and the bit map file (BITMAP.SYS), or the input medium must be write-locked. BACKUP opens the index file to synchronize with the file system (no update is made). Finally, you must have read access to all files on the input medium.

You can receive a fatal error if you use /IMAGE with the qualifier.

When you use the /IMAGE qualifier to save to a disk, alias directory trees are not processed.

Note

The input and output devices in an image operation must be different except in an image save operation when the output device is a Files–11 disk save set.

If the output volume is a disk, all files on the output volume are stored contiguously. Contiguous storage of files eliminates disk fragmentation and creates contiguous free blocks of disk space.

Because all files on the input volume are processed, you cannot use input file-selection qualifiers in image copy or save operations. You can, however, restore files and directories selectively from an image save set.

When performing image operations on volume sets (more than one volume), the number of volumes specified by the output specifier must be equal to the number of volumes in the input volume set.

In an image save or copy operation, BACKUP attempts to save or copy all files on the input disk volume including files marked for deletion and lost files (files without a directory entry). By default, a BACKUP image operation saves or copies the attributes but not the contents of files flagged as NOBACKUP.

Also by default, BACKUP does not save the attributes nor the contents of files open for write access by another user at the time of the image save operation. If you want these files to be included, specify the command qualifier /IGNORE in the BACKUP command line. The command qualifier /IGNORE=NOBACKUP directs BACKUP to save or copy files flagged as NOBACKUP. The command qualifier /IGNORE=INTERLOCK directs BACKUP to save or copy files open for write access by another user.

An image restore or copy operation initializes the output volume or volume set. The initialization data comes from the save-volume summary record of the input volume unless the command qualifier /NOINITIALIZE is specified. Specifying /NOINITIALIZE directs BACKUP to initialize the output volume using volume initialization data that already exists on the output volume.

In image restore and copy operations, every file is restored or copied. The output volume must be mounted using the /FOREIGN qualifier. The new volume is a functionally equivalent copy of the input volume; however, file placement will change. Files are stored contiguously on the output volume.

You cannot change the structure level of the output volume in an image restore or copy operation. A BACKUP operation to mixed tape and disk save sets, as shown in the following command, is unsupported:
$ BACKUP SYS$DISK:/IMAGE dka0:FUN,MKA0:/SAVE/REW

Examples

  1. $ MOUNT/FOREIGN DMA1:
    %MOUNT-I-MOUNTED, mounted on NODE$DMA1:
    $ BACKUP/IMAGE/LOG DLA2: DMA1:
    %BACKUP-S-CREATED, created DMA1:[000000]000000.DIR;1
    %BACKUP-S-CREATED, created DMA1:[000000]BACKUP.SYS;1
    %BACKUP-S-CREATED, created DMA1:[000000]CONTIN.SYS;1
    %BACKUP-S-CREATED, created DMA1:[000000]CORIMG.SYS;1
    %BACKUP-S-CREATED, created DMA1:[000000]ELLA.DIR;1
    %BACKUP-S-CREATED, created DMA1:[ELLA]SCAT.DAT;1
    %BACKUP-S-CREATED, created DMA1:[000000]JOE.DIR;1
    %BACKUP-S-CREATED, created DMA1:[JOE]STRINGS.DAT;1
    %BACKUP-S-CREATED, created DMA1:[000000]OSCAR.DIR;1
    %BACKUP-S-CREATED, created DMA1:[OSCAR]KEYS.DAT;1
    %BACKUP-S-CREATED, created DMA1:[000000]VOLSET.SYS;1
     .
     .
     .
    $

    The MOUNT command prepares the target disk for the image copy operation. The command qualifier /LOG directs BACKUP to display information about each file copied on your terminal. The BACKUP command initializes DMA1 and copies the disk volume DLA2 to DMA1. All files on DMA1 are stored contiguously.

  2. $ BACKUP/IMAGE DBA2: MTA0:ET.BCK,MTA1:

    This command saves an entire disk volume to a multivolume save set named ET.BCK using two magnetic tape drives.

  3. $ MOUNT/FOREIGN DBA1:
    %MOUNT-I-MOUNTED, mounted on NODE$DBA1:
    $ BACKUP/IMAGE WORKDISK DBA1:28SEP.BCK/SAVE_SET

    The MOUNT command prepares the target disk for the image save operation. The BACKUP command performs an image save operation to a Files–11 save set named 28SEP.BCK.

/INCREMENTAL

/INCREMENTAL — Command Qualifier: Allows you to restore an incremental save set. /INCREMENTAL is valid only in restore operations. It is not related to the /NOINCREMENTAL qualifier, which is valid only in BACKUP save operations.

Syntax

/INCREMENTAL save-set-spec disk-device-name

Description

Use /INCREMENTAL only in restore operations that restore incremental save sets. When you use /INCREMENTAL, the output specifier must specify a device only; file specifications are not allowed. Also, input save-set qualifiers are not allowed in incremental restore operations.

You can create incremental save sets with the command qualifier /RECORD and the file-selection qualifier /SINCE=BACKUP or /SINCE=date. Most sites perform daily incremental save operations to keep copies of files created or modified that day, and periodic full backups to keep a copy of all files on the disk volume. (VSI recommends that you use the command qualifier /IMAGE to perform full backups.)

If a disk volume is lost, corrupted, or destroyed, its contents can be recreated by performing the following tasks:
  1. Restore the volume using the latest (most recent) image backup save set. (The saveset must have been created using the /IMAGE and /RECORD BACKUP command qualifiers.)

  2. Restore any incremental save sets since the last full backup, in reverse chronological order, using the /INCREMENTAL qualifier.

After you restore the save sets in this order, the output disk volume contains the same files it contained when the most recent incremental save operation was performed.

When the /INCREMENTAL qualifier is used, the /BY_OWNER=ORIGINAL qualifier is assumed; therefore, specifying /BY_OWNER is unnecessary unless you want to change the original UICs. The /INCREMENTAL qualifier can be used only on Files–11 Structure Level 2 or 5 volumes.

You can receive a fatal error if you use the /PHYSICAL qualifier with /INCREMENTAL.

Example

If you have been performing a combination of full backups and incremental save operations on a public volume, and the public volume is lost, corrupted, or destroyed, use a procedure like the following one to create a new copy of the public volume. First, restore the volume from the latest full backup with an image restore operation.

The section Formulating a Backup Strategy in the BACKUP chapter of the VSI OpenVMS System Manager's Manual discusses the importance of using the /IMAGE and /RECORD qualifiers the first time you back up a disk, before you perform incremental backups.
$ MOUNT/FOREIGN DRA0:
%MOUNT-I-MOUNTED, mounted on _DRA0:
$ BACKUP/IMAGE/RECORD MTA0:FULLJUN02,MTA1 DRA0:
%BACKUP-I-RESUME, resuming operation on volume 2
%BACKUP-I-RESUME, resuming operation on volume 3
%BACKUP-I-RESUME, resuming operation on volume 4
 .
 .
 .
$ DISMOUNT/NOUNLOAD DRA0:
Next, mount the disk as a file-structured volume and restore the incremental save sets in reverse chronological order. Finally, restore the weekly incremental save sets. The /INCREMENTAL qualifier must be used where shown in the following example to obtain the correct results:
$ MOUNT DRA0: PUBLIC
%MOUNT-I-MOUNTED, PUBLIC mounted on _DRA0:
$ BACKUP/INCREMENTAL MTA0:INCD17JUN DRA0:
$ BACKUP/INCREMENTAL MTA0:INCD16JUN DRA0:
$ BACKUP/INCREMENTAL MTA0:INCD15JUN DRA0:
$ BACKUP/INCREMENTAL MTA0:INCW14JUN DRA0:
$ BACKUP/INCREMENTAL MTA0:INCW7JUN DRA0:

Note that BACKUP restores the volume correctly regardless of the order in which the incremental save sets are applied; using reverse chronological order is most efficient.

/INITIALIZE

/INITIALIZE — Command Qualifier: Initializes an output disk or tape volume, making its entire previous contents unavailable. (/REWIND performs the same function for output tapes.)

Syntax

/[NO]INITIALIZE input-specifier output-specifier

Description

The /[NO]INITIALIZE qualifier is valid only when used with the command qualifier /IMAGE during restore or copy operations or when saving files to a sequential-disk save set.

When used with the command qualifier /IMAGE in a restore or copy operation, the /INITIALIZE qualifier directs BACKUP to initialize the output volume using volume initialization data from the save-volume summary record on the input volume.

The /NOINITIALIZE qualifier directs BACKUP to reinitialize the output volume using the existing initialization data on that volume; the output volume must have been previously initialized as a Files–11 volume. When the output volume is initialized, existing data on the volume is lost. The structure level of the output volume must be the same as the structure level of the save set being restored.

Note

The BACKUP/NOINITIALIZE command does not preserve the dynamic volume expansion characteristics of the output device. The reason is that the target device is mounted foreign, preventing OpenVMS from obtaining the expansion size and the logical size. To overcome this restriction, use the /LIMIT and /SIZE qualifiers.

For image restore and copy operations on Files–11 volumes, the default is /INITIALIZE.

If you use the /INITIALIZE qualifier when creating sequential-disk save sets, BACKUP initializes the first output volume in the sequential-disk save set, as well as subsequent volumes. By default, BACKUP does not initialize the first volume of a sequential-disk save set but does initialize subsequent volumes of a multivolume sequential-disk save set.

The BACKUP/IMAGE/INITIALIZE command sizes the storage bitmap to correspond to the entire physical volume. Beginning with OpenVMS Version 7.2, the file system also correctly handles a volume whose storage bitmap is smaller than required. The space on the volume available for allocation is the space the bitmap describes; as a result, if the bitmap is smaller than the volume requires, not all the volume is available for file allocation. A SHOW DEVICE /FULL command continues to display the actual physical volume size; however, the free blocks displayed are the number of blocks actually available for allocation.

Examples

  1. $ BACKUP/IMAGE/NOINITIALIZE DBA0: DBA2:

    This command causes the output volume DBA2 to be reinitialized using the volume initialization data that exists on DBA2. The contents of DBA0 are then copied to DBA2.

  2. $ BACKUP/IMAGE/INITIALIZE DBA2:OLDFILES.BCK/SAVE_SET DBA6:

    This command directs BACKUP to initialize the output volume DBA6 using volume initialization parameters in the save-volume summary record on DBA2. The image save set OLDFILES.BCK is then restored to DBA6.

/INPUT_FILES

/INPUT_FILES — Input Save-Set Qualifier: Directs BACKUP to treat the input-specifier as the file name of a list of files. This file specifies the input files for a BACKUP operation.

Syntax

input-specifier /INPUT_FILES output-specifier/SAVE_SET

Description

The /INPUT_FILES qualifier allows you to specify a list of files to be processed for input. The input-specifier is the name of a file that contains one standard OpenVMS file specification per line.

Example

$ BACKUP FILE.DAT/INPUT_FILES MKA600:INFO.BCK/SAVE_SET
The command in this example backs up the files listed in the FILE.DAT file to a tape drive save set named INFO.BCK. If the disk, directory, or file extension is not specified, the defaults are copied from the previous entry or from the default if this is the first entry. The FILE.DAT file contains the following entries:
    $1$DKA0:[INFO]*.COM
    INFO.TEXT
    [PAYROLL]*.DAT

/INTERCHANGE

/INTERCHANGE — Command Qualifier: Directs BACKUP to process files in a manner suitable for data interchange (software distribution) by excluding information that would prevent other utilities or sites from reading the BACKUP save set. The /INTERCHANGE qualifier implies /CONVERT when the input is an ODS-5 disk or file. (You can also specify /NOCONVERT with the /INTERCHANGE qualifier.)

Syntax

/INTERCHANGE input-specifier output-specifier

Description

The effects of the /INTERCHANGE qualifier are as follows:
  • Directories not selected as files are not copied.

  • Access control lists are not copied.

  • Block size on magnetic tape is limited to 8192 bytes.

  • Normal error recovery is used to write magnetic tapes so that no bad records exist on the resulting magnetic tape.

Example

$ BACKUP/RECORD/INTERCHANGE [ACCOUNTS]/SINCE=BACKUP MFA0:SAVACC.BCK

The command in this example saves all files in the directory [ACCOUNTS] that have been modified since the last BACKUP/RECORD operation. The /INTERCHANGE qualifier ensures that the processed files are suitable for data interchange.

/IO_LOAD

/IO_LOAD — Command Qualifier: Beginning in OpenVMS Version 8.3, BACKUP is optimized to work more efficiently with new storage controllers. You can use the /IO_LOAD qualifier to increase or decrease the number of simultaneous I/Os issued by the BACKUP utility. The default is 8 I/Os. The minimum is 2 I/Os. If the /IO_LOAD qualifier is omitted from the command line, the default number of outstanding I/Os is still 8.

Syntax

/IO_LOAD=n

The value for n is an integer between 1 and the process AST limit. The default value is 8.

Example

$ BACKUP DKA100: DKA400: /IMAGE /IO_LOAD=8

In this example, the /IO_LOAD=8 qualifier maintains 8 threads of I/O reading data from the source disk. (BACKUP does not exceed 8 outstanding I/Os.)

/JOURNAL

/JOURNAL — Command Qualifier: Specifies that a BACKUP save operation is to create a BACKUP journal file or append information to a BACKUP journal file. Lists the contents of a BACKUP journal file when combined with the command qualifier /LIST.

Syntax

/JOURNAL=file-spec input-specifier output-specifier

/JOURNAL=file-spec

/LIST=file-spec

Description

A BACKUP journal file contains records of BACKUP save operations and the file specifications of saved files. Use the command qualifier /JOURNAL[=file-spec] in a BACKUP save operation to create a journal file.

If you do not include a file specification with the command qualifier /JOURNAL, the name of the BACKUP journal file defaults to SYS$DISK:[]BACKUP.BJL. You can specify another file name, however. (The file specification of a journal file cannot include a node name; the default file type for a journal file is .BJL.) If the specified journal file does not exist, it is created; if the journal file does exist, the new journal information is appended to the existing journal file.

Start a new version of a journal file by creating a zero-length file using the DCL command CREATE or a text editor.

To list the contents of a BACKUP journal file, use the /JOURNAL=[file-spec] qualifier with the /LIST qualifier, but do not specify an input or output specifier. By default, the list is displayed on SYS$OUTPUT, but it is written to an output file if you specify a file with /LIST.

When listing a journal file, you can use the file-selection qualifiers /BEFORE, /SINCE, and /EXCLUDE to search for specific files. (In this context, the /BEFORE and /SINCE qualifiers refer to the time when the save set was created, not the time when the files in the save set were created.) Also, by specifying a file in a multivolume save set, you can search the journal file to find which volume the file is in. You can then mount that volume and restore the file.

Journal files are not created for physical save operations (save operations performed with the command qualifier /PHYSICAL). You can receive a fatal error if you use the /PHYSICAL qualifier with /JOURNAL.

Examples

  1. $ BACKUP/JOURNAL=LAR.BJL [LARRY]*.*;* MFA0:YET.BCK

    This command saves all versions of all files in the directory [LARRY] to the save set YET.BCK on MFA0. The /JOURNAL qualifier creates a record of the saved files in a journal file named LAR.BJL in the current default directory.

  2. $ BACKUP/LIST/JOURNAL=ARCH.BJL/SELECT=[SMITH.PROGS]/SINCE=5-OCT-2002
    Listing of BACKUP journal
    Journal file _DB1:[SYSMGR]:ARCH.BJL;1 ON 7-OCT-2002 00:45:43.01
    Save set WKLY.BCK, created on 6-OCT-2002 00:01:34.54
    Volume number 1, volume label WKL101
             [SMITH.PROGS]REMINDER.FOR;46
             [SMITH.PROGS]RUNTHIS.FOR;4
             [SMITH.PROGS]TIMER.PAS;5
     .
     .
     .

    This example displays all files in the directory [SMITH.PROGS] that were saved after October 5, 2002, and listed in the BACKUP journal file ARCH.BJL.

  3. $ BACKUP/JOURNAL/LOG/IMAGE  DRA2: MTA0:3OCT.FUL
    %BACKUP-S-COPIED, copied DRA2:[COLLINS]ALPHA.DAT;4
    %BACKUP-S-COPIED, copied DRA2:[COLLINS]EDTINI.EDT;5
     .
     .
     .
    %BACKUP-I-RESUME, resuming operation on volume 2
    %BACKUP-I-READYWRITE, mount volume 2 on _MTA0: for writing
    Press return when ready: Return
    %BACKUP-S-COPIED, copied DRA2:[LANE]MAIL.MAI;1
    %BACKUP-S-COPIED, copied DRA2:[LANE]MEMO.RNO;5
     .
     .
     .
    $ BACKUP/JOURNAL/LIST
    Listing of BACKUP journal
    Journal file _DB2:[SYSMGR]BACKUP.BJL;1 on 3-OCT-2002 00:40:56.36
    Save set 3OCT.FUL created on 3-OCT-2002 00:40:56.36
    Volume number 1, volume label 3OCT01
    
             [COLLINS]ALPHA.DAT;4
             [COLLINS]EDTINI.EDT;5
             [COLLINS]LOGIN.COM;46
             [COLLINS]LOGIN.COM;45
             [COLLINS]MAIL.MAI;1
             [COLLINS.MAR]GETJPI.EXE;9
             [COLLINS.MAR]GETJPI.LIS;14
                       .
                       .
                       .
             [LANE]LES.MAI;1
                       .
                       .
                       .
    Save set 3OCT.FUL created on 3-OCT-2002 00:40:56.36
    Volume number 2, volume label 3OCT02
    
              [LANE]MAIL.MAI;1
              [LANE]MEMO.RNO;5
              [LANE]MEMO.RNO;4
                       .
                       .
                       .
              [WALTERS.VI]KD.RNO;52
    
    End of BACKUP journal

    This example shows how to create a BACKUP journal file and list the contents of the BACKUP journal file.

/LABEL

/LABEL — Output Save-Set Qualifier: Specifies the volume labels for the magnetic tapes to which the save set is written.

Syntax

input-specifier output-save-set-spec/LABEL=(string[,...])

Description

Use the /LABEL Qualifier to specify the one- to six-character volume labels for the magnetic tapes to which the save set is written.

You can specify either a single label or a list of labels with the /LABEL qualifier. If you do not specify the /LABEL qualifier, BACKUP uses the first six characters of the save-set name as the volume label of the first tape. If you specify a label that is longer than six characters, BACKUP truncates the label to six characters.

If the save set continues to another tape, and you did not specify a volume label for the tape, BACKUP uses the first four characters of the previous tape's volume label followed by the volume number of the tape. For example, if the first tape in a save set is labeled AAAABB, the second tape in a save set is labeled AAAA02, and the third tape is labeled AAAA03.

Before writing a save set to magnetic tape, BACKUP compares the label specified in the command line to the volume label of the tape. (If the tape has no volume label and you specified the output save-set qualifier /REWIND, BACKUP writes the label you specified to the volume header record of the tape.) If the volume label has fewer than six characters, BACKUP pads the volume label with the blank character to six characters.

The first four characters of the volume label must either exactly match the first four characters of the label specified in the BACKUP command line, or the first four characters of the volume label must end with one or more underscore characters. If the first four characters of the volume label end with one or more underscore characters, and the label specified in the command line matches the part of the volume label that appears before the underscore characters, BACKUP accepts the match. (For example, the volume label ABN_ matches the command line label ABN but does not match the command line label ABNE.) If either the fifth or the sixth character of the volume label is in the range 0 to 9, BACKUP does not compare these characters with corresponding characters in the label specified in the BACKUP command line. Otherwise, the fifth and sixth characters in the volume label must match the corresponding characters in the label specified in the BACKUP command line exactly.

The following table illustrates volume labels that match labels specified in the BACKUP command line:

Label Specified in the Command Line

Matching Volume Labels

MAR

MAR, MAR_, MAR_nn

MAR_

MAR_, MAR_nn

MARK

MARK, MARKnn

MARKER

MARKER, MARKnn

If the label you specify matches the tape's volume label, the BACKUP save operation proceeds. If you specify more than one label with the /LABEL qualifier, the BACKUP save operation succeeds if any of the labels you specify match the tape's volume label. For example, if the tape's volume label is MA1686, the save operation will succeed if you specify the following list of labels with the /LABEL qualifier:
/LABEL=(MA1684,MA1685,MA1686)
If the label you specified does not match the tape's volume label, BACKUP displays the following messages and prompt on your terminal if you specified the command qualifier /NOASSIST, or on the operator terminal if you did not specify /NOASSIST:
 %BACKUP-W-MOUNTERR, volume 'number' on 'device' was not mounted because
its label does not match the one requested
Specify option (QUIT, NEW tape or OVERWRITE tape)

BACKUP>

Specify QUIT to abort the BACKUP operation and unload the magnetic tape. Specify NEW to direct BACKUP to prompt for a new tape. Specify OVERWRITE to direct BACKUP to ignore the label mismatch, mount the tape, initialize the tape if you specified the output save-set qualifier /REWIND, and write the save set to the tape.

You can specify the command qualifier /IGNORE=LABEL_PROCESSING to prevent BACKUP from verifying the volume label of the tape. You can also use the /EXACT_ORDER qualifier to specify the exact order of tape volume labels that you want to use in a BACKUP operation.

Examples

  1. $ BACKUP [PAYROLL] MTA0:30NOV.BCK/LABEL=PAY

    This command causes BACKUP to check the volume label of the tape mounted on drive MTA0. If the volume label is PAY, BACKUP saves the directory [PAYROLL] to a save set named 30NOV.BCK.

  2. $ BACKUP DDA1: MTA0:PLAYS.BCK,MTA1,MTA2/REWIND/LABEL=(ACT1,ACT2,ACT3)

    This example assumes that the three tapes have no volume labels. This command saves all files on the disk named DDA1 to the save set PLAYS.BCK. The first tape in the save set is labeled ACT1, the second is labeled ACT2, and the third is labeled ACT3.

/LIMIT

/LIMIT — Command Qualifier: The /LIMIT qualifier allows you to specify the expansion size limit during restore or save operations. Therefore, you can override the value stored in the saveset header. (This matches the way the /LIMIT qualifier of the INITIALIZE utility works.)

Syntax

/LIMIT=n

The value for n is the expansion size of the device. There are no limits on this value.

Specifying /LIMIT without a value instructs BACKUP that the target device is to inherit the expansion size. This is the opposite of specifying /IGNORE=LIMIT, which prevents the target device from inheriting the expansion limit on a restore operation.

/LIST

/LIST — Command Qualifier: Lists information about a BACKUP save set and about the files in a save set. You can display the list on your terminal or write it to a file. You can use this qualifier with any operation (save, restore, copy, compare, or journal). If you specify /LIST by itself (not in conjunction with another operation), the input specifier must be a save set; you cannot specify an output specifier. You can use /LIST with either /BRIEF or /FULL command qualifiers. The default is /BRIEF. Do not use /LOG together with /LIST when the output for /LIST is directed to the terminal; you will receive confusing output.

Syntax

/LIST =file-spec save-set-spec

Description

Use the /LIST qualifier by itself or in conjunction with any other operation (save, restore, copy, compare, or journal). If /LIST is specified by itself (not with a save, restore, copy, compare or journal operation), the input specifier must refer to a save set, and the output specifier must be omitted.

Before you can list the contents of a save set, the media containing the save set must be inserted into an appropriate drive. If the save set is stored on a disk, the disk must be mounted as a Files–11 volume or as a foreign volume. BACKUP mounts magnetic tapes automatically as part of the list operation.

By default, the list information is displayed on your terminal; however, you can specify a file to which the list information can be written.

When you use the /LIST qualifier with standalone BACKUP and you direct output to a file (/LIST=file-spec), the file specification must refer to either a terminal or a printer.

You can use either the command qualifier /BRIEF or /FULL with the /LIST qualifier. The /BRIEF qualifier directs BACKUP to list each file's size in blocks and its creation date. The /FULL qualifier directs BACKUP to list additional information about each file in the same format as the information provided by the DCL command DIRECTORY/FULL. The default is /BRIEF.

Do not use the command qualifier /LOG with /LIST when the output for /LIST is directed to the terminal; if you do, you will receive confusing output.

Example

$ BACKUP/LIST DBA2:[SAVE]23MAR02.BCK/SAVE_SET
Listing of save set(s)
Save set:          23MAR02.BCK
Written by:        MOROCI
UIC:               [000200,000200]
Date:              23-MAR-2002 14:18:16.00
Command:           BACKUP [SAVE] DBA2:[SAVE]23MAR00.BCK/SAVE_SET
Operating system:  OpenVMS Alpha Version V7.3-1
BACKUP version:    V7.3-1
CPU ID register:   08000000
Node name:         _SUZI::
Written on:        _DBA2: 
Block size:        32,256 
Group size:        10
Buffer count:      3
[SAVE]LAST.DAT;1                         1  18-JAN-2002 14:11
[SAVE]INFO.TXT;4                         5   4-FEB-2002 13:12
[SAVE]WORK.DAT;3                        33   1-JAN-2002 10:02
Total of 3 files, 39 blocks
End of save set

This command lists the BACKUP summary information and the file name, size, and creation date for each file in the save set. Note that the /SAVE_SET qualifier is required to identify the input specifier as a save set on a Files–11 disk.

/LOG

/LOG — Command Qualifier: Determines whether the file specification of each file processed is displayed on SYS$OUTPUT during the operation. The default is /NOLOG.

Syntax

/[NO]LOG input-specifier output-specifier

Example

$ BACKUP/LOG [SAVE]23MAR02.BCK/SAVE_SET DBA2:[PLI.WORK]
%BACKUP-S-CREATED, created DBA2:[PLI.WORK]ANOTHER.DAT;1
%BACKUP-S-CREATED, created DBA2:[PLI.WORK]LAST.DAT;1
%BACKUP-S-CREATED, created DBA2:[PLI.WORK]THAT.DAT;1
%BACKUP-S-CREATED, created DBA2:[PLI.WORK]THIS.DAT;2
 .
 .
 .

In this example, the file specifications of the files restored to the directory named [PLI.WORK] on DBA2 are logged to SYS$OUTPUT.

/MEDIA_FORMAT

/MEDIA_FORMAT — Output Save-Set Qualifier: Controls whether data records are automatically compacted and blocked together. Data compaction and record blocking increase the amount of data that can be stored on a single tape cartridge. The compaction ratio depends on the data and the tape drive you use. For more information, see the documentation supplied with your tape drive. BACKUP allows you to specify different compaction settings on different save sets on a tape. However, not all tape drives support the use of more than one compaction setting on a tape. Whether mixed mode tapes are permitted depends on the model of the tape drive you use.

Syntax

input-specifier output-save-set-spec /MEDIA_FORMAT=[NO]COMPACTION

Description

The /MEDIA_FORMAT qualifier can only be used with tape drives that support data compaction.

On Alpha and Integrity server system, you can use the /MEDIA_FORMAT=COMPACTION qualifier for hardware data compaction of SCSI tape drives.

Example

$ BACKUP WORK$:[TESTFILES...]*.*;*  MUA0:TEST.SAV -
_$ /MEDIA_FORMAT=COMPACTION /REWIND

This command saves all files in the directory [TESTFILES] and its subdirectories in a save set named TEST.SAV using a TA90E tape drive. The /MEDIA_FORMAT=COMPACTION qualifier specifies that the tape drive automatically compacts and blocks together data records on the tape.

/MODIFIED

/MODIFIED — Input File-Selection Qualifier: Selects files according to the value of the modified date field (the date the file was last modified) in each file header record.

Syntax

input-specifier/BEFORE=time /MODIFIED output-specifier

input-specifier /SINCE=time /MODIFIED output-specifier

Description

You must use the /MODIFIED qualifier with either of the input file-selection qualifiers /BEFORE or /SINCE. The date and time you specify with /BEFORE or /SINCE determines which files are processed.

You cannot use /MODIFIED with the input file-selection qualifiers /BACKUP, /CREATED, or /EXPIRED.

Example

$ BACKUP [SUNDANCE...]/BEFORE=TODAY/MODIFIED MFA1:MOD.BCK

This command saves all files in the directory tree [SUNDANCE] whose modification dates precede today (00:00:00.0 o'clock of the current day, month, and year).

/NEW_VERSION

/NEW_VERSION — Output File Qualifier Creates a new version of a file if a file with an identical specification already exists at the location to which the file is being restored or copied.

Syntax

input-specifier output-specifier/NEW_VERSION

Description

If BACKUP attempts to copy or restore a file when a file with an identical directory name, file name, type, and equal or higher version number already exists, a new file is created with the same name and type and a version number one higher than the highest existing version.

If you do not use /NEW_VERSION, /REPLACE, or /OVERLAY, and the version number of the file being restored is equal to or less than the version number of the existing file, BACKUP reports an error in copying or restoring the file.

Note that when copying or restoring files using the /NEW_VERSION qualifier, files are processed in decreasing version number order and are created in ascending order. The result is that the version numbers are inverted.

Because this qualifier causes version numbers to change, using it with the /VERIFY qualifier will cause unpredictable results. VSI recommends that you do not use the /NEW_VERSION qualifier with the /VERIFY qualifier.

Example

$ BACKUP MTA1:NOV30REC.BCK/SELECT=*.DAT [RECORDS...]/NEW_VERSION

This example restores all files with the file type of .DAT from the magnetic tape save set NOV30REC.BCK to the directory [RECORDS]. The /NEW_VERSION qualifier instructs BACKUP to restore each file with the file type .DAT regardless of whether a file with the same file specification already exists.

/NOINCREMENTAL

/NOINCREMENTAL — Command Qualifier: Beginning with OpenVMS Version 7.2, on a save operation, /NOINCREMENTAL allows you to control the amount of file data that is saved. Use this qualifier only if you are sure that you want to save specific files and do not want to save all data. In recent versions of OpenVMS, the /SINCE=BACKUP incremental save operation has been refined so that files that are saved are accurate and not redundant. As a result, the /NOINCREMENTAL and /SINCE=BACKUP qualifiers are not allowed together. This ensures an accurate /INCREMENTAL restore. /NOINCREMENTAL is valid only in BACKUP save operations. It is not related to the /INCREMENTAL qualifier, which is valid only in restore operations.

Syntax

/NOINCREMENTAL input-specifier output-specifier

Description

In OpenVMS Version 6.2 and prior versions, the system, by default, did not save files and subdirectories that were under directories that had been modified. In OpenVMS Versions 7.0 and 7.1, to ensure a successful restore, the system saved all files and subdirectories under directories that had been modified. This behavior, however, sometimes resulted in saving files and subdirectories that were not needed for later restore operations.

Example

$ BACKUP/ FAST/ NOINCREMENTAL /SINCE="3-MAY-2002" -
_$ MAC_DISK:[000000...]*.*;* -
_$ TAPE:MCDSK000503.BCK/ SAVE/ REWIND

The command in this example executes an incremental save BACKUP operation for an input volume; the command avoids saving all files under recently modified directories.

/OVERLAY

/OVERLAY — Output File Qualifier: Writes the input file over a file with an identical specification at the output location.

Syntax

input-specifier output-specifier/OVERLAY

Description

If BACKUP attempts to copy or restore a file when a file with an identical directory name, file name, type, and version number already exists, the new version of the file is written over the existing version. The file identification of the new version is the same as the file identification of the file that is overwritten.

The physical location of the file on disk does not change. If /OVERLAY is specified, and the new file is larger than the one already present, BACKUP allocates more blocks on the disk and extends the file.

When you do not use /OVERLAY, /REPLACE, or /NEW_VERSION, and the version number of the file being restored is identical to the version numbe