home *** CD-ROM | disk | FTP | other *** search
- ┌──────────────────┐ ╔═══════════════════════════════╗ ┌──────────────────┐
- │ Founded By: │ ║ Network Information Access ║ │ Mother Earth BBS │
- │ Guardian Of Time │─║ 12APR90 ║─│ NUP:> DECnet │
- │ Judge Dredd │ ║ Guardian Of Time ║ │Text File Archives│
- └────────┬─────────┘ ║ File 18 ║ └─────────┬────────┘
- │ ╚═══════════════════════════════╝ │
- │ ╔═══════════════════════════════╗ │
- └────────────║ VMS: System Manager's Manual ║──────────┘
- ║ Chapter 4.11 ║
- ╚═══════════════════════════════╝
- Here is Chapter 4 of 11 Chapters, concerning the VMS: System Manager's
- Manual. Once you have download all 11 chapters, you will be able to
- enter a Vax system and hack your own accounts with the greatest of ease.
-
- MANAGING USERS
-
- As a system manager, it is your job to create and maintain user accounts
- on the system. To create accounts for users and effectively manage the
- use of the system, you must determine which users need access to the
- system and what system resources they require.
-
- Once you understand user needs, you can establish controls that customize
- the system appropriately.
-
- The VMS operating system provides the Authorize Utility (AUTHORIZE) to
- authorize and control the use of system resources by individual users.
- This chapter describes the use of AUTHORIZE to do the following:
-
- : Add a user account
- : Modify a user account
- : Remove a user account
- : List the user accounts
-
- See the Authorize Utility chapter in the Reference section for some
- information on AUTHORIZE.
-
- 4.1 THE USER AUTHORIZATION FILE (UAF)
-
- You manage VMS users by creating and maintaining user accounts, which
- control who can log in to the system and how it can be used. Use the
- Authorize Utility (AUTHORIZE) to do the following:
-
- : Create new records and modify existing records in the system user
- authorization file (SYS$SYSTEM:SYSUAF.DAT) and the network user
- authorization file (SYS$SYSTEM:NETPROXY.DAT)
-
- : Create new records and modify existing records in the rights
- database file (SYS$SYSTEM:RIGHTSLIST.DAT)
-
- Whenever a user logs in, the system uses the information contained in the
- user authorization file (UAF) to validate the login attempt, establish the
- account's environment, and create a process with appropriate attributes. In
- this way, the system restricts users to the resources you assign to each
- account.
-
- As system manager, you may want to create a private copy of SYSUAF. DAT
- in a directory other than SYS$SYSTEM as an emergency backup for the system
- SYSUAF.DAT file. Note that, to have an effect on user processes, any
- private version of SYSUAF.DAT must be copied to the SYS$SYSTEM directory
- and have the system user identification code (UIC).
-
- Because certain images (such as MAIL and SET) require access to the system
- UAF and are normally installed with the SYSPRV privilege, make certain that
- you always grant system access to SYSUAF.DAT. The authorization files are
- created with the following default protection:
-
- SYSUAF.DAT S:RWED, 0:RWED, G, W
- NETPROXY.DAT S:RWED, 0:RWED, G:RWED, W
- RIGHTSLIST.DAT S:RWED, 0:RWED, G:RWE, W:R
-
- If you need to maximize the protection for SYSUAF.DAT or NETPROXY.DAT, use
- the following DCL command (note, however, that RIGHTSLIST.DAT MUST BE
- WORLD-READABLE);
-
- $ SET PROTECTION=(S:RWED, O,G,W)SYSTEM$SYSTEM: FILENAME
-
- Using the Authorize Utility, you create and maintain UAF records by
- assigning values to various fields within each record. The values you
- assign identify the user, define the user's work environment, and control
- use of system resources.
- EXAMPLE 4-1 presents a typical UAF record for a nonprivileged user
- account.
-
- To gain access to a specific user record, set the default directory to
- SYS$SYSTEM, enter the command RUN AUTHORIZE to invoke the Authorize
- Utility, and enter the command SHOW username at the UAF> prompt. You can
- then enter AUTHORIZE commands and such as ADD and MODIFY to create new
- user accounts or change the information in the fields of an existing UAF
- account.
-
- EXAMPLE 4-1: SAMPLE UAF RECORD DISPLAY
-
- $ SET DEFAULT SYS$SYSTEM
- $ RUN AUTHORIZE
- UAF> SHOW WELCH
-
- USERNAME: WELCH OWNER: ROB WELCH
- ACCOUNT: INVOICE UIC: [21.51 ([INV.WELCH])
- CLI: DCL TABLES: DCTABLES
- DEFAULT: USER3: [WELCH]
- LGICMD:
- LOGIN FLAGS:
- PRIMARY DAYS: MON TUE WED THU FRI
- SECONDARY DAYS: SAT SUN
- NO ACCESS RESTRICTIONS
- EXPIRATION: (NONE) PWDIMINIMUM: 6 LOGIN FAILS: 0
- PWDLIFETIME: (NONE) PWCHANGE: 15APR88 13:58
- LAST LOGIN: (NONE) (INTERACTIVE), (NONE) (NON-INTERACTIVE)
- MAXJOBS: 0 FILLM: 20 BYTLM: 8192
- MAXACCTJOBS: 0 SHRFILLM: 0 PBYTOLM: 0
- MAXDETACH: 0 BIOLM: 10 JTQUOTA: 1024
- PRCLM: 2 DIOLM: 10 WSDEF: 150
- PRIO: 4 ASTLM: 10 WSQUO: 256
- QUEPRIO: 4 TQELM: 10 QSEXTENT: 512
- CPU: (NONE) enqlm: 10 pgflquo: 10240
- Authorized Privileges:
- TMPMBX NETMBX
- Default Privileges:
- TMPMBX NETMBX
-
- 4.1.1 SYSTEM-SUPPLIED UAF RECORDS
-
- The Authorize Utility proves a set of commands and qualifiers to assign
- values to any field in a UAF record. The software distribution with a new
- VMS system contains a UAF of four records:
-
- : DEFAULT - Serves as a template for creating user records in the
- UAF. A new user record is assigned the values of the DEFAULT
- record except where you explicitly override those values. Thus,
- whenever you add a new account, you need only specify values for
- fields that you want to be different. For example, the following
- AUTHORIZE command creates a new record having the same values as the
- DEFAULT RECORD, except that the password, UIC, and default directory
- fields are changed.
-
- UAF> ADD MARCONI/PASSWORD=QLP6YT9A/UIC=[033, 004]-
- _UAF> /DIRECTORY=[MARCONI]
-
- Section 4.2 gives an example of how to use AUTHORIZE to add a user
- account.
-
- NOTE: the default record cannot be renamed or deleted from the UAF.
-
- : FIELD - Permits DIGITAL Field Service personnel to check out a new
- system. The FIELD record should be disabled once the system is
- installed.
-
- : SYSTEM - Provides a means for you to log in with full privileges.
- The SYSTEM record can be modified but cannot be renamed or deleted
- from the UAF.
-
- CAUTION: Do not change the SYSTEM account UAF record fields for the
- default device and directory, and privileges. Installation of VMS
- maintenance releases and optional software products depends on
- certain values in these fields.
-
- : SYSTEST - Provides an appropriate environment for running the User
- Environment Test Package (UETP). The SYSTEST record should be
- disabled once the system is installed.
-
- 4.1.2 GENERAL MAINTENANCE OF THE UAF
-
- Usually, you use the UAF supplied with the distribution kit. (You can,
- however, rename the UAF with the DCL command RENAME, and then create a new
- UAF with AUTHORIZE.) You should limit any kind of access to this file to
- the SYSTEM account. Furthermore, each time you modify the file, create a
- backup copy so that in case of a system failure you do not lost the
- modifications. See Chapter 8 for procedures for backing up files.
-
- The UAF is access as a shared file, and updates to the UAF are made on a
- per record basis, which eliminates the need for both a temporary UAF and a
- new version of the UAF after each AUTHORIZE session. Updates become
- effective as soon as AUTHORIZE commands are entered, not after the
- termination of AUTHORIZE. (For this reason, you should not enter
- temporary values with the intent of fixing them later in the session.)
-
- After installing the system, you should make the following modifications
- to the UAF:
-
- : SYSTEM, FIELD, & SYSTEST ACCOUNTS: If the passwords on these accounts
- are not secure or if they have not been changed recently, be sure to
- change the passwords. Use obscure passwords of six characters or more
- and continue to change them on a regular basis. You should not permit
- general users access to these accounts.
-
- In addition to changing the password, you can disable an account,
- especially if it is used infrequently. To disable an account, specify
- the following AUTHORIZE command:
-
- UAF> MODIFY username /FLAGS=DISUSER
-
- The login flag DISUSER disables the account and prevents anyone from
- logging into the account. To enable the account when it is needed, run
- AUTHORIZE and specify MODIFY users /FLAGS=NODISUSER. However, you
- should be cautious about disabling the SYSTEM account, because some
- optional software and some command procedures may not start up properly
- if the SYSTEM account is disabled.
-
- CAUTION: Be careful not to disable all of your privileged system
- accounts. If you inadvertently do so, you can recover by setting the
- UAFALTERNATE SYSGEN parameter during a conversational bootstrap
- operation. See Chapter 2 for information on emergency startup
- procedures.
-
- : DEFAULT ACCOUNT: You may want to change several fields in this account.
- For example:
-
- UAF> MODIFY DEFAULT/DEVICE=DISK$USER/WSQUO=750
-
- The default device is set to the name most commonly used for user
- accounts that will be added. Likewise the working set value is set to
- a value appropriate for most users on the system.
-
- Use the SYSTEM account only for system functions such as performing
- backups and installing maintenance updates. The account comes to you with
- full privileges, so exercise caution in using it. For example, because
- you have BYPASS privilege. the system will allow you to delete any file
- no matter what its protection. If you type an incorrect name or spurious
- asterisk, you may destroy files that you or other users need to keep. For
- this reason, use another account with fewer privileges for day-to-day system
- management activities.
-
- If you want to receive mail sent to the system account, use the SET
- FORWARD command in the MAIL Utility to have any SYSTEM mail forwarded to
- any other account. To use the SET FORWARD command for this purpose, do
- the following:
-
- 1. Make sure that you are logged in to the SYSTEM account.
- 2. Enter the MAIL Utility by entering the MAIL command at DCL Level.
- 3. At the MAIL> prompt, enter the command SET FORWARD username.
-
- 4.2 ADDING A USER ACCOUNT
-
- How you set up a user account depends on the needs of the individual user.
- In general, there are two types of accounts:
-
- : INTERACTIVE: A person using an interactive account has access to
- the system software and can perform work of a general nature
- (program development, text editing, and so on). Usually, such an
- account is considered individual; that is, only one person can use
- it.
-
- : CAPTIVE: A person using a captive account (also called a turnkey or
- application account) has access only to limited user software and
- can only perform work that is limited to a particular function.
- Access to a captive account is limited by function; that is, only
- those who perform a particular function can use it. For example,
- you might develop an inventory system. Anyone whose job entails
- inventory control can access your system, but that person cannot
- access other subsystems or the base software.
-
- You should perform the following tasks in conjunction with adding a user
- account:
-
- 1. Determine a user name and password.
- 2. Determine a unique user identification code (UIC).
- 3. Decide where the account's files will reside (the device and
- directory).
- 4. Create a default directory on the appropriate volume, using the
- following DCL command:
-
- $ CREATE/DIRECTORY directory-spec/OWNER_UIC= uic
- 5. Determine the security needs of the account (that is, the level of
- file protection, privileges, and access control).
-
- Once you analyze the purpose of a user account and decide which attributes
- and resources it requires, you can use the Authorize Utility to create the
- account. Give yourself the SYSPRV privilege. Then enter the following
- commands to set your default device and directory to that of SYS$SYSTEM
- and invoke the utility as follows:
-
- $ SET DEFAULT SYS$SYSTEM
- $ RUN AUTHORIZE
-
- When the utility responds with the UAF> prompt, use the AUTHORIZE command
- ADD to specify attributes in the UAF fields as shown in this example:
-
- UAF> ADD JONES/PASSWORD=LPB57WN/UIC=[014,1] -
- _UAF> /DEVICE=DISK$USER/DIRECTORY=[JONES] -
- _UAF> /LGICMD=DISK$USER: [NEWPROD]GRPLOGIN -
- _UAF> /OWNER="ROBERT JONES"/ACCOUNT=DOC
-
- The /OWNER and /ACCOUNT entries are primarily for accounting purposes and
- can be omitted unless required by your site. The following unspecified
- qualifiers usually take their default values from the DEFAULT record:
-
- : LIMITES and QUOTAS - (/ASTLM, /BIOLM, /CPUTIME, /DIOLM, ENQLM,
- /FILLM, /]TQUOTA, /MAXACCTJOBX, /MAXDETACH, /MAXJOBS, /PGFLQUOTA,
- /PRCLM, /SHRFILLM, /TQELM, /WSDEFAULT, /WSEXTENT, /WSQUOTA) - These
- qualifiers impose limits on the use of resuable system resources;
- the default values are adequate in most cases.
-
- : PRIORITY - (/PRIORITY, /QUEPRIORITY) - The default values are
- usually adequate for accounts not running real-time processes.
-
- : PRIVILEGES - (/DEFPRIVILEGES, /PRIVILEGES) - The default privileges
- (TMPMBX, NETMBX) are usually adequate, depending on the purpose of
- the account.
-
- : PRIMARY & SECONDARY LOGIN TIMES; LOGIN FUNCTIONS - (/ACCESS,
- /DIALUP, /FLAG, /INTERACTIVE, /LOCAL, /PRIMEDAYS, /REMOTE) - By
- default, users are allowed to log in at any hour of any day. To
- override the setting of a particular day, use the DCL command SET
- DAY. Use this command if a holiday occurs on a day that would
- normally be treated as a primary day and you want it treated as a
- secondary day.
-
- The following example shows an AUTHORIZE command that adds a UAF
- record of a captive account:
-
- UAF> ADD INVENTORY/PASSWORD=QRC7Y94A/UIC=[033,066] -
- _UAF> /DEVICE=DISK$INVENT/DIRECTORY[INV]/LGICMD=INVENTORY -
- _UAF> /FLAGS=CAPTIVE/NOACCESS=(PRIMARY, 18-8,SECONDARY, 0-23)
-
- In this example, the /FLAGS and /NOACCESS qualifiers restrict
- users from logging in to the captive account. The /NOACCESS
- qualifier limits logins to specific hours. The /FLAGS=CAPTIVE
- qualifier adds the login flag CAPTIVE to the captive account
- record. The CAPTIVE flag locks the person using the account into
- the application software by doing the following:
-
- : Disabling the CTRL/Y function to prevent users from
- interrupting the execution of the command procedure and
- gaining access to the command interpreter
-
- : Preventing the user from specifying an alternate command
- interpreter with the /CLI qualifier at login time
-
- : Preventing the user from specifying an alternate default
- disk device with the /DISK qualifier at login time
-
- The following examples summarize the steps for setting up an
- individual user account and a captive account:
-
- $ SET DEFAULT SYS$SYSTEM
- $
- $ RUN AUTHORIZE
- UAF>ADD JONES - ! User name
- _/PASSWORD=ROCKET - ! Password
- _/UIC=[014,1] - ! UIC
- _/ACCOUNT=DOC - ! Accounting Group Name
- _/OWNER="ROCKET JONES" ! Owner
- _/DEVICE=$DISK1 - ! Default directory
- _/DIRECTORY=[JONES]
- UAF>EXIT
- $
- $ ! Create top-level directory for individual
- $ CREATE/DIRECTORY $DISK1: [JONES] -
- _$ /OWNER_UIC=[DOC,JONES] -
- _$ /PROTECTION=(S:RWE,0:RWE,G:RE,W:RE)
- $
-
- 4.3 SETTING UP A CAPTIVE ACCOUNT WITH AUTHORIZE
-
- You use the automatic login facility (ALFMAINT) to set up a terminal that
- accepts automatic logins from authorized users. For example, a terminal
- might be set up for the account INVENTORY, which automatically logs a user
- into a captive account when INVENTORY is specified as the user name.
-
- First, you must follow the steps described in the previous sections to
- create the toplevel default directory and add the account. Once the
- account has been added, you set your default directory to SYS$MANAGER and
- invoke the ALFMAINT command procedure. ALFMAINT prompts you for the name
- of the terminal that you want assciated w/ the user name of the automatic
- login account.
-
- The following example summarizes the steps for setting up automatic logins
- for an individual user account and a captive account:
-
- INDIVIDUAL ACCOUNT W/ AUTOMATIC LOGIN
-
- $ SET DEFAULT SYS$SYTEM
- $
- $ RUN AUTHORIZE
- UAF>ADD JONES - ! Username
- _/PASSWORD= - ! Null password
- _/UIC=[014,1] - ! UIC
- _/ACCOUNT=DOC! ! Accounting group name
- _/OWNER="ROCKET JONES" - ! Owner
- _/DEVICE=$DISK1 - ! Default directory
- _/DIRECTORY=[JONES] -
- UAF>EXIT
- $
- $ ! Create top-level directory for individual
- $ CREATE/DIRECTORY $DISK1: [JONES] -
- _$/OWNER_UIC=[DOC,JONES]
- _$/PROTECTION=(S:RWE, O:RWE, G:RE, W:RE)
- $
- $ SET DEFAULT SYS$MANAGER
- $
- $ @ALFMAINT
-
- Enter the name of the terminal thatt you would like to set for
- automatic login, or a blank line or EXIT to exit.
-
- terminal (ddcu)? TTA1 ! Assigned terminal
- Username? JONES
- Terminal (ddcu)? EXIT
-
- CAPTIVE ACCOUNT W/ AUTOMATIC LOGIN
-
- $ SET DEFAULT SYS$SYSTEM
- $
- $ RUN AUTHORIZE
- UAF>ADD INVENTORY - ! Username
- _/PASSWORD= - ! Null password
- _/UIC=[033,066] - ! UIC
- _/ACCOUNT=INV - ! Accounting group name
- _/LGICMD=$DISK1:[INVENTORY]LOGIN ! Login File
- _/ACCESS=(PRIMARY,8-17) - ! No off hours
- _/FLAGS=CAPTIVE ! All flags on
- UAF>EXIT
- $
- $ SET DEFAULT SYS$MANAGER
- $ @ALFMAINT
-
- Enter the name of the terminal that you would like to set for
- automatic login, or a blank line or EXIT to exit.
-
- Terminal (ddcu)? TTA0 ! All terminals
- Username? INVENTORY ! on automatic
- Terminal (ddcu)? TTA1 ! login except
- Username? INVENTORY ! the console terminal
- Terminal (ddcu)? TTA2 ! (the console terminal
- Username? INVENTORY ! for this system is TTA4)
- Terminal (ddcu)? TTA3
- Username? INVENTORY
- Terminal (ddcu)? EXIT
-
- 4.4 MODIFYING A USER ACCOUNT
-
- Use the AUTHORIZE command MODIFY to change any of the fields in an existing,
- user account. For exmple, the following command is used to change user
- WELCH's password:
-
- UAF> MODIFY WELCH/PASSWORD=newpassword
-
- 4.5 LISTING USER ACCOUNTS
-
- Use the AUTHORIZE command LIST to create the file SYSUAF.LIS containing a
- summary of all user records in the UAF, as follows:
-
- UAF> LIST
- %UAF-I-LISTMSG1, writing listing file
- %UAF-I-LISTMSG2, listing file SYSUAF.LIS complete
-
- By default, the LIST command produces a brief report conatining the following
- information from the UAF:
-
- : ACCOUNT OWNER
- : USER NAME
- : UIC
- : ACCOUNT NAMES
- : PRIVILEGES
- : PROCESS PRIORITY
- : DEFAULT DISK AND DIRECTORY
-
- Use the /FULL qualifier to create a full report of all the information
- contained w/in the UAF, as follows:
-
- UAF> LIST/FULL
- %UAF-I-LISTMSG1, writing listing file
- %UAF-I-LISTMSG2, listing file SYSUAF.LIST complete
-
- 4.6 DELETEING A USER ACCOUNT
-
- The main problem in deleting an account, especially an interactive account
- is cleaning up the files used by the account. The following steps are
- suggested:
-
- 1. Copy (or have the outgoing user of the account copy) any files of value
- to the ownership of another account. Be sure to change the owner UIC of
- the files to match the owner UIC of the new owner. You can also use the
- Backup Utility ( BACKUP ) to copy the files to a backup tape or disk.
-
- 2. Change the password, and log in to the account that you want to delete.
- ( By working from a nonprivileged account, you can avoid inadvertently
- deleting files that may be owned by an account other than the one that
- you want to delete.)
-
- 3. Delete the account's files and directories from the deepest level up to
- the to level using the following procedure:
-
- a. Locate and examine all subdirectories using the DCL command DRECTORY
- [default ... ], where default is the name of the account's default
- directory.
- b. Delete the files in each subdirectory and then delete the
- subdirectory. Note that directory files are protected against owner
- deleteion, therefore, you must change the protection before deleting
- directory files.
- c. Delete the account's top-level directory. Example 4-2 Illustrates a
- command procedure that deletes an account's files from the bottom
- level up.
-
- NOTE: the command procedure in Example 4-2 should not be executed
- from a privileged account.
-
- 4. Remove the account, using the Authorize Utility.
-
- 5. Remove the user's disk quota entry from the disk quota file, if one
- existed, w/ the SYSMAN UTILITY.
-
- 6. Remove associated VAXmail information by entering the MAIL command REMOVE
- username.
-
- EXAMPLE 4-2: COMMAND PROCEDURE TEMPLATE FOR DELETING AN ACCOUNT'S FILES
-
- $ ! DELTREE.COM -- Deletes a complete directory tree
- $ ! P1 = pathname of root of tree to delete
- $ ! All files and directories in the tree, including
- $ ! the named root, are deleted.
- $ !
- $ IF "'DELTREE'" .EQS. "" THEN DELTREE = "@SYS$LIBRARY:DELTREE"
- $ ON CONTROL_Y THEN GOTO DONE
- $ ON WARNING THEN GOTO DONE
- $ DEFAULT = F$LOGICAL ("SYS$DISK" + F$DIRECTORY ()
- $10:
- $ IF P1 .NES. "" THEN GOTO 20
- $ INQUIRE P1 "ROOT"
- $ GOTO 10
- $20:
- $ IF F$PARSE(P1) .EQS. "" THEN OPEN FILE 'P1'
- $ SET DEFAULT 'P1'
- $LOOP:
- $ FILESPEC = F$SEARCH("*.DIR;1")
- $ IF FILESPEC .EQS. "" THEN GOTO LOOPEND
- $ DELTREE [.'F$PARSE(FILESPEC..."NAME")']
- $ GOTO LOOP
- $LOOPEND:
- $ IF F$SEARCH(+*.*;*") .NES. "" THEN DELETE *.*;*
- $ DIR = (F$DIRECTORY()-"]"-">")-F$PARSE("[-]"...-
- "DIRECTORY")-"]"-">")-"."-"["-"<"
- $ SET PROTECTION=WORLD:RWED [-]'DIR'.DIR;1
- $ DELETE [-]'DIR'.DIR;1
- $DONE:
- $ SET DEFAULT 'DEFAULT'
-
- If you never assign multiple users the same UIC, you can use the Backup
- Utility to remove the user's files, even if the files are scattered
- throughout the directory structure. The following is an example of a BACKUP
- command used to remove files.
-
- $ BACKUP/DELETE PUBLIC:[...]/OWNER=[21,103] MTAO:PUBLICUIC.SAV
-
- This BACKUP command copies and deletes only those files owned by the specified
- UIC on disk PUBLIC. The files are copied into a save set named PUBLICUIC on
- device MTA0. Note that the BACKUP/DELETE command does not delete the
- directory files (file extension DIR) for the account.
-
- DISABLING A USER ACCOUNT
-
- If you want to disable an account w/out deleting it, set the disable user
- flag (/FLAGS=DISUSER) using AUTHORIZE. If the user is logged in, the account
- is diabled only after the user logs out.
-
- Disabling a powerful yet infrequently used account provides an extra security
- mesasure by eliminating the risk of guessed or stolen passwords.
-
- $EOF
-
- [OTHER WORLD BBS]
-