2.44 /TQELM
Specifies the total number of entries in the timer queue plus the
number of temporary common event flag clusters that the user can
have at one time. By default, a user can have 100.
2.45 /UIC
/UIC=value
Specifies the user identification code (UIC). The UIC value is
a group number in the range from 1 to 37776 (octal) and a member
number in the range from 0 to 177776 (octal), which are separated
by a comma and enclosed in brackets. VSI reserves group 1 and
groups 300-377 for its own use.
Each user must have a unique UIC. By default, the UIC value is
[200,200].
2.46 /WSDEFAULT
/WSDEFAULT=value
Specifies the default working set limit. This represents the
initial limit to the number of physical pages the process can
use. (The user can alter the default quantity up to WSQUOTA with
the DCL command SET WORKING_SET.) By default, a user has 4096
pagelets on Alpha and Integrity server systems.
The value cannot be greater than WSMAX. This quota value replaces
smaller values of PQL_MWSDEFAULT.
2.47 /WSEXTENT
/WSEXTENT=value
Specifies the working set maximum. This represents the maximum
amount of physical memory allowed to the process. The system
provides memory to a process beyond its working set quota only
when it has excess free pages. The additional memory is recalled
by the system if needed.
The value is an integer equal to or greater than WSQUOTA. By
default, the value is 16384 pagelets on Alpha and Integrity
server systems. The value cannot be greater than WSMAX. This
quota value replaces smaller values of
PQL_MWSEXTENT.
2.48 /WSQUOTA
/WSQUOTA=value
Specifies the working set quota. This is the maximum amount of
physical memory a user process can lock into its working set. It
also represents the maximum amount of swap space that the system
reserves for this process and the maximum amount of physical
memory that the system allows the process to consume if the
systemwide memory demand is significant.
The value cannot be greater than the value of WSMAX and cannot
exceed 8,192 pagelets on Alpha and Integrity server systems. This
quota value replaces smaller values of PQL_MWSQUOTA.
3 – Examples
1.UAF> ADD ROBIN /PASSWORD=SP0152/UIC=[014,006] -
_/DEVICE=SYS$USER/DIRECTORY=[ROBIN]/OWNER="JOSEPH ROBIN" /ACCOUNT=INV
%UAF-I-ADDMSG, user record successfully added
%UAF-I-RDBADDMSGU, identifier ROBIN value: [000014,000006] added to
RIGHTSLIST.DAT
%UAF-I-RDBADDMSGU, identifier INV value: [000014,177777] added to
RIGHTSLIST.DAT
This example illustrates the typical ADD command and
qualifiers. The resulting record from this command appears
in the description of the SHOW command.
2.UAF> ADD WELCH /PASSWORD=SP0158/UIC=[014,051] -
_/DEVICE=SYS$USER/DIRECTORY=[WELCH]/OWNER="ROB WELCH"/FLAGS=DISUSER -
_/ACCOUNT=INV/LGICMD=SECUREIN
%UAF-I-ADDMSG, user record successfully added
%UAF-I-RDBADDMSGU, identifier WELCH value: [000014,000051] added to
RIGHTSLIST.DAT
UAF> MODIFY WELCH/FLAGS=(RESTRICTED,DISNEWMAIL,DISWELCOME, -
_NODISUSER,EXTAUTH)/NODIALUP=SECONDARY/NONETWORK=PRIMARY -
/CLITABLES=DCLTABLES/NOACCESS=(PRIMARY, 9-16, SECONDARY, 18-8)
%UAF-I-MDFYMSG, user records updated
The commands in this example add a record for a restricted
account. Because of the number of qualifiers required, a MODIFY
command is used in conjunction with the ADD command. This helps
to minimize the possibility of typing errors.
In the ADD command line, setting the DISUSER flag prevents the
user from logging in until all the account parameters are set
up. In the MODIFY command line, the DISUSER flag is disabled
(by specifying NODISUSER) to allow access to the account.
The EXTAUTH flag causes the system to consider the user as
authenticated by an external user name and password, not by the
SYSUAF user name and password.
The record that results from these commands and an explanation
of the restrictions the record imposes appear in the
description of the SHOW command.
4 /IDENTIFIER
Adds an identifier to the rights database, RIGHTSLIST.DAT.
The ADD/IDENTIFIER command does not add a user account to the
authorization file, SYSUAF.
The ADD/ADD_IDENTIFIER command, however, adds a user account to
the authorization file, SYSUAF, and also adds an identifier to
the rights database, RIGHTSLIST.DAT.
Format
ADD/IDENTIFIER [id-name]
4.1 – Parameter
id-name
Specifies the name of the identifier to be added to the
rights database. If you omit the name, you must specify the
/USER qualifier. The identifier name is a string of 1 to 32
alphanumeric characters. The name can contain underscores and
dollar signs. It must contain at least one nonnumeric character.
4.2 – Qualifiers
4.2.1 /ATTRIBUTES
/ATTRIBUTES=(keyword[,...])
Specifies attributes to be associated with the new identifier.
The following keywords are valid:
DYNAMIC Allows unprivileged holders of the identifier to
remove and to restore the identifier from the
process rights list by using the DCL command SET
RIGHTS_LIST.
HOLDER_ Prevents people from getting a list of users who
HIDDEN hold an identifier, unless they own the identifier
themselves.
NAME_HIDDEN Allows holders of an identifier to have it
translated, either from binary to ASCII or from
ASCII to binary, but prevents unauthorized users
from translating the identifier.
NOACCESS Makes any access rights of the identifier null
and void. If a user is granted an identifier with
the No Access attribute, that identifier has no
effect on the user's access rights to objects. This
attribute is a modifier for an identifier with the
Resource or Subsystem attribute.
RESOURCE Allows holders of an identifier to charge disk
space to the identifier. Used only for file
objects.
SUBSYSTEM Allows holders of the identifier to create and
maintain protected subsystems by assigning the
Subsystem ACE to the application images in the
subsystem. Used only for file objects.
By default, none of these attributes is associated with the new
identifier.
4.2.2 /USER
/USER=user-spec
Scans the UAF record for the specified user and creates the
corresponding identifier. Specify user-spec by user name or
UIC. You can use the asterisk wildcard to specify multiple user
names or UICs. Full use of the asterisk and percent wildcards
is permitted for user names; UICs must be in the form [*,*],
[n,*], [*,n], or [n,n]. A wildcard user name specification (*)
creates identifiers alphabetically by user name; a wildcard UIC
specification ([*,*]) creates them in numerical order by UIC.
4.2.3 /VALUE
/VALUE=value-specifier
Specifies the value to be attached to the identifier. The
following formats are valid for the value-specifier:
IDENTIFIER:n An integer value in the range of 65,536 to
268,435,455. You can also specify the value in
hexadecimal (precede the value with %X) or octal
(precede the value with %O).
The system displays this type of identifier in
hexadecimal. To differentiate general identifiers
from UIC identifiers, the system adds %X80000000 to
the value you specify.
GID:n GID is the POSIX group identifier. It is an integer
value in the range 0 to 16,777,215 (%XFFFFFF).
The system will add %XA400.0000 to the value you
specify and then enter this new value into the
system RIGHTSLIST as an identifier.
UIC:uic A UIC value in standard UIC format consists of a
member name and, optionally, a group name enclosed
in brackets. For example, [360,031].
In numeric UICs, the group number is an octal
number in the range of 1 to 37776; the member
number is an octal number in the range of 0 to
177776. You can omit leading zeros when you are
specifying group and member numbers.
Regardless of the UIC format you use, the system
translates a UIC to a 32-bit numeric value.
Alphanumeric UICs are not allowed.
Typically, system managers add identifiers as UIC values to
represent system users; the system applies identifiers in integer
format to system resources.
4.3 – Examples
1.UAF> ADD/IDENTIFIER/VALUE=UIC:[300,011] INVENTORY
%UAF-I-RDBADDMSGU, identifier INVENTORY value: [000300,000011]
added to RIGHTSLIST.DAT
The command in this example adds an identifier named INVENTORY
to the rights database. By default, the identifier is not
marked as a resource.
2.UAF> ADD/IDENTIFIER/ATTRIBUTES=(RESOURCE) -
_/VALUE=IDENTIFIER:%X80011 PAYROLL
%UAF-I-RDBADDMSGU, identifier PAYROLL value: %X80080011 added to
RIGHTSLIST.DAT
This command adds the identifier PAYROLL and marks it as a
resource. To differentiate identifiers with integer values
from identifiers with UIC values, %X80000000 is added to the
specified code.
5 /PROXY
Adds an entry to the network proxy authorization files,
NETPROXY.DAT and NET$PROXY.DAT, and signals DECnet to update
its volatile database. Proxy additions take effect immediately on
all nodes in a cluster that share the proxy database.
Format
ADD/PROXY node::remote-user local-user[,...]
5.1 – Parameters
node
Specifies a DECnet node name. If you provide a wildcard character
(*), the specified remote user on all nodes is served by the
account defined as local-user.
remote-user
Specifies the user name of a user at a remote node. If you
specify an asterisk, all users at the specified node are served
by the local user.
For systems that are not OpenVMS and that implement DECnet,
specifies the UIC of a user at a remote node. You can specify
a wildcard character (*) in the group and member fields of the
UIC.
local-user
Specifies the user names of 1 to 16 users on the local node. If
you specify an asterisk, a local-user name equal to remote-user
name will be used.
5.2 – Positional Quals.
5.2.1 /DEFAULT
Establishes the specified user name as the default proxy account.
The remote user can request proxy access to an authorized account
other than the default proxy account by specifying the name of
the proxy account in the access control string of the network
operation.
5.3 – Examples
1.UAF> ADD/PROXY SAMPLE::WALTER ROBIN/DEFAULT
%UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT
Specifies that user WALTER on remote node SAMPLE has proxy
access to user ROBIN's account on local node AXEL. Through
proxy login, WALTER receives the default privileges of user
ROBIN when he accesses node AXEL remotely.
2.UAF> ADD/PROXY MISHA::* MARCO/DEFAULT, OSCAR
%UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT
Specifies that any user on the remote node MISHA can, by
default, use the MARCO account on the local node for DECnet
tasks such as remote file access. Remote users can also access
the OSCAR proxy account by specifying the user name OSCAR in
the access control string.
3.UAF> ADD/PROXY MISHA::MARCO */DEFAULT
%UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT
Specifies that user MARCO on the remote node MISHA can use only
the MARCO account on the local node for remote file access.
4.UAF> ADD/PROXY TAO::MARTIN MARTIN/D,SALES_READER
%UAF-I-NAFADDMSG, proxy from TAO:.TWA.RAN::MARTIN to MARTIN added
%UAF-I-NAFADDMSG, proxy from TAO:.TWA.RAN::MARTIN to SALES_READER
added
Adds a proxy from TAO::MARTIN to the local accounts MARTIN (the
default) and SALES_READER on a system running DECnet-Plus.