HP 3000 Manuals HP 3000 Manuals
NEWACCT
Creates a new account with an associated account manager and PUB group.
Syntax
NEWACCT acctname,mgrname [;PASS=[password]][;FILES=[filespace]][;CPU=[cpu]]
[;CONNECT=[connect]][;CAP=[capabilitylist]]
[;ACCESS=[fileaccess]][;MAXPRI=[subqueuename]]
[;LOCATTR=[localattribute]][;ONVS=volumesetname] [;GID=[gid]][;UID=[uid]]
[;USERPASS=[{REQ}]]
[ [{OPT}]]
The USERPASS parameter is only available if the HP Security Monitor has
been installed.
Parameters
acctname Name to be assigned to the new account. This name
must contain from one to eight alphanumeric
characters, beginning with an alphabetic character.
mgrname Name of the account manager. This is always the
first user created under the account. Table Table
2-21 lists the default capabilities assigned to
an account manager.
Table 2-21. Account Manager Default Capabilities
---------------------------------------------------------------------------------------------
| | |
| Attribute | Default |
| | |
---------------------------------------------------------------------------------------------
| | |
| password | None |
| | |
- -
| | |
| capabilitylist | Same as the account capability |
| | |
- -
| | |
| subqueuename | Same as the account maximum priority |
| | |
- -
| | |
| localattribute | Same as account local attributes |
| | |
- -
| | |
| Home Group | PUB |
| | |
- -
| | |
| UID | A unique identifier |
| | |
- -
| | |
| GID | A unique identifier |
| | |
---------------------------------------------------------------------------------------------
The attributes of an account manager may be changed
with the ALTUSER command after mgrname is defined.
However, in no case is this user granted attributes
greater than those assigned the account.
password Account password, used for verifying logon access
only. This password must contain from one to eight
alphanumeric characters, beginning with an
alphabetic character. Default is that no password
is assigned.
filespace Disk storage limit, in sectors, for the permanent
files of the account. The maximum value you may
define is 2,147,483,647 sectors. Default is
unlimited file space.
cpu Limit on total CPU-time, in seconds, for this
account. This limit is checked only when a job or
session is initiated, and so the limit never causes
the job or session to abort. The maximum value you
may define with NEWACCT is 2,147,483,647 seconds.
Default is that no limit is assigned.
connect Limit on total session connect-time, in minutes,
allowed the account. This limit is checked at
logon, and when the job or session initiates a new
process. The maximum value you may define is
2,147,483,647 minutes. Default is that no limit is
assigned.
capabilitylist The list of capabilities, separated by commas,
permitted this account. Each capability is denoted
by a two letter mnemonic, as follows:
System Manager = SM
Account Manager = AM
Account Librarian = AL
Group Librarian = GL
Diagnostician = DI
System Supervisor = OP
Network Administrator = NA
Node Manager = NM
Save Files = SF
Access to Nonshareable
I/O Devices = ND
Use Volumes = UV
Create Volumes = CV
Use Communication
Subsystem = CS
Programmatic Sessions = PS
User Logging = LG
Process Handling = PH
Extra Data Segments = DS
Multiple RINs = MR
Privileged Mode = PM
Interactive Access = IA
Batch Access = BA
Default is AM, AL, GL, SF, ND, IA, BA.
fileaccess The restriction on file access pertinent to this
account. Default is R,L,A,W,X:AC, where R, L, A,
W, and X specify modes of access by types of users
(ANY, AC, GU, AL, GL, CR) as follows:
R = Read
L = Lock
A = Append
W = Write
X = Execute
S = Save
LOCK allows exclusive access to the file. APPEND
implicitly specifies LOCK. WRITE implicitly
specifies APPEND.
The user types are specified as follows:
ANY = Any user
AC = Member of this account only
GU = Member of this group only
AL = Account librarian user only
GL = Group librarian user only
CR = Creating user only
The default is no security restrictions at the
account level. Two or more user types may be
specified if they are separated by commas.
subqueuename The name of the subqueue of highest priority that
can be requested by any process of any job/session
in the account. This parameter is specified as AS,
BS, CS, DS, or ES.
CAUTION Processes capable of executing in the AS or BS subqueues can
deadlock the system. Assigning nonpriority system and user
processes to these subqueues can prevent critical processes from
executing. Exercise extreme caution when assigning processes to
these subqueues.
localattribute The local attribute of the account, as defined at
the installation site. This is a double word bit
map used to further classify accounts. While it is
not part of standard MPE/iX security provisions,
programmers may define local attributes (which are
checked by the WHO intrinsic) to enhance the
security of their software. Default is double word
0.
ONVS Specifies a particular volume set on which the
account is to be built. It must be a volume set
already defined and recognized by the system. A
NEWACCT must be specified twice, once without the
ONVS parameter, and once with it. The first
NEWACCT builds the account on the system volume set
(from which the account is accessed). The second
NEWACCT builds the account on the volume set where
files in this account will exist.
The only other parameter that works with ONVS is
the FILES parameter.
volume- setname Volume set names consist of from 1 to 32
characters, beginning with an alphabetic character.
The remaining characters may be alphabetic,
numeric, the underscore, and periods.
If you specify a volumesetname, you must specify
the full name of the volume set. When
ONVS=volumesetname is specified, the volume set
directory is assumed. When ONVS= is specified
without volumesetname, the system directory is
assumed.
gid Group ID to be added to the group database. The
gid must be an unique positive (non-zero) 32-bit
integer. Default is for MPE to create a value.
Duplicate id numbers are not allowed.
uid User ID to be created for the account manager in
the user database. The uid must be an unique
positive (non zero) 32-bit integer. Default is for
MPE to create a value. Duplicate id numbers are
not allowed. The uid is associated to the manager
of the account.
REQ Specifies that all users in the account are to have
non-blank passwords. If you require user
passwords, MPE/iX assigns the account manager a
blank, expired password. The account manager must
select a new password the first time the Manager
logs on. It is available only if the HP Security
Monitor has been installed.
OPT Specifies that users of the account may or may not
have passwords. This is the default. It is
available only if the HP Security Monitor has been
installed.
Operation Notes
The NEWACCT command may be executed only by the System Manager. The
System Manager is responsible for establishing the accounting structure
best suited to the computer installation.
When a keyword is specified, but its corresponding parameter is omitted
(as in ACCESS= Return), the default value for that keyword is assigned
(in this case, R,L,A,W,X:AC). The default is also assigned when an entire
keyword parameter group (such as ACCESS=fileaccess) is omitted.
After the System Manager creates accounts and designates account managers
for those accounts, the new account managers may log on and redefine
their own attributes and those of their PUB groups. Account managers can
also define new users and groups. The capabilities and attributes that
the account manager assigns to groups and users cannot exceed those
assigned to the account itself by the system manager. For example, if
the system manager does not assign the account DS capability, no users in
the account are permitted DS capability (which prohibits them from
linking programs that use extra data segments).
The PUB group is initially assigned the same capability class attributes,
permanent file space limit, CPU limit, and connect-time limit as the
account, but no password. Its initial security allows READ and EXECUTE
access to all users who successfully log on to the account, and APPEND,
WRITE, LOCK, and SAVE access to account librarian (AL) and group users
(GU) only. These access provisions are (R,X:ANY;A,W,L,S:AL,GU).
NOTE If you specify volume-related commands or parameters for a volume
set that is not currently mounted, or for an account that does not
exist, MPE/iX returns an error message.
Use
This command may be issued from a session, a job, a program, or in BREAK.
Pressing Break has no effect on this command. System manager (SM)
capability is required to use this command.
Examples
To create an account with the account name ACI, and the account manager
name MNGR, with all other parameters assigned by default, enter:
NEWACCT ACI,MNGR
To create the account DOCTOR on the system volume set, with the manager
named WHO, and on the volume set called MY_VOL, you must create it with
two parallel commands:
NEWACCT DOCTOR,WHO;CAP=IA,BA,GL,AM,AL
NEWACCT DOCTOR,WHO;ONVS=MY_VOL
The second command connects the accounting structures established on the
system volume and on the volume set. By default, however, the PUB group
of this account is on the system volume set.
To place the PUB group on the volume set MY_VOL, you need to use the PUB
parameter in the first command:
NEWACCT DOCTOR,WHO;CAP=IA,BA,SF,ND,GL,AM,AL
NEWACCT DOCTOR,WHO;ONVS=MY_VOL
ALTGROUP PUB.DOCTOR;HOMEVS=MY_VOL
To create the account DOCTOR on the system volume set, with the manager
named WHO, and a UID of 150 and a GID of 120, enter:
NEWACCT DOCTOR,WHO;UID=150;GID=120;CAP=IA,BA,SF,ND,GL,AM,AL
Related Information
Commands ALTACCT, ALTUSER, LISTACCT, NEWGROUP, NEWUSER, PURGEACCT,
REPORT, DISKUSE
Manuals Native Mode Spooler Reference Manual (32650-90166)