HP 3000 Manuals HP 3000 Manuals
ALTUSER
Changes the attributes currently defined for a user.
Syntax
ALTUSER username[.acctname] [;PASS=[password]][;CAP=[capabilitylist]]
[;MAXPRI=[subqueuename]][;LOCATTR=[localattribute]]
[;HOME=[homegroupname]] [;UID=[uid]] [;USERPASS=[req][Expired]]
[ [opt] ]
The USERPASS parameter is only available if the HP Security Monitor has
been installed.
Parameters
username The name assigned to the user within a logon
account.
acctname The account in which the user is to reside. System
manager (SM) capability is required to use this
parameter.
password The password to be assigned to the user. If
password is omitted, any existing password is
removed. If PASS= is omitted, any existing
password is unchanged.
capabilitylist Either 1) a list of capabilities, separated by
commas, permitted to this user, or 2) a list of
additions and/or deletions to be applied to the
user's existing set of capabilities. Additions and
deletions are specified by a "+" or "-" immediately
followed by the capability to add or delete,
separated by commas.
If "+"/"-" is to be specified in the list, then the
list must begin with "+" or "-". For example,
CAP=+MR,-PH is legal, but CAP=MR,-PH is not. It is
not necessary to prefix each capability to be added
or deleted with "+" / "-", as the occurrence of "+"
/ "-" indicates an action that remains in
effect until the indicator changes. For
example, CAP=+MR,PH,-PM,DS is equivalent to
CAP=+MR,+PH,-PM,-DS.
The capabilities allowed to users are restricted by
the capabilities assigned to the user's account.
If a capability is absent at the account level,
users within the account are also denied that
capability, whether or not it is explicitly
assigned to them.
Each capability is denoted by a two-letter mnemonic
as follows:
System Manager = SM
Account Manager = AM
Account Librarian = AL
Group Librarian = GL
Diagnostician = DI
System Supervisor = OP
Network Administrator = NA
Node Manager = NM
Save Files = SF
Access to Nonshareable
I/O Devices = ND
Use Volumes = UV
Create Volumes = CV
Use Communication
Subsystem CS
Programmatic Sessions = PS
User Logging = LG
Process Handling = PH
Extra Data Segments = DS
Multiple RINs = MR
Privileged Mode = PM
Interactive Access = IA
Batch Access = BA
Programmatic Sessions = PS
Default is SF, ND, IA, and BA. Note that CV
automatically gives the user UV capability, and
removal of UV results in automatic removal of CV.
subqueuename The name of the highest priority subqueue that may
be requested by any process of any job/session
initiated by the user. This parameter is specified
as AS, BS, CS, DS, or ES, but cannot be greater
than that specified with the NEWACCT or ALTACCT
commands. The subqueuename defined for the user is
checked against the subqueuename defined for the
account at logon, and the lower priority of the two
is used as the maximum priority restricting all
processes of the job/session. Also, the priority
requested by the user at logon is checked against
the subqueuename defined for the user, and the user
is granted the lower of these two values. Default
is CS.
CAUTION Processes capable of executing in the AS or BS subqueues can
deadlock the system. By assigning nonpriority processes to
these subqueues, you may prevent critical system processes from
executing. Exercise extreme care when assigning processes to
the AS or BS subqueue.
localattribute Defined at the installation site, this arbitrary
double word bit map is used to further classify
users. While it is not part of standard MPE/iX
security provisions, programmers may define it
(through the WHO intrinsic) to enhance the security
of their own programs. The bit map for the user
local attributes must be a subset of the bit map
for the account local attributes. The ALTUSER
command checks the local attributes of the user
with those of the account. Default is double word
0 (null).
homegroupname The name of an existing group assigned as the home
group for this user. The first user established
when an account is created, by default, has PUB
assigned as the home group. Subsequent new users,
by default, have no home group assigned. If no
home group is assigned, the user must always
specify an existing group when logging on.
uid User ID to be altered for the account manager in
the user database. The uid parameter must be a
unique positive (non-zero) 32-bit integer.
Req USERPASS=REQ specifies that all users in the
account must have a non-blank password. It is
available only if the HP Security Monitor has been
installed.
Opt USERPASS=OPT specifies that users in this account
may or may not have passwords. If you do not use
the USERPASS parameter, the old value remains. It
is available only if the HP Security Monitor has
been installed.
Expired The password expires immediately. The user cannot
logon without selecting a new password. It is only
available if the HP Security Monitor has been
installed.
Operation Notes
The ALTUSER command allows the account manager to change the password,
capabilities, processing subqueue, security checking, and home group
currently defined for a user. More than one of these attributes may be
changed at a time, by entering multiple keyword parameters on a single
command line, using the semicolon (;) delimiter.
To change an attribute, enter the keyword and its new value. When an
entire keyword parameter group is omitted from the ALTUSER command, the
corresponding value for the user remains unchanged. When a keyword is
included, but the corresponding parameter is omitted (as in PASS=Return),
a default value is assigned as shown in table Table 2-4 .
Table 2-4. Default Values for the ALTUSER Command
--------------------------------------------------------------------------------------------
| | |
| Parameter | Default Values |
| | |
--------------------------------------------------------------------------------------------
| | |
| password | NULL password |
| | |
| capabilitylist | SF, ND, IA, and BA (provided these capabilities have been |
| | specified for the account) |
| | |
| subqueuename | CS |
| | |
| localattribute | 0 (null) |
| | |
| homegroupname | The first user established when the account is created has PUB |
| | assigned as home group. Subsequent users have no group assigned |
| | as home. If a user has no home group assigned, an existing |
| | group must be specified when initiating a job or a session. |
| | |
--------------------------------------------------------------------------------------------
When a parameter is modified with the ALTUSER command, it is immediately
registered in the directory. However, it does not affect users who are
currently logged on to the system. They are affected the next time they
log on to the same user name and account. For this reason, warn users in
advance of any intended changes.
Avoid changing the capabilitylist or homegroupname of the user
MANAGER.SYS. SM capability cannot be taken away from MANAGER.SYS.
ALTUSER will not allow a user with AM capability to remove AM from their
own capability list. However, a user with AM can remove AM from the
capability list of another AM user inside the same account.
Use
This command may be issued from a session, a job, a program, or in break
mode. Pressing Break has no effect on this command. Account manager
(AM) capability is required to use this command. System manager (SM)
capability is required to specify a user in an account other than your
own.
Examples
Suppose an account's capabilities are AM, AL, GL, SF, ND, PH, DS, MR, IA,
and BA. To change the capabilitylist of the user JONES from IA, BA, SF,
PH, DS to include multiple RIN (MR) capability, enter:
ALTUSER JONES;CAP=IA,BA,SF,PH,DS,MR
To alter two attributes, password and subqueuename, for user JONES enter:
ALTUSER JONES;PASS=JJ;MAXPRI=DS
Related Information
Commands ALTACCT, ALTGROUP, LISTUSER, NEWACCT, NEWUSER
Manuals Performing System Management Tasks (32650-90004)