HPlogo MPE/iX Commands Reference Manual: HP 3000 MPE/iX Computer Systems > Chapter 2 Command Definitions A-B

ALTACCT
» 

Technical documentation

Complete book in PDF
» Feedback

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Changes the attributes of an existing account.

Syntax

ALTACCT acctname [ ;PASS=[ password] ] [ ;FILES=[ filespace]] [ ;CPU=[ cpu]] 
[ ;CONNECT=[ connect] ] [ ;CAP=[ capabilitylist] ] [ ;ACCESS=[ (fileaccess)]] 
[ ;MAXPRI=[ subqueuename] ] [ ;LOCATTR=[ localattribute] ] 
[ ;ONVS=volumesetname] [ ;USERPASS=[ {REQ | OPT } ] ] (1)

(1) The USERPASS parameter is only available if the HP Security Monitor has been installed.

Parameters

acctname

The name of the account to be altered.

password

The password to be assigned to the account. If you omit password, any existing password is removed. If you omit PASS=, any existing password is unchanged.

filespace

Disk storage limit, in sectors, for the permanent files in the account. The filespace limit cannot be less than the number of sectors currently in use for the account.

cpu

The limit on cumulative CPU-time, in seconds, for the account. This limit is checked only when a job or session is initiated, and, therefore, never causes the job or session to abort. The maximum value allowed is 2,147,483,647 seconds. You may set the counter to zero with the RESETACCT command.

connect

The limit on total cumulative session connect-time, in minutes, allowed the account. This limit is checked at logon. Every time the process terminates the counter is updated. The maximum value allowed is 2,147,483,647 minutes. You may reset the counter to zero with the RESETACCT command.

capabilitylist

Either 1) a list of capabilities, separated by commas, permitted the account, or 2) a list of additions and/or deletions to be applied to the account's existing set of capabilities. Additions and deletions are specified by a "+" or "-" immediately followed by the capability to add or delete, separated by commas.

If "+"/"-" is to be specified in the list, then the list must begin with "+" or "-". For example, CAP=+MR,-PH is legal, but CAP=MR,-PH is not. It is not necessary to prefix each capability to be added or deleted with "+" / "-", as the occurrence of "+" / "-" indicates an action that remains in effect until the indicator changes. For example, CAP=+MR,PH,-PM,DS is equivalent to CAP=+MR,+PH,-PM,-DS

If a capability is removed at the account level, users within the account are also denied that capability. No explicit change to the user's capabilities is necessary. Similarly, if a capability is returned to the account, any users with that capability regain it automatically.

Each capability is denoted by a two letter mnemonic, as follows:

  System Manager     =  SM
  Account Manager     =  AM
  Account Librarian    =  AL
  Group Librarian     =  GL
  Diagnostician      =  DI
  System Supervisor    =  OP
  Network Administrator  =  NA
  Node Manager      =  NM
  Save Files       =  SF
  Access to Nonshareable
  I/O Devices      =  ND
 
  Use Volumes       =  UV
 
  Use Communication
  Subsystem       =  CS
  Programmatic Sessions  =  PS
  User Logging      =  LG
  Process Handling    =  PH
  Extra Data Segments   =  DS
  Multiple RINs      =  MR
  Privileged Mode     =  PM
  Interactive Access   =  IA
  Batch Access      =  BA

Default is AM, AL, GL, SF, ND, IA, BA, except for the SYS account. The SYS account has no true default. It is assigned the maximum account capabilities when the system is delivered and, under normal circumstances, should not be altered.

If a capability is taken away from an account, it is unavailable to users in that account. However, users are not affected by this change until they log off and then log back on.

fileaccess

The restrictions on file access pertinent to this account. Default is R,L,A,W,X:AC, entered as follows:

([{ R | L | A | W | X } [ ,...] : { ANY | AC } ] [ ;...] )

The R, L, A, W, and/or X specify modes of access by types of users (ANY and/or AC ) as follows:

  R = READ
  L = LOCK 
  A = APPEND 
  W = WRITE 
  X = EXECUTE

LOCK allows exclusive access to the file. APPEND implicitly specifies LOCK. WRITE implicitly specifies APPEND and LOCK.

The user types are specified as follows.

  ANY = Any user
  AC = Member of this account only
subqueuename

Name of the highest priority subqueue that can be requested by any process of any job/session in the account, specified as AS, BS, CS, DS, or ES. When you specify ;MAXPRI= without a value, subqueuename defaults to CS.

CAUTION: User processes executing in the AS or BS subqueues can deadlock the system. If you assign these subqueues to nonpriority processes, other critical system processes may be prevented from executing. Exercise extreme caution when choosing subqueues.
localattribute

Local attribute of the account, as defined at the installation site. This is a double-word bit map, of arbitrary meaning, that might be used to further classify accounts. While it is not involved in standard MPE/iX security provisions, it is available to processes through the WHO intrinsic. Programmers may use localattribute in their own programs to provide security. Default is double word 0 (null).

volume- setname

The MPE/iX volume set in which the account is to be altered. This volume set must be already defined and recognized by the system. When ONVS=volumesetname is specified, the volume set directory is assumed. When ONVS= is specified without volumesetname, the system directory is assumed.

MPE/iX volume set names consist of from 1 to 32 characters, beginning with an alphabetic character. The remaining characters may be alphabetic, numeric, the underscore, or periods.

This parameter only works with the FILES parameter (all other parameters are ignored).

REQ

USERPASS=REQ specifies that all users in the account must have a non-blank password. It is available only if the HP Security Monitor has been installed.

OPT

USERPASS=OPT specifies that users in this account may or may not have passwords. If you do not use the USERPASS parameter, the old value remains. It is available only if the HP Security Monitor has been installed.

Operation Notes

The system manager uses the ALTACCT command to change the attributes of an existing account. You may enter multiple keywords on a single command line as shown in "Examples." When you change one capability in a capabilitylist that contains several nondefault values, you must specify the entire new %capabilitylist. When you omit an entire keyword parameter group from the ALTACCT command, that parameter remains unchanged for the account. When you include a keyword, but omit the corresponding parameter (for example, PASS= Return), the default value is assigned. Table 2-2 lists the default values for the ALTACCT command.

Table 2-2 “Default Parameters for the ALTACCT Command” shos the defalut parameters for the ALTACCT Command.

Table 2-2 Default Parameters for the ALTACCT Command

ParameterDefault Values
passwordNo password
filespaceUnlimited
cpuUnlimited
connectUnlimited
capabilitylistAM, AL, GL, SF, ND, IA, BA (All accounts except SYS)
 SM, AM, AL, GL, DI, OP, SF, ND, PH, DS, MR, PM (SYS account only)
fileaccess(R,A,W,L,X:AC) (All accounts except SYS)
 (R,X:ANY;A,W,L:AC) (SYS account only)
subqueuenameCS subqueue
localattribute0 (null)

 

Any value changed with the ALTACCT command takes effect the next time MPE/iX is requested to check the value. If an attribute is removed from an account while users are logged on, they are not affected until they log off their current job or session and log on again. MPE/iX does not automatically generate a message informing users of the change; it is your responsibility to warn account members in advance of any changes. If you take a capability away from an account, all account members and groups within the account are denied the capability the next time that they log onto the account.

You cannot remove system manager (SM) capability from the SYS account or account manager (AM) capability from any account. From within any account, you can remove AM capability from all but one (the last) of the users assigned it. It is possible, however, to remove AM capability from all users in an account, but only if you do so from another account that has SM capability.

NOTE: If you specify volume-related commands or parameters for a volume set that is not currently mounted, or for an account that does not exist, MPE/iX returns an error message.

Use

This command may be issued from a session, job, program, or in BREAK. Pressing Break has no effect on this command. System manager (SM) capability is required to use this command.

Examples

To change an account named AC2 so that its password is GLOBALX, and its filespace is limited to 50,000 sectors, enter:

  ALTACCT AC2;PASS=GLOBALX;FILES=50000

To change the password and the file space of an account called MALCHIOR in the volume set TIME_LORD, you need to issue two commands:

  ALTACCT MALCHIOR;PASS=OMSBOROS
  ALTACCT MALCHIOR;ONVS=TIME_LORD;FILES=20000

You must specify the changes for the system volume set (the first command) and for the volume set itself (the second command). Specifying a volumesetname limits the user to changing only FILES in the second command.

Related Information

Commands

ALTGROUP, ALTUSER, LISTACCT, LISTGROUP, LISTUSER, NEWACCT, NEWGROUP, NEWUSER, RESETACCT

Manuals

Performing System Management Tasks



ALLOW
  		 


ALTFILE  
Feedback to webmaster