HPlogo MPE/iX Commands Reference Manual: HP 3000 MPE/iX Computer Systems > Chapter 5 Command Definitions L-O

NEWACCT
» 

Technical documentation

Complete book in PDF
» Feedback

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Creates a new account with an associated account manager and PUB group.

Syntax

NEWACCT acctname,mgrname [;PASS=[password]] [;FILES=[filespace]] [;CPU=[cpu]] [;CONNECT=[connect]] [;CAP=[capabilitylist]] [;ACCESS=[fileaccess]] [;MAXPRI=[subqueuename]] [;LOCATTR=[localattribute]] [;ONVS=volumesetname] [;GID=[gid]] [;UID=[uid]] [;USERPASS=[{ REQ OPT }]]

The USERPASS parameter is only available if the HP Security Monitor has been installed.

Parameters

acctname

Name to be assigned to the new account. This name must contain from one to eight alphanumeric characters, beginning with an alphabetic character.

mgrname

Name of the account manager. This is always the first user created under the account. Table 5-6 “Account Manager Default Capabilities” lists the default capabilities assigned to an account manager.

Table 5-6 Account Manager Default Capabilities

AttributeDefault
passwordNone
capabilitylistSame as the account capability
subqueuenameSame as the account maximum priority
localattributeSame as account local attributes
Home GroupPUB
UIDA unique identifier
GIDA unique identifier

 

The attributes of an account manager may be changed with the ALTUSER command after mgrname is defined. However, in no case is this user granted attributes greater than those assigned the account.

password

Account password, used for verifying logon access only. This password must contain from one to eight alphanumeric characters, beginning with an alphabetic character. Default is that no password is assigned.

filespace

Disk storage limit, in sectors, for the permanent files of the account. The maximum value you may define is 2,147,483,647 sectors. Default is unlimited file space.

cpu

Limit on total CPU-time, in seconds, for this account. This limit is checked only when a job or session is initiated, and so the limit never causes the job or session to abort. The maximum value you may define with NEWACCT is 2,147,483,647 seconds. Default is that no limit is assigned.

connect

Limit on total session connect-time, in minutes, allowed the account. This limit is checked at logon, and when the job or session initiates a new process. The maximum value you may define is 2,147,483,647 minutes. Default is that no limit is assigned.

capabilitylist

The list of capabilities, separated by commas, permitted this account. Each capability is denoted by a two letter mnemonic, as follows:

  System Manager  = SM
  Account Manager = AM
  Account Librarian   = AL
  Group Librarian = GL
  Diagnostician  = DI
  System Supervisor   = OP
  Network Administrator = NA
  Node Manager   = NM
  Save Files = SF
  Access to Nonshareable
   I/O Devices  = ND
  Use Volumes   = UV
  Create Volumes  = CV
  Use Communication
   Subsystem   = CS
  Programmatic Sessions = PS
  User Logging   = LG
  Process Handling = PH
  Extra Data Segments  = DS
  Multiple RINs  = MR
  Privileged Mode = PM
  Interactive Access  = IA
  Batch Access   = BA

Default is AM, AL, GL, SF, ND, IA, BA.

fileaccess

The restriction on file access pertinent to this account. Default is R,L,A,W,X:AC, where R, L, A, W, and X specify modes of access by types of users (ANY, AC, GU, AL, GL, CR) as follows:

  R  =  Read
  L  =  Lock 
  A  =  Append 
  W  =  Write 
  X  =  Execute
  S  =  Save

LOCK allows exclusive access to the file. APPEND implicitly specifies LOCK. WRITE implicitly specifies APPEND.

The user types are specified as follows:

  ANY =  Any user
  AC =  Member of this account only
  GU =  Member of this group only
  AL =  Account librarian user only
  GL =  Group librarian user only
  CR =  Creating user only

The default is no security restrictions at the account level. Two or more user types may be specified if they are separated by commas.

subqueuename

The name of the subqueue of highest priority that can be requested by any process of any job/session in the account. This parameter is specified as AS, BS, CS, DS, or ES.

CAUTION: Processes capable of executing in the AS or BS subqueues can deadlock the system. Assigning nonpriority system and user processes to these subqueues can prevent critical processes from executing. Exercise extreme caution when assigning processes to these subqueues.
localattribute

The local attribute of the account, as defined at the installation site. This is a double word bit map used to further classify accounts. While it is not part of standard MPE/iX security provisions, programmers may define local attributes (which are checked by the WHO intrinsic) to enhance the security of their software. Default is double word 0.

ONVS

Specifies a particular volume set on which the account is to be built. It must be a volume set already defined and recognized by the system. A NEWACCT must be specified twice, once without the ONVS parameter, and once with it. The first NEWACCT builds the account on the system volume set (from which the account is accessed). The second NEWACCT builds the account on the volume set where files in this account will exist.

The only other parameter that works with ONVS is the FILES parameter.

volume- setname

Volume set names consist of from 1 to 32 characters, beginning with an alphabetic character. The remaining characters may be alphabetic, numeric, the underscore, and periods.

If you specify a volumesetname, you must specify the full name of the volume set. When ONVS=volumesetname is specified, the volume set directory is assumed. When ONVS= is specified without volumesetname, the system directory is assumed.

gid

Group ID to be added to the group database. The gid must be an unique positive (non-zero) 32-bit integer. Default is for MPE to create a value. Duplicate id numbers are not allowed.

uid

User ID to be created for the account manager in the user database. The uid must be an unique positive (non zero) 32-bit integer. Default is for MPE to create a value. Duplicate id numbers are not allowed. The uid is associated to the manager of the account.

REQ

Specifies that all users in the account are to have non-blank passwords. If you require user passwords, MPE/iX assigns the account manager a blank, expired password. The account manager must select a new password the first time the Manager logs on. It is available only if the HP Security Monitor has been installed.

OPT

Specifies that users of the account may or may not have passwords. This is the default. It is available only if the HP Security Monitor has been installed.

Operation Notes

The NEWACCT command may be executed only by the System Manager. The System Manager is responsible for establishing the accounting structure best suited to the computer installation.

When a keyword is specified, but its corresponding parameter is omitted (as in ACCESS= Return), the default value for that keyword is assigned (in this case, R,L,A,W,X:AC). The default is also assigned when an entire keyword parameter group (such as ACCESS=fileaccess) is omitted.

After the System Manager creates accounts and designates account managers for those accounts, the new account managers may log on and redefine their own attributes and those of their PUB groups. Account managers can also define new users and groups. The capabilities and attributes that the account manager assigns to groups and users cannot exceed those assigned to the account itself by the system manager. For example, if the system manager does not assign the account DS capability, no users in the account are permitted DS capability (which prohibits them from linking programs that use extra data segments).

The PUB group is initially assigned the same capability class attributes, permanent file space limit, CPU limit, and connect-time limit as the account, but no password. Its initial security allows READ and EXECUTE access to all users who successfully log on to the account, and APPEND, WRITE, LOCK, and SAVE access to account librarian (AL) and group users (GU) only. These access provisions are (R,X:ANY;A,W,L,S:AL,GU).

NOTE: If you specify volume-related commands or parameters for a volume set that is not currently mounted, or for an account that does not exist, MPE/iX returns an error message.

Use

This command may be issued from a session, a job, a program, or in BREAK. Pressing Break has no effect on this command. System manager (SM) capability is required to use this command.

Examples

To create an account with the account name ACI, and the account manager name MNGR, with all other parameters assigned by default, enter:

  NEWACCT ACI,MNGR

To create the account DOCTOR on the system volume set, with the manager named WHO, and on the volume set called MY_VOL, you must create it with two parallel commands:

  NEWACCT DOCTOR,WHO;CAP=IA,BA,GL,AM,AL
  NEWACCT DOCTOR,WHO;ONVS=MY_VOL

The second command connects the accounting structures established on the system volume and on the volume set. By default, however, the PUB group of this account is on the system volume set.

To place the PUB group on the volume set MY_VOL, you need to use the PUB parameter in the first command:

  NEWACCT DOCTOR,WHO;CAP=IA,BA,SF,ND,GL,AM,AL
  NEWACCT DOCTOR,WHO;ONVS=MY_VOL
  ALTGROUP PUB.DOCTOR;HOMEVS=MY_VOL

To create the account DOCTOR on the system volume set, with the manager named WHO, and a UID of 150 and a GID of 120, enter:

  NEWACCT DOCTOR,WHO;UID=150;GID=120;CAP=IA,BA,SF,ND,GL,AM,AL

Related Information

Commands

ALTACCT, ALTUSER, LISTACCT, NEWGROUP, NEWUSER, PURGEACCT, REPORT, DISKUSE

Manuals

Native Mode Spooler Reference Manual(32650-90166)



MOUNT
  		 


NEWDIR  
Feedback to webmaster