Generated from C.60.01 /SYS/PUB/CICAT last modified on Thu Jan 11 09:18:52 2001
Changes the attributes of an existing account. You must have System Manager (SM) capability to use this command. (CM)
ALTACCT acctname [;PASS=[password]] [;FILES=[filespace]] [;CPU=[cpu]] [;CONNECT=[connect]] [;CAP=[capabilitylist]] [;ACCESS=[(fileaccess)]] [;MAXPRI=[subqueuename]] [;LOCATTR=[localattribute]] [;ONVS=volumesetname] [;USERPASS=[{REQ}]] (1) {OPT} (1) The USERPASS parameter is only available if the HP Security Monitor has been installed
acctname The name of the account to be altered. password Account password (used only for verifying logon access). If ;PASS is omitted, no change is made. If you omit password, the existing password is removed. filespace Disk storage limit, in sectors, for the permanent files in the account. The filespace limit cannot be less than the number of sectors currently in use for the account. Default is unlimited file space, which may be specified by omitting the ;FILES parameter, or by specifying ;FILES=[Return]. cpu The limit on cumulative CPU time, in seconds, for the account. This limit is checked only when a job or session is initiated, and, therefore, never causes the job or session to abort. The maximum value allowed is 2,147,483,647 seconds. Default is unlimited CPU time. The counter may be set to zero with the RESETACCT command. connect The limit on total cumulative session connect time, in minutes, allowed the account. This limit is checked at logon and every time the process terminates the counter is updated. The maximum value allowed is 2,147,483,647 minutes. Default is unlimited connect time. The counter may be set to zero with the RESETACCT command. capabilitylist Either 1) a list of capabilities, separated by commas, permitted the account, or 2) a list of additions and/or deletions to be applied to the account's existing set of capabilities. Additions and deletions are specified by a "+" or "-" immediately followed by the capability to add or delete, separated by commas. If "+"/"-" is to be specified in the list, then the list must begin with "+" or "-". For example, CAP=+MR,-PH is legal, but CAP=MR,-PH is not. It is not necessary to prefix each capability to be added or deleted with "+" or "-", as the occurrence of "+" or "-" indicates an action that remains in effect until the indicator changes. For example, CAP=+MR,PH,-PM,DS is equivalent to CAP=+MR,+PH,-PM,-DS. When you remove capabilities from an account, member users and groups are no longer allowed those capabilities, even if they are not explicitly removed from the user or group. Likewise, when you reinstate a capability at the account level that you did not explicitly remove at the user or group level, the member user or group may once again exercise that capability. Each capability is denoted by a two letter mnemonic, as follows System Manager = SM Account Manager = AM Account Librarian = AL Group Librarian = GL Diagnostician = DI System Supervisor = OP Network Administrator = NA Node Manager = NM Save Files = SF Access to nonsharable I/O devices = ND Use Volumes = UV Use Communication Subsystem = CS Programmatic Sessions = PS User Logging = LG Process Handling = PH Extra Data Segments = DS Multiple RINs = MR Privileged Mode = PM Interactive Access = IA Batch Access = BA Default is AM,AL,GL,SF,ND,IA,BA, except for the SYS account. The SYS account has no true default. It is assigned the maximum account capabilities when the system is delivered and, under normal circumstances, should not be altered. Note that CV capability, which permits account members to create mountable, nonsystem volumes, automatically gives the account UV capability, allowing account members to use mountable, nonsystem volumes. If a capability is taken away from an account, it will become unavailable to any user in that account. However, the user will not be affected by this change until the user logs off and logs back on. fileaccess The restrictions on file access pertinent to this account. Default is R,A,L,W,X:AC, entered as follows {R} {L} {ANY} ([{A}[,...]: ][;...]) {W} {AC } {X} where R , L , A , W , and/or X specify modes of access by types of users (ANY and/or AC ) as follows R = READ L = LOCK (allows exclusive access to file) A = APPEND (implicitly specifies L also) W = WRITE (specifies A and L also) X = EXECUTE The user types are specified as follows. ANY = Any user AC = Member of this account only subqueuename Name of the highest priority subqueue that can be requested by any process of any job/session in the account, specified as AS, BS, CS, DS, or ES. Default is CS.
Exercise extreme caution when choosing subqueues. User processes executing in the AS or BS subqueues can deadlock the system. If you assign these subqueues to non-priority processes, other critical system processes may be prevented from executing. localattribute Local attribute of the account, as defined at the installation site. This is a double word bit map, of arbitrary meaning, that might be used to further classify accounts. While it is not involved in standard MPE/iX security provisions, it is available to processes through the WHO intrinsic. Programmers may use localattribute in their own programs to provide security. Default is double word 0 (null). volumesetname The MPE/iX volume set in which the account will be altered. This volume set must be already defined and recognized by the system. If you do not specify this parameter, the default is the system volume set. For MPE/iX, volume set names are no longer invariably composed of volumesetname.group.account. Instead, volume set names consist simply of one (1) to thirty-two (32) characters, beginning with an alphabet character. The remaining characters may be alphabetic, numeric, the underscore, and periods. If you specify this parameter, only the ;FILES keyword is valid; all other parameters are ignored. Refer to any of the VSxxxxxx commands or to the Volume Management Reference Manual (32650-90045). Req USERPASS=REQ specifies that all users in the account must have a non-blank password. It is available only if the HP Security Monitor has been installed. Opt USERPASS=OPT specifies that the users in this account may or may not have passwords. If you do not use the USERPASS parameter, the old value remains. It is available only if the HP Security Monitor has been installed.
The system manager uses ALTACCT to change the attributes of an existing account. Multiple keywords may be entered on a single command line as shown in "EXAMPLE". When you change one capability in a capabilitylist that contains several nondefault values, you must specify the entire new capabilitylist. When an entire keyword parameter group is omitted from the ALTACCT command, that parameter remains unchanged for the account. When a keyword is included, but the corresponding parameter is omitted (as in ;PASS= [Return]), the default value is assigned. This command may be issued from a session, job, program, or in BREAK. Pressing [Break] has no effect on this command. Default Parameters for ALTACCT PARAMETER DEFAULT VALUES password No password filespace Unlimited cpu Unlimited connect Unlimited capabilitylist AM, AL, GL, SF, ND, IA, BA (All accounts except SYS) SM, AM, AL, GL, DI, OP, SF, ND, PH, DS, MR, PM (SYS account only) fileaccess (R,A,W,L,X:AC) (All accounts except SYS) (R,X:ANY;A,W,L:AC) (SYS account only) subqueuename CS subqueue localattribute 0 (null) Any value changed with ALTACCT will take effect the next time MPE/iX is requested to check the value. If an attribute is removed from an account while users are logged on, they will not be affected until they end the job or session and log on again. MPE does not automatically generate a message informing users of the change; it is your responsibility to warn account members in advance of any changes. If you take a capability away from an account, all account members and groups within the account are denied the capability. You cannot remove System Manager (SM) capability from the SYS account. You also cannot take AM capability away from any account. From within and account, you can remove AM capability from all but one (the last) of the users assigned it. It is possible, however, to remove AM capability from all users in an account, but only if you do so from another account that has SM capability.
If you specify volume-related commands or parameters for a volume set that is not currently mounted, or for an account that does not exist, MPE/iX will return a corresponding error message.
To change an account named AC2 so that its password is GLOBALX, and its filespace is limited to 50,000 sectors, enter ALTACCT AC2;PASS=GLOBALX;FILES=50000 To change the password and the file space of an account called MALCHIOR in the volume set time_lord, you will need to issue two commands ALTACCT malchior;pass=omsboros ALTACCT malchior;onvs=time_lord;files=20000 You must specify the changes for the system volume set (the first command) and for the volume set itself (the second command). Specifying a volumesetname limits the user to changing only ;FILES in the second command.
Commands: ALTGROUP, ALTUSER, LISTACCT, LISTGROUP, LISTUSER, NEWACCT, NEWGROUP,NEWUSER Manuals : Performing System Management Tasks (32650-90004) Performing System Operation Tasks (32650-90137) Back to Main Index