Generated from C.65.00 /SYSADMIN/PUB/MYCICAT last modified on Sun Aug 29 15:08:37 2004

Back to Main Index


     Creates a new account and an associated account manager and
     PUB group.  (CM)


     NEWACCT acctname,mgrname

         [;USERPASS=[{REQ}]]   (1)
         (1) The USERPASS parameter is only available if the
             HP Security Monitor has been installed


acctname            Name to be assigned to the new account.  This name
                    must contain from one to eight alphanumeric
                    characters, beginning with an alphabetic character.

mgrname             Name of the account manager.  This is always the
                    first user created under the account.  The manager
                    receives the following attributes

                   Account Manager Default Capabilities

                    ATTRIBUTE        DEFAULT
                    password         None

                    capabilitylist   Same as the account capability

                    subqueuename     Same as the account max priority

                    localattribute   Same as account local attributes

                    Home Group       PUB

                    UID              A unique identifier

                    GID              A unique identifier

                    The attributes of an account manager may be changed
                    with the ALTUSER command after mgrname is defined.
                    However, in no case is this user granted attributes
                    greater than those assigned the account.

password            Account password, used for verifying logon access
                    only. This password must contain from one to eight
                    alphanumeric characters, beginning with an
                    alphabetic character.  Default is that no password
                    is assigned.

filespace           Disk storage limit, in sectors, for the permanent
                    files of the account.  The maximum value you may
                    define is 2,147,483,647 sectors.  Default is
                    unlimited file space.

cpu                 Limit on total CPU time, in seconds, for this
                    account.  This limit is checked only when a job or
                    session is initiated, and so the limit never causes
                    the job or session to abort.  The maximum value you
                    may define with NEWACCT is 2,147,483,647 seconds.
                    Default is that no limit is assigned.

connect             Limit on total session connect time, in minutes,
                    allowed the account. This limit is checked at logon,
                    and when the job or session initiates a new process.
                    The maximum value you may define is 2,147,483,647
                    minutes. Default is that no limit is assigned.

capabilitylist      The list of capabilities, separated by commas,
                    permitted this account. Each capability is denoted
                    by a two letter mnemonic, as follows.

                    System Manager        =       SM
                    Account Manager       =       AM
                    Diagnostician         =       DI
                    System Supervisor     =       OP
                    Network Administrator =       NA
                    Node Manager          =       NM
                    Save Files            =       SF
                    Access to nonsharable
                      I/O devices         =       ND
                    Use Volumes           =       UV
                    Create Volumes        =       CV
                    Use Communication
                      Subsystem           =       CS
                    Programmatic Sessions =       PS
                    User Logging          =       LG
                    Process Handling      =       PH
                    Extra Data Segments   =       DS
                    Multiple RINs         =       MR
                    Privileged Mode       =       PM
                    Interactive Access    =       IA
                    Batch Access          =       BA

                    Default is AM, SF, ND, IA, BA.

                    Note that CV capability permits account members
                    to create and use mountable, nonsystem volumes

fileaccess          The restriction on file access pertinent to this
                    account.  Default is R,L,A,W,X:AC, where R, L, A, W,
                    and X specify modes of access by types of users
                    (ANY, AC, CR) as follows:

                    R  =   Read
                    L  =   Lock (allows exclusive access)
                    A  =   Append (implicitly specifies L)
                    W  =   Write (implicitly specifies A)
                    X  =   Execute
                    S  =   Save

                    LOCK allows exclusive access to the file.
                    APPEND implicitly specifies LOCK.  WRITE
                    implicitly specifies APPEND.

                    The user types are specified as follows

                    ANY =   Any user
                    AC  =   Member of this account only
                    CR  =   Creating user only

                    The default is no security restrictions at the
                    account level.  Two or more user types may be
                    specified if they are separated by commas.

subqueuename        The name of the subqueue of highest priority that
                    can be requested by any process of any job/session
                    in the account.  This parameter is specified as AS,
                    BS, CS, DS, or ES.


Processes capable of executing in the AS or BS subqueues can deadlock
the system.  Assigning nonpriority system and user processes to these
subqueues can prevent critical processes from executing.  Exercise
extreme caution when assigning processes to these subqueues.

localattribute      The local attribute of the account, as defined at
                    the installation site.  This is a double word bit
                    map used to further classify accounts. While it is
                    not part of standard MPE/iX security provisions,
                    programmers may define local attributes (which will
                    be checked by the WHO intrinsic) to enhance their
                    software's security.  Default is double word 0 .

ONVS                Specifies a particular volume set on which the
                    account is to be built. It must be a volume set
                    already defined and recognized by the system. A
                    NEWACCT must be specified twice, once without the
                    ;ONVS parameter, and once with it.  The first
                    NEWACCT will build the account on the system volume
                    set (from which the account is accessed).  The
                    second will build it on the volume set where files
                    in this account will exist.

                    If you specify ONVS, the only other parameter that
                    will work with it is ;FILES.

volumesetname       For MPE/iX, volume set names are no longer
                    invariably composed of
                    Instead, volume set names consist simply of one (1)
                    to thirty-two (32) characters, beginning with an
                    alphabetic character.  The remaining characters may
                    be alphabetic, numeric, the underscore, and periods.

                    If you specify a volsetname, you must specify the
                    full name of the volume set.  MPE V/E permitted you
                    to use part of the volume set name and rely upon the
                    default characteristics of the system to search out
                    the remainder of the name.  MPE/iX does not permit
                    this.  If you wish, you may use the older MPE V/E
                    conventions when assigning a name to a volume set.
                    If you do, you are then obliged to refer to that
                    volume set by its full (fully qualified) name.  The
                    MPE/iX naming convention gives you greater freedom
                    in creating names, and so its use is encouraged.

                    Refer to the VSxxxxxx commands.

gid                 Group ID to be added to the group database.  The
                    gid must be an unique positive (non-zero) 32-bit
                    integer.  Default is for MPE to create a value.

uid                 User ID to be created for the account manager in
                    the user database.  The uid must be an unique
                    positive (non-zero) 32-bit integer.  Default is
                    for MPE to create a value.

Req                 USERPASS=REQ specifies that all users in the
                    account must have non-blank passwords. If you
                    require user passwords, MPE/iX assigns the account
                    manager a blank, expired password.  The account
                    manager must select a new password the first time
                    the Manager logs on. It is available only if the
                    HP Security Monitor has been installed.

Opt                 USERPASS=OPT specifies that the users in this
                    account may or may not have passwords. If you
                    do not use the USERPASS parameter, the old value
                    remains. It is available only if the HP Security
                    Monitor has been installed.


     The NEWACCT command may be executed only by the system manager.
     The system manager is responsible for establishing the accounting
     structure best suited to the computer installation.

     When a keyword is specified, but its corresponding parameter is
     omitted (as in ;ACCESS= [Return]), the default value for that
     keyword is assigned (in this case, R,L,A,W,X:AC).  The default
     is also assigned when an entire keyword parameter group (such as
     ;ACCESS=fileaccess) is omitted.

     After the system manager creates accounts and their PUB groups,
     and has designated the account managers for those accounts, the
     new account managers may log on and redefine their own attributes
     and those of their PUB groups.  Account Managers can also define
     new users and groups.  The capabilities and attributes the Account
     Managers assign to groups and users cannot exceed those assigned
     to the account itself by the system manager.  For example, if the
     system manager does not assign the account DS capability, no users
     in the account are permitted DS capability (which prohibits them
     from linking programs that use extra data segments).

     The PUB Group is initially assigned the same
     capability class attributes, permanent file space limit, CPU
     limit, and connect time limit as the account, but no password.

     Its initial security allows READ and EXECUTE access to all
     users who successfully log on to the account.
     These access provisions are (R,X:ANY;A,W,L,S).

     This command may be issued from a session, job, program, or in
     BREAK. Pressing [Break] has no effect on this command.  A user
     must have System Manager (SM) capability to execute this command.


If you specify volume-related commands or parameters for a volume set
that is not currently mounted, or for an account that does not exist,
MPE/iX will return a corresponding error message.


     To create an account with the account name ACI, and the Account
     Manager name MNGR, with all other parameters assigned by default,


     To create an account doctor on the system volume set, with the
     manager named who, and on the volume set called time_lord, you must
     create it with two parallel commands

     NEWACCT doctor,who;cap=ia,ba,am
     NEWACCT doctor,who;ONVS=time_lord

     The first command creates the account doctor on the system volume
     set.  The second creates it on the volume set time_lord and
     connects the accounting structures established on the system volume
     and on the volume set.   By default, however, the PUB group of this
     account will be on the system volume set.

     To place the PUB group on the volume set time_lord, you need to
     use the PUB parameter in the first command

     NEWACCT doctor,who;cap=ia,ba,sf,nd,am
     NEWACCT doctor,who;ONVS=time_lord

     To create the account DOCTOR on the system volume set, with the
     manager named WHO, and a UID of 50 and a GID of 20, enter

     NEWACCT doctor,who;uid=50;gid=20;cap=ia,ba,sf,nd,gl,am,al



Manuals :   Native Mode Spooler Reference Manual (32650-90166)

Back to Main Index