Carlos,
let's see:
> paks to it (before I had to do each by hand). I get errors on
> startup about some proxy database.
Maybe these errors simply say that there are no records in the proxy
database? - This wouldn't be a thing to worry about, I have seen lots of
VMS nodes running fine that way. As long as you don't want anybody to do
R commands (rexec, rsh etc.) or use NFS, you don't need any proxy
records anyway. - Ah well, the LPD server can also use them.
> Question: where can I get ssh for vax openvms 7.2?
Try starting at
http://er6s1.eng.ohio-state.edu/~jonesd/ssh/DOC/ - I
have no experience with this, but I am happily running a nice Web server
from there.
> Question: can somebody tell me what are the step by step
> commands/dcl incantations to create a user with
> reasonable privileges? (I don;t want to login remotely
> to the system account). And, does the concept of
> a user home directory exist in vms? Where does one
> normally create user directories?
The VMS equivalent of Unix' $HOME is SYS$LOGIN, and when creating an
account, you will specify a /DEVICE and a /DIRECTORY for the user, which
will together become the expansion of the SYS$LOGIN logical name when
the user logs in. Typically, user accounts live in top-level directories
on any non-system disk, but if there is only one disk at all, you can
also put user directories on the system disk. I'd avoid putting them too
deep into branches of the directory tree because of the eight level
limit.
Regular mortals have at most two privileges on VMS: TMPMBX and NETMBX.
If you omit NETMBX, many DECnet and/or TCP/IP utilities will cease to
work, e.g., the user will no more be able to log in to remote nodes, to
COPY or FTP files, etc. TMPMBX is required for several regular utilities
(I think, not even the Control-T feature will work without it), so every
user should have this under normal circumstances.
Basic commands to create a vanilla user account, assuming your user disk
is DKA100:, assuming you want to create an account named CARLOS for
yourself, and that you have not enabled disk quotas on DKA100:
$ SET DEFAULT SYS$SYSTEM ! in case there is no SYSUAF logical name
$ MCR AUTHORIZE
UAF> ADD CARLOS/DEVICE=DKA100/DIR=[CARLOS]/UIC=[200,201] -
_UAF> /OWNER="Carlos Murillo"/PASSWORD=MYSECRET/FLAGS=NODISUSER
UAF> EXIT
$ CREATE/DIRECTORY/OWNER=CARLOS USER$DISK:[CARLOS]
You may want to choose a different UIC.
After you complete the second line of the ADD command in AUTHORIZE, you
will see confirmation messages (something %UAF-I-...) for both the
account and a rights identifier.
As you may guess, you can check the result with UAF> SHOW CARLOS, and
you can check if a given UIC is still available with SHOW [200,201].
With wildcards like SHOW [200,*], the /BRIEF option is handy.
Upon EXITing from AUTHORIZE, you will get two or three messages stating
which of the files (SYSUAF, RIGHTSLIST, and NETPROXY) have / have not
been modified.
The new user will be forced to change his password when he first logs
in. You can avoid this by including the /NOPWDEXPIRED option in the ADD
command.
The ADD command will copy user quotas and other properties of the new
account from the DEFAULT account (UIC [200,200]). Depending on what you
want to do with the account, these will probably require tuning. This
can be done at any time, using the MODIFY command in AUTHORIZE. There is
a HELP command available at the "UAF>" prompt.
If you want more info, just ask. Have fun!
--
Andreas Freiherr
Vishay Semiconductor GmbH, Heilbronn, Germany
http://www.vishay.com
Received on Sat Jun 01 2002 - 13:04:47 BST