Copy Link
Add to Bookmark
Report
Network Information Access 27
ZDDDDDDDDDDDDDDDDDD? IMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM; ZDDDDDDDDDDDDDDDDDD?
3 Founded By: 3 : Network Information Access : 3 Mother Earth BBS 3
3 Guardian Of Time 3D: 12APR90 :D3 NUP:> DECnet 3
3 Judge Dredd 3 : Guardian Of Time : 3Text File Archives3
@DDDDDDDDBDDDDDDDDDY : File 27 : @DDDDDDDDDBDDDDDDDDY
3 HMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM< 3
3 IMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM; 3
@DDDDDDDDDDDD: VMS: System Manager's Manual :DDDDDDDDDDY
: Chapter 4.11 :
HMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM<
Here is Chapter 4 of 11 Chapters, concerning the VMS: System Manager's
Manual. Once you have download all 11 chapters, you will be able to
enter a Vax system and hack your own accounts with the greatest of ease.
MANAGING USERS
As a system manager, it is your job to create and maintain user accounts
on the system. To create accounts for users and effectively manage the
use of the system, you must determine which users need access to the
system and what system resources they require.
Once you understand user needs, you can establish controls that customize
the system appropriately.
The VMS operating system provides the Authorize Utility (AUTHORIZE) to
authorize and control the use of system resources by individual users.
This chapter describes the use of AUTHORIZE to do the following:
: Add a user account
: Modify a user account
: Remove a user account
: List the user accounts
See the Authorize Utility chapter in the Reference section for some
information on AUTHORIZE.
4.1 THE USER AUTHORIZATION FILE (UAF)
You manage VMS users by creating and maintaining user accounts, which
control who can log in to the system and how it can be used. Use the
Authorize Utility (AUTHORIZE) to do the following:
: Create new records and modify existing records in the system user
authorization file (SYS$SYSTEM:SYSUAF.DAT) and the network user
authorization file (SYS$SYSTEM:NETPROXY.DAT)
: Create new records and modify existing records in the rights
database file (SYS$SYSTEM:RIGHTSLIST.DAT)
Whenever a user logs in, the system uses the information contained in the
user authorization file (UAF) to validate the login attempt, establish the
account's environment, and create a process with appropriate attributes. In
this way, the system restricts users to the resources you assign to each
account.
As system manager, you may want to create a private copy of SYSUAF. DAT
in a directory other than SYS$SYSTEM as an emergency backup for the system
SYSUAF.DAT file. Note that, to have an effect on user processes, any
private version of SYSUAF.DAT must be copied to the SYS$SYSTEM directory
and have the system user identification code (UIC).
Because certain images (such as MAIL and SET) require access to the system
UAF and are normally installed with the SYSPRV privilege, make certain that
you always grant system access to SYSUAF.DAT. The authorization files are
created with the following default protection:
SYSUAF.DAT S:RWED, 0:RWED, G, W
NETPROXY.DAT S:RWED, 0:RWED, G:RWED, W
RIGHTSLIST.DAT S:RWED, 0:RWED, G:RWE, W:R
If you need to maximize the protection for SYSUAF.DAT or NETPROXY.DAT, use
the following DCL command (note, however, that RIGHTSLIST.DAT MUST BE
WORLD-READABLE);
$ SET PROTECTION=(S:RWED, O,G,W)SYSTEM$SYSTEM: FILENAME
Using the Authorize Utility, you create and maintain UAF records by
assigning values to various fields within each record. The values you
assign identify the user, define the user's work environment, and control
use of system resources.
EXAMPLE 4-1 presents a typical UAF record for a nonprivileged user
account.
To gain access to a specific user record, set the default directory to
SYS$SYSTEM, enter the command RUN AUTHORIZE to invoke the Authorize
Utility, and enter the command SHOW username at the UAF> prompt. You can
then enter AUTHORIZE commands and such as ADD and MODIFY to create new
user accounts or change the information in the fields of an existing UAF
account.
EXAMPLE 4-1: SAMPLE UAF RECORD DISPLAY
$ SET DEFAULT SYS$SYSTEM
$ RUN AUTHORIZE
UAF> SHOW WELCH
USERNAME: WELCH OWNER: ROB WELCH
ACCOUNT: INVOICE UIC: [21.51 ([INV.WELCH])
CLI: DCL TABLES: DCTABLES
DEFAULT: USER3: [WELCH]
LGICMD:
LOGIN FLAGS:
PRIMARY DAYS: MON TUE WED THU FRI
SECONDARY DAYS: SAT SUN
NO ACCESS RESTRICTIONS
EXPIRATION: (NONE) PWDIMINIMUM: 6 LOGIN FAILS: 0
PWDLIFETIME: (NONE) PWCHANGE: 15APR88 13:58
LAST LOGIN: (NONE) (INTERACTIVE), (NONE) (NON-INTERACTIVE)
MAXJOBS: 0 FILLM: 20 BYTLM: 8192
MAXACCTJOBS: 0 SHRFILLM: 0 PBYTOLM: 0
MAXDETACH: 0 BIOLM: 10 JTQUOTA: 1024
PRCLM: 2 DIOLM: 10 WSDEF: 150
PRIO: 4 ASTLM: 10 WSQUO: 256
QUEPRIO: 4 TQELM: 10 QSEXTENT: 512
CPU: (NONE) enqlm: 10 pgflquo: 10240
Authorized Privileges:
TMPMBX NETMBX
Default Privileges:
TMPMBX NETMBX
4.1.1 SYSTEM-SUPPLIED UAF RECORDS
The Authorize Utility proves a set of commands and qualifiers to assign
values to any field in a UAF record. The software distribution with a new
VMS system contains a UAF of four records:
: DEFAULT - Serves as a template for creating user records in the
UAF. A new user record is assigned the values of the DEFAULT
record except where you explicitly override those values. Thus,
whenever you add a new account, you need only specify values for
fields that you want to be different. For example, the following
AUTHORIZE command creates a new record having the same values as the
DEFAULT RECORD, except that the password, UIC, and default directory
fields are changed.
UAF> ADD MARCONI/PASSWORD=QLP6YT9A/UIC=[033, 004]-
_UAF> /DIRECTORY=[MARCONI]
Section 4.2 gives an example of how to use AUTHORIZE to add a user
account.
NOTE: the default record cannot be renamed or deleted from the UAF.
: FIELD - Permits DIGITAL Field Service personnel to check out a new
system. The FIELD record should be disabled once the system is
installed.
: SYSTEM - Provides a means for you to log in with full privileges.
The SYSTEM record can be modified but cannot be renamed or deleted
from the UAF.
CAUTION: Do not change the SYSTEM account UAF record fields for the
default device and directory, and privileges. Installation of VMS
maintenance releases and optional software products depends on
certain values in these fields.
: SYSTEST - Provides an appropriate environment for running the User
Environment Test Package (UETP). The SYSTEST record should be
disabled once the system is installed.
4.1.2 GENERAL MAINTENANCE OF THE UAF
Usually, you use the UAF supplied with the distribution kit. (You can,
however, rename the UAF with the DCL command RENAME, and then create a new
UAF with AUTHORIZE.) You should limit any kind of access to this file to
the SYSTEM account. Furthermore, each time you modify the file, create a
backup copy so that in case of a system failure you do not lost the
modifications. See Chapter 8 for procedures for backing up files.
The UAF is access as a shared file, and updates to the UAF are made on a
per record basis, which eliminates the need for both a temporary UAF and a
new version of the UAF after each AUTHORIZE session. Updates become
effective as soon as AUTHORIZE commands are entered, not after the
termination of AUTHORIZE. (For this reason, you should not enter
temporary values with the intent of fixing them later in the session.)
After installing the system, you should make the following modifications
to the UAF:
: SYSTEM, FIELD, & SYSTEST ACCOUNTS: If the passwords on these accounts
are not secure or if they have not been changed recently, be sure to
change the passwords. Use obscure passwords of six characters or more
and continue to change them on a regular basis. You should not permit
general users access to these accounts.
In addition to changing the password, you can disable an account,
especially if it is used infrequently. To disable an account, specify
the following AUTHORIZE command:
UAF> MODIFY username /FLAGS=DISUSER
The login flag DISUSER disables the account and prevents anyone from
logging into the account. To enable the account when it is needed, run
AUTHORIZE and specify MODIFY users /FLAGS=NODISUSER. However, you
should be cautious about disabling the SYSTEM account, because some
optional software and some command procedures may not start up properly
if the SYSTEM account is disabled.
CAUTION: Be careful not to disable all of your privileged system
accounts. If you inadvertently do so, you can recover by setting the
UAFALTERNATE SYSGEN parameter during a conversational bootstrap
operation. See Chapter 2 for information on emergency startup
procedures.
: DEFAULT ACCOUNT: You may want to change several fields in this account.
For example:
UAF> MODIFY DEFAULT/DEVICE=DISK$USER/WSQUO=750
The default device is set to the name most commonly used for user
accounts that will be added. Likewise the working set value is set to
a value appropriate for most users on the system.
Use the SYSTEM account only for system functions such as performing
backups and installing maintenance updates. The account comes to you with
full privileges, so exercise caution in using it. For example, because
you have BYPASS privilege. the system will allow you to delete any file
no matter what its protection. If you type an incorrect name or spurious
asterisk, you may destroy files that you or other users need to keep. For
this reason, use another account with fewer privileges for day-to-day system
management activities.
If you want to receive mail sent to the system account, use the SET
FORWARD command in the MAIL Utility to have any SYSTEM mail forwarded to
any other account. To use the SET FORWARD command for this purpose, do
the following:
1. Make sure that you are logged in to the SYSTEM account.
2. Enter the MAIL Utility by entering the MAIL command at DCL Level.
3. At the MAIL> prompt, enter the command SET FORWARD username.
4.2 ADDING A USER ACCOUNT
How you set up a user account depends on the needs of the individual user.
In general, there are two types of accounts:
: INTERACTIVE: A person using an interactive account has access to
the system software and can perform work of a general nature
(program development, text editing, and so on). Usually, such an
account is considered individual; that is, only one person can use
it.
: CAPTIVE: A person using a captive account (also called a turnkey or
application account) has access only to limited user software and
can only perform work that is limited to a particular function.
Access to a captive account is limited by function; that is, only
those who perform a particular function can use it. For example,
you might develop an inventory system. Anyone whose job entails
inventory control can access your system, but that person cannot
access other subsystems or the base software.
You should perform the following tasks in conjunction with adding a user
account:
1. Determine a user name and password.
2. Determine a unique user identification code (UIC).
3. Decide where the account's files will reside (the device and
directory).
4. Create a default directory on the appropriate volume, using the
following DCL command:
$ CREATE/DIRECTORY directory-spec/OWNER_UIC= uic
5. Determine the security needs of the account (that is, the level of
file protection, privileges, and access control).
Once you analyze the purpose of a user account and decide which attributes
and resources it requires, you can use the Authorize Utility to create the
account. Give yourself the SYSPRV privilege. Then enter the following
commands to set your default device and directory to that of SYS$SYSTEM
and invoke the utility as follows:
$ SET DEFAULT SYS$SYSTEM
$ RUN AUTHORIZE
When the utility responds with the UAF> prompt, use the AUTHORIZE command
ADD to specify attributes in the UAF fields as shown in this example:
UAF> ADD JONES/PASSWORD=LPB57WN/UIC=[014,1] -
_UAF> /DEVICE=DISK$USER/DIRECTORY=[JONES] -
_UAF> /LGICMD=DISK$USER: [NEWPROD]GRPLOGIN -
_UAF> /OWNER="ROBERT JONES"/ACCOUNT=DOC
The /OWNER and /ACCOUNT entries are primarily for accounting purposes and
can be omitted unless required by your site. The following unspecified
qualifiers usually take their default values from the DEFAULT record:
: LIMITES and QUOTAS - (/ASTLM, /BIOLM, /CPUTIME, /DIOLM, ENQLM,
/FILLM, /]TQUOTA, /MAXACCTJOBX, /MAXDETACH, /MAXJOBS, /PGFLQUOTA,
/PRCLM, /SHRFILLM, /TQELM, /WSDEFAULT, /WSEXTENT, /WSQUOTA) - These
qualifiers impose limits on the use of resuable system resources;
the default values are adequate in most cases.
: PRIORITY - (/PRIORITY, /QUEPRIORITY) - The default values are
usually adequate for accounts not running real-time processes.
: PRIVILEGES - (/DEFPRIVILEGES, /PRIVILEGES) - The default privileges
(TMPMBX, NETMBX) are usually adequate, depending on the purpose of
the account.
: PRIMARY & SECONDARY LOGIN TIMES; LOGIN FUNCTIONS - (/ACCESS,
/DIALUP, /FLAG, /INTERACTIVE, /LOCAL, /PRIMEDAYS, /REMOTE) - By
default, users are allowed to log in at any hour of any day. To
override the setting of a particular day, use the DCL command SET
DAY. Use this command if a holiday occurs on a day that would
normally be treated as a primary day and you want it treated as a
secondary day.
The following example shows an AUTHORIZE command that adds a UAF
record of a captive account:
UAF> ADD INVENTORY/PASSWORD=QRC7Y94A/UIC=[033,066] -
_UAF> /DEVICE=DISK$INVENT/DIRECTORY[INV]/LGICMD=INVENTORY -
_UAF> /FLAGS=CAPTIVE/NOACCESS=(PRIMARY, 18-8,SECONDARY, 0-23)
In this example, the /FLAGS and /NOACCESS qualifiers restrict
users from logging in to the captive account. The /NOACCESS
qualifier limits logins to specific hours. The /FLAGS=CAPTIVE
qualifier adds the login flag CAPTIVE to the captive account
record. The CAPTIVE flag locks the person using the account into
the application software by doing the following:
: Disabling the CTRL/Y function to prevent users from
interrupting the execution of the command procedure and
gaining access to the command interpreter
: Preventing the user from specifying an alternate command
interpreter with the /CLI qualifier at login time
: Preventing the user from specifying an alternate default
disk device with the /DISK qualifier at login time
The following examples summarize the steps for setting up an
individual user account and a captive account:
$ SET DEFAULT SYS$SYSTEM
$
$ RUN AUTHORIZE
UAF>ADD JONES - ! User name
_/PASSWORD=ROCKET - ! Password
_/UIC=[014,1] - ! UIC
_/ACCOUNT=DOC - ! Accounting Group Name
_/OWNER="ROCKET JONES" ! Owner
_/DEVICE=$DISK1 - ! Default directory
_/DIRECTORY=[JONES]
UAF>EXIT
$
$ ! Create top-level directory for individual
$ CREATE/DIRECTORY $DISK1: [JONES] -
_$ /OWNER_UIC=[DOC,JONES] -
_$ /PROTECTION=(S:RWE,0:RWE,G:RE,W:RE)
$
4.3 SETTING UP A CAPTIVE ACCOUNT WITH AUTHORIZE
You use the automatic login facility (ALFMAINT) to set up a terminal that
accepts automatic logins from authorized users. For example, a terminal
might be set up for the account INVENTORY, which automatically logs a user
into a captive account when INVENTORY is specified as the user name.
First, you must follow the steps described in the previous sections to
create the toplevel default directory and add the account. Once the
account has been added, you set your default directory to SYS$MANAGER and
invoke the ALFMAINT command procedure. ALFMAINT prompts you for the name
of the terminal that you want assciated w/ the user name of the automatic
login account.
The following example summarizes the steps for setting up automatic logins
for an individual user account and a captive account:
INDIVIDUAL ACCOUNT W/ AUTOMATIC LOGIN
$ SET DEFAULT SYS$SYTEM
$
$ RUN AUTHORIZE
UAF>ADD JONES - ! Username
_/PASSWORD= - ! Null password
_/UIC=[014,1] - ! UIC
_/ACCOUNT=DOC! ! Accounting group name
_/OWNER="ROCKET JONES" - ! Owner
_/DEVICE=$DISK1 - ! Default directory
_/DIRECTORY=[JONES] -
UAF>EXIT
$
$ ! Create top-level directory for individual
$ CREATE/DIRECTORY $DISK1: [JONES] -
_$/OWNER_UIC=[DOC,JONES]
_$/PROTECTION=(S:RWE, O:RWE, G:RE, W:RE)
$
$ SET DEFAULT SYS$MANAGER
$
$ @ALFMAINT
Enter the name of the terminal thatt you would like to set for
automatic login, or a blank line or EXIT to exit.
terminal (ddcu)? TTA1 ! Assigned terminal
Username? JONES
Terminal (ddcu)? EXIT
CAPTIVE ACCOUNT W/ AUTOMATIC LOGIN
$ SET DEFAULT SYS$SYSTEM
$
$ RUN AUTHORIZE
UAF>ADD INVENTORY - ! Username
_/PASSWORD= - ! Null password
_/UIC=[033,066] - ! UIC
_/ACCOUNT=INV - ! Accounting group name
_/LGICMD=$DISK1:[INVENTORY]LOGIN ! Login File
_/ACCESS=(PRIMARY,8-17) - ! No off hours
_/FLAGS=CAPTIVE ! All flags on
UAF>EXIT
$
$ SET DEFAULT SYS$MANAGER
$ @ALFMAINT
Enter the name of the terminal that you would like to set for
automatic login, or a blank line or EXIT to exit.
Terminal (ddcu)? TTA0 ! All terminals
Username? INVENTORY ! on automatic
Terminal (ddcu)? TTA1 ! login except
Username? INVENTORY ! the console terminal
Terminal (ddcu)? TTA2 ! (the console terminal
Username? INVENTORY ! for this system is TTA4)
Terminal (ddcu)? TTA3
Username? INVENTORY
Terminal (ddcu)? EXIT
4.4 MODIFYING A USER ACCOUNT
Use the AUTHORIZE command MODIFY to change any of the fields in an existing,
user account. For exmple, the following command is used to change user
WELCH's password:
UAF> MODIFY WELCH/PASSWORD=newpassword
4.5 LISTING USER ACCOUNTS
Use the AUTHORIZE command LIST to create the file SYSUAF.LIS containing a
summary of all user records in the UAF, as follows:
UAF> LIST
%UAF-I-LISTMSG1, writing listing file
%UAF-I-LISTMSG2, listing file SYSUAF.LIS complete
By default, the LIST command produces a brief report conatining the following
information from the UAF:
: ACCOUNT OWNER
: USER NAME
: UIC
: ACCOUNT NAMES
: PRIVILEGES
: PROCESS PRIORITY
: DEFAULT DISK AND DIRECTORY
Use the /FULL qualifier to create a full report of all the information
contained w/in the UAF, as follows:
UAF> LIST/FULL
%UAF-I-LISTMSG1, writing listing file
%UAF-I-LISTMSG2, listing file SYSUAF.LIST complete
4.6 DELETEING A USER ACCOUNT
The main problem in deleting an account, especially an interactive account
is cleaning up the files used by the account. The following steps are
suggested:
1. Copy (or have the outgoing user of the account copy) any files of value
to the ownership of another account. Be sure to change the owner UIC of
the files to match the owner UIC of the new owner. You can also use the
Backup Utility ( BACKUP ) to copy the files to a backup tape or disk.
2. Change the password, and log in to the account that you want to delete.
( By working from a nonprivileged account, you can avoid inadvertently
deleting files that may be owned by an account other than the one that
you want to delete.)
3. Delete the account's files and directories from the deepest level up to
the to level using the following procedure:
a. Locate and examine all subdirectories using the DCL command DRECTORY
[default ... ], where default is the name of the account's default
directory.
b. Delete the files in each subdirectory and then delete the
subdirectory. Note that directory files are protected against owner
deleteion, therefore, you must change the protection before deleting
directory files.
c. Delete the account's top-level directory. Example 4-2 Illustrates a
command procedure that deletes an account's files from the bottom
level up.
NOTE: the command procedure in Example 4-2 should not be executed
from a privileged account.
4. Remove the account, using the Authorize Utility.
5. Remove the user's disk quota entry from the disk quota file, if one
existed, w/ the SYSMAN UTILITY.
6. Remove associated VAXmail information by entering the MAIL command REMOVE
username.
EXAMPLE 4-2: COMMAND PROCEDURE TEMPLATE FOR DELETING AN ACCOUNT'S FILES
$ ! DELTREE.COM -- Deletes a complete directory tree
$ ! P1 = pathname of root of tree to delete
$ ! All files and directories in the tree, including
$ ! the named root, are deleted.
$ !
$ IF "'DELTREE'" .EQS. "" THEN DELTREE = "@SYS$LIBRARY:DELTREE"
$ ON CONTROL_Y THEN GOTO DONE
$ ON WARNING THEN GOTO DONE
$ DEFAULT = F$LOGICAL ("SYS$DISK" + F$DIRECTORY ()
$10:
$ IF P1 .NES. "" THEN GOTO 20
$ INQUIRE P1 "ROOT"
$ GOTO 10
$20:
$ IF F$PARSE(P1) .EQS. "" THEN OPEN FILE 'P1'
$ SET DEFAULT 'P1'
$LOOP:
$ FILESPEC = F$SEARCH("*.DIR;1")
$ IF FILESPEC .EQS. "" THEN GOTO LOOPEND
$ DELTREE [.'F$PARSE(FILESPEC..."NAME")']
$ GOTO LOOP
$LOOPEND:
$ IF F$SEARCH(+*.*;*") .NES. "" THEN DELETE *.*;*
$ DIR = (F$DIRECTORY()-"]"-">")-F$PARSE("[-]"...-
"DIRECTORY")-"]"-">")-"."-"["-"<"
$ SET PROTECTION=WORLD:RWED [-]'DIR'.DIR;1
$ DELETE [-]'DIR'.DIR;1
$DONE:
$ SET DEFAULT 'DEFAULT'
If you never assign multiple users the same UIC, you can use the Backup
Utility to remove the user's files, even if the files are scattered
throughout the directory structure. The following is an example of a BACKUP
command used to remove files.
$ BACKUP/DELETE PUBLIC:[...]/OWNER=[21,103] MTAO:PUBLICUIC.SAV
This BACKUP command copies and deletes only those files owned by the specified
UIC on disk PUBLIC. The files are copied into a save set named PUBLICUIC on
device MTA0. Note that the BACKUP/DELETE command does not delete the
directory files (file extension DIR) for the account.
DISABLING A USER ACCOUNT
If you want to disable an account w/out deleting it, set the disable user
flag (/FLAGS=DISUSER) using AUTHORIZE. If the user is logged in, the account
is diabled only after the user logs out.
Disabling a powerful yet infrequently used account provides an extra security
mesasure by eliminating the risk of guessed or stolen passwords.
$EOF
[OTHER WORLD BBS]