The OpenExtensions VM Shell and Utilities installation process creates directories in the Byte File System. To perform the installation steps, the user must have superuser authority.
To create a Superuser Administrator logonid and give it the authority it needs, follow these directions:
SET PROFILE(USER) DIV(OEVM) INSERT SYSPROG1 UID(0)
Logonid SYSPROG1 is defined as a superuser by setting the UID value to zero.
SET LID CHANGE SYSPROG1 GROUP(SYSPROG)
The example shows logonid SYSPROG1 changed so that this user can signon and be validated as a member of group SYSPROG. The members of group SYSPROG are a special subset of users who perform system‑related tasks.
SET PROFILE(GROUP) DIV(OEVM) INSERT SYSPROG GID(20)
In this example, the SYSPROG group is assigned a GID of 20.
OpenExtensions VM UIDs are defined to CA ACF2 for VM by new USER Profile records in the CA ACF2 for VM Infostorage database. Specifically, you define the UID information in the OEVM segment of this Profile record. The OEVM segment of the USER Profile record contains four fields: UID, HOME, FILESYS, and PROGRAM.
UID is a numeric field that accepts values from zero to 2,147,483,647. A UID defined with a value of zero indicates that this user is a superuser. For a definition of the term superuser, see the OpenExtensions for VM User's Guide. This field does not have to be unique, but we recommend that you make it unique; otherwise, individual accountability and control are lost. This field is required.
The HOME field defines the initial directory pathname. This is the initial directory used when a user enters the OPENVM command. The HOME field accepts from one to 1023 characters. Both upper and lower case characters are allowed. If HOME is not defined, OpenExtensions VM sets the initial directory for the user to the root directory. This field is optional.
The FILESYS field defines the Byte File System that owns the user's initial directory. The FILESYS field accepts 1 to 1,023 characters. Both upper and lower case characters are allowed. If you do not define FILESYS, OpenExtensions VM requires the user to issue the OPENVM MOUNT command to mount a Byte File System. This field is optional.
The PROGRAM field defines the user's OpenExtensions VM shell program, which is the first program started when the OPENVM command is entered. The PROGRAM field accepts from one to 1023 characters. Both upper and lower case characters are allowed. If PROGRAM is not entered, OpenExtensions VM gives control to the default shell program. This field is optional.
The maximum length of the HOME, PROGRAM, and FILESYS fields is 1,023 bytes. The CMS command input area is only 140 characters. To enter more than 140 characters into a record, you can use the standard CA ACF2 for VM continuation character “‑” (blank, dash) between fields and the UNIX style continuation inside a field. The UNIX style continuation closes a field when a matched parenthesis is found. For example, if you are defining the HOME field, you start with HOME(/../VMBFS and you are at the end of the CMS input area, you just press Enter. The ACF command knows that it has only found an open parenthesis and posts a VM READ to let you finish the field. You can enter as many characters as needed for the field, as long as you do not exceed the field maximum length. CA ACF2 for VM terminates the field when it finds the close parentheses character fpoolnam:path/).
If you do not define a User profile record in the OEVM segment, the users default to a UID of ‑1 and the user name DEFAULT when they invoke any POSIX functions.
The example below shows how to define user OEVMUSR as a superuser. Since HOME, FILESYS, and PROGRAM are not explicitly specified, the defaults are taken for these fields.
SET PROFILE(USER) DIV(OEVM) INSERT OEVMUSR UID(0)
This example shows how to define user OEVMU2 as a regular user. The HOME, FILESYS, and PROGRAM fields are defined.
SET PROFILE(USER) DIV(OEVM) INSERT OEVMU2 UID(199) HOME(/u/oevmu2) PROGRAM(/bin/sh) ‑ FILESYS(/../VMBFS:fpoolname.ROOT/)
The following five profile records are system IDs for POSIX. You must insert them into the CA ACF2 for VM database.
SET PROFILE(USER) DIV(OEVM) INSERT ROOT UID(0) INSERT DAEMON UID(1) INSERT BIN UID(2) INSERT SYS UID(3) INSERT ADM UID(4)
You must issue the ACFSERVE RELOAD PROFILE USER subcommand after inserting or changing any USER Profile records to rebuild the USER Profile directory. See the “Using the ACFSERVE Commands” chapter for syntax and additional information on ACFSERVE commands.
OpenExtensions VM groups are defined to CA ACF2 for VM by new GROUP Profile records in the CA ACF2 for VM Infostorage database. The new GROUP Profile record contains the OEVM segment which consists of one field: the GID field.
GID is a numeric field that accepts values from zero to 2,147,483,647. This value does not need to be unique, but we recommend that you make the GID unique; otherwise, control over a particular group is lost.
This example shows how to insert an OEVM GROUP Profile record for a group called OEVMGRP and assign it a GID of 20.
SET PROFILE(GROUP) DIV(OEVM) INSERT OEVMGRP GID(20)
You assign a user's default group by setting the GROUP field in that user's CA ACF2 for VM logonid. Each user's primary group name is defined in the GROUP field of the LID record. If you do not define a GROUP name, it defaults to DEFAULT and the GID defaults to ‑1 when the user invokes any POSIX functions.
The following example shows you how to assign logonid OEVMU2 to group OEVMGRP:
SET LID CHANGE OEVMU2 GROUP(OEVMGRP)
The following seven profile records are the standard POSIX groups. You must insert them into the CA ACF2 for VM database.
SET PROFILE(GROUP) DIV(OEVM) INSERT SYSTEM GID(0) INSERT STAFF GID(1) INSERT BIN GID(2) INSERT SYS GID(3) INSERT ADM GID(4) INSERT MAIL GID(6) INSERT SECURITY GID(7)
You must issue the ACFSERVE RELOAD PROFILE GROUP subcommand after inserting or changing any GROUP Profile records to rebuild the GROUP Profile directory. See the “Using the ACFSERVE Comands” chapter for syntax and additional information on ACFSERVE commands. The user must logon to the system after this directory is rebuilt. Otherwise,
CA ACF2 for VM does not recognize the change and denies access.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|