HP 3000 Manuals HP 3000 Manuals
NEWACCT
The NEWACCT command enables a system administrator to create a new
account and assign one person as the manager of the account.
Syntax
NEWACCT acctname,mgrname [;PASS=[password]][;CAP=[capabilitylist]]
[;ACCESS=[(fileaccess)]] [;GID=[(gid)]] [;UID=[(uid)]]
Parameters
acctname Specifies the name to be assigned to the new
account. This name must contain from one to eight
alphanumeric characters, beginning with an
alphabetic character.
mgrname Specifies the name of the person to manage the
account. This could be the same name as the system
administrator or another user. To avoid assigning
the wrong capabilities to general users, the system
administrator should use this parameter for only
one account manager. The system administrator
should use the NEWUSER command to assign additional
users to the account.
The default for this user is that no password is
assigned, and capabilitylist is the same as the
account capability.
The system administrator can later change the
attributes of an account manager by using the
ALTUSER command.
PASS Specifies the account password, only used for
verifying logon access. This password must contain
from one to eight alphanumeric characters,
beginning with an alphabetic character. The
default is that no password is assigned.
CAP Specifies the list of capabilities permitted for
this account. Each capability is indicated by a
two-letter mnemonic, separated by commas, as
follows:
SM = System manager
AM = Account manager
AL = Account librarian
GL = Group librarian
DI = Diagnostician
OP = System supervisor
NA = Network administrator
NM = Node manager
SF = Save files
ND = Access to nonshareable I/O devices
UV = Use volumes
CV = Create volumes
CS = Use communication subsystem
PS = Programmatic sessions
LG = User logging
PH = Process handling
DS = Extra data segments
MR = Multiple RINS
PM = Privileged mode
IA = Interactive access
BA = Batch access
The defaults are AM, AL, GL, SF, ND, IA, and BA.
ACCESS Specifies the restriction on file access pertinent
to this account. Valid syntax options are as
follows:
{R}
{L}
{A} [,...]: {ANY} [,...]
{W} {AC }
{X}
where R, L, A, W, X specify modes of access by
types of users (ANY, AC, GU, AL, GL) and are
defined as follows:
R = Read
L = Lock (exclusive file access)
A = Append (implies L)
W = Write (implies A and L)
X = Execute
The user types are defined as follows:
ANY = Any user
AC = Member of this account only
The default is no security restrictions at the
account level. You can specify two or more user or
access types if you separate them with commas.
Operation Notes
* Usage
You can enter this command from a session, a job, a program, or in
break mode. Pressing Break does not affect this command.
You must have system manager (SM) capability in order to use this
command.
* Creating the account structure
The system administrator creates accounts and designates someone
to manage the accounts, called the account manager. As an account
manager, you can log on and redefine your own attributes and PUB
groups. You can can also define new users and groups.
The capabilities and attributes that the account manager assigns
to groups and users cannot exceed those assigned to the account
itself by the system administrator. For example, if the system
administrator does not assign the account extra data segments (DS)
capability, no users in the account have DS capability, which
prohibits them from linking programs that use extra data segments.
* PUB group
The PUB group is initially assigned the same capability class
attributes, permanent file space limit, CPU limit, and
connect-time limit as the account, but without a password. Its
initial security allows read (R) and execute (X) access to all
users who successfully log on to the account, and append (A),
write (W), lock (L), and save (S) access to the account librarian
(AL) and group users (GU) only. These access provisions are as
follows:
R,X:ANY;A,W,L,S:AL,GU
* Parameter omissions
When you specify a parameter but omit its corresponding value (as
in ACCESS= Return), the default value for the parameter is
assigned (in this case, R,L,A,W,X:AC). The default is also
assigned when you omit an entire parameter group (such as
ACCESS=fileaccess).
Example
* To create an account with the account name ACI, the account
manager name MNGR, and read privileges for any user, enter:
:NEWACCT ACI,MNGR;ACCESS=R:ANY
Related Commands
ALTACCT
ALTUSER
LISTACCT
NEWGROUP
NEWUSER