Re: Account creation

---

• From: Ken.Fairfield@xxxxxxxxx
• Date: Fri, 16 May 2008 11:09:33 -0700 (PDT)

---

On May 15, 6:41 am, JKB <knatsc...@xxxxxxxxxxxxxx> wrote:

Hello,

I suppose I have made a mistake... I'm trying to create a normal
account. Thus, I have made :

$ define/system/trans=(concealed)/exec disk$users dka0:[users.]
$ set default disk$users:[000000]
$ create /directory bertrand
$ set default sys$system
$ run authorize
UAF> add bertrand/password=mypassword /device=disk$users -
_UAF> /directory=[bertrand] /owner="BERTRAND Joel" /nopwdexpired -
_UAF> /nopwdexpiration

Besides the comments of others downt-thread, please
note that you *never* assigned a UIC for the new account.

1) When you use ADD in Authorize, and *omitted* fields
are filled in with those from the DEFAULT account (which
is one reason the new account got Flags: DISUSER,
by the way).

2) Best practice is to give every account a unique UIC.
There are exceptions, but I seem to recall that Authorize
gives a warning message when you do that.

Since you didn't specify a UIC, the new account got the
DEFAULT account's UIC, [200,200]:

UAF> show bertrand
Username: BERTRAND Owner: BERTRAND Joel
Account: UIC: [200,200] ([DEFAULT])
CLI: DCL Tables: DCLTABLES
Default: DISK$USERS:[BERTRAND]
LGICMD:
Flags: DisUser

And that led to the other problem. Any files created by
the new account will be owned by [200,200], which is
associated with the identifier DEFAULT. There is not
UIC identifier for BERTRAND, and therefore, you can't
for example, $ CREATE/DIRE/OWNER=BERTRAND ...

The upshot is that most of your problems would have
been avoided if you 1) used /UIC=[ggg,uuu] on the ADD
command in Authorize, and 2) if you simply make a
habit of adding /Flags=NoDisuser, knowing that the
DEFAULT account *has* Flags: Disuser. Oh, also
note that the group "ggg" and user "uuu" fields in a
UIC are in *octal* notation: after user "7" comes
user "10", etc.

The other recommendations, for example, create
the user's login directory *after* the account, are
all good ones.

-Ken
.

---

• References:
  • Account creation
    • From: JKB

• Prev by Date: Re: mail$message_select problem
• Next by Date: Re: OT: Desktop wars
• Previous by thread: Re: Account creation
• Next by thread: Re: Account creation
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Minimum Privs for Changing Password ... > All the is needed to modify a password using authorize is write access to ... > the very nonpriv'd account that the ACL was added for. ... one could also give the nonpriv'd user's account a UIC group number ... (comp.os.vms) Re: Quote from a Chessmaster regarding PokerBots ... > When you open an account at PartyPoker, you authorize them to scrape your ... (rec.gambling.poker) Re: ADOMD.NET + ASP.NET Web Application - A connection cannot be made ... I am having the same issue when deploying SSAS to the prod server. ... authorize the domain\machine$ account to access the cube. ... account will be used to access the network resources (so the cube). ... (microsoft.public.sqlserver.olap) Login mystery ... While trying to discover the compiler bug check problem, ... perhaps my account doesn't have high enough quotas. ... I run authorize, I cannot even find my user id! ... (comp.os.vms) event id 12292 ... I cannot seem to authorize my DHCP server and keep getting ... this event ID in the log files telling me that two or ... account names have the same attributes in the SAM ... (microsoft.public.win2000.advanced_server)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)