[KMSKIT.SYSMGR] This directory contains; COMFILE.DIR System command procedures EDTSYS.EDT Put on SYS$SHARE for VPWEDIT EDTSYSSLO.EDT Put on SYS$SHARE for VPWEDIT HELP.DIR HELP libraries to go on SYS$HELP OPERATOR.DIR Operator account STARTUP.DIR How we get it up TERMLOC.FIL [.CMDFIL]MONTRMUSE uses this [SYSMGR.STARTUP] The directories [.STARTUP] and [.STARTUP.SYSBOOT] exist so you can see how we get our system up and in case some site specific code is needed for you to get other components of KMSVAXKIT up. Look it over, some of it is neat (interactive boots, automatic switching of system configuration, suppression of dumb DECnet messages) [KMSKIT.SYSMGR.COMFILE] This directory contains command files we have found to be of general use for system management. Typically all command files reside on SYS$COMFILE which on our system is generally SYS$SYSROOT:[SYSMGR.CMDFIL]. We have tried to convert all [.CMDFIL] references to the system logical SYS$COMFILE but a few command procedures may yet be unconverted. If so, sorry. Many command files assume that TESTFILE is defined as a foreign command, ie TESTFILE==@SYS$COMFILE:TESTFILE.COM. Help files are supplied for command files as appropriate. 1. CHKPASWRD. Uses DECnet to see if the password the user enters belongs to a specified account. Used by operator procedure and DIALIN.COM (for verifying dialin access). Needs DECnet to be turned on, but a multi- node dECnet system is not required. Nifty. No idea if it will work on V4.0 but I sure hope so. 2. CMD. Starts up command files on SYS$SYSDEVICE:[SYSUTL] and passes them command lines. 3. COPYTREES. My version of of the DECUS tape copy program which works with rooted directories and the operator account. Does not have to write all over the protected DECUS directories as does the original. 4. DAILYBKP. Example of a batch procedure which incrementally backs up any changes to the system and user disks which have happened within the past two weeks. If the procedure fails (lack of space, or whatever) the last previously good save set is retained and the system manager is notified (via mail) that a problem has occued. Note this and other procedures assume the system wide logical VAX$MANAGER points to the current system manager (VAX$MANAGER_2 points to alternate). 5. DECUSCPY. Used by operator procedure to make copies of either RSX or VAX sigtapes. Uses VPWDIRECT to provide online index (on [VPW] directory), and COPYTREES. Knows about the need to initialize tapes (if factory fresh) on TS11's so do not have run-away tape drive. 6. DEFAULT. Another version of a simple way to change your default directory and device. There are so many of these thay you may well ask, "Why another?". The reason is that this one does things that others don't do (but does not have some of the fancy move around commands). This version has two special features we find very, very useful. First, if the user has the correct privilege levels, it also changes the UIC to the UIC of the target directory using the SETUIC program. Second, it works with rooted directories. Third it works with RSX [UIC] style rooted directories (Yes Virginia, almost a virtual ODS-1 RSX disk sitting right there hidden on your ODS-2 disk). Forth, DEFAULT will not let you change your default to a directory which does not exist. 7. DIALIN. At present VMS does not force users to either have passwords of a certain minimum length or force them to change the paswords frequently. On doing a bit of experimenting, I discovered I could write a program that probed for users passwords and could quite easily break into accounts with passwords 3 characters long (or less long). Since I wanted to continue to allow dial-in access to our system, and had no control over user's passwords, DIALIN.COM implements a second level of password security with a password I can change frequently. Now implementing all this is quite easy. Use AUTHORIZE to create a dummy account DIALIN with a password you know (and can tell others). Make the password as complicated as you think a phone line and your users can stand. The account should be locked so as to prohibit logins onto it. Next, if you haven't done so already, force all users to pass through a system wide login command file. In this command file, before exiting to the user's LOGIN.COM file, check to see if the terminal the user is logging on at is a dial in line. TERM.COM does this, and sets a variable which SYSLOGIN.COM can test. Finally, if it is a dial-in line, call DIALIN.COM and behold the user will be prompted for a second password, and the password will be verified against authorization file, and if the user is accepted, well and good. Otherwise, the user is logged off. Now if the dial up line characteristics are set for HANGUP, the user has to redial to try again. Note that this procedure uses the TESTFILE routine and presuposes DECnet running on the system. I think it is pretty general, and foolproof, but check it out carefully before hard wiring it onto your system. It would be very sad to get logged off each and every time you logged on. You will note from the code that I am paranoid about such things since two (count 'em) trap doors exist, one for the system manager and one so that only our dial in line (TTA7:) will have a log out forced. You probably will want to modify this. Also note that all dial-in accesses (both success and failure) are logged both to OPA0: and a seperate log file on SYS$MANAGER: If you want the logging to work correctly, first create the log file and give the world write access to it. 8. DTRSTART. This is set via the logical DTR$STARTUP to be the DTR initialization file. Note that logical DTR$PLOT is set in TERM.COM to refledt whether the terminal is a VT125 or VT240. If you haven't noticed the distributed plot files work very badly on VT240's. 9. DTRNEWUSR. A different version of the DTR NEWUSER.COM that creates the appropriate CDD entries for the user, gives the user (optionally) a private CDD dictionary (or assigns him/her to a group dictionary) and optionally gives him/her the example files. 10. ERRORDSP. Quick and dirty to display the error message associated with a VMS error number. If defined as a foreign command, type ERRORDSP , or if using the CMD procedure, CMD ERRORDSP to see why VMS is rejecting your efforts. 11. INCBACKUP. Performes incremental backups of a systems disk and keeps a logfile of what it did and when it did it. Used with OPERATOR.COM. See also INCRESTOR. 12. JNLBACKUP. Provides an easy way for users to back up their files. Creates a journal file of files backed up and a directory log file of all kinds of things (tape name, backup set name, tape number, backup date range, errors encountered on tape, etc). Insures that all backup sets have unique names. Nifty. 13. MERGEFILES. Every boot/shutdown various log files are merged into monthly container files. 14. LARGE. Puts VT100/VT2xx in 80 column mode !5. LOGTMPLT. Used by OPERACNT.COM to create prototype LOGIN.COM for a new user. 16. MONERROR. Displays errors on a given device. Only updates error count if number of errors is changing. 17. MONTRMUSE. Uses ACCOUNTING utility to produce a formatted report on terminal usage by user. Needs SYS$MANAGER:TERMLOC.FIL (sample file on this account. Fill in new names/data and use it). 18. NEWUSER.MEM. Put your new user documentation here. 19. NEWUSRLGN. Invoked by user from initial LOGIN.COM file. Insures password is changed the first time round. 20. OPERACNT. Lets system operator add/modify accounts. Keeps a log of all transactions and notifies manager each time it happens. Invoked from OPERATOR.COM 21. OPERATOR. Invoked from operator account to do all kinds of things. 22. OPERCMD. Allows operator to execute special command files and to log their invocation. 23. PAGE. Erases the screen on all kinds of terminals (VT100, 4014, VT125, VT2xx, etc.). 24. RESET. Resets a VT2xx when it goes bannanas. 25. RESUBMIT. Used for nightly rescheduling of system jobs. 26. RMSERROR. Uses SYS$HELP:RMSCODES.HLB to display the RMS error code. No more searching through the appendix to find out what the wierd error codes mean! 27. SETPASWRD. Used during initial new user login to force him/her to change to new one. 28. SETVPWSYM. Invoked by SYSLOGIN.COM so user can use VPW conveniently. 29. SMALL. Sets terminal to 132. character mode. 30. SPR. Automatic SPR generator for VMS and RSX. This is neat. SPR administration will take SPRs prepared this way if you staple them to a blank SPR form. Maybe someone could modify it to run without operator intervention. Start it up at night, come in in the morning and find a neatly typed list of SPRs describing all current system problems known and unknown. However, until then, you do have to type in the problem but editors are so much more fun than typing a multi-part form!! 31. SUMMARY. Produces a summary accounting report file suitable for showing what is realy going on. A monthly report totaled by month, by group, and by user. 32. SYSBACKUP. Backs up system disks. Used as part of operator backup procedure. 33. SYSLOGOUT. Invoked if user sits on INMAC Port Multiplexer to request the terminal to send the disconnect sequence back to the VAX (which gets trapped by the PM which then disconnects the PM). 34. TERM. Invoked during SYSLOGIN to set up all the things needed for terminals to work correctly, and to set any special symbols needed which relate to which terminal a user has logged on to. 35. TESTFILE. Emulates the .TESTFILE on RSX. Faster (by far) than using an image to check for the existance of a file. 36. TREESIZE. For user with operator DECUS tape copy procedure. 37. UTL. Automatically starts up tasks on [SYSUTL] and passes them command lines. Saves having a zillion foreign commands. 38. XQT. Simulate the RSX .XQT command. 39. ZAP. Fast wipeout of directory structure. Be careful. Not aggressively tested, but seems to work very well.