On our system we have an operator account with a password known to all operators. The operators can do all kinds of privileged things. To insure system security, not only is the common password for the account required, but the user also must be known to the system as a valid operator to use the account, and that users private password (for their normal account) is verified. The command procedure's capabilities can be expanded substantially beyond that presented here, but this part of it should provide other users with a template for implementing such a system. The operator account command procedure in turn invokes command procedures on SYS$SYSROOT:[SYSMGR.CMDFIL]. Called command procedures include OPERATOR.COM OPERACNT.COM, SYSBACKUP.COM, OPERCMD.COM, INCBACKUP.COM, DECUSCPY.COM and probably more. To use the facility, create an operator account [OPERATOR] with the required privileges. Username: OPERATOR Owner: SYSTEM OPERATOR Account: SYSTEM UIC: [300,300] CLI: DCL LGICMD: LOGIN Default Device: SYS$SYSDEVICE: Default Directory: [OPERATOR] Login Flags: DISCTLY DEFCLI Primary days: Mon Tue Wed Thu Fri Sat Sun DISDIALUP Secondary days: No hourly restrictions PRIO: 4 BYTLM: 4096 BIOLM: 6 PRCLM: 2 PBYTLM: 0 DIOLM: 6 ASTLM: 10 WSDEFAULT: 150 FILLM: 20 ENQLM: 25 WSQUOTA: 200 SHRFILLM: 0 TQELM: 10 WSEXTENT: 500 CPU: no limit MAXJOBS: 0 MAXACCTJOBS: 0 PGFLQUOTA: 10000 Privileges: CMKRNL SYSNAM GRPNAM ALLSPOOL LOG_IO GROUP PRMMBX SETPRV TMPMBX OPER NETMBX PRMGBL SYSGBL MOUNT PFNMAP SYSPRV When the operator logs on LOGIN.COM executes after SYSLOGIN.COM. LOGIN.COM invokes SYS$SYSROOT:[SYSMGR.CMDFIL]OPERATOR.COM which requires that a list of valid user names exist in OPERATORS.DAT. The names in OPERATORS.DAT should be the standard USERNAMES the users would log onto the VAX if they were logging on to their own account. This is because, they are then going to be asked for their password, at which time they should enter their normal VAX password (which won't echo). Then some magic occurs, and the USERNAME/PASSWORD of the users normal account is verified. If it is AOK, the operator is logged on to the account and can do all kinds of things including issue any command (a log of special commands is kept) Add Accounts show account status Make DECUS tapes Generate errorlog listings. load a shared gobal section perform full disk backups perform rotating incremental disk backups initialize a new tape Shutdown the system A log of all operator accesses to this procedure is also kept. The OPERACNT.COM procedure uses WHO.EXE from the VMS V2.5 kit (it works just fine on V3.0) installed with the correct privilege (SYSPRV) so it can read the account file. Writing a seperate task or subroutine to do this is easy, however. See the code in REMINDER.FOR in [KMSKIT.VPW.REMINDER]. You will have to modify these procedures to your own sites needs. For example our VAX has a node name STAR:: and that is assumed.