Operating System - OpenVMS
1748171 Members
4421 Online
108758 Solutions
New Discussion юеВ

Re: Copying users over the nodes

 
SOLVED
Go to solution
Mainak
Advisor

Copying users over the nodes

Could I copy few users from one node to other as I can do it in the same node тАУ
MC AUTHORIZE COPY USERA USERB/UIC=[X,Y]/PASS=***/OWNER=ZZZ

If it is possible could any one let me know the command?
14 REPLIES 14
Ian Miller.
Honored Contributor
Solution

Re: Copying users over the nodes

Assuming they are not in the same cluster (and share the uaf) then I usually reenter the details but I think you could do it from DCL

$ OPEN/READ LOCAL SYSUAF
$ OPEN/READ/WRITE/SHARE REMOTE node::SYSUAF
$ READ/KEY=username LOCAL RECORD
$ WRITE REMOTE RECORD
$ CLOSE LOCAL
$ CLOSE REMOTE
____________________
Purely Personal Opinion
Bart Zorn_1
Trusted Contributor

Re: Copying users over the nodes

I can confirm that the procedure from Ian Miller does work. However, it does not create the usual rights identifier, nor does it grant additional identifiers.

Regards,

Bart Zorn
Mainak
Advisor

Re: Copying users over the nodes

Hi ,

Thanks for the reply..

I need to replicate the rights identifier, and the additional identifiers also. Can I move the SYSUAF.DAT and RIGHTSLIST.DAT FROM OPEN VMS 7.1 on VAX to OPEN VMS 7.3-1 on ALPHA?

Mainak
Ian Miller.
Honored Contributor

Re: Copying users over the nodes

You can copy the files. This sometimes causes issues with accounts created by products. e.g DECnet account passwords have to match the passwords in the DECnet object database.
You can add the identifier for a users UIC value with
ADD/ID/USER=username
in authorize.

Other identifiers - I find it easier to add and grant them. The identifier values can be different on different nodes.
The file structure of RIGHTLIST.DAT is more complicated than SYSUAF so I don't know if doing a similar trick in DCL will work.
____________________
Purely Personal Opinion
Mike Reznak
Trusted Contributor

Re: Copying users over the nodes

Hi,

in older times, not knowing much about record management, I've created some procedures to read output file from $ MCR AUTHORIZE SHOW USER * /FULL and convert it to Authorize commands to create new accounts. Advantage of it is, that you have also Ident. information in this output. Just proxy is missing. You can do it separately.
But you have to have the same UIC for a user and identifiers on all nodes. It's a good practice indeed. Otherwise, SYSUAF.DAT gets a bit messy.
I assume, the same can be done by reading directly from SYSUAF.DAT, NET$PROXY.DAT and RIGHTSLIST.DAT , but didn't do it yet.

Mike
...and I think to myself, what a wonderful world ;o)
Jan van den Ende
Honored Contributor

Re: Copying users over the nodes

Mainak,

Re: Identifiers.

We have long ago learned to add identifiers NOT by just UAF>ADD/ID , but to explicitly give them their value as well.

OLD::UAF>SHO /ID xxx also gives the value, either in UIC format [x,y], or in INTEGER format %Xnnnnnnnn, with nnnnnnnn > %X80000000

New::UAF>ADD/ID xxx /VAL=UIC:[x,y]
where y may be * to specify a groupname ident, in which case the /ATTRIB=RESOURCE will be appropriate.

or

NEW::UAF> ADD/ID xxx /VAL=ID:%Xmmmmmmmm, with %Xmmmmmmmm = %Xnnnnnnnn - %X80000000

This gives two big advantages:
-- A file copy by BACKUP/OWN=ORIG maintains file ownership and access BY NUMERIC VALUE, and so, ONLY if the numeric values are identical, the ownerships and accessibilities are kept consistent
-- If ever in the future those systems are to be integrated, ownerships are protections are already synchronous.
And if you EVER have to merge some systems, you will know what a PITA it can be if they are not!

hth,

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
Galen Tackett
Valued Contributor

Re: Copying users over the nodes

Wouldn't it be nice if we had an application (from HP or the user community) that could assist with merging SYSUAF, RIGHTSLIST, proxies, etc.?

It might not be able to do the entire job for you, but it could perhaps do a good bit of the work and tell about, e.g., conflicts that it can't resolve.

Just a suggestion if anyone's listening who'd like to write it. Given time, I would write it. But like most busy systems staff I seldom have time to work on significant code of my own any more. :-(
Kris Clippeleyr
Honored Contributor

Re: Copying users over the nodes


Re: Galen


Wouldn't it be nice if we had an application (from HP or the user community) that could assist with merging SYSUAF, RIGHTSLIST, proxies, etc.?


I have written such a beast. When I find the time I'll put it (VMSINSTAL kits) on my website ( www.quadratrix.be ).

Regards,
Kris (aka Qkcl)
I'm gonna hit the highway like a battering ram on a silver-black phantom bike...
Mainak
Advisor

Re: Copying users over the nodes

Hi,

I tried to do it from DCL as Ian recomended in the first reply, but getting the following error when trying to write to the remote file-

%DCL-W-TKNOVF, command element is too long - shorten

And actually no record found for the user name at the remote end.