HPE Community
Operating System - OpenVMS
1753420 Members
4922 Online
108793 Solutions
New Discussion юеВ

Re: How to prevent a user from $ promt?

 
Mohammed Abdul Gafoor
New Member

тАО10-31-2005 09:30 PM

тАО10-31-2005 09:30 PM

How to prevent a user from $ promt?

We are using VMS 6.2 on Alpha 100a using DSM 7.1.

I have created a new user (RAED1)his default dir is [SPOOL] to copy/trasfer files from Alpha using FTP software (KEA). This user can access $ promt. Then, I have tried to give him a new LGICMD to prevent him from $ prompt but FPT (KEA)doesn't work. It keeps reading LGICMD that consumes space and may hang the system. Please advise how to reslve this problem?

Username: RAED1
Default: LIVE_DISK:[SPOOL]
LGICMD: LIVE_DISK:[COM]RAED1_LOGIN
0 Kudos
Reply
8 REPLIES 8
Ian Miller.
Honored Contributor

тАО10-31-2005 09:51 PM

тАО10-31-2005 09:51 PM

Re: How to prevent a user from $ promt?

If you only want the user to be able to do ftp then I enable network access only and these flaggs.

Flags: DefCLI LockPwd Restricted DisWelcome DisMail DisReport DisReconnect

I would set the default dir to another place and then have the LOGIN.COM change default to [SPOOL]

This way the files the user sends arrive in [SPOOL] but the ftp log files are in the users default directory.
____________________
Purely Personal Opinion
0 Kudos
Reply
Mohammed Abdul Gafoor
New Member

тАО11-01-2005 12:20 AM

тАО11-01-2005 12:20 AM

Re: How to prevent a user from $ promt?

Ian,

Thanks for the solution.

I have set the parameters as suggested, still user can access to $ promt. please see below the details of the useR.

Username: RAED1 Owner:
Account: UIC: [1000,263] ([RAED])
CLI: DCL Tables: DCLTABLES
Default: LIVE_DISK:[SPOOL]
LGICMD: LIVE_DISK:[SPOOL]LOGIN
Flags: DefCLI LockPwd Restricted DisReport DisReconnect
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
No access restrictions
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: 90 00:00 Pwdchange: 1-NOV-2005 14:47
Last Login: 1-NOV-2005 16:09 (interactive), 1-NOV-2005 14:49 (non-interactive)
Maxjobs: 0 Fillm: 100 Bytlm: 64000
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 150 JTquota: 4096
Prclm: 8 DIOlm: 150 WSdef: 2000
Prio: 4 ASTlm: 250 WSquo: 4000
Queprio: 0 TQElm: 10 WSextent: 16384
CPU: (none) Enqlm: 2000 Pgflquo: 50000
Authorized Privileges:
Default Privileges:
NETMBX TMPMBX


0 Kudos
Reply
Peter Barkas
Regular Advisor

тАО11-01-2005 12:43 AM

тАО11-01-2005 12:43 AM

Re: How to prevent a user from $ promt?

It seems that you may not have set the access restrictions as suggested.
0 Kudos
Reply
Willem Grooters
Honored Contributor

тАО11-01-2005 01:47 AM

тАО11-01-2005 01:47 AM

Re: How to prevent a user from $ promt?

Network only:

$ MCR AUTHORIZE
UAF> MOD RAED1 /NOINTERACTIVE/NOBATCH/NODIALIN
UAF EXIT

will allow only network access

Willem

Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Reply
Mike Reznak
Trusted Contributor

тАО11-01-2005 03:07 AM

тАО11-01-2005 03:07 AM

Re: How to prevent a user from $ promt?

Hi,
this might be the right flag for you.

CAPTIVE Prevents the user from changing any defaults at
login, for example, /CLI or /LGICMD. It prevents
the user from escaping the captive login command
procedure specified by the /LGICMD qualifier and
gaining access to the DCL command level. Refer to
"Guidelines for Captive Command Procedures" in the
OpenVMS Guide to System Security.

The CAPTIVE flag also establishes an environment
where Ctrl/Y interrupts are initially turned off;
however, command procedures can still turn on Ctrl/Y
interrupts with the DCL command SET CONTROL=Y. By
default, an account is not captive (NOCAPTIVE).

Mike
...and I think to myself, what a wonderful world ;o)
0 Kudos
Reply
Jiri_5
Frequent Advisor

тАО11-01-2005 06:25 PM

тАО11-01-2005 06:25 PM

Re: How to prevent a user from $ promt?

We use for FTP account this setting:

Default: DISK:[FTP]
LGICMD: NL:
Flags: Restricted
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
Primary 000000000011111111112222 Secondary 000000000011111111112222
Day Hours 012345678901234567890123 Day Hours 012345678901234567890123
Network: ##### Full access ###### ##### Full access ######
Batch: ----- No access ------ ----- No access ------
Local: ----- No access ------ ----- No access ------
Dialup: ----- No access ------ ----- No access ------
Remote: ----- No access ------ ----- No access -----
0 Kudos
Reply
Mohammed Abdul Gafoor
New Member

тАО11-16-2005 12:55 AM

тАО11-16-2005 12:55 AM

Re: How to prevent a user from $ promt?

It worked.

Thanks.
0 Kudos
Reply
Ian Miller.
Honored Contributor

тАО11-16-2005 01:27 AM

тАО11-16-2005 01:27 AM

Re: How to prevent a user from $ promt?

http://forums1.itrc.hp.com/service/forums/helptips.do?#33
____________________
Purely Personal Opinion
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.