Uaf Recovery

If you have the sysuaf.lis, you can read it and do the
$ mc authorize add smith/...
for all the users

It may be interesting to know who deleted your file sysuaf.dat... and try to prevent another delete.

Ariel,

I would start with obtaining SYSUAF.DAT from the last good backup.

Depending on how many users are listed in SYSUAF.LIS, it may be more effective to write a DCL procedure to parse SYSUAF.LIS and generate the necessary ADD commands. Note that you NOT will be able to recover the passwords, they will have to be set to new values.

Volker.

There is no strightforward import function. If you have a full SysUaf.Lis (i.e. with list/full), then your best option is probably to write something to transform the listing into a command file.

You'll need to write a perl script, editor macros, or whatever other tool you feel comfortable with to do the job. If someone has done this before, I've not seen it.

You'll also need to generate new passwords for all accounts.

1. Recover the SYSUAF.DAT (Latest or last available)

2. SYSUAF.LIS check how many users

3. If there is not much of difference; you are lucky.

Ariel,

For completeness, are you certain that it was named SYSUAF.DAT (or the common alternate). It is possible to relocate/rename the file using a system logical name. Before going too far down this path, do a search on all of your mass storage for the expected username strings. You may be surprised.

Generally, such a logical name assignment would be in SYS$STARTUP:SYLOGICALS.COM. However, this is not an absolute requirement, it is a convention.

Your SYSUAF may not be lost, it may merely be in an unexpected location.

One need also check that RIGHTSLIST is intact, which is an entirely different question. It too an be located in other than its normal place.

If all else fails, reconstruction from the listings is the solution, but it can be a task. (I have parsed the SYSUAF listing, for several client matters that required mass correction of several inappropriate practices; it can be a project to get the parsing of the listing correct.)

- Bob Gezelter, http://www.rlgsc.com

Ariel, you do not indicate why you need to recover. Is the file deleted? Lots of records from the file deleted, or is it perhaps corrupted.

Any text 'import' scheme will NOT be able to recover passwords. Restoring a backed-up version will of course restore old value of the passwords.
As you will likely generate fresh passwords, for security sake, please try to resist the temptation to give the same to all. Even with forced change, which can tell folks the account was comprimised, this seems scary.

If corrupted, then maybe it is worth your while to try fix that, or recover as many records as possible (keyed lookup driven by rightslist).

To fix a corrupted file, an (eve old) backup is normally very helpful.

Besides RIGHTSLIST and a plain old DIRECTORY output, PASSWORD_HISTORY and MAIL_PROFILE are other files which may help with any reconstruction project, as well.

This may/will be the time get a clean SYSUAF,

Hope this helps,
Hein.

SysUafALT.Dat isn't relevant to this recovery, nor does Sec_SysUaf.Dat exist in a standard installation.

The file can be rebuilt. That requires finding all of the usernames and the UIC values, and inventing new passwords. Other than the passwords, the values necessary can be gleaned from the SYSUAF file; you'll be writing a parser to get that data, if you can't already find one written.

VMS includes no SYSUAF.LIS parser for this task.

I'd probably use lib$table_parse here to build the parser. That'll probably be the easiest way to create a grammar to pull in the data from SYSUAF.LIS.

The file can be recovered from backup, though it is clear there is no current backup here.

If the file is simply located elsewhere or there's a new version over top of a lower version, there might not be a need to rebuild.

I'm guessing you created a SYSUAF.LIS file then deleted the wrong SYSUAF.DAT file. If that's the case and if you've done that ++and have not rebooted the OpenVMS box++ it might be possible to recover the deleted file, because the SYSUAF is typically held open by various applications and which means the file gets marked for delete. Not (immediately) deleted.