[Info-vax] Change UIC of DEFAULT

Mac Decman dearman.mark at gmail.com
Mon May 7 22:15:12 EDT 2012 

On Mon, 7 May 2012 04:45:23 -0700 (PDT), jbriggs444
<jbriggs444 at gmail.com> wrote:

>On May 6, 8:38 pm, Mac Decman <dearman.m... at gmail.com> wrote:
>> Is it possible to change the UIC of the DEFAULT user from [200,200] to
>> something else?  Does AUTHORIZE look for this UIC to get values from
>> or does it reference it by name?
>
>The AUTHORIZE utility references the DEFAULT user by name.
>
>[Referencing it by UIC code would be silly since it is entirely
>possible
>to have two or three or dozens of users in SYSUAF.DAT all sharing
>the same UIC].

Yes I shortly realized this.  The only thing that was throwing me off
was the fact that I had not done the MOD/ID on DEFAULT.

>
>> The only reason I am asking is for congruency between accounting
>> records stored in the LDAP directory.  All of the UIDs in the directoy
>> happen to fall in the 200 range.  Where 200 is the Domain Users group.
>
>What accounting records?  What LDAP directory?

Currently in active directory there are atributes for UID and GID, as
well as other information,  which are either referenced by LDAP
integrated authentication on unix boxes or simply stored for
accounting purposes.
>
>My reading of this is that all of the users on your system have
>been created in the same UIC group.  So their accounting records
>in ACCOUNTNG.DAT all show the records under that single UIC
>group.

There are a number of GIDs associated with ADS groups all starting at
200-220 for various access to projects and etc.  I know this doesn't
directly translate to VMS security model.

>
>Changing the UIC on the DEFAULT account will not have any
>useful effect.  What may have a useful effect is updating the
>acounts for users on your system so that they have distinct UIC
>groups.  Unfortunately, this will likely have the side-effect that
>none
>of your users will be able to access any of their files.  So you will
>want to change the ownership of their files to match.
>
>This process will have the side-effect that the modification date
>on all of your files will change.  This may in turn have an impact
>on an incremental backup scheme if you run one.

Well it seems after looking through the CIFS documentation I'm going
to just have to choose new ranges and map them from CIFS, or add a
second set of attributes to the ldap directory for OpenVMS.  CIFS
wants to map into the range 1000+ for UIDs and 5000+ for GIDs.  Using
a second set of attributes for users allowed to access the VMS
environment seems like the best solution.

Mark DeArman

More information about the Info-vax mailing list