Manualshelf

Technical data

ManualsBrandsCompaq ManualsPrinterLA36
191192193194195196197198199200
Managing User Accounts
7.1 Understanding the User Authorization File
Table 71 Resource Type Limits
Resource Type Description of Limit
Pooled A process and its subprocesses share the resource on a first-
come, first-served basis until the limit is reached.
Nondeductible A subprocess receives the same limit on the resource as the
creator receives. The creators limit is not affected.
Deductible A subprocess receives a portion of the creator’s resource. That
portion is deducted from the creator’s limit.
Systemwide A process and all created subprocesses with the same user name
or account share the total limit on a first-come, first-served
basis.
Normally, leave limits at their default values. For the default values for
the system and user accounts, see the sample SYSTEM and DEFAULT user
authorization file records supplied with the Authorize utility on your distribution
kit. Also see Section 7.11 for a full description of limits and quotas.
7.1.3 Privileges
Privileges determine what functions users are authorized to perform on the
system. System manager functions require privileges that are denied to most
users. Because the SYSTEM account has full privileges by default, exercise
caution in using it. For example, if you log in to the SYSTEM account, you can
modify and delete any file regardless of its protection.
Table 7–2 categorizes system privileges and includes a brief definition of the
activity permitted with each privilege. See the OpenVMS Guide to System
Security for a full description of privileges.
Table 72 System Privileges
Category Privilege Activity Permitted
None None None requiring privileges
Normal NETMBX
TMPMBX
Create network connections
Create temporary mailbox
Group GROUP
GRPPRV
Control processes in the same group
Group access through system protection field
Devour ACNT
ALLSPOOL
BUGCHK
EXQUOTA
GRPNAM
PRMCEB
PRMGBL
PRMMBX
SHMEM
Disable accounting
Allocate spooled devices
Make machine check error log entries
Exceed disk quotas
Insert group logical names in the name table
Create/delete permanent common event flag clusters
Create permanent global sections
Create permanent mailboxes
Create/delete structures in shared memory
(continued on next page)
Managing User Accounts 73