Users and projects

Sun, Oct 12, 2014

Rather than be limited by the set of user IDs in the starter system, you can create one or more user IDs for yourself. This post will look in more detail how user IDs are created and used in MTS.

User and project IDs

User IDs (or ccIDs) in MTS are four characters long, optionally right padded with . if shorter (eg ACC.).

Each user ID is a member of one project, which also has a four character ID. A project can have zero or more user IDs in it. Project IDs allowed funds for students on a course or a research team to be grouped together; it also allows sharing of files within a group.

Note that unlike groups on Unix a user ID can only be a member of one project. One upshot of this on the mainframe is that a person may have several different user IDs, for example one for each course they are on. Thee is no concept of root or Administrator on MTS, but an ID can have extra privileged, eg the ability to access devices directly.

Creating a new user ID

User and project records are stored in file *ACCOUNTING and sub files matching *ACCOUNTING?. Rather than edit these directly you should use the ACCMAINT program.

Sign-on as user ACC using password aardvarks and then a secondary ID like ST01. $run ACCMAINT to start the program, setting unit 0 to be where you want output, eg *print* or *sink*.

You can now use commands like CREATE and DESTROY. Here’s a sample session where we CREate a privileged ID ABC.

# $run accmaint 0=*sink*
# Execution begins   02:55:29 


  MTS ACCOUNTING FILE MAINTENANCE
  CRE ABC.,0,,,,,10000,,,,WABC,LIBRARY=ON,PRIV=ON,PROTECT=ON,PASSWORD=secret1
 


  ABC. password is SECRET1          Name:
  ABC.             SECRET1 
  ABC.             SECRET1 
       (Hexadecimal representations:  ID=X'C1C2C34B' PW=X'E2C5C3D9C5E3F1')
...

Looking at the parameters:

• 0 is the university account number
• 10000 is the maximum disk space in pages
• The project name is WABC: this must start with a W to provide system level privileges.
• LIBRARY - can create a public file, eg one starting with *
• PRIV - bypass checks on funds
• PROTECT - run privileged commands, eg get tape devices directly with GET
• Other blank fields are to control resource use and can be blank as shown.

It should also be possible to create non-privileged IDs this way but I have not worked out how to set up funds: if I enter the command

CRE BA01,0,,,,,10000,,,,BABA,PASSWORD=secret1

and then sign on as ba01 I get The funds allotted this user ID have been depleted. - if you know how to do this let me know in the comments.

Update 14-Apr-2015: see Jeff’s comment below on how to do this.

Removing a user ID

$run ACCMAINT as user ACC as before but use the DESTROY command with the user ID and the account number. For example, to remove user ABC.:

# $run accmaint 0=*sink*
# Execution begins   03:06:37 


  MTS ACCOUNTING FILE MAINTENANCE
  DES ABC,0
  *** ABC. IS TO BE DELETED.
  PLEASE CONFIRM OR ENTER "CANCEL".
  ok

Getting user and project information

There are other programs under ID ACC that may be useful; some examples:

• ACCDISPLAY prompts for a user ID and prints out detailed information for the ID
• ACCLISTING lists out info on all user IDs
• PROJECTDISP prompts for a project ID and provides details
• PROJECTIDS prompts for a project ID and lists all users in the project
• PROJECTLIST shows details on all projects in the system

Run $filestatus when signed on as ACC to see the list.

Changing password

To change the password of the currently signed-on MTS ID, do SET PW. It will ask for the old password first then the new password twice for confirmation.

To change the password for an account you don’t know the password for, sign on as the user WPSW, enter a secondary sign-on ID/password and then $run program1. If you type a user ID it will reset the password to something new. An example for our new account ST03:

# $run program1
# Execution begins   03:17:16 
  ST03
  Password previously set at 04/19/88 17:19:01 EDT has been reset to YLU6GM 
  end of file
# Execution terminated   03:17:26  T=0.011 

CKID and secondary sign-on

Some privileged IDs, such as MTS, are protected by requiring a secondary sign on. Access is controlled by the file CKID:ACCESS with lines of the form

priv_id secondary_id1 [secondary_id2...]

To change this file you will need to sign on as CKID. In the starter system the password for this account is not supplied, so first change its password using the instructions in the previous section.

Edit the file ACCESS using $edit (it’s wise to take a backup first). A typical line for ID MTS looks like this so you can add secondary IDs at the end or remove secondary IDs you don’t need.

MTS. ALWB DLB. DRH. DWB. KLB. MTA. SRB. WSG. W013 W030 W05Q W070 W170 ST00 ST01 ST02 ST03 ST04 ST05 ST06 ST07 ST08 ST09 AB01

You could also add new privileged IDs and who can access them by adding lines to this file. To ensure the secondary sign-on is checked at sign-on, set the sigfile (the command file run at sign-on) for the account being protected to CKID:CKID.SIG with set sigfile=CKID:CKID.SIG.

Further information

A write-up on the accounting system can be found in component 104/172 on the MTS tapes. See restoring components for details on how to do this and the FAQ question 31 on how to print the guide.