OpenVMS Notes: System Manager Stuff

The information and software presented on this web site are intended for educational use only by OpenVMS application developers and OpenVMS system attendants.
The information and software presented on this web site are provided free of charge.
The information and software presented on this web site are presented to you as-is. I will not be held responsible in any way if the information and software presented on this web site damages your computer system, business or organization (sounds like the legal warning from a Microsoft shrink-wrap seal, eh?)
The information presented on this page can be really dangerous if you don't know what you are doing. So develop your skills by practicing on files first copied to scratch drives. On top of this, always make sure you have good backup copies of everything before you begin.

Quick Nav Menu

Freeing space
Who is deleting files?
- Enabling File Delete in DFU
Who is accessing certain files?
Who is changing the system clock?
Who is breaking in?
Related links

Freeing space on the system disk

DCL Command	Result
$set def sys$manager $reply/ena $reply/log $reply/dis $pur/log/noco OPERATOR.LOG	move to the system manager directory enable opcom messages on this terminal close the current operator log then open a new one disable opcom messages on this terminal purge extra copies of this file from this directory
$set def sys$manager $set audit/server=new $pur/log/noco SECURITY.AUDIT$JOURNAL	move to the system manager directory close the current audit log then open a new one purge extra copies of this file from this directory Note: don't do this if someone at your company needs these files for security purposes
$set def sys$manager $set acc/new $pur/log/noco ACCOUNTNG.DAT	move to the system manager directory close the current accounting file then open a new one purge extra copies of this file from this directory Note: don't do this if someone at your company needs these files to bill other clients for resources they used on your system
$sho dev d $set default $1$dia0:[000000] $dir [000000...]/size=all/sel=siz=min=99000 <<< now research your findings >>>	see the disk names move to the root directory of disk $1$dia0: (use ds0: if shadowed) locate all files >= 99000 blocks <<< research your findings >>>
<<< consider purging the disk of some logs >>> $pur/log/noco $1$dia0:[000000...]*.log/keep=5	<<< consider purging the disk of some logs >>> purge the disk of all some files (keeping the last 5 versions) Note: don't do this if you are having other problems which the log files could help solve
<<< consider purging the disk of all logs >>> $pur/log/noco $1$dia0:[000000...]*.log	<<< consider purging the disk of all logs >>> purge the disk of all log files Note: don't do this if you are having other problems which the log files could help solve
<<< consider purging the disk of all files >>> $pur/log/confirm $1$dia0:[000000...]	<<< consider purging the disk of all files >>> purge the disk of all files Emergency Use Only (if you need to recover disk space) This is a last-resort command
<<< optional command for TCPware >>> $netcu NETCU> set log/new NETCU> exit $pur/log/noco tcpware:*.log	<<< optional command for TCPware >>> start the TCPware network control utility close the current log file then open a new one exit the TCPware network control utility purge TCPware log files
<<< considering deletion of UNDO files >>> $sho dev d $set default $1$dia0:[000000] $dir undo/date	Note: UNDO files are left over from patch installations see the disk names move to the root directory of disk $1$dia0: (use ds0: if shadowed) see PCSI Undo directories
<<< considering running DFU >>> $sho dev d $set default $1$dia0:[000000] $mcr dfu DFU> verify $1$dia0: DFU> verify $1$dia0: /lock/fix/rebuild	Digital File Utility (from the freeware CD) see the disk names move to the root directory of disk $1$dia0: (use ds0: if shadowed) fire up DFU verify this disk (read only) verify this disk (write; do this when system is idle)

See who is deleting files

DCL Command

Result

$set audit/server=new
$set audit/class=file/audit=(SUCCESS:DELETE)
[...wait a short period of time for users to do their thing...]
$set audit/server=flush
$anal/audit/full/out=TEMP.TMP SYS$MANAGER:SECURITY.AUDIT$JOURNAL

close the current audit log then open a new one
enable the auditing of successful file deleting
wait a short period of time
push buffered audits into the file
inspect the audit file

DFU Special Notes:

DFU (Digital File Utility) can also be used to UNDELETE files. Since this very powerful feature write-locks a disk prior to scanning for your missing file(s), the developers did not want too many accounts to be able to use UNDELETE so they made it a little difficult for users to activate. Here is a slightly obscure example:

$ set def sys$system								!
$ r authorize									!
UAF> add/id yada								! create system-wide identifier "yada"
%UAF-I-RDBADDMSG, identifier YADA value %X8001005D added to rights database	!
UAF> grant/id yada  neil							! grant "yada" to user "neil"
%UAF-I-GRANTMSG, identifier YADA granted to NEIL				!
UAF> sh neil									!

Username: NEIL                             Owner:  NSR_N123119_ADM
Account:  ADMCSM                           UIC:    [346,1] ([NEIL])
[...snip...]
Identifier                         Value           Attributes
  DFU_ALLPRIV                      %X8001001D
  YADA                             %X8001005D

UAF> revoke/id yada neil							! revoke "yada" from user "neil"
%UAF-I-REVOKEMSG, identifier YADA revoked from NEIL				!
UAF> rem/id yada   								! remove system-wide identifier "yada"
%UAF-I-RDBREMMSG, identifier YADA value %X8001005D removed from rights database	!
UAF> exit									!
%UAF-I-NOMODS, no modifications made to system authorization file		!
%UAF-I-NAFNOMODS, no modifications made to network proxy database		!
%UAF-I-RDBDONEMSG, rights database modified					!
$										!

Caveat: On older systems (like VMS-5.x) you will not be able to grant/revoke by account name. In this case you need to grant/revoke by UIC.

See who is accessing certain files