 |
OpenVMS DCL Dictionary
SET
Defines or changes, for the current terminal session or batch job,
characteristics associated with files and devices owned by the process.
Format
SET option
Description
The SET command options are described individually in this manual.
Table DCLII-15 lists all the SET command options, including those
generally reserved for use by system operators and managers.
Table DCLII-15 SET Command Options
| Option |
Function |
|
ACCOUNTING
|
Controls the current accounting file.
|
|
AUDIT
|
Provides the management interface to the security auditing system.
|
|
BROADCAST
|
Determines which messages will be broadcast to SYS$OUTPUT.
|
|
CACHE/RESET
|
Resets systemwide I/O caching statistics for the extended file cache
(XFC).
|
|
CARD_READER
|
Defines the default ASCII translation mode for a card reader.
|
|
CLUSTER/EXPECTED_VOTES
|
Sets the total expected votes in the OpenVMS Cluster to a value that
you specify or, if no value is specified, sets the total votes to a
value determined by the system.
|
|
COMMAND
|
Adds commands that are defined in a command description file to your
process command set or a command tables file.
|
|
CONTROL
|
Enables or disables interrupts caused by Ctrl/T or Ctrl/Y.
|
|
CPU
|
Changes the user capabilities associated with the specified CPUs.
|
|
DAY
|
Overrides the default day type specified in the user authorization file
(UAF).
|
|
DEFAULT
|
Establishes a device and directory as the current default for file
specifications.
|
|
DEVICE
|
Defines device characteristics.
|
|
DEVICE/SERVED
|
Lets you make a disk on a local node available to all the nodes on an
OpenVMS Cluster.
|
|
DIRECTORY
|
Modifies the characteristics of one or more directories.
|
|
DISPLAY
|
Redirects the output of a DECwindows application.
|
|
ENTRY
|
Changes the current status or attributes of a job not currently
executing in a queue.
|
|
FILE
|
Modifies the characteristics of one or more files.
|
|
HOST
|
Connects your terminal (through the current host processor) to another
processor, called the remote processor.
|
|
HOST/DTE
|
Connects your system to a remote system by way of an outgoing terminal
line.
|
|
HOST/DUP
|
Connects your terminal to a storage controller through the appropriate
bus for that controller.
|
|
HOST/HSC
|
Connects your terminal to a remote HSC50 disk and tape controller
through the computer interconnect (CI) bus.
|
|
HOST/LAT
|
Connects your terminal to a specified service available in the local
area network (LAN), establishing one session for communication between
your terminal and that service.
|
|
HOST/RLOGIN
|
Allows you to log in to a remote host over a TCP/IP connection and
start an interactive terminal session by accessing the RLOGIN
application.
|
|
HOST/TELNET
|
Connects you to a remote host over a TCP/IP connection by invoking the
TELNET application.
|
|
HOST/TN3270
|
Connects you to a remote IBM host over a TCP/IP connection, causing the
local keyboard to emulate an IBM 3279-class terminal keyboard by
invoking the TN3270 terminal emulator.
|
|
KEY
|
Changes the current keypad state setting.
|
|
LOGINS
|
Allows or disallows users to log in to the system.
|
|
MAGTAPE
|
Defines characteristics of a magnetic tape device.
|
|
MESSAGE
|
Overrides or supplements system messages.
|
|
NETWORK
|
Registers the attributes of a network service.
|
|
ON
|
Controls whether the command interpreter checks for an error condition
following the execution of commands in a command procedure.
|
|
OUTPUT_RATE
|
Sets the rate at which output is written to a batch job log file.
|
|
PASSWORD
|
Lets users change their own passwords; lets system managers change the
system password.
|
|
PREFIX
|
Allows you to set a prefix control string for verified command lines.
|
|
PRINTER
|
Defines printer characteristics.
|
|
PROCESS
|
Defines execution characteristics of the current process.
|
|
PROMPT
|
Defines the DCL prompt.
|
|
PROTECTION/DEFAULT
|
Establishes the default protection to be applied to all files
subsequently created.
|
|
QUEUE
|
Changes the current status or attributes of the specified queue.
|
|
RESTART_VALUE
|
Establishes a test value for restarting portions of batch jobs.
|
|
RIGHTS_LIST
|
Lets users modify the process rights list; lets privileged users modify
the system rights list.
|
|
RMS_DEFAULT
|
Provides default multiblock and multibuffer count values to be used by
RMS for file operations.
|
|
SECURITY
|
Modifies the security profile of an object.
|
|
SERVER
|
Controls starting, stopping, and restarting of the security server. The
security server maintains information stored in the system intrusion
and proxy databases.
|
|
SYMBOL
|
Controls access to local and global symbols in command procedures.
|
|
TERMINAL
|
Defines terminal characteristics.
|
|
TIME
|
Resets the system clock to the specified value.
|
|
VERIFY
|
Controls whether the command interpreter displays lines in command
procedures as it executes them.
|
|
VOLUME
|
Modifies the characteristics of one or more Files-11 volumes.
|
|
WORKING_SET
|
Changes the current working set limit or quota.
|
SET ACCOUNTING
Controls the current accounting file.
Requires OPER (operator) privilege.
Format
SET ACCOUNTING
Parameters
None.
Description
Each node on your system has its own current accounting file. You can
control what resources this file tracks, and start up a new version of
this file using the SET ACCOUNTING command.
There are two occasions when the resources used by a process are not
tracked, despite the SET ACCOUNTING command:
- When you use the RUN (Process) command with the /NOACCOUNTING
qualifier.
- When you use the $CREPRC system service with the PRC$M_NOACNT
status flag.
Similarly, there is one occasion when the resources used by an image
are always tracked, despite the SET ACCOUNTING command:
- When you install an image using the /ACCOUNTING qualifier of the
Install utility.
For more information on how to use the SET ACCOUNTING command, refer to
the OpenVMS System Manager's Manual.
Qualifiers
/DISABLE[=(keyword[,...])]
Prevents the tracking of the resources specified by the keywords.
Table DCLII-16 lists the keywords you can use to specify the type of
resource.
Table DCLII-16 SET ACCOUNTING Keywords for Resource Types
| Keyword |
Type of Resource |
|
IMAGE
|
Resources used by an image
|
|
LOGIN_FAILURE
|
Resources used by an unsuccessful attempt to log in
|
|
MESSAGE
|
Unformatted record written to the accounting file by a call to the
$SNDJBC system service
|
|
PRINT
|
Resources used by a print job
|
|
PROCESS
|
Resources used by a process
|
You do not need to stop the tracking of all processes and images. You
can prevent resources being tracked for specific types of process and
for images running in these types of process.
Table DCLII-17 lists the keywords you can use to specify the type of
process.
Table DCLII-17 SET ACCOUNTING Keywords for Process Types
| Keyword |
Type of Process |
|
BATCH
|
Batch process
|
|
DETACHED
|
Detached process
|
|
INTERACTIVE
|
Interactive process
|
|
NETWORK
|
Network process
|
|
SUBPROCESS
|
Subprocess (the parent process can be a batch, detached, network, or
interactive process)
|
If the system is no longer tracking any resources, /DISABLE closes the
current accounting file.
If you use the /DISABLE qualifier and omit the keywords, the current
accounting file does not track any resources, and the system closes the
file.
/ENABLE[=(keyword[,...])]
Enables the tracking of the specified resources, and opens the current
accounting file if it is not already open. The /ENABLE qualifier uses
the same keywords as the /DISABLE qualifier.
Use the keywords shown in Table DCLII-16 to specify the types of
resource that you want the local node to track in its current
accounting file.
If the resources used by processes or images are being tracked, you can
use the keywords shown in Table DCLII-17 to enable the tracking of these
resources for specified types of process and for images running in
those types of process.
If you use the /ENABLE qualifier and omit the keywords, the current
accounting file tracks all resources.
/LOG
Writes information to the current SYS$OUTPUT device as the command
executes.
/NEW_FILE
Closes the current accounting file, and starts up a new version of it.
The name of the new file depends on whether the logical name ACCOUNTNG
is defined in your system logical name table.
If this logical name is not defined, the SET ACCOUNTING command opens
the file SYS$MANAGER:ACCOUNTNG.DAT.
If this logical name is defined, the command opens the file that this
logical name points to. If you omit the directory, SYS$MANAGER is the
default, and if you omit the file type, .DAT is the default.
The /NEW_FILE qualifier writes a file forward link record to the old
file, and a file backward link record to the new file. These records
contain the names of the old and new files respectively.
Examples
| #1 |
$ SET ACCOUNTING /DISABLE /ENABLE=(PROCESS,BATCH,INTERACTIVE)
$ SET ACCOUNTING /ENABLE=IMAGE
|
This example tells the system to track the resources used only by batch
and interactive processes, and by images running in batch and
interactive processes. It illustrates the cumulative effect of /ENABLE
and /DISABLE qualifiers, and of SET ACCOUNTING commands.
The /DISABLE qualifier prevents the tracking of all resources. The
/ENABLE qualifier then tells the system to track the resources used by
batch and interactive processes. The second SET ACCOUNTING command
tells the system to track the resources used by images.
| #2 |
$ SET ACCOUNTING /NEW_FILE
$ RENAME SYS$MANAGER:ACCOUNTNG.DAT;-1 WEEK_24_RESOURCES.DAT
|
This example closes the current accounting file, opens a new version of
it, and changes the name of the old file to WEEK_24_RESOURCES.DAT.
SET AUDIT
Provides the management interface to the security auditing system.
Requires the SECURITY privilege.
Format
SET AUDIT/qualifier
Parameters
None.
Description
The SET AUDIT command and the SHOW AUDIT command provide the management
interface to the security auditing system.
The SET AUDIT command enables or disables security auditing. In
addition, you use the command to do the following:
- Select categories of events to audit
- Change the operational characteristics of the audit server
- Establish the location of the audit journal and the security
archive file
- Control the monitoring of disk resources
Values set by the command are saved so it is unnecessary to set them
each time the system starts up. Commands for event definition, resource
monitoring, and starting a new log apply clusterwide, while other
commands apply only to the local node.
Security auditing features require a certain amount of system overhead;
therefore, you should be careful to select the features that will
provide the most benefit in your work environment. Enable only the
auditing of information that you know you will examine and analyze
regularly. Any other collection of data is likely to be wasteful. For
further information about auditing, refer to the OpenVMS Guide to System Security.
There are five categories of qualifiers, grouped by task, for the SET
AUDIT command:
| Task |
Qualifiers |
Requirements |
|
Define auditing events
|
/AUDIT, /ALARM, /CLASS, /ENABLE, /DISABLE
|
Specify whether you are defining alarms (/ALARM), audits (/AUDIT), or
both. Also specify whether you are enabling (/ENABLE) or disabling
(/DISABLE) the reporting of the event.
|
|
Define auditing log file
|
/DESTINATION, /JOURNAL, /VERIFY
|
Requires both the /DESTINATION and /JOURNAL qualifiers.
|
|
Define operational characteristics of the audit server and a listener
mailbox (if any)
|
/INTERVAL, /LISTENER, /SERVER, /VERIFY
|
None.
|
|
Define secondary log file
|
/ARCHIVE, /DESTINATION, /VERIFY
|
None.
|
|
Define resource monitoring defaults
|
/BACKLOG, /EXCLUDE, /JOURNAL, /RESOURCE, /THRESHOLD, /VERIFY
|
With the /RESOURCE or /THRESHOLD qualifier, include the /JOURNAL
qualifier.
|
Qualifiers
/ALARM
Makes the command apply to alarms, which are messages displayed on an
operator terminal. See the description of the DCL command REPLY/ENABLE
for details on how to enable terminals to display security messages.
/ARCHIVE=[keyword,...]
Specifies which classes of audit event messages are written to the
security archive file. Specify one or more of the following keywords:
| Keyword |
Description |
|
NONE
|
Disables archiving on the system.
|
|
[NO]ALL (default)
|
Enables or disables archiving of all system security events. By
default, no events are archived.
|
|
SYSTEM_ALARM
|
Enables archiving of all security alarm events.
|
|
SYSTEM_AUDIT
|
Enables archiving of all security audit events.
|
Archiving should be run on only one node in an OpenVMS Cluster with its
own audit server database because multiple nodes will try to open the
audit file exclusively.
/AUDIT
Makes the command apply to audits, which are messages recorded in the
system security audit log file.
/BACKLOG=[keyword[,...]]
Specifies the thresholds for suspending a process that has exceeded the
process message limit. The thresholds include the total number of
messages in memory and the number belonging to the particular process.
To prevent a process from being suspended, use the /EXCLUDE qualifier.
Specify the following keywords:
| Keyword |
Description |
|
TOTAL=(n1,n2,n3)
|
Thresholds at which flow control is initiated and accelerated; see
description below.
|
|
PROCESS=(p1,p2)
|
Thresholds at which process submissions are controlled.
|
| Total Messages |
Default |
Process Messages |
Default |
Action Taken |
|
N1
|
100
|
P1
|
5
|
When there are 100 messages in memory, the audit server suspends any
process that has submitted 5 or more messages until all messages are
written to disk.
|
|
N2
|
200
|
P2
|
2
|
When there are 200 messages in memory, the audit server suspends any
process that has submitted 2 or more messages until all messages are
written to disk.
|
|
N3
|
300
|
|
|
Any process with messages in memory is suspended until all messages are
written to disk.
|
/CLASS=class
Specifies the class of the object whose auditing attributes are to be
modified. If /CLASS is not specified, the command assumes the class is
FILE. Specify one of the following keywords with the /CLASS qualifier:
CAPABILITY
COMMON_EVENT_CLUSTER
DEVICE
FILE
GROUP_GLOBAL_SECTION
LOGICAL_NAME_TABLE
QUEUE
RESOURCE_DOMAIN
SECURITY_CLASS
SYSTEM_GLOBAL_SECTION
VOLUME
/DESTINATION=filespec
When changing the destination of event messages, specifies the new
location of the system security audit log file. The device, if part of
the file specification, must be a disk. The /DESTINATION qualifier
requires the /JOURNAL qualifier in this case.
Once you have relocated the log file, execute the command SET
AUDIT/SERVER=NEW_LOG to let all the nodes in the cluster know of the
new location. The previous audit log file is closed and all subsequent
audit event messages generated throughout the cluster are sent to the
new audit log file.
When used with /ARCHIVE, specifies the name of the archive log file.
Events can be archived to a local or remote file on any file-structured
disk device. For example, you can use an archive file to redirect event
messages from a satellite to a larger node in the cluster.
/DISABLE=(keyword[,...])
Disables alarms or audits for the specified events. To disable all
system events and file access events, specify the keyword ALL. You must
specify at least one of the keywords. For a list of the keywords to use
with the /DISABLE qualifier, see the /ENABLE qualifier description. You
must also specify either the /ALARM or /AUDIT qualifier, or both, when
you use the /DISABLE qualifier.
Note
In processing the SET AUDIT command, the system processes the /DISABLE
qualifier last. If you specify both the /ENABLE and /DISABLE qualifiers
for items in the same class on the same command line, the /DISABLE
qualifier disables any enabled items. Compaq recommends that you use
separate lines for commands containing the /ENABLE and /DISABLE
qualifiers.
|
/ENABLE=(keyword[,...])
Enables alarms or audits for the specified events. To enable all system
events and file access events, specify the keyword ALL. You must
specify at least one keyword. You must also specify either the /ALARM
or /AUDIT qualifier, or both, when you use the /ENABLE qualifier.
The keywords that you can specify with either the /ENABLE or the
/DISABLE qualifier are as follows:
| Keyword |
Description |
ACCESS=(condition
[:access[,...]] [,...])
|
Specifies access events for all objects in a class. (To audit a single
object, use an auditing ACE and enable the access control list (ACL)
category.)
Compaq recommends that when you enable auditing conditionally, you
enable it for all possible forms of access because the system can check
access rights at several points during an operation. (For example, a
FAILURE might occur on a read or write access check.)
|
Condition Keyword
|
Description
|
|
ALL
|
All object access
|
|
BYPASS
|
Successful object access due to the use of the BYPASS privilege
|
|
FAILURE
|
Unsuccessful object access
|
|
GRPPRV
|
Successful object access due to the use of the group privilege (GRPPRV)
|
|
READALL
|
Successful object access due to the use of the READALL privilege
|
|
SUCCESS
|
Successful object access
|
|
SYSPRV
|
Successful object access due to the use of the system privilege (SYSPRV)
|
|
Access Keyword
|
Description
|
|
ALL
|
All types of access
|
|
ASSOCIATE
|
Associate access
|
|
CONTROL
|
Control access to examine or change security characteristics
|
|
CREATE
|
Create access
|
|
DELETE
|
Delete access
|
|
EXECUTE
|
Execute access
|
|
LOCK
|
Lock access
|
|
LOGICAL
|
Logical I/O access
|
|
MANAGE
|
Manage access
|
|
PHYSICAL
|
Physical I/O access
|
|
READ
|
Read access
|
|
SUBMIT
|
Submit access
|
|
WRITE
|
Write access
|
|
|
ACL
|
Specifies an event requested by an audit or alarm ACE in the access
control list (ACL) of an object. To audit all objects of a class, use
the ACCESS keyword.
|
|
ALL
|
Specifies all system events and file access events. It does not enable
access events for object classes other than FILE.
|
|
AUDIT=keyword
|
Specifies events within the auditing subsystem. Only one keyword is
currently defined.
| Keyword |
Description |
|
ILLFORMED
|
Specifies illformed events from internal calls (identified by
NSA$M_INTERNAL) to $AUDIT_EVENT, $CHECK_PRIVILEGE, $CHKPRO, or
$CHECK_ACCESS system services. An illformed event is caused by an
incomplete or syntactically incorrect argument being supplied to one of
these system services by a piece of privileged code.
|
|
|
AUTHORIZATION
|
Specifies the modification of any portion of the system user
authorization file (SYSUAF), network proxy authorization file
(NETPROXY), or the rights list (RIGHTLIST) (including password changes
made through the AUTHORIZE, SET PASSWORD, or LOGINOUT commands or the
$SETUAI system service).
|
|
BREAKIN=(keyword[,...])
|
Specifies the occurrence of one or more classes of break-in attempts,
as specified by one or more of the following keywords:
ALL
DETACHED
DIALUP
LOCAL
NETWORK
REMOTE
|
|
CONNECTION
|
Specifies a logical link connection or termination through DECnet Phase
IV, DECwindows, $IPC, or SYSMAN.
|
|
CREATE
|
Specifies the creation of an object. Requires the /CLASS qualifier if
it is not a file.
|
|
DEACCESS
|
Specifies deaccess from an object. Requires the /CLASS qualifier if it
is not a file.
|
|
DELETE
|
Specifies the deletion of an object. Requires the /CLASS=DEVICE
qualifier.
|
|
IDENTIFIER
|
Specifies that the use of identifiers as privileges should be audited.
For further information, refer to the OpenVMS Guide to System Security.
|
|
INSTALL
|
Specifies modifications made to the known file list through the INSTALL
utility.
|
|
LOGFAILURE= (keyword[,...])
|
Specifies the occurrence of one or more classes of login failures, as
specified by the following keywords:
|
ALL
|
All possible types of login failures
|
|
BATCH
|
Batch process login failure
|
|
DETACHED
|
Detached process login failure
|
|
DIALUP
|
Dialup interactive login failure
|
|
LOCAL
|
Local interactive login failure
|
|
NETWORK
|
Network server task login failure
|
|
REMOTE
|
Interactive login failure from another network node, for example, with
a SET HOST command
|
|
SERVER
|
Server or TCB-based login failure.
|
|
SUBPROCESS
|
Subprocess login failure
|
|
|
LOGIN= (keyword[,...])
|
Specifies the occurrence of one or more classes of login attempts, as
specified by the following keywords. See the LOGFAILURE keyword for
further description.
ALL
DETACHED
LOCAL
REMOTE
SUBPROCESS
|
BATCH
DIALUP
NETWORK
SERVER
|
|
|
LOGOUT= (keyword[,...])
|
Specifies the occurrence of one or more classes of logouts, as
specified by the following keywords. See the LOGFAILURE keyword for
further description.
ALL
DETACHED
LOCAL
REMOTE
SUBPROCESS
|
BATCH
DIALUP
NETWORK
SERVER
|
|
|
MOUNT
|
Specifies a mount or dismount operation.
|
|
NCP
|
Specifies access to the network configuration database, using the
network control program (NCP).
|
|
PRIVILEGE= (keyword[,...])
|
Specifies successful or unsuccessful use of privilege, as specified by
the following keywords:
FAILURE [:privilege(,...)] --- Unsuccessful use of
privilege
SUCCESS [:privilege(,...)] --- Successful use of privilege
For a listing of privileges, refer to online help for the DCL
command SET PROCESS/PRIVILEGES.
|
|
PROCESS= (keyword[,...])
|
Specifies the use of one or more of the process control system
services, as specified by the following keywords:
|
ALL
|
Use of any of the process control system services
|
|
CREPRC
|
All use of $CREPRC
|
|
DELPRC
|
All use of $DELPRC
|
|
SCHDWK
|
Privileged use of $SCHDWK
|
|
CANWAK
|
Privileged use of $CANWAK
|
|
WAKE
|
Privileged use of $WAKE
|
|
SUSPND
|
Privileged use of $SUSPND
|
|
RESUME
|
Privileged use of $RESUME
|
|
GRANTID
|
Privileged use of $GRANTID
|
|
REVOKID
|
Privileged use of $REVOKID
|
|
GETJPI
|
Privileged use of $GETJPI
|
|
FORCEX
|
Privileged use of $FORCEX
|
|
SETPRI
|
Privileged use of $SETPRI
|
Privileged use of a process control system service means the caller used GROUP or WORLD privilege to affect the target process.
|
|
SYSGEN
|
Specifies the modification of a system parameter with the OpenVMS
System Generation utility.
|
|
TIME
|
Specifies the modification of system time.
|
/EXCLUDE=process-id
/NOEXCLUDE=process-id
Adds a process identification (PID) to the audit server's process
exclusion list. The process exclusion list contains those processes
that will not be suspended by the audit server if a resource exhaustion
reaches the action threshold. By default, realtime processes and all of
the following processes are included in the process exclusion list and
are never suspended:
CACHE_SERVER
CLUSTER_SERVER
CONFIGURE
DFS$COM_ACP
DNS$ADVER
IPCACP
JOB_CONTROL
NETACP
NET$ACP
OPCOM
REMACP
SHADOW_SERVER
SMISERVER
SWAPPER
TP_SERVER
VWS$DISPLAYMGR
VWS$EMULATORS
|
