Document revision date: 19 July 1999 | |
Previous | Contents | Index |
A Default Protection ACE defines a protection code for all files that are subsequently created in the directory and in any subdirectories under that directory, unless protection is specified for one of those files individually. The ACE does not apply if a previous version of the file exists (in this case, the previous file protection is used). This ACE type has the following format:
(DEFAULT_PROTECTION[,options],protection-code) |
For example, the following ACE specifies that users in the system and owner categories have read, write, execute, and delete access to any files subsequently created in the directory, and that group and world users have no access:
(DEFAULT_PROTECTION,S:RWED,O:RWED,G,W) |
The Default Protection ACE does not apply to existing subdirectories. It applies to subdirectories created after the ACE is applied to the parent directory. |
Security ACEs allow you to specify that an event message be sent when a protected object is accessed in a particular manner. The security Alarm ACE directs the event message to the security operator's terminal and the security Audit ACE directs the event message to the system security audit log file.
Refer to the OpenVMS Guide to System Security for more information about how to use these
types of ACEs.
11.9 Auditing Security-Relevant Events
System managers can select the destination for security-relevant event
messages. Alarm messages are sent to the operator's terminal and audit
messages are sent to the system security audit log file. You can choose
to have an event reported as an alarm, as an audit, or as both.
11.9.1 Enabling Classes of Security Alarms
The OpenVMS operating system automatically monitors a certain number of events, as listed in Table 18-6.
You can enable additional classes of events by listing one or more of the keywords of the /ENABLE qualifier to the DCL command SET AUDIT listed in Table 11-1.
Event Class | Description |
---|---|
Access | Specifies access events for all objects in a class. You can audit selected types of access, both privileged and nonprivileged, to all protected objects of a particular class. |
ACL | Events requested by a security Audit or Alarm ACE in the access control list (ACL) of an object. |
Authorization | Modification of any portion of SYSUAF.DAT, NETPROXY.DAT, NET$PROXY.DAT, or RIGHTSLIST.DAT. |
Breakin | Break-in attempts. |
Connection | Logical link connections or terminations through SYSMAN, DECnet for OpenVMS Phase IV, DECwindows products, or an interprocess communication (IPC) call. |
Create | Creation of a protected object. |
Deaccess | Deaccess from a protected object. |
Delete | Deletion of a protected object. |
Identifier | Use of identifiers as privileges. |
Install | Modifications made to the known file list through the Install utility. |
Logfailure | Failed login attempts. |
Login | Successful login attempts. |
Logout | Logouts. |
Mount | Volume mounts and dismounts. |
NCP | Modification to the network configuration database, using the network control program (NCP). |
Privilege | Successful or unsuccessful use of privilege. |
Process | Use of one or more of the process control system services. |
SYSGEN | Modification of a system parameter with the System Generation utility (SYSGEN) or AUTOGEN. |
Time | Modification of system time. |
Refer to the OpenVMS DCL Dictionary for more information about the SET AUDIT
command.
11.10 Analyzing Audit Log Files
The Audit Analysis utility (ANALYZE/AUDIT) enables system managers and site security administrators to selectively extract and display information from security audit log files. Using ANALYZE/AUDIT qualifiers, you can choose from among a variety of report formats and select the event criteria to be included in the report. Refer to the OpenVMS Guide to System Security for a description of how to use the utility.
Before you can create and start queues, you must set up the queue manager and the queue database. This chapter tells how to set up and manage the queue manager and queue database for the OpenVMS batch and print queuing system.
Information Provided in This Chapter
This chapter describes the following tasks:
Task | Section |
---|---|
Specifying the location of the queue database | Section 12.3 |
Displaying information about queue managers | Section 12.4 |
Starting the queue manager and creating the queue database | Section 12.5 |
Customizing queue manager failover | Section 12.6 |
Stopping and restarting the queue manager | Section 12.7 |
Using multiple queue managers | Section 12.8 |
Saving and restoring the queue database | Section 12.9 |
Maximizing queuing system performance | Section 12.10 |
Solving queue manager problems | Section 12.11 |
Reporting a queuing system problem to Compaq | Section 12.12 |
This chapter explains the following concepts:
Concept | Section |
---|---|
The queue manager | Section 12.1 |
The queue database | Section 12.2 |
Multiple queue managers | Section 12.8.1 |
Note that this chapter contains many references to DCL commands. You
can find additional information about all DCL commands in the
OpenVMS DCL Dictionary.
12.1 Understanding the Queue Manager
To use a printer or batch processing on your system, you must use queues. The queue manager controls queue activity. The queue database consists of a master file as well as queue and journal files, which store information about queues and jobs.
Before you can perform any queue operation, you must start the queue manager and create the queue database. Section 12.5 contains instructions for doing this.
Figure 12-1 illustrates how the queue manager works to manage queue activity in an OpenVMS Cluster environment.
Figure 12-1 OpenVMS Batch and Print Queuing System
When a user submits a batch or print job to a queue, the queue manager performs the following tasks:
One or more queue manager processes control queuing for all processes on a node or in an OpenVMS Cluster environment. Jobs can be submitted from one node and executed on a queue running on another cluster node. User processes, symbionts, and job controllers on each node communicate directly with queue managers.
In addition, the job controller works with the queue manager to perform the following queue management tasks:
By default, in an OpenVMS Cluster environment, the queue manager tries to fail over to another node if the node on which the queue manager is running leaves the cluster.
You can specify the order in which OpenVMS Cluster nodes claim the queue manager process; you can also limit the nodes that can run the queue manager. For more information, see Section 12.6.
To work around CPU, disk space, or memory limitations, you can use multiple queue managers to distribute the batch and print work load among nodes as well as to distribute the database files among disks.
For example, you might create separate queue managers for batch queues and print queues. Run the batch queue manager on one node and the print queue manager on a different node. You can also maintain queue and journal files on separate disks.
For information about creating additional queue managers, including
reasons and restrictions for using multiple queue managers, see
Section 12.8.
12.2 Understanding the Queue Database
The queue database contains files that store information used to keep the queuing system operating, including information about jobs, queues, and the queue manager. The queue database for the default queue manager, SYS$QUEUE_MANAGER, is made up of the following files:
File | Description |
---|---|
Master file,
QMAN$MASTER.DAT |
Contains:
|
Queue file,
SYS$QUEUE_MANAGER.QMAN$QUEUES |
Contains the queue definitions formed when you create, start, or modify queues. |
Journal file,
SYS$QUEUE_MANAGER.QMAN$JOURNAL |
Contains information allowing the queue manager to return to the last
known state if:
The journal file also contains job definitions. |
On systems with multiple queue managers, the queue database contains an additional queue file and journal file for each additional queue manager. Additional queue files are named in the format name_of_manager.QMAN$QUEUES. Additional journal files are named in the format name_of_manager.QMAN$JOURNAL.
Figure 12-2 shows a queue database containing a master file that lists two queue managers, PRINT_MANAGER and BATCH_MANAGER. Each queue manager has its own queue and journal files.
Figure 12-2 Queue Database
SYS$COMMON:[SYSEXE] is the default location for all queue database
files. However, you can store the files in another location. The next
section explains why and how to do this.
12.3 Specifying the Location of the Queue Database
You might need to specify a location for queue database files other than the default location of SYS$COMMON:[SYSEXE] for one of the following reasons:
Ways to Move Queue Database Files
You can move queue database files in either of the following ways:
Section 12.3.1 explains how to specify the location of the master file;
Section 12.3.2 explains how to specify the locations of queue and
journal files.
12.3.1 Specifying the Location of the Queue Master File
To specify the location of the queue master file, perform the following steps before starting the queue manager:
DEFINE/SYSTEM/EXECUTIVE_MODE QMAN$MASTER equivalence-name |
where equivalence-name specifies the device and directory
where the master file is to be created or located.
In an OpenVMS Cluster environment, enter this command on every node in
the cluster.
In an OpenVMS Cluster environment, the directory you specify for the master file must be available to all nodes in the cluster. If the directory specification is a concealed logical name, you must define it identically on all nodes in the cluster; you must also mount the disk on all cluster member nodes early in system startup. |
Specify the location of queue and journal files with the dirspec parameter to the START/QUEUE/MANAGER command. For example:
$ START/QUEUE/MANAGER DUA2:[SYSQUE] |
This command specifies that the queue and journal files are to be located in the directory DUA2:[SYSQUE].
In an OpenVMS Cluster environment, the directory you specify for the queue and journal files must be available to all nodes that can run the queue manager. If the directory specification is a concealed logical name, you must define it identically on all nodes in the cluster. You must also mount the disk on all nodes capable of running the queue manager. |
The directory location you enter with START/QUEUE/MANAGER is stored in
the queue database master file and becomes the default. Therefore, if
you must restart the queue manager, you do not need to respecify this
directory location.
12.4 Displaying Information About Queue Managers
To obtain information about one or more queue managers, enter the SHOW QUEUE/MANAGERS command.
$ SHOW QUEUE/MANAGERS Queue manager PRINT_MANAGER, running, on NODEA:: Queue manager SYS$QUEUE_MANAGER, running, on NODED:: |
$ SHOW QUEUE/MANAGERS/FULL Master file: SYS$SPECIFIC:[SYSEXE]QMAN$MASTER.DAT; Queue manager PRINT_MANAGER, running, on NODEA:: /ON=(NODEA,NODEB,*) Database location: DUA2:[SYSQUE] Queue manager BATCH_MANAGER, running, on NODED:: /ON=(NODEC,NODED,NODEE,*) Database location: SYS$SYSROOT:[SYSEXE] |
Figure 12-3 shows the locations of the queue database files shown in the second example.
Figure 12-3 Locations of Queue Database Files
Before you can create queues, you must create a queue database by entering a command in the following format:
START/QUEUE/MANAGER/NEW_VERSION[/ON=(node,...)] [dirspec] |
/NEW_VERSION |
Specifies that new queue database files are to be created:
Specify the /NEW_VERSION qualifier only if you want to create new database files. If your queuing system is already functioning, creating new database files is not necessary. |
/ON= (node,...) | Allows you to customize failover of the queue manager. For more information, see Section 12.6. |
dirspec | Specifies the location of the queue and journal files, as explained in Section 12.3.2. Use this parameter if you are creating the queue and journal files in a location other than the default. |
Specify the /NEW_VERSION qualifier only if you do not have a currently functioning queue database. If you specify this qualifier and you already have queue database files, the system overwrites your current queue database files. |
You normally perform this task only once because when you enter the command, the system stores it, along with any qualifier or parameter you enter, in the queue database.
The job controller automatically starts the queue manager during reboot unless you enter a STOP/QUEUE/MANAGER/CLUSTER command. For this reason, including START/QUEUE/MANAGER in your startup command procedure is unnecessary.
This section describes how to start the queue manager and create the queue database files on systems and clusters with a single system disk. For systems in a cluster with multiple system disks, including mixed-architecture OpenVMS Cluster systems, you must prepare a shared environment, as described in Chapter 5 of OpenVMS Cluster Systems. |
If the queue manager does not start, see Section 12.11.1 for a troubleshooting checklist.
The following example specifies that:
$ DEFINE/SYSTEM/EXECUTIVE_MODE QMAN$MASTER DUA4:[MASTER] $ MOUNT/SYSTEM/NOASSIST DUA4: $ ! $ ! Add the two previous commands to SYLOGICALS.COM $ ! $ START/QUEUE/MANAGER/NEW_VERSION DUA2:[SYSQUE] |
For information about creating one or more additional queue managers, see Section 12.8.
Previous | Next | Contents | Index |
privacy and legal statement | ||
6017PRO_053.HTML |