UICs Are Not Necessarily Unique

It is important to note that a UIC does not necessarily identify one particular user. It is possible for the system manager to assign the same UIC to two or more user accounts. It is also possible to reuse a UIC previously assigned to a user account that has been deleted.

Because UICs are closely related to file protection, most system managers ensure that no two current users share the same UIC, and many avoid reusing an old UIC. Sharing of UICs can also cause confusion with identifiers (described later) and allow one user to view the private files of another with whom he or she shares a UIC. Further, if a malicious user were to damage the system, but shared a UIC with other users, it might be difficult, or impossible , to determine which user was responsible.

Of course, a system manager may find valid reasons for violating either of these guidelines on a case-by-case basis.

Identifiers

An identifier is a credential held by one or more users. Identifiers are usually used to indicate that their holders have certain types of access to certain objects.

All users in a company's accounting department might belong to the same UIC group , but not all of them may be authorized to view payroll files. The system manager might create an identifier called PAYROLL and grant it only to the specific users authorized to view payroll data.

Note

Identifiers are used in conjunction with ACLs to grant this type of special access to files. ACLs are described in Chapter 7, "The User Environment."

Thus, UIC-based protection adequately handles most situations, but the PAYROLL identifier provides special access to specific individuals.

In addition, OpenVMS usually creates a separate identifier for every UIC. Some system managers choose to prevent this, and doing so does not interfere with users' ability to access files. The only real difference most users will notice is whether or not file ownership is shown by UIC or by identifier.

For example say user MIKE has a UIC of [1,100], but the system manager has prevented the identifier MIKE from being created. Ownership for MIKE's files will be listed as follows :

$

DIRECTORY /OWNER LOGIN.COM

Directory DKA100:[MIKE] LOGIN.COM;51 [1,100] Total of 1 file.

If, however, the identifier MIKE was created to go along with his UIC, file ownership for his files will be displayed in the following format:


$ DIRECTORY /OWNER LOGIN.COM

Directory DKA100:[MIKE] LOGIN.COM;51 [MIKE] Total of 1 file.

Summary

Your user account defines nearly every aspect of your identity on the system: your username, the location for your files, your rights and privileges, your limits on resource consumption, and more. You need not understand all aspects of it in great detail, as your system manager will assign the appropriate settings. However, your interactions with the system will be more intuitive if you have a general understanding of your user account.

Chapter 5: Logging in and Out of the System

Logging in for the First Time

This section takes the reader through the steps necessary to establish a connection and log into an OpenVMS system. Once you are logged in, you are ready to try the examples in Chapter 6, "The Digital Command Language." If you have access to an OpenVMS system, you may log in now; however, you may find it helpful to read Chapter 6, "The Digital Command Language" first.

For the purposes of this section, it is assumed that you will be using a terminal or terminal window to access the system. If you are using an OpenVMS workstation equipped with a GUI interface, please see Chapter 15, "The OpenVMS GUI."