Implementing Help

In this article, we implement the help feature for the Authorization utility. We won't address every single utility we have covered, or will cover, in this detail, since the implementation is similar. Much of this article is about the help text, but since it is nearly identical to the user documentation that we already covered, there is no need to readdress it with every single utility that we cover - a single example should suffice. First, though, we will cover two minor pieces of code.

    if( Component.Name = 'help' ) then
    begin
        Handled := True ;
        Err := Output_Help( 0, 0, 'authorize', '', 0, 0 ) ;
        exit ;
    end ;

We replace the TODO comment with the above code for the help command. This calls the LBRPas routine, Output_Help (covered below).

font color="black">function Output_Help( routine : int64 ; width : int64 = 0 ;
    path : string = '' ; lib : string = '' ; flags : int64 = 0 ;
    input : int64 = 0 ) : int64 ;

var SPath, SLib : TSRB ;

begin
    Set_String( Path, SPath ) ;
    Set_String( Lib, SLib ) ;
    Result := LBR_Output_Help( Routine, Width, int64( @SPath ), int64( @SLib ),
        Flags, Input ) ;
end ;

This is a Pascal wrapper for the LBR_Output_Help service. It simply converts the string parameters into SRB structures and makes the call to the service.

<p>
The AUTHORIZE utility is a system management tool used to control access to the system.
The System User Author file (SYSUAF.DAT) contains the definitions of users and which
privileges they have.  By default, the file is stored in sys$system, however the system
administator may move the file elsewhere.  If defined, the SYSUAF logical defines the location
of the file.  If you move the location of the file, you must (re)define SYSUAF to
point to the new location.
</p><P>
If SYSUAF.DAT cannot be located, the user will be prompted if a new file should be
created.  If affirmed, the utility will be created with a default account, a Startup
account, and a System account.  The SYSUAF.DAT file will be created with an Owner of
"System", and the file protections of S:RWED, O:RWED.  The SYSUAF.DAT file is backed
up after the system configuration and can be restored from that backup with the following
command:<br><br>
<code>COPY SYS$SYSTEM:SYSUAF.TEMPLATE SYS$SYSTEM:SYSUAF.DAT</code>
</p><P>
This should only be done if the file is deleted or corrupted and there is no backup
of the file available.  Backups should be done regularly.
</p><P>
The process running the utility must have read/write access to SYSUAF (by default this
must be a process which is logged into the System account and/or which has the SYSPRV privilege).
</p><p>
The Default account is a template that provides default settings for newly created
accounts.  No user can log into the default account.  The privileges for the default
account should be minimal so that newly created accounts are assigned minimal privileges
by default.
</p><P>
The System account is intended for system administration.  It has all privileges and
its default directory is sys$system.
</p><P>
To use AUTHORIZE, use the command:<br><br>
<code>RUN SYS$SYSTEM:AUTHORIZE</code>
</p><p>
The AUTHORIZE utility will prompt for a command.  The following commands are available:
<table>
<tr><th>Command</th><th>Description</th></tr>
<tr><td><a href="authorize add">ADD</a></td><td>Add a new user account.</td></tr>
<tr><td><a href="authorize copy">COPY</a></td><td>Creates a new account that matches an existing 
account.</td></tr>
<tr><td><a href="authorize default">DEFAULT</a></td><td>Modifies the default account.</td></tr>
<tr><td><a href="authorize exit">EXIT</a></td><td>Exits the utility.</td></tr>
<tr><td><a href="authorize help">HELP</a></td><td>Displays help for the utility.</td></tr>
<tr><td><a href="authorize list">LIST</a></td><td>Writes a report of selected accounts to a 
listing file.</td></tr>
<tr><td><a href="authorize modify">MODIFY</a></td><td>Modifies an account.</td></tr>
<tr><td><a href="authorize modify/system_password">MODIFY/SYSTEM_PASSWORD</a></td><td>Modifies an 
account.</td></tr>
<tr><td><a href="authorize remove">REMOVE</a></td><td>Deletes an account.</td></tr>
<tr><td><a href="authorize rename">RENAME</a></td><td>Renames an existing account.</td></tr>
<tr><td><a href="authorize show">SHOW</a></td><td>Show information on an account.</td></tr>
</table>
</P>

This is the contents of the authorize.hlp file. It is the root of the help for the authorize utility, containing an overview and links to subtopics (authorize commands).

<p>
ADD</b>
</p><p>
Creates a new user account.
</p>
<p>
<b>Format</b><br>
<blockquote>
ADD username {qualifiers}
</blockquote>
</p>
<p>
<b>Parameters</b><br>
<blockquote>
<b>username</b><br>
The name of the new account.  This must not match an existing account name.  It must
be alphanumeric, with underscores and dollar signs allowed.  It is recommended that
dollar signs not be used since those are used for system accounts.  It is also recommended
that the first character not be a numeric digit, as some system features may not work
with such accounts.
</blockquote>
</p>
<p>
<b>Qualifiers</b><br>
<blockquote>
<b>/ACCESS{=specification}<br>
/NOACCESS{=specification}</b><br>
Defines access restrictions.  If no specification is provided, /ACCESS removes any
access restrictions and /NOACCESS essentially disables the account.  Specifications
are a comma-delimited list of items (or a single item with no commas) that indicates
the time restictions/allowances.  /NOACCESS will add a restriction for the specified
items and /ACCESS will remove restrictions.  Each item is an hour indicator, time range 
specification, or a collective specifier.  Collective specifiers are "PRIMARY" or 
"SECONDARY".  If the time is simply a number (no colons or AM/PM), it is interpreted as 
the hour.  Ranges are delimited by a dash.  An hour (time without a dash) indicates a 
full hour range starting at the specified hour.  For instance "11" 
indicates 11:00-11:59 AM,
while "20" indicates 8:00-8:59 PM.  If no collective specifier is specified, the access
applies to both primary and secondary days.  Each time specification applies to the
previous collective specifier (or to both if no specifier).  For example, the following:<br><br>
<code>/NOACCESS=22,PRIMARY,7-9,11:45 AM-12:15 PM</code><br><br>
would restrict access so the account could not log in between 10:00-10:59 PM on
any/all days, or between 7:00-9:59 AM on primary days, or between 11:45 AM through 12:15 PM
on primary days.
<br><br>
To specify hours for specific forms of access, see the /BATCH, /DIALUP,
/INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.
</blockquote>
</p>
<p>
<blockquote>
<b>/ACCOUNT=accountname</b><br>
Indicates that the new user will be given the specified account name, which can be
from 1 to 8 characters long.  The meaning of this account name is up to the system
administrator and could indicate a billing name or number.
</blockquote>
</p>
<p>
<blockquote>
<b>/ASTLM=number</b><br>
Indicates the AST limit for the account, which is the number of concurrent ASTs that
a process can have at a time.  A value of 0 indicates an unlimited number of ASTs
are allowed.
</blockquote>
</p>
<p>
<blockquote>
<b>/AUTHENTICATION=type</b><br>
Indicates the type of authentication required for this account.  The default is for
a single password.  The type is a single authentication specification, or a comma-delimited
list of authentication specifications.  At login time, the user will need to provide
each of the specified authentications in the order they are specified here.
Each specification has the following format:<br>
type|prompt{|option{|option...}}<br>
"type" can be a program filename or "PASSWORD".  If it is a program filename, that
program is executed when that authentication method is reached.  Once an authentication
step is validated, the next authentication step is performed.  If "PASSWORD" is specified,
the Login program prompts for the password and validates it.  The specified prompt is
optional, but if provided is used by Login to prompt the user.  Passwords have the
following options:
<table>
<tr><th>Option</th><th>Description</th></tr>
<tr><td>|ALGORITHM{=value}</td><td>The password encryption algorithm to use for this password.
The value must be the name of one of the algorithms installed on the system.  If no
value is specified, the default UOS algorithm is used.</td></tr>
<tr><td>|DISPWDDIC</td><td>Disable checking password against word dictionary.</td></tr>
<tr><td>|DISPWDHIS</td><td>Disable checking against old passwords.</td></tr>
<tr><td>|EXPIRED</td><td>Mark the password as expired.</td></tr>
<tr><td>|FORCECHANGE</td><td>The user must change the password on the next login.</td></tr>
<tr><td>|GENERATE</td><td>Generate a random initial password.  The generated password
will be displayed.</td></tr>
<tr><td>|GENPWD</td><td>User must always use a generated password.</td></tr>
<tr><td>|LOCKPWD</td><td>User cannot change this password.</td></tr>
<tr><td>|MINIMUM=value</td><td>Set the minimum length of the generated  password.</td></tr>
<tr><td>|PASSWORD=value</td><td>Set the current password to the specified value.</td></tr>
<tr><td>|PWDMIX</td><td>Make password case-sensitive.</td></tr>
</table>
</blockquote>
</p>
<p>
<blockquote>
<b>/BATCH{=specification}</b><br>
Indicates the access restrictions for batch jobs.  If no specification is provided, any /ACCESS
or /NOACCESS qualifiers will apply to batch jobs.
</blockquote>
</p>
<p>
<blockquote>
<b>/BIOLM=value</b><br>
Indicates the Buffered I/O limit for the account, which is the number of concurrent buffered
I/O operations (such as terminal I/Os) can be outstanding at a time.
</blockquote>
</p>
<p>
<blockquote>
<b>/BYTLM=value</b><br>
Indicates the maximum number of bytes of non-paged dynamic system memory that can be used by
the process.  This includes I/O buffering and mailboxes.  A value of 0 indicates that
there is no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/CLI=name</b><br>
Indicates the file specification of the initial shell for logged-in processes.  The
default is UCL.
</blockquote>
</p>
<p>
<blockquote>
<b>/CPUTIME=value</b><br>
Indicates the maximum amount of CPU time, per session, for the user.  A value of 0
indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/DEFPRIVILEGES=values</b><br>
Indicates the privileges the user will have upon logging in.  The values indicate
a single privilege or a comma-delimited list of privilege names.  Any name preceeded
by "NO" will indicate that the specified privilege is to be removed from the user.
This affects the currently assigned privileges - if a privilege is not specified,
the current setting for that privilege is unaffected.  NOALL can be used to remove
all privileges and ALL can be used to grant all privileges.
</blockquote>
</p>
<p>
<blockquote>
<b>/DEVICE=device</b><br>
Indicates the default device for the user.  If not specified, the default device is
SYS$SYSDISK.  This may be a logical or physical device.
</blockquote>
</p>
<p>
<blockquote>
<b>/DIALUP{=specification}</b><br>
Indicates the access restrictions for dialup jobs.  If no specification is provided, any /ACCESS
or /NOACCESS qualifiers will apply to dial-up jobs.
</blockquote>
</p>
<p>
<blockquote>
<b>/DIOLM=value</b><br>
Indicates the direct I/O count limit, which is the number of concurrent direct I/O operations
(usually disk I/Os) that can be outstanding at one time.  A value of 0 indicates no
limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/DIRECTORY=value</b><br>
Indicates the default directory for the account when logging in.
</blockquote>
</p>
<p>
<blockquote>
<b>/ENQLM=value</b><br>
Indicates the lock queue limit for the account, which indicates how many locks can
be queued up at a time.  A value of 0 indicate no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/EXPIRATION=date<br>
/NOEXPIRATION</b><br>
Specifies the expiration date of the account.  Expired accounts cannot be logged in
to.  /NOEXPIRATION removes any existing expiration date.
</blockquote>
</p>
<p>
<blockquote>
<b>/FILLM=value</b><br>
Indicates the open file limit for the account, which is the maximum number of files
that can be concurrently open by a process, including active network links.  A value
of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/FLAGS=value{,value}</b><br>
Indicates the login flags to set for the account.  "NO" can be prefixed to any of these to
clear the flag.
<table>
<tr><th>Flag</th><th>Meaning</th></tr>
<tr><td>AUDIT</td><td>Audit the user.</td></tr>
<tr><td>AUTOLOGIN</td><td>Allow login without authentication.</td></tr>
<tr><td>CAPTIVE</td><td>Prevents user from changing any defaults on login with any
login qualifiers.  It also turns off Control-Y and prevents exiting the command script
specified for the account, if any.</td></tr>
<tr><td>DEFCLI</td><td>Prevents the user from specifying a different initial shell.</td></tr>
<tr><td>DISCTLY</td><td>Disables control-Y on login.</td></tr>
<tr><td>DISIMAGE</td><td>Disallows the user to run images from the shell.</td></tr>
<tr><td>DISMAIL</td><td>Disables mail delivery to the user.</td></tr>
<tr><td>DISNEWMAIL</td><td>Disables notification of new mail upon login.  By default
the user is notified of the presence of mail received since the last login.</td></tr>
<tr><td>DISRECONNECT</td><td>Disables automatic reconnection to an existing detached
process.  By default, the user is reconnected to any detached process.</td></tr>
<tr><td>DISREPORT</td><td>Disables the report of last login, login failures, etc
upon login.</td></tr>
<tr><td>DISUSER</td><td>Disables the user's account.</td></tr>
<tr><td>DISWELCOME</td><td>Disables the login welcome message, which is shown by
default indicates the name and version number of the operating system that is running
and the name of the node onto which the user logged in.</td></tr>
<tr><td>RESTRICTED</td><td>Prevents the use of options on login and disables Control-Y.</td></tr>
</table>
</blockquote>
</p>
<p>
<blockquote>
<b>/INTERACTIVE{=specification}<br>
/NOINTERACTIVE</b><br>
Indicates the access restrictions for interactive jobs.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to interactive jobs.  /NOINTERACTIVE
removes any and all access restrictions for interactive jobs.
</blockquote>
</p>
<p>
<blockquote>
<b>/JTQUOTA=value</b><br>
Indicates the initial size of the process symbol tables when created on log in.
</blockquote>
</p>
<p>
<blockquote>
<b>/LGICMD{=value}</b><br>
Indicates the filename of the shell script to automatically run after login.  If no
value is provided, the default login script is executed.
</blockquote>
</p>
<p>
<blockquote>
<b>/LOCAL{=specification}</b><br>
Indicates the access restrictions for logins on local terminals.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to all logins on local terminals.
</blockquote>
</p>
<p>
<blockquote>
<b>/MAXACCTJOBS=value</b><br>
Indicates the maximum total number of concurrent processes for this user account,
not counting network connection processes.
</blockquote>
</p>
<p>
<blockquote>
<b>/MAXDETACH=value</b><br>
Indicates the maximum total number of detached processes for this user account.  A
value of 0 means there is no limit.  A value of "NONE" indicates that the user cannot
create any detached processes.
</blockquote>
</p>
<p>
<blockquote>
<b>/NETWORK{=specification}</b><br>
Indicates the access restrictions for network connections.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to all network connections for the user.
</blockquote>
</p>
<p>
<blockquote>
<b>/MAXJOBS=value</b><br>
Indicates the maximum total number of concurrent processes for this user account.
Unlike /MAXACCTJOBS, this also applies to network connection processes.  The first
four network connection accounts are not counted toward this limit.  A value of 0
indicate no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/OWNER=ownername</b><br>
Indicates that the new user will be given the specified ownert name, which can be
from 1 to 32 characters long.  The meaning of this name is up to the system
administrator and could indicate a billing name or number.
</blockquote>
</p>
<p>
<blockquote>
<b>/PGFLQUOTA=value</b><br>
Indicates maximum number of pages that a process of the user can use in the system
paging file.  A value of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRCLIM=value</b><br>
Indicates maximum number of concurrent processes, of all types, allowed for the user.  A value of 0
indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRIMEDAYS=value</b><br>
Indicates which days qualify as PRIMARY for any switches that set login restrictions.
By default PRIMARY days are Monday through Friday and SECONDARY days are Saturday
and Sunday.  The value can be a single day or a comma-delimited list of days.  Any
day not specified is treated as per the default.  Any day prefixed with "NO" is defined
as a secondary day for any switches that set login restrictions.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRIORITY=value</b><br>
Indicates the initial priority of a process after login.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRIVILEGES=values</b><br>
Indicates the privileges the user has authorized, but not necessarily upon login.
The /DEFPRIVILEGES indicate what privileges the process starts with while /PRIVILEGES
indicates those that are available to the user.  The values indicate
a single privilege or a comma-delimited list of privilege names.  Any name preceeded
by "NO" will indicate that the specified privilege is to be removed from the user.
This affects the currently assigned privileges - if a privilege is not specified,
the current setting for that privilege is unaffected.  NOALL can be used to remove
all privileges and ALL can be used to grant all privileges.
</blockquote>
</p>
<p>
<blockquote>
<b>/REMOTE{=specification}</b><br>
Indicates the access restrictions for remote connections.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to all remote connections for the user.
</blockquote>
</p>
<p>
<blockquote>
<b>/SHRFILLM=values</b><br>
Indicates the maximum number of shared files that the user can have open at one time.
A value of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/TQELM=values</b><br>
Indicates the maximum number of entries a process for the user can have in the timer
queue at one time.  A value of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/UIC=value</b><br>
Indicates the UIC for the new account.  By default, a UIC is automatically assigned,
however the UIC can be specifically associated with the account with this qualifier.
The UIC specified must not already be assigned to an account.
</blockquote>
</p>
<p>
<blockquote>
<b>/WSDEFAULT=value</b><br>
Indicates the default maximum process memory limit, in memory pages.  A process is not allowed
to exceed this much memory usage unless there is additional unused memory available.
However, if this value is exceeded and then additional memory is required, the space
exceeding the WSDEFAULT value is reclaimed from the process.  A value of 0 indicates
no limit.  This amount of memory can be increased via the SET WORKING_SET utility,
up to the limit of WSEXTENT.
</blockquote>
</p>
<p>
<blockquote>
<b>/WSEXTENT=value</b><br>
Indicates the maximum process memory limit, in memory pages.  A process is not allowed
to exceed this much memory usage unless there is additional unused memory available.
However, if this value is exceeded and then additional memory is required, the space
exceeding the WSEXTENT value is reclaimed from the process.  A value of 0 indicates
no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/WSQUOTA=value</b><br>
Indicates the maximum process memory limit, in locked pages.  A process is not allowed
to exceed this usage of locked memory.  This is also the maximum amount of swap space
that can be used by the process.  A value of 0 indicates
no limit.
</blockquote>
</p>
<p>
<b>Description</b><br>
<blockquote>
When a qualifier is not specified, the value from the Default account is used, where
applicable, or else a default value is used as described above.  When adding an account,
specify the values you want to differ from the Default account.  Make sure you also
create a directory for the user after creating their account.
</blockquote>
</p>
<p>
<b>Example:</b><br>
<blockquote>
UAF> ADD GEORGE/DEVICE=SYS$USER/OWNER="GEORGE WALLACE"/ACCESS=PRIMARY,12-17
</blockquote>
In this example, a new user account named "GEORGE" is created who has access on primary
days from noon to 5 PM.
</p>

This is the contents of "authorize add.hlp".

<p>
COPY</b>
</p><p>
This command creates a new user account, using an existing user account as the template.
</p>
<p>
<b>Format</b><br>
<blockquote>
COPY oldusername newusername {qualifiers}
</blockquote>
</p>
<p>
<b>Parameters</b><br>
<blockquote>
<b>oldusername</b><br>
The name of the existing account.  This must match an existing account name.
</blockquote>
</p>
<p>
<blockquote>
<b>newusername</b><br>
The name of the new account.  This must not match an existing account name.  It must
be alphanumeric, with underscores and dollar signs allowed.  It is recommended that
dollar signs not be used since those are used for system accounts.  It is also recommended
that the first character not be a numeric digit, as some system features may not work
with such accounts.
</blockquote>
</p>
<p>
<b>Qualifiers</b><br>
<blockquote>        
<b>/ACCESS{=specification}<br>
/NOACCESS{=specification}</b><br>
Defines access restrictions.  If no specification is provided, /ACCESS removes any
access restrictions and /NOACCESS essentially disables the account.  Specifications
are a comma-delimited list of items (or a single item with no commas) that indicates
the time restictions/allowances.  /NOACCESS will add a restriction for the specified
items and /ACCESS will remove restrictions.  Each item is an hour indicator, time range 
specification, or a collective specifier.  Collective specifiers are "PRIMARY" or "SECONDARY".
If the time is simply a number (no colons or AM/PM), it is interpreted as the hour.
Ranges are delimited by a dash.  An hour (time without a dash) indicates a full hour
range starting at the specified hour.  for instance "11" indicates 11:00-11:59 AM,
while "20" indicates 8:00-8:59 PM.  If no collective specifier is specified, the access
applies to both primary and secondary days.  Each time specification applies to the
previous collective specifier (or to both if no specifier).  for example, the following:<br><br>
<code>/NOACCESS=22,PRIMARY,7-9,11:45 AM-12:15 PM</code><br><br>
would restrict access so the account could not log in between 10:00-10:59 PM on
any/all days, or between 7:00-9:59 AM on primary days, or between 11:45 AM through 12:15 PM
on primary days.
<br><br>
to specify hours for specific forms of access, see the /BATCH, /DIALUP,
/INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.
</blockquote>
</p>
<p>
<blockquote>
<b>/ACCOUNT=accountname</b><br>
Indicates that the new user will be given the specified account name, which can be
from 1 to 8 characters long.  The meaning of this account name is up to the system
administrator and could indicate a billing name or number.
</blockquote>
</p>
<p>
<blockquote>
<b>/ASTLM=number</b><br>
Indicates the AST limit for the account, which is the number of concurrent ASTs that
a process can have at a time.  A value of 0 indicates an unlimited number of ASTs
are allowed.
</blockquote>
</p>
<p>
<blockquote>
<b>/AUTHENTICATION=type</b><br>
Indicates the type of authentication required for this account.  The default is for
a single password.  The type is a single authentication specification, or a comma-delimited
list of authentication specifications.  At login time, the user will need to provide
each of the specified authentications in the order they are specified here.
Each specification has the following format:<br>
type|prompt{|option{|option...}}<br>
"type" can be a program filename or "PASSWORD".  If it is a program filename, that
program is executed when that authentication method is reached.  Once an authentication
step is validated, the next authentication step is performed.  If "PASSWORD" is specified,
the Login program prompts for the password and validates it.  The specified prompt is
optional, but if provided is used by Login to prompt the user.  Passwords have the
following options:
<table>
<tr><th>Option</th><th>Description</th></tr>
<tr><td>|ALGORITHM{=value}</td><td>The password encryption algorithm to use for this password.
The value must be the name of one of the algorithms installed on the system.  If no
value is specified, the default UOS algorithm is used.</td></tr>
<tr><td>|DISPWDDIC</td><td>Disable checking password against word dictionary.</td></tr>
<tr><td>|DISPWDHIS</td><td>Disable checking against old passwords.</td></tr>
<tr><td>|EXPIRED</td><td>Mark the password as expired.</td></tr>
<tr><td>|FORCECHANGE</td><td>The user must change the password on the next login.</td></tr>
<tr><td>|GENERATE</td><td>Generate a random initial password.  The generated password
will be displayed.</td></tr>
<tr><td>|GENPWD</td><td>User must always use a generated password.</td></tr>
<tr><td>|LOCKPWD</td><td>User cannot change this password.</td></tr>
<tr><td>|MINIMUM=value</td><td>Set the minimum length of the generated  password.</td></tr>
<tr><td>|PASSWORD=value</td><td>Set the current password to the specified value.</td></tr>
<tr><td>|PWDMIX</td><td>Make password case-sensitive.</td></tr>
</table>
</blockquote>
</p>
<p>
<blockquote>
<b>/BATCH{=specification}</b><br>
Indicates the access restrictions for batch jobs.  If no specification is provided, any /ACCESS
or /NOACCESS qualifiers will apply to batch jobs.
</blockquote>
</p>
<p>
<blockquote>
<b>/BIOLM=value</b><br>
Indicates the Buffered I/O limit for the account, which is the number of concurrent buffered
I/O operations (such as terminal I/Os) can be outstanding at a time.
</blockquote>
</p>
<p>
<blockquote>
<b>/BYTLM=value</b><br>
Indicates the maximum number of bytes of non-paged dynamic system memory that can be used by
the process.  This includes I/O buffering and mailboxes.  A value of 0 indicates that
there is no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/CLI=name</b><br>
Indicates the file specification of the initial shell for logged-in processes.  The
default is UCL.
</blockquote>
</p>
<p>
<blockquote>
<b>/CPUTIME=value</b><br>
Indicates the maximum amount of CPU time, per session, for the user.  A value of 0
indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/DEFPRIVILEGES=values</b><br>
Indicates the privileges the user will have upon logging in.  The values indicate
a single privilege or a comma-delimited list of privilege names.  Any name preceeded
by "NO" will indicate that the specified privilege is to be removed from the user.
This affects the currently assigned privileges - if a privilege is not specified,
the current setting for that privilege is unaffected.  NOALL can be used to remove
all privileges and ALL can be used to grant all privileges.
</blockquote>
</p>
<p>
<blockquote>
<b>/DEVICE=device</b><br>
Indicates the default device for the user.  If not specified, the default device is
SYS$SYSDISK.  This may be a logical or physical device.
</blockquote>
</p>
<p>
<blockquote>
<b>/DIALUP{=specification}</b><br>
Indicates the access restrictions for dialup jobs.  If no specification is provided, any /ACCESS
or /NOACCESS qualifiers will apply to dial-up jobs.
</blockquote>
</p>
<p>
<blockquote>
<b>/DIOLM=value</b><br>
Indicates the direct I/O count limit, which is the number of concurrent direct I/O operations
(usually disk I/Os) that can be outstanding at one time.  A value of 0 indicates no
limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/DIRECTORY=value</b><br>
Indicates the default directory for the account when logging in.
</blockquote>
</p>
<p>
<blockquote>
<b>/ENQLM=value</b><br>
Indicates the lock queue limit for the account, which indicates how many locks can
be queued up at a time.  A value of 0 indicate no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/EXPIRATION=date<br>
/NOEXPIRATION</b><br>
Specifies the expiration date of the account.  Expired accounts cannot be logged in
to.  /NOEXPIRATION removes any existing expiration date.
</blockquote>
</p>
<p>
<blockquote>
<b>/FILLM=value</b><br>
Indicates the open file limit for the account, which is the maximum number of files
that can be concurrently open by a process, including active network links.  A value
of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/FLAGS=value{,value}</b><br>
Indicates the login flags to set for the account.  "NO" can be prefixed to any of these to
clear the flag.
<table>
<tr><th>Flag</th><th>Meaning</th></tr>
<tr><td>AUDIT</td><td>Audit the user.</td></tr>
<tr><td>AUTOLOGIN</td><td>Allow login without authentication.</td></tr>
<tr><td>CAPTIVE</td><td>Prevents user from changing any defaults on login with any
login qualifiers.  It also turns off Control-Y and prevents exiting the command script
specified for the account, if any.</td></tr>
<tr><td>DEFCLI</td><td>Prevents the user from specifying a different initial shell.</td></tr>
<tr><td>DISCTLY</td><td>Disables control-Y on login.</td></tr>
<tr><td>DISIMAGE</td><td>Disallows the user to run images from the shell.</td></tr>
<tr><td>DISMAIL</td><td>Disables mail delivery to the user.</td></tr>
<tr><td>DISNEWMAIL</td><td>Disables notification of new mail upon login.  By default
the user is notified of the presence of mail received since the last login.</td></tr>
<tr><td>DISRECONNECT</td><td>Disables automatic reconnection to an existing detached
process.  By default, the user is reconnected to any detached process.</td></tr>
<tr><td>DISREPORT</td><td>Disables the report of last login, login failures, etc
upon login.</td></tr>
<tr><td>DISUSER</td><td>Disables the user's account.</td></tr>
<tr><td>DISWELCOME</td><td>Disables the login welcome message, which is shown by
default indicates the name and version number of the operating system that is running
and the name of the node onto which the user logged in.</td></tr>
<tr><td>RESTRICTED</td><td>Prevents the use of options on login and disables Control-Y.</td></tr>
</table>
</blockquote>
</p>
<p>
<blockquote>
<b>/INTERACTIVE{=specification}<br>
/NOINTERACTIVE</b><br>
Indicates the access restrictions for interactive jobs.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to interactive jobs.  /NOINTERACTIVE
removes any and all access restrictions for interactive jobs.
</blockquote>
</p>
<p>
<blockquote>
<b>/JTQUOTA=value</b><br>
Indicates the initial size of the process symbol tables when created on log in.
</blockquote>
</p>
<p>
<blockquote>
<b>/LGICMD{=value}</b><br>
Indicates the filename of the shell script to automatically run after login.  If no
value is provided, the default login script is executed.
</blockquote>
</p>
<p>
<blockquote>
<b>/LOCAL{=specification}</b><br>
Indicates the access restrictions for logins on local terminals.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to all logins on local terminals.
</blockquote>
</p>
<p>
<blockquote>
<b>/MAXACCTJOBS=value</b><br>
Indicates the maximum total number of concurrent processes for this user account,
not counting network connection processes.
</blockquote>
</p>
<p>
<blockquote>
<b>/MAXDETACH=value</b><br>
Indicates the maximum total number of detached processes for this user account.  A
value of 0 means there is no limit.  A value of "NONE" indicates that the user cannot
create any detached processes.
</blockquote>
</p>
<p>
<blockquote>
<b>/NETWORK{=specification}</b><br>
Indicates the access restrictions for network connections.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to all network connections for the user.
</blockquote>
</p>
<p>
<blockquote>
<b>/MAXJOBS=value</b><br>
Indicates the maximum total number of concurrent processes for this user account.
Unlike /MAXACCTJOBS, this also applies to network connection processes.  The first
four network connection accounts are not counted toward this limit.  A value of 0
indicate no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/OWNER=ownername</b><br>
Indicates that the new user will be given the specified ownert name, which can be
from 1 to 32 characters long.  The meaning of this name is up to the system
administrator and could indicate a billing name or number.
</blockquote>
</p>
<p>
<blockquote>
<b>/PGFLQUOTA=value</b><br>
Indicates maximum number of pages that a process of the user can use in the system
paging file.  A value of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRCLIM=value</b><br>
Indicates maximum number of concurrent processes, of all types, allowed for the user.  A value of 0 
indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRIMEDAYS=value</b><br>
Indicates which days qualify as PRIMARY for any switches that set login restrictions.
By default PRIMARY days are Monday through Friday and SECONDARY days are Saturday
and Sunday.  The value can be a single day or a comma-delimited list of days.  Any
day not specified is treated as per the default.  Any day prefixed with "NO" is defined
as a secondary day for any switches that set login restrictions.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRIORITY=value</b><br>
Indicates the initial priority of a process after login.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRIVILEGES=values</b><br>
Indicates the privileges the user has authorized, but not necessarily upon login.
The /DEFPRIVILEGES indicate what privileges the process starts with while /PRIVILEGES
indicates those that are available to the user.  The values indicate
a single privilege or a comma-delimited list of privilege names.  Any name preceeded
by "NO" will indicate that the specified privilege is to be removed from the user.
This affects the currently assigned privileges - if a privilege is not specified,
the current setting for that privilege is unaffected.  NOALL can be used to remove
all privileges and ALL can be used to grant all privileges.
</blockquote>
</p>
<p>
<blockquote>
<b>/REMOTE{=specification}</b><br>
Indicates the access restrictions for remote connections.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to all remote connections for the user.
</blockquote>
</p>
<p>
<blockquote>
<b>/SHRFILLM=values</b><br>
Indicates the maximum number of shared files that the user can have open at one time.
A value of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/TQELM=values</b><br>
Indicates the maximum number of entries a process for the user can have in the timer
queue at one time.  A value of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/UIC=value</b><br>
Indicates the UIC for the new account.  By default, a UIC is automatically assigned,
however the UIC can be specifically associated with the account with this qualifier.
The UIC specified must not already be assigned to an account.
</blockquote>
</p>
<p>
<blockquote>
<b>/WSDEFAULT=value</b><br>
Indicates the default maximum process memory limit, in memory pages.  A process is not allowed
to exceed this much memory usage unless there is additional unused memory available.
However, if this value is exceeded and thenadditional memory is required, the space
exceeding the WSDEFAULT value is reclaimed from the process.  A value of 0 indicates
no limit.  This amount of memory can be increased via the SET WORKING_SET utility,
up to the limit of WSEXTENT.
</blockquote>
</p>
<p>
<blockquote>
<b>/WSEXTENT=value</b><br>
Indicates the maximum process memory limit, in memory pages.  A process is not allowed
to exceed this much memory usage unless there is additional unused memory available.
However, if this value is exceeded and then additional memory is required, the space
exceeding the WSEXTENT value is reclaimed from the process.  A value of 0 indicates
no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/WSQUOTA=value</b><br>
Indicates the maximum process memory limit, in locked pages.  A process is not allowed
to exceed this usage of locked memory.  This is also the maximum amount of swap space
that can be used by the process.  A value of 0 indicates
no limit.
</blockquote>
</p>
<p>
<b>Example:</b><br>
<blockquote>
UAF> COPY GEORGE BARRY/OWNER="BARRY WEST"/ACCESS=7-17
</blockquote>
In this example, a new user account named "BARRY" is created who has access on primary
days from 7 AM to 5 PM.  All other account characteristics match those of the existing
account named GEORGE.
</p>

This is the contents of "authorize copy.hlp"

<p>
DEFAULT</b>
</p><p>
This command modifies the SYSUAF Default account.
</p>
<p>
<b>Format</b><br>
<blockquote>
DEFAULT {qualifiers}
</blockquote>
</p>
<p>
<b>Parameters</b><br>
<blockquote>
None.
</blockquote>
</p>
<p>
<b>Qualifiers</b><br>
<blockquote>
<b>/ACCESS{=specification}<br>
/NOACCESS{=specification}</b><br>
Defines access restrictions.  If no specification is provided, /ACCESS removes any
access restrictions and /NOACCESS essentially disables the account.  Specifications
are a comma-delimited list of items (or a single item with no commas) that indicates
the time restictions/allowances.  /NOACCESS will add a restriction for the specified
items and /ACCESS will remove restrictions.  Each item is an hour indicator, time range specification,
or a collective specifier.  Collective specifiers are "PRIMARY" or "SECONDARY".
If the time is simply a number (no colons or AM/PM), it is interpreted as the hour.
Ranges are delimited by a dash.  An hour (time without a dash) indicates a full hour
range starting at the specified hour.  For instance "11" indicates 11:00-11:59 AM,
while "20" indicates 8:00-8:59 PM.  If no collective specifier is specified, the access
applies to both primary and secondary days.  Each time specification applies to the
previous collective specifier (or to both if no specifier).  For example, the following:<br><br>
<code>/NOACCESS=22,PRIMARY,7-9,11:45 AM-12:15 PM</code><br><br>
would restrict access so the account could not log in between 10:00-10:59 PM on
any/all days, or between 7:00-9:59 AM on primary days, or between 11:45 AM through 12:15 PM
on primary days.
<br><br>
To specify hours for specific forms of access, see the /BATCH, /DIALUP,
/INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.
</blockquote>
</p>
<p>
<blockquote>
<b>/ACCOUNT=accountname</b><br>
Indicates that the new user will be given the specified account name, which can be
from 1 to 8 characters long.  The meaning of this account name is up to the system
administrator and could indicate a billing name or number.
</blockquote>
</p>
<p>
<blockquote>
<b>/ASTLM=number</b><br>
Indicates the AST limit for the account, which is the number of concurrent ASTs that
a process can have at a time.  A value of 0 indicates an unlimited number of ASTs
are allowed.
</blockquote>
</p>
<p>
<blockquote>
<b>/AUTHENTICATION=type</b><br>
Indicates the type of authentication required for this account.  The default is for
a single password.  The type is a single authentication specification, or a comma-delimited
list of authentication specifications.  At login time, the user will need to provide
each of the specified authentications in the order they are specified here.
Each specification has the following format:<br>
type|prompt{|option{|option...}}<br>
"type" can be a program filename or "PASSWORD".  If it is a program filename, that
program is executed when that authentication method is reached.  Once an authentication
step is validated, the next authentication step is performed.  If "PASSWORD" is specified,
the Login program prompts for the password and validates it.  The specified prompt is
optional, but if provided is used by Login to prompt the user.  Passwords have the
following options:
<table>
<tr><th>Option</th><th>Description</th></tr>
<tr><td>|ALGORITHM{=value}</td><td>The password encryption algorithm to use for this password.
The value must be the name of one of the algorithms installed on the system.  If no
value is specified, the default UOS algorithm is used.</td></tr>
<tr><td>|DISPWDDIC</td><td>Disable checking password against word dictionary.</td></tr>
<tr><td>|DISPWDHIS</td><td>Disable checking against old passwords.</td></tr>
<tr><td>|EXPIRED</td><td>Mark the password as expired.</td></tr>
<tr><td>|FORCECHANGE</td><td>The user must change the password on the next login.</td></tr>
<tr><td>|GENERATE</td><td>Generate a random initial password.  The generated password
will be displayed.</td></tr>
<tr><td>|GENPWD</td><td>User must always use a generated password.</td></tr>
<tr><td>|LOCKPWD</td><td>User cannot change this password.</td></tr>
<tr><td>|MINIMUM=value</td><td>Set the minimum length of the generated  password.</td></tr>
<tr><td>|PASSWORD=value</td><td>Set the current password to the specified value.</td></tr>
<tr><td>|PWDMIX</td><td>Make password case-sensitive.</td></tr>
</table>
</blockquote>
</p>
<p>
<blockquote>
<b>/BATCH{=specification}</b><br>
Indicates the access restrictions for batch jobs.  If no specification is provided, any /ACCESS
or /NOACCESS qualifiers will apply to batch jobs.
</blockquote>
</p>
<p>
<blockquote>
<b>/BIOLM=value</b><br>
Indicates the Buffered I/O limit for the account, which is the number of concurrent buffered
I/O operations (such as terminal I/Os) can be outstanding at a time.
</blockquote>
</p>
<p>
<blockquote>
<b>/BYTLM=value</b><br>
Indicates the maximum number of bytes of non-paged dynamic system memory that can be used by
the process.  This includes I/O buffering and mailboxes.  A value of 0 indicates that
there is no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/CLI=name</b><br>
Indicates the file specification of the initial shell for logged-in processes.  The
default is UCL.
</blockquote>
</p>
<p>
<blockquote>
<b>/CPUTIME=value</b><br>
Indicates the maximum amount of CPU time, per session, for the user.  A value of 0
indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/DEFPRIVILEGES=values</b><br>
Indicates the privileges the user will have upon logging in.  The values indicate
a single privilege or a comma-delimited list of privilege names.  Any name preceeded
by "NO" will indicate that the specified privilege is to be removed from the user.
This affects the currently assigned privileges - if a privilege is not specified,
the current setting for that privilege is unaffected.  NOALL can be used to remove
all privileges and ALL can be used to grant all privileges.
</blockquote>
</p>
<p>
<blockquote>
<b>/DEVICE=device</b><br>
Indicates the default device for the user.  If not specified, the default device is
SYS$SYSDISK.  This may be a logical or physical device.
</blockquote>
</p>
<p>
<blockquote>
<b>/DIALUP{=specification}</b><br>
Indicates the access restrictions for dialup jobs.  If no specification is provided, any /ACCESS
or /NOACCESS qualifiers will apply to dial-up jobs.
</blockquote>
</p>
<p>
<blockquote>
<b>/DIOLM=value</b><br>
Indicates the direct I/O count limit, which is the number of concurrent direct I/O operations
(usually disk I/Os) that can be outstanding at one time.  A value of 0 indicates no
limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/DIRECTORY=value</b><br>
Indicates the default directory for the account when logging in.
</blockquote>
</p>
<p>
<blockquote>
<b>/ENQLM=value</b><br>
Indicates the lock queue limit for the account, which indicates how many locks can
be queued up at a time.  A value of 0 indicate no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/EXPIRATION=date<br>
/NOEXPIRATION</b><br>
Specifies the expiration date of the account.  Expired accounts cannot be logged in
to.  /NOEXPIRATION removes any existing expiration date.
</blockquote>
</p>
<p>
<blockquote>
<b>/FILLM=value</b><br>
Indicates the open file limit for the account, which is the maximum number of files
that can be concurrently open by a process, including active network links.  A value
of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/FLAGS=value{,value}</b><br>
Indicates the login flags to set for the account.  "NO" can be prefixed to any of these to
clear the flag.
<table>
<tr><th>Flag</th><th>Meaning</th></tr>
<tr><td>AUDIT</td><td>Audit the user.</td></tr>
<tr><td>AUTOLOGIN</td><td>Allow login without authentication.</td></tr>
<tr><td>CAPTIVE</td><td>Prevents user from changing any defaults on login with any
login qualifiers.  It also turns off Control-Y and prevents exiting the command script
specified for the account, if any.</td></tr>
<tr><td>DEFCLI</td><td>Prevents the user from specifying a different initial shell.</td></tr>
<tr><td>DISCTLY</td><td>Disables control-Y on login.</td></tr>
<tr><td>DISIMAGE</td><td>Disallows the user to run images from the shell.</td></tr>
<tr><td>DISMAIL</td><td>Disables mail delivery to the user.</td></tr>
<tr><td>DISNEWMAIL</td><td>Disables notification of new mail upon login.  By default
the user is notified of the presence of mail received since the last login.</td></tr>
<tr><td>DISRECONNECT</td><td>Disables automatic reconnection to an existing detached
process.  By default, the user is reconnected to any detached process.</td></tr>
<tr><td>DISREPORT</td><td>Disables the report of last login, login failures, etc
upon login.</td></tr>
<tr><td>DISUSER</td><td>Disables the user's account.</td></tr>
<tr><td>DISWELCOME</td><td>Disables the login welcome message, which is shown by
default indicates the name and version number of the operating system that is running
and the name of the node onto which the user logged in.</td></tr>
<tr><td>RESTRICTED</td><td>Prevents the use of options on login and disables Control-Y.</td></tr>
</table>
</blockquote>
</p>
<p>
<blockquote>
<b>/INTERACTIVE{=specification}<br>
/NOINTERACTIVE</b><br>
Indicates the access restrictions for interactive jobs.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to interactive jobs.  /NOINTERACTIVE
removes any and all access restrictions for interactive jobs.
</blockquote>
</p>
<p>
<blockquote>
<b>/JTQUOTA=value</b><br>
Indicates the initial size of the process symbol tables when created on log in.
</blockquote>
</p>
<p>
<blockquote>
<b>/LGICMD{=value}</b><br>
Indicates the filename of the shell script to automatically run after login.  If no
value is provided, the default login script is executed.
</blockquote>
</p>
<p>
<blockquote>
<b>/LOCAL{=specification}</b><br>
Indicates the access restrictions for logins on local terminals.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to all logins on local terminals.
</blockquote>
</p>
<p>
<blockquote>
<b>/MAXACCTJOBS=value</b><br>
Indicates the maximum total number of concurrent processes for this user account,
not counting network connection processes.
</blockquote>
</p>
<p>
<blockquote>
<b>/MAXDETACH=value</b><br>
Indicates the maximum total number of detached processes for this user account.  A
value of 0 means there is no limit.  A value of "NONE" indicates that the user cannot
create any detached processes.
</blockquote>
</p>
<p>
<blockquote>
<b>/NETWORK{=specification}</b><br>
Indicates the access restrictions for network connections.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to all network connections for the user.
</blockquote>
</p>
<p>
<blockquote>
<b>/MAXJOBS=value</b><br>
Indicates the maximum total number of concurrent processes for this user account.
Unlike /MAXACCTJOBS, this also applies to network connection processes.  The first
four network connection accounts are not counted toward this limit.  A value of 0
indicate no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/OWNER=ownername</b><br>
Indicates that the new user will be given the specified ownert name, which can be
from 1 to 32 characters long.  The meaning of this name is up to the system
administrator and could indicate a billing name or number.
</blockquote>
</p>
<p>
<blockquote>
<b>/PGFLQUOTA=value</b><br>
Indicates maximum number of pages that a process of the user can use in the system
paging file.  A value of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRCLIM=value</b><br>
Indicates maximum number of concurrent processes, of all types, allowed for the user.  A value of 0 
indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRIMEDAYS=value</b><br>
Indicates which days qualify as PRIMARY for any switches that set login restrictions.
By default PRIMARY days are Monday through Friday and SECONDARY days are Saturday
and Sunday.  The value can be a single day or a comma-delimited list of days.  Any
day not specified is treated as per the default.  Any day prefixed with "NO" is defined
as a secondary day for any switches that set login restrictions.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRIORITY=value</b><br>
Indicates the initial priority of a process after login.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRIVILEGES=values</b><br>
Indicates the privileges the user has authorized, but not necessarily upon login.
The /DEFPRIVILEGES indicate what privileges the process starts with while /PRIVILEGES
indicates those that are available to the user.  The values indicate
a single privilege or a comma-delimited list of privilege names.  Any name preceeded
by "NO" will indicate that the specified privilege is to be removed from the user.
This affects the currently assigned privileges - if a privilege is not specified,
the current setting for that privilege is unaffected.  NOALL can be used to remove
all privileges and ALL can be used to grant all privileges.
</blockquote>
</p>
<p>
<blockquote>
<b>/REMOTE{=specification}</b><br>
Indicates the access restrictions for remote connections.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to all remote connections for the user.
</blockquote>
</p>
<p>
<blockquote>
<b>/SHRFILLM=values</b><br>
Indicates the maximum number of shared files that the user can have open at one time.
A value of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/TQELM=values</b><br>
Indicates the maximum number of entries a process for the user can have in the timer
queue at one time.  A value of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/UIC=value</b><br>
Indicates the UIC for the new account.  By default, a UIC is automatically assigned,
however the UIC can be specifically associated with the account with this qualifier.
The UIC specified must not already be assigned to an account.
</blockquote>
</p>
<p>
<blockquote>
<b>/WSDEFAULT=value</b><br>
Indicates the default maximum process memory limit, in memory pages.  A process is not allowed
to exceed this much memory usage unless there is additional unused memory available.
However, if this value is exceeded and then additional memory is required, the space
exceeding the WSDEFAULT value is reclaimed from the process.  A value of 0 indicates
no limit.  This amount of memory can be increased via the SET WORKING_SET utility,
up to the limit of WSEXTENT.
</blockquote>
</p>
<p>
<blockquote>
<b>/WSEXTENT=value</b><br>
Indicates the maximum process memory limit, in memory pages.  A process is not allowed
to exceed this much memory usage unless there is additional unused memory available.
However, if this value is exceeded and then additional memory is required, the space
exceeding the WSEXTENT value is reclaimed from the process.  A value of 0 indicates
no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/WSQUOTA=value</b><br>
Indicates the maximum process memory limit, in locked pages.  A process is not allowed
to exceed this usage of locked memory.  This is also the maximum amount of swap space
that can be used by the process.  A value of 0 indicates
no limit.
</blockquote>
</p>

This is the content of "authorize default.hlp".

<p>
EXIT</b>
</p><p>
This command immediately terminates the AUTHORIZE utility.
</p>
<p>
<b>Format</b><br>
<blockquote>
EXIT
</blockquote>
</p>
<p>
<b>Parameters</b><br>
<blockquote>
None.
</blockquote>
</p>
<p>
<b>Qualifiers</b><br>
<blockquote>
None.
</blockquote>
</p>

This is the content of the "authorize exit.hlp" file.

<p>
HELP
</p><p>
This command provides help on the AUTHORIZE utility.
</p>
<p>
<b>Format</b><br>
<blockquote>
HELP {keyword{,...}}
</blockquote>
</p>
<p>
<b>Parameters</b><br>
<blockquote>
<b>keyword{,...}</b><br>
Specified an optional keyword, or multiple keywords, to show help for.
</blockquote>
</p>
<p>
<b>Qualifiers</b><br>
<blockquote>
None.
</blockquote>
</p>
<p>
<b>Description</b><br>
<blockquote>
If no keyword is specified, help shows information about which commands have help
available and prompts for a topic.  If a keyword is specified, help on that keyword
is shown.  Responding with ENTER or control-Z will exit help and return to AUTHORIZE.
</blockquote>
</p>

This is the content of the "authorize help.hlp"

<p>
LIST
</p><p>
This command writes a report on the specified user(s) to a file.  If a
single user is specified, a report on that user is written.  If wildcards are
used, a report on each matching user is written out in the order encountered in
the SYSUAF.DAT file. The report never includes passwords.
</p>
<p>
<b>Format</b><br>
<blockquote>
LIST accountspec {qualifiers}
</blockquote>
</p>
<p>
<b>Parameters</b><br>
<blockquote>
<b>accountspec</b><br>
Specifies which account(s) to report on.  This can use a wildcard.  For example "*"
would report on all users, while "A?" would report on all users whose user names
were two characters long and started with "A".  Note that the listed users are in
sorted into an particular order, although they generally follow the order in which
the accounts were created.
</blockquote>
</p>
<p>
<b>Qualifiers</b><br>
<blockquote>
<b>/BRIEF</b><br>
Writes a brief report.  If no output filename is provided, the report is written to
sysuaf.lis in the current directory.  Brief reports do not list the details of the
limits, privileges, login flags, or the command interpreter.
</blockquote>
</p>
<p>
<blockquote>
<b>/FULL</b><br>
Writes a detailed report.  If no output filename is provided, the report is written to
sysuaf.lis in the sys$system.  Full reports list the details of the limits, privileges,
login flags, and the command interpreter.
</blockquote>
</p>
<p>
<blockquote>
<b>/OUTPUT=filespec</b><br>
Writes the report to the specified file.  The file name defaults to SYSUAF, the extension
defaults to .LIS, and the directory defaults to the current directory (if /BRIEF) or
sys$system (if /FULL).
</blockquote>
</p>
<p>
<b>Example:</b><br>
<blockquote>
<Code>UAF> LIST */BRIEF/OUTPUT=all_users</code><br><br>
This example writes a brief report of all users to the file "all_users.lis" in the
current directory.
</blockquote>
</p>

This is the content of the "authorize list.hlp" file.

<p>
MODIFY
</p><p>
This command modifies the settings of an existing account.  Note that any
processes for this account that are currently running will not be affected by any
changes; however, the next time the user logs in, the new settings will apply.
</p>
<p>
<b>Format</b><br>
<blockquote>
MODIFY username qualifier{s}
</blockquote>
</p>
<p>
<b>Parameters</b><br>
<blockquote>
<b>username</b><br>
The name of an existing account.
</blockquote>
</p>
<p>
<b>Qualifiers</b><br>
<blockquote>
<b>/ACCESS{=specification}<br>
/NOACCESS{=specification}</b><br>
Defines access restrictions.  If no specification is provided, /ACCESS removes any
access restrictions and /NOACCESS essentially disables the account.  Specifications
are a comma-delimited list of items (or a single item with no commas) that indicates
the time restictions/allowances.  /NOACCESS will add a restriction for the specified
items and /ACCESS will remove restrictions.  Each item is an hour indicator, time range specification,
or a collective specifier.  Collective specifiers are "PRIMARY" or "SECONDARY".
If the time is simply a number (no colons or AM/PM), it is interpreted as the hour.
Ranges are delimited by a dash.  An hour (time without a dash) indicates a full hour
range starting at the specified hour.  For instance "11" indicates 11:00-11:59 AM,
while "20" indicates 8:00-8:59 PM.  If no collective specifier is specified, the access
applies to both primary and secondary days.  Each time specification applies to the
previous collective specifier (or to both if no specifier).  For example, the following:<br><br>
<code>/NOACCESS=22,PRIMARY,7-9,11:45 AM-12:15 PM</code><br><br>
would restrict access so the account could not log in between 10:00-10:59 PM on
any/all days, or between 7:00-9:59 AM on primary days, or between 11:45 AM through 12:15 PM
on primary days.
<br><br>
To specify hours for specific forms of access, see the /BATCH, /DIALUP,
/INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.
</blockquote>
</p>
<p>
<blockquote>
<b>/ACCOUNT=accountname</b><br>
Indicates that the new user will be given the specified account name, which can be
from 1 to 8 characters long.  The meaning of this account name is up to the system
administrator and could indicate a billing name or number.
</blockquote>
</p>
<p>
<blockquote>
<b>/ASTLM=number</b><br>
Indicates the AST limit for the account, which is the number of concurrent ASTs that
a process can have at a time.  A value of 0 indicates an unlimited number of ASTs
are allowed.
</blockquote>
</p>
<p>
<blockquote>
<b>/AUTHENTICATION=type</b><br>
Indicates the type of authentication required for this account.  The default is for
a single password.  The type is a single authentication specification, or a comma-delimited
list of authentication specifications.  At login time, the user will need to provide
each of the specified authentications in the order they are specified here.
Each specification has the following format:<br>
type|prompt{|option{|option...}}<br>
"type" can be a program filename or "PASSWORD".  If it is a program filename, that
program is executed when that authentication method is reached.  Once an authentication
step is validated, the next authentication step is performed.  If "PASSWORD" is specified,
the Login program prompts for the password and validates it.  The specified prompt is
optional, but if provided is used by Login to prompt the user.  Passwords have the
following options:
<table>
<tr><th>Option</th><th>Description</th></tr>
<tr><td>|ALGORITHM{=value}</td><td>The password encryption algorithm to use for this password.
The value must be the name of one of the algorithms installed on the system.  If no
value is specified, the default UOS algorithm is used.</td></tr>
<tr><td>|DISPWDDIC</td><td>Disable checking password against word dictionary.</td></tr>
<tr><td>|DISPWDHIS</td><td>Disable checking against old passwords.</td></tr>
<tr><td>|EXPIRED</td><td>Mark the password as expired.</td></tr>
<tr><td>|FORCECHANGE</td><td>The user must change the password on the next login.</td></tr>
<tr><td>|GENERATE</td><td>Generate a random initial password.  The generated password
will be displayed.</td></tr>
<tr><td>|GENPWD</td><td>User must always use a generated password.</td></tr>
<tr><td>|LOCKPWD</td><td>User cannot change this password.</td></tr>
<tr><td>|MINIMUM=value</td><td>Set the minimum length of the generated  password.</td></tr>
<tr><td>|PASSWORD=value</td><td>Set the current password to the specified value.</td></tr>
<tr><td>|PWDMIX</td><td>Make password case-sensitive.</td></tr>
</table>
</blockquote>
</p>
<p>
<blockquote>
<b>/BATCH{=specification}</b><br>
Indicates the access restrictions for batch jobs.  If no specification is provided, any /ACCESS
or /NOACCESS qualifiers will apply to batch jobs.
</blockquote>
</p>
<p>
<blockquote>
<b>/BIOLM=value</b><br>
Indicates the Buffered I/O limit for the account, which is the number of concurrent buffered
I/O operations (such as terminal I/Os) can be outstanding at a time.
</blockquote>
</p>
<p>
<blockquote>
<b>/BYTLM=value</b><br>
Indicates the maximum number of bytes of non-paged dynamic system memory that can be used by
the process.  This includes I/O buffering and mailboxes.  A value of 0 indicates that
there is no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/CLI=name</b><br>
Indicates the file specification of the initial shell for logged-in processes.  The
default is UCL.
</blockquote>
</p>
<p>
<blockquote>
<b>/CPUTIME=value</b><br>
Indicates the maximum amount of CPU time, per session, for the user.  A value of 0
indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/DEFPRIVILEGES=values</b><br>
Indicates the privileges the user will have upon logging in.  The values indicate
a single privilege or a comma-delimited list of privilege names.  Any name preceeded
by "NO" will indicate that the specified privilege is to be removed from the user.
This affects the currently assigned privileges - if a privilege is not specified,
the current setting for that privilege is unaffected.  NOALL can be used to remove
all privileges and ALL can be used to grant all privileges.
</blockquote>
</p>
<p>
<blockquote>
<b>/DEVICE=device</b><br>
Indicates the default device for the user.  If not specified, the default device is
SYS$SYSDISK.  This may be a logical or physical device.
</blockquote>
</p>
<p>
<blockquote>
<b>/DIALUP{=specification}</b><br>
Indicates the access restrictions for dialup jobs.  If no specification is provided, any /ACCESS
or /NOACCESS qualifiers will apply to dial-up jobs.
</blockquote>
</p>
<p>
<blockquote>
<b>/DIOLM=value</b><br>
Indicates the direct I/O count limit, which is the number of concurrent direct I/O operations
(usually disk I/Os) that can be outstanding at one time.  A value of 0 indicates no
limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/DIRECTORY=value</b><br>
Indicates the default directory for the account when logging in.
</blockquote>
</p>
<p>
<blockquote>
<b>/ENQLM=value</b><br>
Indicates the lock queue limit for the account, which indicates how many locks can
be queued up at a time.  A value of 0 indicate no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/EXPIRATION=date<br>
/NOEXPIRATION</b><br>
Specifies the expiration date of the account.  Expired accounts cannot be logged in
to.  /NOEXPIRATION removes any existing expiration date.
</blockquote>
</p>
<p>
<blockquote>
<b>/FILLM=value</b><br>
Indicates the open file limit for the account, which is the maximum number of files
that can be concurrently open by a process, including active network links.  A value
of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/FLAGS=value{,value}</b><br>
Indicates the login flags to set for the account.  "NO" can be prefixed to any of these to
clear the flag.
<table>
<tr><th>Flag</th><th>Meaning</th></tr>
<tr><td>AUDIT</td><td>Audit the user.</td></tr>
<tr><td>AUTOLOGIN</td><td>Allow login without authentication.</td></tr>
<tr><td>CAPTIVE</td><td>Prevents user from changing any defaults on login with any
login qualifiers.  It also turns off Control-Y and prevents exiting the command script
specified for the account, if any.</td></tr>
<tr><td>DEFCLI</td><td>Prevents the user from specifying a different initial shell.</td></tr>
<tr><td>DISCTLY</td><td>Disables control-Y on login.</td></tr>
<tr><td>DISIMAGE</td><td>Disallows the user to run images from the shell.</td></tr>
<tr><td>DISMAIL</td><td>Disables mail delivery to the user.</td></tr>
<tr><td>DISNEWMAIL</td><td>Disables notification of new mail upon login.  By default
the user is notified of the presence of mail received since the last login.</td></tr>
<tr><td>DISRECONNECT</td><td>Disables automatic reconnection to an existing detached
process.  By default, the user is reconnected to any detached process.</td></tr>
<tr><td>DISREPORT</td><td>Disables the report of last login, login failures, etc
upon login.</td></tr>
<tr><td>DISUSER</td><td>Disables the user's account.</td></tr>
<tr><td>DISWELCOME</td><td>Disables the login welcome message, which is shown by
default indicates the name and version number of the operating system that is running
and the name of the node onto which the user logged in.</td></tr>
<tr><td>RESTRICTED</td><td>Prevents the use of options on login and disables Control-Y.</td></tr>
</table>
</blockquote>
</p>
<p>
<blockquote>
<b>/INTERACTIVE{=specification}<br>
/NOINTERACTIVE</b><br>
Indicates the access restrictions for interactive jobs.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to interactive jobs.  /NOINTERACTIVE
removes any and all access restrictions for interactive jobs.
</blockquote>
</p>
<p>
<blockquote>
<b>/JTQUOTA=value</b><br>
Indicates the initial size of the process symbol tables when created on log in.
</blockquote>
</p>
<p>
<blockquote>
<b>/LGICMD{=value}</b><br>
Indicates the filename of the shell script to automatically run after login.  If no
value is provided, the default login script is executed.
</blockquote>
</p>
<p>
<blockquote>
<b>/LOCAL{=specification}</b><br>
Indicates the access restrictions for logins on local terminals.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to all logins on local terminals.
</blockquote>
</p>
<p>
<blockquote>
<b>/MAXACCTJOBS=value</b><br>
Indicates the maximum total number of concurrent processes for this user account,
not counting network connection processes.
</blockquote>
</p>
<p>
<blockquote>
<b>/MAXDETACH=value</b><br>
Indicates the maximum total number of detached processes for this user account.  A
value of 0 means there is no limit.  A value of "NONE" indicates that the user cannot
create any detached processes.
</blockquote>
</p>
<p>
<blockquote>
<b>/NETWORK{=specification}</b><br>
Indicates the access restrictions for network connections.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to all network connections for the user.
</blockquote>
</p>
<p>
<blockquote>
<b>/MAXJOBS=value</b><br>
Indicates the maximum total number of concurrent processes for this user account.
Unlike /MAXACCTJOBS, this also applies to network connection processes.  The first
four network connection accounts are not counted toward this limit.  A value of 0
indicate no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/OWNER=ownername</b><br>
Indicates that the new user will be given the specified ownert name, which can be
from 1 to 32 characters long.  The meaning of this name is up to the system
administrator and could indicate a billing name or number.
</blockquote>
</p>
<p>
<blockquote>
<b>/PGFLQUOTA=value</b><br>
Indicates maximum number of pages that a process of the user can use in the system
paging file.  A value of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRCLIM=value</b><br>
Indicates maximum number of concurrent processes, of all types, allowed for the user.  A value of 0 indicates no 
limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRIMEDAYS=value</b><br>
Indicates which days qualify as PRIMARY for any switches that set login restrictions.
By default PRIMARY days are Monday through Friday and SECONDARY days are Saturday
and Sunday.  The value can be a single day or a comma-delimited list of days.  Any
day not specified is treated as per the default.  Any day prefixed with "NO" is defined
as a secondary day for any switches that set login restrictions.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRIORITY=value</b><br>
Indicates the initial priority of a process after login.
</blockquote>
</p>
<p>
<blockquote>
<b>/PRIVILEGES=values</b><br>
Indicates the privileges the user has authorized, but not necessarily upon login.
The /DEFPRIVILEGES indicate what privileges the process starts with while /PRIVILEGES
indicates those that are available to the user.  The values indicate
a single privilege or a comma-delimited list of privilege names.  Any name preceeded
by "NO" will indicate that the specified privilege is to be removed from the user.
This affects the currently assigned privileges - if a privilege is not specified,
the current setting for that privilege is unaffected.  NOALL can be used to remove
all privileges and ALL can be used to grant all privileges.
</blockquote>
</p>
<p>
<blockquote>
<b>/REMOTE{=specification}</b><br>
Indicates the access restrictions for remote connections.  If no specification is provided,
any /ACCESS or /NOACCESS qualifiers will apply to all remote connections for the user.
</blockquote>
</p>
<p>
<blockquote>
<b>/SHRFILLM=values</b><br>
Indicates the maximum number of shared files that the user can have open at one time.
A value of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/TQELM=values</b><br>
Indicates the maximum number of entries a process for the user can have in the timer
queue at one time.  A value of 0 indicates no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/UIC=value</b><br>
Indicates the UIC for the new account.  By default, a UIC is automatically assigned,
however the UIC can be specifically associated with the account with this qualifier.
The UIC specified must not already be assigned to an account.
</blockquote>
</p>
<p>
<blockquote>
<b>/WSDEFAULT=value</b><br>
Indicates the default maximum process memory limit, in memory pages.  A process is not allowed
to exceed this much memory usage unless there is additional unused memory available.
However, if this value is exceeded and then additional memory is required, the space
exceeding the WSDEFAULT value is reclaimed from the process.  A value of 0 indicates
no limit.  This amount of memory can be increased via the SET WORKING_SET utility,
up to the limit of WSEXTENT.
</blockquote>
</p>
<p>
<blockquote>
<b>/WSEXTENT=value</b><br>
Indicates the maximum process memory limit, in memory pages.  A process is not allowed
to exceed this much memory usage unless there is additional unused memory available.
However, if this value is exceeded and then additional memory is required, the space
exceeding the WSEXTENT value is reclaimed from the process.  A value of 0 indicates
no limit.
</blockquote>
</p>
<p>
<blockquote>
<b>/WSQUOTA=value</b><br>
Indicates the maximum process memory limit, in locked pages.  A process is not allowed
to exceed this usage of locked memory.  This is also the maximum amount of swap space
that can be used by the process.  A value of 0 indicates
no limit.
</blockquote>
</p>

This is the contents of the "authorize modify.hlp" file.

<p>
<b>AUTHORIZE<br>
MODIFY/SYSTEM_PASSWORD</b>
</p><p>
This command changes the system-wide password.
Changing the system password requires that all users must supply a system password
before any and all other authentications required for an account.  Since this password
is required before the username is queried, it applies even to autologin accounts.
If the new password is not specified (is null), the system password requirement is
removed.
</p>
<p>
<b>Format</b><br>
<blockquote>
MODIFY/SYSTEM_PASSWORD=password
</blockquote>
</p>
<p>
<b>Parameters</b><br>
<blockquote>
<b>password</b><br>
The new system password.
</blockquote>
</p>
<p>
<b>Qualifiers</b><br>
<blockquote>
None.
</blockquote>
</p>
<p>
<b>Example</b><br>
<blockquote>
<code>UAF> MODIFY/SYSTEM_PASSWORD=XYZZY</code>
</blockquote>
</p>

This is the contents of "authorize modify/system_password.hlp" You may note that the slash isn't valid in filenames in UOS, yet we are using one here. If you go way back to earlier articles on the UOS file system you will find that the only restricted characters in the names of files are the wildcard characters ("?" and "*"). The File Processor component is the part of UOS that adds additional restrictions to filenames. In a FS file, we are directly accessing a file system without the File Processor. Thus, slashes are allowed in module names in libraries. They should be avoided in order to prevent users making simple mistakes in typing shell, or Help, commands - but they may be used when necessary.

<p>
REMOVE</b>
</p><p>
This command deletes the user account from SYSUAF, which prevents that account from
being used to log into the system.  If the user is currently logged into the system,
they are unaffected until they log out or their process otherwise ends.  Note that
this does not remove the user's files, or auditing or accounting information.
The DEFAULT and SYSTEM accounts cannot be removed.
</p>
<p>
<b>Format</b><br>
<blockquote>
REMOVE username
</blockquote>
</p>
<p>
<b>Parameters</b><br>
<blockquote>
<b>username</b><br>
The user whose record is to be removed.
</blockquote>
</p>
<p>
<b>Qualifiers</b><br>
<blockquote>
None.
</blockquote>
</p>
<p>
<b>Example</b><br>
<blockquote>
<code>UAF> REMOVE BOBBY</code>
</blockquote>
</p>

This is the content of the "authorize remove.hlp" file.

<p>
RENAME
</p><p>
This command renames an existing account.  None of the other settings of the account
are changed.  Note that any passwords that used the default UOS encryption may no
longer be valid for this account and they should be changed or the user may not be
able to log in under the old or new name.
</p>
<p>
<b>Format</b><br>
<blockquote>
RENAME oldusername newusername
</blockquote>
</p>
<p>
<b>Parameters</b><br>
<blockquote>
<b>oldusername</b><br>
The username of the existing user account to rename.
</blockquote>
</p>
<p>
<blockquote>
<b>newusername</b><br>
The new username for the user account.  This must not match an existing account name.  It must
be alphanumeric, with underscores and dollar signs allowed.  It is recommended that
dollar signs not be used since those are used for system accounts.  It is also recommended
that the first character not be a numeric digit, as some system features may not work
with such accounts.
</blockquote>
</p>
<p>
<b>Qualifiers</b><br>
<blockquote>
None.
</blockquote>
</p>
<p>
<b>Example</b><br>
<blockquote>
<code>UAF> RENAME BARRY LARRY</code>
</blockquote>
</p>

This is the content of the "authorize rename.hlp" file.

<p>
SHOW
</p><p>
This command shows information about a user(s).
</p>
<p>
<b>Format</b><br>
<blockquote>
SHOW username {qualifiers}
</blockquote>
</p>
<p>
<b>Parameters</b><br>
<blockquote>
<b>username</b><br>
The username of the existing user account to rename.  This can contain wildcards in
order to show more than one user.
</blockquote>
</p>
<p>
<b>Qualifiers</b><br>
<blockquote>
<b>/BRIEF</b><br>
Writes a brief report.  If no output filename is provided, the report is written to
sysuaf.lis in the current directory.  Brief reports do not list the details of the
limits, privileges, login flags, or the command interpreter.   The user directory
will show "Disuser" for a disabled account and "Expired" for an expired account.
</blockquote>
</p>
<p>
<blockquote>
<b>/FULL (default)</b><br>
Writes a detailed report.  If no output filename is provided, the report is written to
sysuaf.lis in the sys$system.  Full reports list the details of the limits, privileges,
login flags, and the command interpreter.
</blockquote>
</p>
<p>
<blockquote>
<b>/WRAP<br>
/NOWRAP (default)</b><br>
Indicates whether or not to wrap long lines.
</blockquote>
</p>
<p>
<b>Discussion</b><br>
<blockquote>
This command shows a report on UAF record(s).
</blockquote>
</p>
<p>
<b>Example</b><br>
<blockquote>
<code>UAF> SHOW LARRY/FULL</code>
</blockquote>
</p>

This is the content of the "authorize show.hlp" file.

If you've made it this far, you see why we will not being doing this for each utility or CUSP that we write. Now we simply import these files into the system help library file using the LIBRARIAN utility. And viola, we have help for the Authorize utility.

You may note that we've organized the help for Authorize as two levels: the main topic as the first level, and each command as a second-level topic. We could have instead made this three levels by making the switches for each command (when appropriate) third-level topics. In fact, VMS help typically does just this. I feel that it is more useful to include the switches in the same article as the command since several switches are related and it is easier to scroll up and down in a single topic than jumping between topics. An added plus is that it was simpler to implement - though that should rarely be the prime motivation for solving a given problem. Part of the issue with VMS is the help interface is used on "dumb" terminals. Though UOS help will work on such terminals, it is a vanishingly small probability that someone will use UOS help on such a device. Rather, it will be used in a GUI setting with scrollbars or on a virtual terminal with a large, scrollable "page". As a final note, you may have noted that these help files do not contain <head>, or <body>, or other such tags. That is because these are not web pages. Such tags would be ignored by the help system, so including them serves no purpose and takes more disk space. Hence they are omitted.

In the next article, we will complete our coverage of help by looking at the Help utility.