syn2cat
/
phrack
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
phrack/phrack44/14.txt

1156 lines
44 KiB
Plaintext
Raw Permalink Blame History

==Phrack Magazine==
Volume Four, Issue Forty-Four, File 14 of 27
()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()
A Guide to Data General Corporation's
AOS/VS System
PART I
by Herd Beast
INTRODUCTION
~~~~~~~~~~~
This file is a full (as full as such a file can get) guide to the AOS/VS
system. The main reason for writing it is that from what I've seen,
there is practically no info (in the form of files or otherwise) about
it. I won't say I'm the only one who knows anything about it, but I had
a hell of a time getting any sort of help when I started hacking these
systems (I didn't get that help, in case you were wondering, and wrote
this file all by myself 'cause I'm a MAN! Hahaha! <snort> <snort>).
I will explain a little about AOS/VS and then explain some of the
commands and security features in it. This file is not a buffer of any
help facility, although much information can and will be found in the
help facility.
I can be contacted (hopefully) at hbeast@mindvox.phantom.com. If you
want a nice start, and a front page on Newsweek, some Texaco ("Star of
the American Road") systems run AOS/VS.
I cannot, will not, and do not assume liability for ANY of the effects
of the use of this file. Also, I cannot guarantee that EVERYTHING will
work EVERYWHERE, so treat this file as a reference. This file by no
means covers everything about AOS/VS.
IDENTIFYING THE SYSTEM
~~~~~~~~~~~~~~~~~~~~~
Should you just fall at the system prompt, you might mistake it for a
VMS. However, blank prompts like that are rare. An AOS/VS will
identify itself like this: (this and all other buffered info in this
file are from an AOS/VS II with CLI32. Only the best for Phrack)
AOS/VS II 2.20.00.12 / EXEC-32 2.20.00.07 31-May-93 22:51:25 @CON177
Username:
Password:
Another thing different will be the incorrect login message:
Invalid username - password pair
The header line lists the system version, current time/date and the console
you are using.
When you reach the maximum incorrect logins defined in the system, it
will show the line below and disconnect:
Too many attempts, console locking for 10 seconds
When you do succeed to log on, the system will display:
------
Copyright (C) Data General Corporation, 1980 - 1992
All rights reserved.
Licensed material -- property of Data General Corporation
This software is made available solely pursuant to the
terms of a DGC license agreement which governs its use.
((NOTE: Or something else. This is the default))
--------
Most recent logon 1-Jan-93 10:10:01
Very clear. Before you do anything, type CHARACTERISTICS. You will
then get output like this:
/605X/LPP=24/CPL=80/BREAK=BMOB/TCC=40000/TCD=5000/TDW=1000/THC=2000/TLT=2000
/ON/ST/EB0/ULC/WRP/CTD
/OFF/SFF/EPI/8BT/SPO/RAF/RAT/RAC/NAS/OTT/EOL/UCO/MRI/FF/EB1/PM/NRM/MOD/TO/TSP/
C/FKT/VAL/HOFC/SHR/OFC/IFC/16B/ACC/SRDS/XLT/AUTOBAUD/CALLOUT/MDUA/HDPX/SMCD/RT
D/HIFC/G1G0/DKHW/NLX
Look for "/NAS". It stands for non ANSI standard, which means that if
you are using ANSI (probably you are), you needs to issue
CHARACTERISTICS/OFF/NAS, should you find "/NAS" listed after "/ON".
Upon logging off from the system (BYE), you will see:
AOS/VS II CLI Terminating 1-JAN-93 11:11:01
Process 180 Terminated
Elapsed Time 0:16:26, CPU Time 0:00:02.447, I/O Blocks 281
(Other console jobs, same USERNAME -- 16)
User 'HBT' logged off @CON228 1-Jan-93 11:11:01
SYSTEM DEFAULTS
~~~~~~~~~~~~~~
These are accounts I usually found existing. As usual, they are really
similar to those of any other system.
USERNAME
--------
((Privileged accounts))
OP EXEC default username
SYSMGR System manager
CEO_MGR If the system is running CEO
OPER
OPERATOR
((Regular accounts))
CEO.xxxxx If the system is running CEO, a CEO
user, xxxxx being his number.
As for password guessing, well, it's all been said. Try the username,
with some modification, you might get in. As dumb as it sounds, yes,
people do have weak passwords, even today, although not everywhere.
SYSTEM STRUCTURE
~~~~~~~~~~~~~~~
In this section I'll try to describe the real basics of AOS/VS. I will
describe a few commands HERE, and not under "Command List", these
commands will be the basic commands: change directory, list files, etc,
needed to survive in any system.
The AOS "shell" is called CLI (Command Line Interpreter). There are
two versions of CLI, CLI16 and CLI32, with CLI32 being more advanced.
The CLI version affects the system prompt, the way commands are handled
by the system and by the user, and more. For example, some command
switches do not exist under CLI16 (unless very important, I omitted
switches that work only under CLI32 from this file).
Here are the privilege levels available under AOS/VS:
CLI16 PROMPT CLI32 PROMPT PRIVILEGES MODES
-------------+--------------+--------------------------
) ) None
Sm) System Manager
+) Sp) Superprocess
*) Su) Superuser
SmSp) System Manager and Superprocess
SmSu) System Manager and Superuser
#) SpSu) Superprocess and Superuser
SmSpSu) System Manager, Superprocess, Superuser
AOS/VS doesn't grant privileges upon logon. A user's profile may state
the user can access privilege level So-And-So, and if the user later
needs that level, he calls upon a SUPER utility to grant him that
level. This is the place to explain how several different utilities
work. OPERATOR grants the user the ability to access diskettes in dump
or load sessions (see the section titled "System Commands") in sequential
order, instead of accessing them one by one. SUPERUSER turns off all
access checking, enabling the user to do anything with any file on the
system. SUPERPROCESS gives the user the ability to terminate, block,
unblock, or change priorities of any process on the system. The last
command, PRIVILEGE, which is available only under CLI32, enables the user
to set both SUPERUSER and SUPERPROCESS access. It also offers the only
way to set SYSTEMMANAGER access, which is required for operations like
changing time or date.
Command are executed by calling their names, or any part of their name
that only fits them. For example, SUPERUSER can be abbreviated as
SUPERU. It is important to remember that command switches MUST follow
the command without any space, or else the command will try to process
the switches! For example, CHARACTERISTICS /OFF/NAS will result in an
"Error: Illegal filename character characteristics,/off/nas".
The root directory directory is called ':'. Any other directories are
under it, for example ':OUT' and ':OUT:RALF'. If, for example, you FTP
into an AOS/VS and use "cd /" you will be moved in ':'. If you use "cd
/out/ralf" you will be moved into ':OUT:RALF'. To make this much more
clearer (right):
:
HBT
|
|
TEXT
/ \
PHRACK SEX
Legal characters in file or directory names are all the alphabet and
numbers, plus '$', '_', '.' and '?'.
Moving from directory to directory is done by using the "DIRECTORY"
command. Without any arguments, DIRECTORY shows the current path. With
an argument, DIRECTORY changes to that directory.
DIRECTORY [directory]
---------------------
/I Changes to the initial directory
/I path Changes the initial directory to "path"
/P Changes to the previous directory
To list files in a directory, use "FILESTATUS". Without arguments,
FILESTATUS lists files in the current directory. With a path argument,
FILESTATUS lists file in that path.
FILESTATUS [directory]
----------------------
/[AFTER|BEFORE]/[TCR|TLA|TLM]=date and/or time
Shows files matching the selection date or time. The
selections are: time created (TCR); time last accessed (TLA);
and time last modified (TLM). The difference between accessed
and modified is pretty clear, for example if the file is an
executable. The date/time format is: for TIME - hour-minute-sec
(xx-xx-xx); for DATE - day-month-year (xx-xxx-xx); for BOTH -
dd-mmm-yy:hh:mm:ss. Example command lines will be
FILESTATUS/AFTER/TCR=11 Created after 11 AM
FILESTATUS/BEFORE/TLM=01-JAN-90 Modified before 01/01 1990
FILESTATUS/AFTER/TLA=01-JAN-90:11 Accessed after 11 AM,
01/01, 1990
/ASSORTMENT
Normally, FILESTATUS output is just file name. With
/ASSORTMENT, FILESTATUS shows file type, time/date of
creation, and length in bytes. Similar to Unix, if the file
is a link, the file type is set to LNK and FILESTATUS shows
its path.
/COUNT Tells how many files are in the directory. [CLI32]
/[DCR|DLA|DLM]
Shows date of creation (DCR); date last accessed (DLA); and
date last modified (DLM).
/LENGTH Displays file length in bytes.
/LINKNAME
If the file is a link, FILESTATUS displays the information
about the file that it's linked too. For example, if BOB is
linked to RON, FILESTATUS/LINKNAME BOB would display RON's
details. Otherwise, nothing happens.
/TYPE=[\]type
Displays files of type, or all files not of that type (if
\type) was used. See below for valid file types.
/UDA If the file has a UDA (user data area), its presence is displayed.
The CLI's wildcards (sort of), are '=', '^', ':' and '@. '=' means the
current directory. '^' means the parent directory. ':' is (as already
said) the root directory. '@' means the devices directory (where
consoles, tape drives, modems, etc are. Similar to /dev on Unix). Note
that when talking about directories, the ':' is already included. For
example, if you're in :UDD:HBT:TEXT, and want to move to :UDD:HBT:BIN,
you'd type DIRECTORY ^BIN, and not DIRECTORY ^:BIN. File wildcards are
'+', which is equivalent to '*' at DOS, and '#' which is equivalent to
'*.*' at DOS. For example, FILE +.CLI will show all the files whose
names end with ".CLI"; FILE :UDD:# will display all the files in UDD
(which won't happen if you just issue FILE :UDD -- in that case, you'll
see only information about the directory UDD, and not the files within
it).
As with Unix, you can enter more than one command on a line if you
separate the commands with a ';' (a semicolon). If you need more than a
line for your commands, type an '&' before pressing Return, and the CLI
will just keep on reading, instead of processing the command line and
try to run it. This goes ONLY for a sequence like this: "&<Return>", an
'&' anywhere else acts just like any other character.
There are several control characters the CLI takes and uses:
CONTROL CHAR WHAT IT DOES
------------------+-------------------------------
Ctrl-C Begins a Ctrl char sequence.
Ctrl-D End of file.
Ctrl-L Clear screen.
Ctrl-P Don't interpret the following
character in any special way.
Ctrl-S Stops output to the terminal.
Ctrl-Q Resumes output to the terminal.
Ctrl-U Cancel (delete) current input line.
Ctrl-C Ctrl-A Interrupt current process.
Ctrl-C Ctrl-B Terminates current process.
Ctrl-C Ctrl-C Empties the input buffer.
Ctrl-C Ctrl-E Terminates current process and
create a break file (where
termination message is stored).
If the CLI is run with a /NOCA switch, it will ignore Ctrl-C Ctrl-A
sequences, so if put in the start of a macro file, it won't allow you to
break that macro and enter the CLI.
AOS/VS had many file types. File types are three letter acronyms
(although not always) for the file; the same way DOS and VMS have
extensions, the file type controls what the file is (it can have any
extension in its name). File types have a decimal numbers assigned to
them, as well. There are 70 file types, although the operating
system reserves space for 128. The user can define his own file types.
These are some of the he AOS/VS file types:
TYPE NUMBER TYPECODE MEANING
-------------+------------+-----------------
All these types / 11 LDU Logical disk unit
are directories -| 12 CPD Control point directory
\ 10 DIR Directory
0 LNK Link
68 TXT Text
1 SDF System data file
2 MTF Magnetic tape file
13 MTV Magnetic tape volume
22 MTU Magnetic tape unit
49 CON Console
51 RMA Remote host (RMA)
52 HST Remote host (X.25 SVC)
54 PVC Remote host (X.25 PVC)
64 UDF User data file
69 LOG System log file
74 PRV AOS/VS program file
75 WRD Word processing file
87 UNX Unix file (created on a Unix)
95 SPD Spreadsheet file
104 PIP Pipe
105 TTX Teletex file
"Generic files" are actually pointers that help using devices and files.
For example, the @NULL generic file functions like /dev/null on Unix.
Here are the generic files:
@CONSOLE The process' (user's) console.
@DATA A long file created by the user that will be used as
data by a program. @DATA is set using DATAFILE.
@INPUT A short file created by the user that will be used
as input by a program. @INPUT is set using
PROCESS/INPUT=.
@NULL Well, null.
@LIST A long output file that will be used as a program's
output. @LIST is set using LISTFILE.
@OUTPUT A short output file for a program. @OUTPUT is set
using PROCESS/OUTPUT=.
When a program is run, it will sometime try to open one of these generic
files. If they're not set, it will fail on error 21 (non existent
file). But if the file is set, it can use it. So, for example, you can
use PROCESS/OUTPUT=@CONSOLE PROGRAM for output to go to you, or
PROCESS/OUTPUT=OUT_FILE PROGRAM for it to go to OUT_FILE.
"Device files" are files the connect to hardware parts, such as modems,
printers, tapes, diskette drives, FAX machines, etc. In due time, a
program called EXEC makes a connection between processes and devices and
utilizes those devices (see the section titled "The 'EXEC' Program").
Some devices are also used by the backup related programs DUMP and LOAD,
and more. Some of these are:
@MTB0:x The magnetic tape unit #0, x being a dumpfile on the
tape (x starts from 0).
@DPJ A diskette device name.
@LFD A generic labeled diskette file name.
The equivalent of a PATH (usually environment variable) in other systems
is called SEARCHLIST in AOS/VS. When you call a command, or ask for
help, the CLI looks through your SEARCHLIST for the files. So, assuming
you typed HELP MODEM, and somewhere in your searchlist there exists a
file called MODEM.CLI, HELP will show you,
modem - Macro, File :UTIL:COMM:MODEM.CLI
The same goes for other commands, even TYPE (TYPE MODEM.CLI from
:UDD:HBT, if :UTIL:COMM is in your searchlist and there's no MODEM.CLI
in :UDD:HBT will work).
To display your searchlist, just use plain SEARCHLIST. To change it,
use SEARCHLIST path,path,path ...
It's possible to set a password for your current CLI session. This
password is not the password used upon login! It's a password the user
sets to protect his session. He then types LOCK, and from then, anyone
wishing to use the user's CLI (from the user's console), must enter the
password first. Legal passwords are up to 32 characters long, not
including Ctrl characters.
The CLI offers several levels to the user. It starts on the highest
level, 0, and the user may create other level, and use POP to move up a
level, and PUSH to go down a level. When a user POPs to a level,
the CLI environment of the older (higher) level remains (the environment
of the level he was in until that time is therefore changed). When he
PUSHes, the current level's environment is copied to the lower level.
To display the current CLI level, use LEVEL. To display the level's
environment, use CURRENT. To display an upper level's environment
(except when at the highest level), use PREVIOUS.
When you want to print a file, or run something in the background, you
have to submit it as a job. The submit a printing job, use the QPRINT
command (will print the file). To submit a batch job, which is for
executing a command, use QBATCH (for example, QBATCH MASM ASMPROG).
AOS/VS had a facility called "queues", managed by the EXEC program (see
"The 'EXEC' Program"). A queue is a place where file transfer, batch,
and printing jobs are stored until the right process can take them and
execute them. The standard queues are:
QUEUE NAME JOB TYPE CONTENTS
--------------+------------+----------------------------------
BATCH_INPUT Batch Batch input files.
Submitted by QBATCH or QSUBMIT.
BATCH_OUTPUT Printing Output files from finished
batch jobs (usually sent to a
line printer).
BATCH_LIST Printing List files from finished batch
jobs (usually sent to a line
printer).
((Batch jobs are submitted through QBATCH.))
LPT Printing Print jobs submitted by QSUBMIT.
MOUNTQ Mount Tape mount requests.
Submitted by MOUNT.
After a job has been submitted, use QDISPLAY to show its status. Use
QHOLD to hold jobs and QUNHOLD to release them. Last, to display the
status of all queues, use QDISPLAY as well.
AOS/VS also has an extensive help facility. For help on broad topics,
use HELP (to list topics) and then HELP *TOPIC. For help on system
commands, use HELP COMMAND (for a list of switches) or HELP/V COMMAND for
more details.
CLI MACRO PROGRAMMING
~~~~~~~~~~~~~~~~~~~~
Macro filenames usually end with ".CLI" are usually text files (filetype
TXT). A macro is a file that will be executed when called (adding .CLI
to the name when calling isn't necessary), and perform the commands (or
other macros) in it. If the macro matches the name of a CLI command,
the macro must be called together with the .CLI part of its name. Macros
expand arguments in the following way:
Range Arguments (like filenames):
%x% Argument number x, with its switches. %0% is the macro's
name.
%-% All the arguments, with their switches, except for %0%.
%x-y,i% Arguments x through y, in jumps of i. If x or i are missing,
the CLI assumes 1. If y is omitted, 32767 is assumed. For
example, if the arguments were "1 2 3 4 5 6 7", a %2-6,2% call
expands to "2 4 6".
Switch Arguments:
%x/% All the switches of argument x.
%x\% Argument x, without its switches.
%x/y% Argument x, with switch number y.
%x/y=% The value of argument's x switch number y.
%x\y% All the switches of argument x, including their values, except
for switch number y.
Conditionals are used in the form of [CONDITIONAL,ARGS]. If a
conditional returns TRUE, the CLI executes everything after it until it
reaches an ELSE or an END. Otherwise, it skips to an ELSE or an END
(basic programming).
!EQUAL True if both arguments equal alphabetically.
!NEQUAL True if both arguments don't equal alphabetically.
!UEQ True if both arguments equal numerically.
These are called pseudo macros, and are usually built like conditionals,
although sometimes they just substitute for a part of the environment.
There are about 60 of them, but I'll only list a selected few for
brevity.
[!ACL path] Expands for the ACL of path.
[!ASCII octnum] Expands to the ASCII character with the octnum octal
number. For example, newline is octal 12.
[!CLI] Expands to CLI32 or CLI16, according to the CLI.
[!DATE] Date, like 01-Jan-93.
[!SYSTEM] Expands to the type of OS.
[!SEARCHLIST] Expands to the search list.
[!LEVEL] Expands to the current CLI level.
[!CLI] Expands to the CLI type.
[!EXPLODE args] Puts a comma between each pair of character in args.
When used with STRING, in converts spaces and tabs
too. When used with WRITE, in converts into space.
[!LISTFILE] Expands to the path of the listfile.
[!USERNAME] Expands to the username of the person running the
macro.
[!LOGON] Returns CONSOLE if logged on to a terminal or BATCH
if logged in on a batch stream (only works for EXEC
logons).
[!DATAFILE] Expands to the path of the datafile.
[!HID [host]] Returns the host ID. With [host] return the host ID
of [host].
[!HOST [host]] Returns the host name.
[!STRING] Expands to the value of the CLI string.
A more complex pseudo macro is !READ:
[!READ[/args] text]
!READ prints text to the output and then expands to what was received
from the input (which is considered finished when a newline is
received). !READ's args are functional only under CLI32 and are:
/EOF=str
The string that will be returned if EOF is met.
/FILEID=file
Reads from file instead of @OUTPUT. The file must be already
opened using OPEN.
/LENGTH=x
Read until x characters were typed.
/S
Discards all typed after a semicolon (';') or a left bracket
('['). Otherwise, that text must be a valid CLI command or
macro, or a pseudo macro or macro ending with a right bracket
if following the left bracket.
Note that all pseudo macros, including !READ can be used at the command
line and not just in CLI macro files.
Here's an example:
COMMENT -------------------------------------------------
COMMENT Examples of the use of conditionals and arguments
COMMENT in macros.
COMMENT This macro was invoked like this:
COMMENT HMAC 9 0 000
COMMENT -------------------------------------------------
[!EQUAL,%1%,]
WRITE,,,,Execute with arguments please!
[!ELSE]
[!EQUAL,%2%,%3%]
WRITE,,,,%2% and %3% do match ALPHABETICALLY.
[!ELSE]
WRITE,,,,%2% and %3% don't match ALPHABETICALLY.
[!END]
[!UEQ,%2%,%3]
WRITE,,,,%2% and %3% do match NUMERICALLY.
[!ELSE]
WRITE,,,,%2% and %3% don't match ALPHABETICALLY.
[!END]
[!UEQ,%1%,%2%]
WRITE,,,,%1% and %2% do match NUMERICALLY.
[!ELSE]
WRITE,,,,%1% and %2% don't match NUMERICALLY.
[!END]
[!END]
COMMENT -------------------------------------------------
COMMENT The output would be:
COMMENT 0 and 000 don't match ALPHABETICALLY.
COMMENT 0 and 000 do match NUMERICALLY.
COMMENT 9 and 0 don't math NUMERICALLY.
COMMENT -------------------------------------------------
[!EQUAL,[!READ What's your name?,,],HBT]
WRITE,,,,[!ASCII 12]You're HBT.
[!ELSE]
WRITE,,,,[!ASCII 12]You're not HBT.
[!END]
[!EQUAL,[!CLI],CLI16]
WRITE,,,,[!ASCII 12]I was going to show you something else.
WRITE,,,,Too bad you're using CLI16 which won't let READ take arguments.
[!ELSE]
STRING [!READ/LENGTH=1 Continue? (Y/N)]
[!EQUAL,[!STRING],N]
WRITE,,,,[!ASCII 12]Good man [!USERNAME].
[!ELSE]
[!EQUAL,[!STRING],Y]
WRITE,,,,[!ASCII 12]Too bad Mister I-Use-[!SYSTEM]
[!ELSE]
WRITE,,,,[!ASCII 12]Learn English guy.
[!END]
[!END]
[!END]
WRITE,,,,Thank you for using %0%.
AOS/VS can also be programmed in 16 bit and 32 bit Assembly (and
compiled using MASM), BASIC, Fortran, C, Pascal and probably others.
This second program is actually quite simple. I do not even read the
UPF type file directly; I just feed text into the PREDITOR (see the next
section).
COMMENT -------------------------------------------------
COMMENT Delete the little help screen if you are under
COMMENT CLI16. Or just run CLI32.
COMMENT -------------------------------------------------
[!EQUAL,%1%,]
WRITE,,,,[!ASCII 12]Format is: %0%/A NAME
WRITE,,,,,,,,,,,,or /L NAME
[!ELSE]
[!EQUAL,%1%,]
WRITE,,,,,,,Which user exactly?
[!ELSE]
[!NEQUAL,%0/L%,]
WRITE/L=?USER.TMP L
WRITE/L=?USER.TMP %1%
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP b
PROC/DEF/IOC/IN=?USER.TMP/BLOCK PREDITOR
DEL ?USER.TMP
[!ELSE]
WRITE/L=?USER.TMP c
WRITE/L=?USER.TMP %1%
WRITE/L=?USER.TMP y
WRITE/L=?USER.TMP %1%
WRITE/L=?USER.TMP n
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP
WRITE/L=?USER.TMP b
PROC/DEF/IOC/IN=?USER.TMP/BLOCK PREDITOR
DEL ?USER.TMP
[!END]
[!END]
[!END]
SYSTEM SECURITY
~~~~~~~~~~~~~~
The AOS/VS login is performed in the following manner.
Every username has a file associated with it in the :UPD directory.
That file is its profile, and contains the account profile. Once the
user has entered a correct username/password pair, the operating system
loads the user's profile (which includes how much memory and disk space
the user is allowed to use and the user's allowed privileges) into its
internal tables. Several privileges which can be set are the initial
user directory and initial program that will be executed upon completion
of the login (eg, the CLI); how many processes the user may run; what
process priorities the user has; and what SUPER privileges the user has
(eg, SUPERUSER, SUPERPROCESS).
As mentioned, if the user has SUPER privileges, he must activate them
himself (using the right command, or PRIVILEGE if using CLI32).
An important thing to know about password security is that if the system
is running Data General's XODIAC networking software, user's might not
be able to access remote machines through the network if the passwords
are encrypted. Therefore, if you are on a XODIAC host, chances are the
passwords won't be encrypted. The ACL of the :UPD directory doesn't let
every user can access it, though.
Passwords are changed by the user by pressing Ctrl-L immediately after
entering the password at login. This will only work for users that have
the privilege to set their own passwords. Legal passwords are 6 to 15
characters.
This the format (the fields) of the AOS/VS profiles:
* Password
* Initial program To be executed after login
* Initial IPC file The LOGON file
* Initial directory
* Default user priority The user's process priority
* Maximum queue priority The highest queue priority which the user can
set for a batch job. The lower the number, the
higher the priority (1-255).
* Unlimited son processes
* Maximum son processes If the above option if off.
* Disk quota in blocks
* Logical address space Allows the user to control the size of the
(batch) logical address space in which his programs
will be executed. If -1, the system sets.
* Minimum working set The minimum number of pages a user can have in
(batch) their active processes. If -1, the system
determines the value according to the program's
demands.
* Maximum working set
(batch)
* Logical address space
(non batch)
* Minimum working set
(non batch)
* Maximum working set
(non batch)
* Encrypt password
* Superuser
* Superprocess
* Use IPC Allows the user to make IPC calls.
* Use console
* Use batch
* Use virtual console Virtual consoles are created by networked
logins.
* Use modem A modem is a console with the characteristic of
/MOD on.
* Change password
* Change priority
* Change type
* Change username Allows user to become another username without
actually logging in into that user's profile.
* Access devices Allows user to directly issue Assembly
instructions to devices.
* Create without block Allows the user to start a son process without
blocking the father process.
* System manager privileges
* Access local devices remotely
* Change addr. space type Allows 32 bit processes to be called from 16
bit processes (usually on, since there is a
CLI16, but most programs are 32 bit).
* Change working set limit Allows user to change the working set size of
programs.
* Comments
User profiles can be created, deleted, read, and modified from the
AOS/VS User Profile Editor: PREDITOR. PREDITOR gives you a prompt
from which you can read any account and the values of its fields.
PREDITOR does not, however, display the password field, whether it's
encrypted or not -- just an indication of what the Encrypt Password
field is set to. This is easily overcome, since if you can execute the
PREDITOR, you can just as well SED the :UPD:USERNAME file and look at
the password (it's right up there) -- PREDITOR can only be loaded by a
user that can become Superuser.
Legal commands for the PREDITOR are Create, Delete, Edit, List,
Question, Rename, and Use. They can all be abbreviated to their first
letter. When CREATE is called, it first asks if you want to set the
password, and depending on the answer asks you to enter a password. It
then queries about the other fields, giving you three options (usually):
YES, NO, and NL, the system's default. DELETE just asks for a
confirmation on deleting the user, and also his home directory. EDIT is
just like CREATE, allowing you to modify any field in the user's profile
(including the password). LIST lists the status of every field in the
profile (by using a template profile, such as '+', one could view every
user on the system). QUESTION sets the system defaults, which will later
be used by CREATE and EDIT. RENAME allows you to rename a user to another
name, and USE changes the value in the !DEFAULT variable (your username).
Logins are handled by a program called EXEC (that's what the EXEC-32
x.xx.xx.xx part in the login message means). EXEC just reads the
username/password and if correct, logs the user in. After EXEC has been
completed, the Initial Program from the profile is run. The commands for
logins are CONTROL @EXEC DISABLE and ENABLE. See "The 'EXEC' Program"
for more information about EXEC.
When using ENABLE, the console receives login capabilities; apart from
actually logging in, EXEC will also display :UTIL:LOGON.BANNER.SCREEN.
ENABLE
------
/ALL Gives all the consoles the said capabilities.
/TRIES=x Sets maximum login tries to x.
/STOP This will have the same result as if an operator issued
CONTROL @EXEC DISABLE <console> after the maximum login tries
was exceeded.
/CONTINUE
Lock console for 10 seconds and then continue.
/FORCE Change the other parameters while the console is enabled.
SYSTEM COMMANDS
~~~~~~~~~~~~~~
Every command has its own switches. However, all commands accept the
/1, /2, /L and /Q switches (and /STR=string and /ESTR=string under
/CLI32).
/1=ERROR|ABORT|IGNORE|WARNING
/2=WARNING|ERROR|ABORT|IGNORE
Controls what the program will do under a class 1 or 2 error.
The first option listed is the default. ERROR displays
"Error: something" and stops command execution. ABORT aborts
the command. IGNORE ignores the error, and WARNING displays
"Warning: something" and continues with the command.
/L=path The command will store all its output in 'path'.
/Q Display output in columns with on space separating them (an
exception to this switch is TYPE).
/STR=string
/ESTR=string
The command will store its output in the 'string' string
variable, which can be viewed later using the STRING command.
If there is no output or the command is TYPE or COPY the string
is set to null. /ESTR is for error output, /STR is for
regular output.
Some important AOS/VS commands are listed next. I included information
about the DUMP and LOAD commands for information purposes only; as they
require diskettes, I don't think you'll use them daily. However, I
didn't go into diskette handling, etc in detail.
Sorted alphabetically:
ACL <path>
----------
ACL is a utility to control the ACL (Access Control List). An ACL is
just what is sounds like: it includes a list of usernames and what kind
of access they have to the file. ACL used one-letter access code, as
follows.
LETTER TYPE/FILE TYPE/DIR
-----------+---------------------------------+------------------------
A(ppend) Append to a file. Create files in the
directory or move files
into it.
E(xecute) Execute the program. Allows access to
the directory
(changing into it,
reading, etc).
O(wner) Allows the user to change the ACL or erase the file/dir.
R(ead) Read a file. List the files in
the directory.
W(rite) Write to a file. Create, delete or
change ACLs of files
in the directory.
The default ACL for any file is OWARE for the user.
ACL <path> shows the ACL. To modify the ACL:
ACL <path> [user,access] [...]
Access being one of the OWARE group, for example:
ACL PHRACK43 HBT,OWARE (There is NO space between 'username' and
'access'!)
ACL PHRACK42 HBT,OWARE +,R (In this example, the '+' template was
used, '+' standing for all the users. This means that HBT has full
access to the file, while the rest of the users can only read it.
If templates are used, they should be used last, with specific usernames
before them.)
Under CLI32 group access is also available in the format of:
ACL <path> [user:group,access] [...]
Switches:
/[BEFORE|AFTER]/[TCR|TLA|TLM]=date and/or time
/TYPE=type
These function just like the same switches in FILESTATUS.
/D Use the default settings (OWARE). Defaults may be changed
using DEFCAL.
/K Delete ACL - no one but a superuser will be able to access the
file.
/V Show each file changed.
BROWSE
------
BROWSE is a program to browse (view, search, scroll in any direction)
through any number of ASCII or binary files. While in BROWSE help is
available by using 'H' or '?'. BROWSE starts at the end of file and
lets you move backward (but you can change this).
No further details are included since BROWSE can run only on CRT
terminals (the actual terminals the employees usually sit at), and I
didn't have the pleasure of using one of these (nor do I think will the
information be of any use).
CHARACTERISTICS
---------------
CHARACTERISTICS displays or sets the characteristics of a device
attached to a terminal (not a printer, for example). To change
characteristics of a device permanently and not just for the current CLI
level, you must be PID 2 (local console) or have SYSTEMMANAGER privilege
on. To this, you must use EXEC first to DISABLE the device, use
CHARACTERISTICS, and then use EXEC to ENABLE the device (see the section
titled "The 'EXEC' Program"). The CHARACTERISTICS switch will be
/DEFAULT/[default device characteristics] device. "device" for example,
is @CON100.
CHARACTERISTICS switches look like this:
CHARACTERISTICS /[ON|OFF]/SWITCH. It's self explanatory.
/8BT
Interpret all 8 bits of an ASCII char as data. (For use with
8 bit character sets, of course.)
/16B For Asian language translation.
/4010I Device is a DG model 4010I terminal.
/6012 Device is a DG model 6012 terminal.
/605X Device is a DG DASHER model 6052, 6053, D210 or D211 terminal.
/6130 Device is a DG DASHER model 6130, D410 or D460 terminal.
/ACC Line requires modem access control (only users with the Use
Modem privilege may login).
/AUTOBAUD
The system will automatically determine the terminal's baud
(it's bps, damnit!) rate.
/BAUD=b
Sets a device's bps rate to b. b can be 45.5, 50, 75, 110,
134.5, 150, 300, 600, 1200, 1800, 2400, 3600, 4800, 7200,
9600, 19200, 38400.
/BREAK=[BMOB|CAOB|CBOB|CFOB|DCOB]
How the system will respond to a BREAK:
BMOB (default) Clears binary mode and restore normal character
handling
CAOB Issues Ctrl-C Ctrl-A
CBOB Issues Ctrl-C Ctrl-B
CFOB Issues Ctrl-C Ctrl-F
DCOB Disconnect user
/CALLOUT Allow host initiated calls (outside calls).
/CHARLEN=[5|6|7|8]
Character length in bits, *including* stop bit.
/CONTYPE=connection type
Connection types are:
BITMAPPED Windowing terminal
DIRECT Standard connection
PAD From PAD hardware
PBX From a PBX controller
PCVT From a DG/PC*i controller
TERMSERVER From terminal server hardware
TELNET Through telnet
VIRTUAL Through a virtual terminal
/CPL=[8-255]
The maximum number of characters per line.
/CTD Disconnect line if the user doesn't respond to login after a
while.
/DEFAULT Displays the default characteristics of the terminal.
/DKHW If OFF, and /16B and /8BT are on, enable support for Chinese
characters.
/EB0 Specify the echoing of control characters.
/EB1 When both off, nothing is echoed.
When EB0 is on and EB1 is off, echos ^char.
When EB0 is off, and EB1 is on, echos exactly what was entered.
/EOL Don't output a newline if the number of characters in input
has exceeded the line length.
/ESC Interpret an escape as a Ctrl-C Ctrl-A interrupt.
/FF Output a formfeed when the device opens.
/G1G0 Enables the G1G0 character set (Taiwanese characters). /16B
and /8BT must also be ON.
/HARDCOPY Device is a printing terminal.
/HDPX Provide half duplex support for a modem line.
/HIFC Use CTS/RTS input flow control, cannot be on if /HDPX or /MOD are
on.
/HOFC Use CTS/RTS output flow control.
/IFC Enables XON/XOFF to control terminal input (the Ctrl-S/Ctrl-Q
control characters).
/LEVEL=x Sets characteristics to the same as those in CLI level #x.
/LPP=[4-255]
The number of lines per page.
/MDUA Allows direct access to the modem on the line (/MOD must also
be set). You can then use ?WRITE to send commands to the
modem. See the section titled "CLI Macro Programming".
/MOD Use modem interface on this line.
/MRI Monitor line for rings.
/NAS Device is non ANSI standard.
/NLX Enable Asian natural language translation. /16B and /8BT must
also be ON.
/NRM Suppress messages (from SEND) not sent from PID 2 (something
like "mesg n" in Unix).
/OFC XON/XOFF output flow control.
/OTT Convert characters sequence "~}" to an escape (use with VT100
emulation, or how will you escape).
/P Sets the characteristics to be the same as those used on the
previous CLI level.
/PARITY=[ODD|EVEN|NONE]
Default is NONE.
/PM Enable page mode, which pauses output every LPP lines (as set
with the /LPP switch, default is 24). Ctrl-Q resumes.
/RESET Reset characteristics to the default value.
/RTSCD Check carrier detect before processing RTS signals. /HDPX
must be ON.
/SFF Simulate formfeeds.
/SMCD Ignore carrier detect on modem lines. /MOD and must be ON,
and this must be set if /HPDX is ON.
/ST Simulate a tab every 8 columns.
/STOPBITS=[1|1.5|2]
/TCC=[time to wait for a carrier detect signal after the modem connect]
Default is 40000 ms.
/TCD=[time to wait for a carrier detect signal to return after it drops]
Default is 5000 ms.
/TDW=[delay between modem connect and the first I/O]
Default is 2000 ms.
/THC=[the amount of time after disconnecting for the modem to settle]
Default is 10000 ms.
/TLT=[time to wait between sending the last char and dropping RTS]
Default is 0 ms. /HPDX must be ON.
/TO Enable timeouts.
/UCO Convert lowercase input to uppercase when displaying it.
/ULC Accept both uppercase and lowercase as input.
/WRP Wrap on a long line.
/XLT Enable VT100 terminal emulation.
Knowledge is knowledge, but AT&T is something different. Here is how
you'd open a modem line for calling out: (You must be SYSTEMMANAGER)
CLEARDEVICE/RXON @CON999
CONTROL @EXEC DISABLE @CON999
CHARACTERISTICS/ON/MOD/MDUA/CTD/CALLOUT @CON999
CONTROL @EXEC ENABLE @CON999
((And here's how you put it back))
CLEARDEVICE/RXON @CON999
CONTROL @EXEC DISABLE @CON999
CHARACTERISTICS/DEF @CON999
CONTROL @EXEC ENABLE @CON999
CLEARDEVICE <device>
--------------------
You must be PID 2 (local console) or have SYSTEMMANAGER privileges
turned on to use CLEARDEVICE on a terminal that isn't yours. <device>
must be a terminal line (eg, @CON100).
/RXON Simulates a XON character from the device.
/SBREAK Sends a break character to the device.
Reference in New Issue View Git Blame Copy Permalink