Step 2. Creating User IDs

The installation of a server requires an ID to install and own the files, as well as to administer the server. This is also known as the iadmin ID. The same ID should be used for both functions (installation and administration) and should not be the SYSTEM ID. The iadmin ID can be any user ID that has the required privileges and quotas for running the server in all security modes. For the iadmin privileges necessary for running the server in security mode OPSYS, see Step 6. Configuring the Server With Different Security Providers, and configure for that mode at this time. We highly recommend running the server secured (that is, with security set to OPSYS, PTH, or DBMS).

The iadmin privileges necessary for running a server in security mode OFF are:

Privilege

Function

Required for

NETMBX

May create network device

Mailboxes

PRMGBL

May create permanent global sections

IPC Shared Memory

PRMMBX

May create permanent mailbox

IPC Control Pipes

SYSGBL

May create system wide global sections

IPC Shared Memory

SYSNAM

May insert in system logical name table

IPC Control Pipes

SYSPRV

May access objects using system protection

Creating system logical tables

TMPMBX

May create temporary mailbox

Mailboxes

SYSLCK

May lock system wide resources

Adapter for Progress only

Any additional privileges required by particular underlying databases must also be authorized.

We recommend running the OpenVMS server in security mode OPSYS. This is because non-secured servers also run as an account with elevated privileges and connecting end-user requests run as the privileged account, thus presenting a security risk. Non-secured mode should only be used when adequate safeguards have been taken so that the required privileges do not present a risk, or for short periods of time only (such as while debugging an issue).

The following OpenVMS minimal quota resources are also required for the iadmin ID:

Quota Resources

UAF Keyword

Value

PAGE_FILE

Pgflquo

1000000

BUFFER_LIMIT

Bytlm

800000

IO_BUFFERED

BIOlm

200

IO_DIRECT

DIOlm

200

AST_LIMIT

ASTlm

300

QUEUE_LIMIT

TQElm

50

PRIORITY

Prio

4

WORKING_SET

WSdef

3076

MAXIMUM_WORKING_SET

WSquo

8192

MAX_JOBS

Maxjobs

0

EXTENT

WSextent

10240

FILE_LIMIT

Fillm

300

ENQUEUE_LIMIT

Enqlm

2000

JOB_TABLE_QUOTA

JTquota

10000

Note: The IMPERSONATE privilege (one of the requirements for secured mode operation) allows dynamic setting of quota levels and uses the above table of values. If the configuration is run in secured mode, the initial default values for server validation purposes do not need to be a concern unless the defaults are unusually low.

The iadmin ID must also have a UIC group associated with the ID (so the calls for ID information under OpenVMS 7.x and 8.x are returned in standard OpenVMS 6.x [group,member] format).

To check the UIC, issue the following:

WRITE SYS$OUTPUT F$USER()

Note: The iadmin ID should only be available to users who require administrative privileges to the server for security purposes.

End-users connecting to a server will also require an ID with specific set up for access. For details, see End-User Requirements.


iWay Software