Advanced Server for OpenVMS
Commands Reference Manual


Previous Contents Index


ADD SHARE/DIRECTORY

Makes a share or directory (the directory tree and its files) available to network users. Adding a shared directory is the default; you may omit the /DIRECTORY qualifier when adding a shared directory.

Format

ADD SHARE share-name share-path [/qualifiers]

ADD SHARE/DIRECTORY share-name share-path [/qualifiers]

restrictions

Use of this command requires membership in the Administrators, Account Operators, or Server Operators local group.

Related Commands


Parameters

share-name

Specifies a 1 to 12 character name used to identify and connect to the shared directory. If computers running MS-DOS will be connecting to the share, the share name should be limited to eight characters, optionally followed by a period and up to three more characters.

share-path

The path to a directory, local to the server being administered, to be shared.

Qualifiers

/DESCRIPTION=string

/NODESCRIPTION

Specifies a string of up to 48 characters used to provide descriptive information about the shared directory. Enclose the string in quotation marks to preserve case (the default is uppercase). /NODESCRIPTION, the default, indicates that the description is to be blank.

/HOST_ATTRIBUTES=(attribute-type[,...])

Sets host-system-specific attributes for the share, and is valid for OpenVMS servers only. For the attribute-type keyword, you can specify one or more of the keywords DIRECTORY_PROTECTION, FILE_PROTECTION, and RMS_FORMAT, as follows:














DIRECTORY_PROTECTION=(ownership:access[,...])
  Specifies the default OpenVMS RMS protections for subdirectories created in the shared directory. The protection of existing subdirectories is not affected.
  Specify the ownership keyword as any of the following:
  Ownership Description
  OWNER File owner (also applies to SYSTEM)
  GROUP Users in same UIC group
  WORLD All other users
     
  Specify the access keyword as any combination of the following:
  Access Description
  R Read-only access. Users can display files that they have permission to access in the directory.
  W Write access. Users can create files in the directory, and can edit and delete files that they have permission to access. Write access implies delete access.
  E Execute access. Users can run program files that they have permission to access in the directory.
  Owner access is also applied to SYSTEM. The default RMS directory protection is OWNER:RWED, GROUP:RWED, WORLD:RE.
FILE_PROTECTION=(ownership:access[,...])
  Specifies the default OpenVMS RMS protections for files created in the shared directory. The protection of existing files is not affected.
  Specify the ownership keyword as any of the following:
  Ownership Description
  OWNER File owner (also applies to SYSTEM)
  GROUP Users in same UIC group
  WORLD All other users
  Specify the access keyword as any combination of the following:
  Access Description
  R Read-only access. Users with access to the directory can display files stored there.
  W Write access. Users with access to the directory can edit and delete files stored there. Write access implies delete access.
  E Execute access. Users with access to the directory can run program files stored there.
  Owner access is also applied to SYSTEM. The default RMS file protection is OWNER:RWD, GROUP:RWD, WORLD:R.
RMS_FORMAT=record-type
  Specifies the OpenVMS RMS record format of files created in the shared directory.
  The record-type keyword can be one of the following:
  Record-Type Description
  SEQUENTIAL_FIXED
    Files created in the shared directory are RMS sequential files with fixed length 512 byte records.
  STREAM Files created in the shared directory are RMS stream format files. This is the default.
  UNDEFINED Files created in the shared directory have no specific RMS format. The format is defined by the application writing the file.

/LIMIT=connect-limit

/NOLIMIT

Specifies the maximum number of users who can connect to the shared directory at one time. /NOLIMIT, the default, specifies there is no maximum connection limit.

/PERMISSIONS=([domain-name\]name=access[,...])

/NOPERMISSIONS

Specifies the access permissions for the directory share. These permissions control network access to the directory share, and determine which users or groups can access the shared directory, and the type of access they are allowed.

When a directory is shared, the default is to grant FULL access to everyone. This permission allows anyone to do anything they wish to any of the files or subdirectories in the directory tree. To restrict access, use the /NOPERMISSIONS qualifier. In this case, you must use the /PERMISSIONS qualifier to grant access to specific users or groups.

The permissions list (name=access) is a list of users and groups allowed to access the shared resource, and the type of access granted to each user or group. It must be enclosed in parentheses, and consists of one or more name=access pairs, where name can be any valid user or group name from this or another trusted domain, and access can be any one of the types listed in the following table.

To specify a user or group name in a trusted domain, enter the domain-qualified name (domain-name\name), such as KANSAS\DOLE, where KANSAS is the name of the trusted domain, and DOLE is the user or group name defined in the trusted domain. If you omit a domain name, the user or group is assumed to be defined in the domain of the server currently being administered.
Access Description
NONE Prevents any access to the shared directory, its subdirectories, and their files.
READ Allows viewing file names and subdirectory names, traversing to subdirectories, viewing data in files, and running applications.
CHANGE Allows viewing file names and subdirectory names, traversing to subdirectories, viewing data in files, running applications, adding files and subdirectories, changing data in files, and deleting subdirectories and files.
FULL Allows viewing file names and subdirectory names, traversing to subdirectories, viewing data in files, running applications, adding files and subdirectories, changing data in files, deleting subdirectories and files, changing file and directory permissions, and taking ownership of files and directories.

/PERSONAL

/NOPERSONAL

Indicates that the shared directory is a personal share. Personal shares are supported on OpenVMS servers only. A personal share is identical to a shared directory in all ways except that it does not appear in a SHOW SHARES display by default, and is not network browsable. /NOPERSONAL, the default, indicates that the shared directory should not be a personal share.

/SERVER=server-name

Specifies the name of the server on which to add the share. The default is the server currently being administered.

Examples

#1

 LANDOFOZ\\TINMAN> ADD SHARE/DIRECTORY RAINBOW USER1:[SHARED] - 
 _LANDOFOZ\\TINMAN> /DESCRIPTION="Files of many colors" 
 %PWRK-S-SHAREADD, share "RAINBOW" added on server "TINMAN" 
      

This example adds a directory share named RAINBOW for the directory whose path is USER1:[SHARED]. The description for the share is "Files of many colors".

#2

 LANDOFOZ\\TINMAN> ADD SHARE TORNADO USER1:[TORNADO_FILES] - 
 _LANDOFOZ\\TINMAN> /NOPERMISSIONS/PERMISSIONS=(SCARECROW=FULL) 
 %PWRK-S-SHAREADD, share "TORNADO" added on server "TINMAN" 
      

This example adds a directory share named TORNADO for the directory whose path is USER1:[TORNADO_FILES]. The /NOPERMISSIONS qualifier explicitly denies access to the share to all users, which is granted by default, and the /PERMISSIONS qualifier grants full access to the share to the user SCARECROW.


ADD SHARE/PRINT

Adds a shared print queue resource to the server's share database, and makes the print queue available to network users.

Format

ADD SHARE/PRINT share-name [queue-name] [/qualifiers]

restrictions

Use of this command requires membership in the Administrators, Account Operators, Server Operators, or Print Operators local group.

The /PRINT qualifier is required to specify a print share, and must follow the ADD SHARE command and precede any other parameters or qualifiers.

Related Commands


Parameters

share-name

Specifies a 1 to 12 character name used to identify and connect to the shared print queue. If you specify the queue-name, the share-name must match the specified queue-name. If computers running MS-DOS will be connecting to the share, the share name should be limited to eight characters, optionally followed by a period and up to three more characters.

queue-name

The name of a print queue, local to the server being administered, to be shared. If not specified, the queue-name parameter defaults to the name of the share. If queue-name differs from the associated OpenVMS queue name, define a logical to associate queue-name with the OpenVMS queue name.

Qualifiers

/DESCRIPTION=string

/NODESCRIPTION

Specifies a string of up to 48 characters used to provide descriptive information about the shared print queue. Enclose the string in quotation marks to preserve case (the default is uppercase). /NODESCRIPTION, the default, indicates that the description is to be blank.

/LIMIT=connect-limit

/NOLIMIT

Specifies the maximum number of users who can connect to the shared print queue at one time. /NOLIMIT, the default, specifies there is no maximum connection limit.

/PERMISSIONS=([domain-name\]name=access[,...])

/NOPERMISSIONS

Specifies the access permissions for the shared print queue. These permissions control network access to the print queue, and determine which users or groups can access the shared print queue, and the type of access they are allowed.

When a print queue is shared, the default is to grant PRINT access to everyone. This permission allows anyone to print to the shared print queue. Use /NOPERMISSIONS if you do not wish to grant this default permission. In this case, you must use the /PERMISSIONS qualifier to grant access to specific users or groups.

The permissions list is a list of users and groups allowed to access the shared print queue, and the type of access granted to each user or group. It must be enclosed in parentheses, and consists of one or more name=access pairs, where name can be any valid user or group name from this or another trusted domain, and access can be any one of the types listed in the following table.

To specify a user or group name in a trusted domain, enter the domain-qualified name (domain-name\name), such as KANSAS\DOLE, where KANSAS is the name of the trusted domain, and DOLE is the user or group name defined in the trusted domain.

If you omit a domain name, the user or group is assumed to be defined in the domain of the server being administered.
Access Description
NONE Prevents any access to the printer
PRINT Allows printing of documents
MANAGE_DOCUMENTS
  Allows holding, releasing, and deleting of print jobs, and changing the order in which jobs print
FULL Allows printing of documents; holding, releasing and deleting of print jobs; changing the order in which jobs print; aborting and restarting of jobs being printed; pausing, continuing and purging of the print queue; changing of print queue settings; removal of the print queue; and changing of print resource permissions

/SERVER=server-name

Specifies the name of the server on which to add the share. The default is the server currently being administered.

Example


LANDOFOZ\\TINMAN> ADD SHARE/PRINT TOTO TOTO_LA210 - 
_LANDOFOZ\\TINMAN> /DESCRIPTION="LA210 printer on TINMAN" 
%PWRK-S-SHAREADD, share "TOTO" added on server "TINMAN" 
      

This example adds a print share named TOTO for the print queue called TOTO_LA210. The description for the share is "LA210 printer on TINMAN".


ADD TRUST

Adds the specified domain to either the list of domains this domain trusts or to the list of domains that are allowed to trust this domain.

A trust relationship is a link between two server domains, where one domain honors the users of another domain, trusting the logon authentications performed by that other domain for its own users. User accounts and global groups defined in a trusted domain can be granted rights, resource permissions, and local group memberships at a trusting domain and its member computers, even though those accounts don't exist in the trusting domain's security database. When trust relationships are properly established between all the domains in a network, they allow a user to have only one user account and one password in one domain, yet have access to the resources anywhere in the network.

Establishing a trust relationship requires two steps in two different domains: first one domain must permit a second domain to trust it, and then the second domain must be set to trust the first domain. Establishing a two-way trust relationship (where each domain trusts the other) requires that both steps be performed in both domains.


Format

ADD TRUST trust-domain [password] {/PERMITTED | /TRUSTED} [/qualifiers]

restrictions

Use of this command requires membership in the Administrators local group.

Related Commands


Parameters

trust-domain

Specifies the 1 to 15 character name of the domain with which to set up a trust relationship.

password

Specifies the password used to establish the trust. The password is case sensitive, and can be up to 14 characters in length. When setting up to trust another domain (using the /TRUSTED qualifier), this password must match the password given on the other domain when it was set up to permit this domain to trust it. When setting up to permit another domain to trust this domain (using the /PERMITTED qualifier), this password must be used on the other domain when it is set up to trust this domain.

If you do not enter a value for the password, or enter it as an asterisk (*), you are prompted for a password and a confirmation. The password is not displayed as it is entered.

Once a trust relationship is established, the password used to establish the trust is changed by the system. Because of this, you cannot remove one side of an established trust relationship, and then later reestablish that trust using the original password. You must always remove both sides of a trust relationship, and then completely reestablish it.


Qualifiers

/CONFIRM

/NOCONFIRM

Controls whether you are prompted for a confirmation before the operation is performed. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode.

/DOMAIN=domain-name

Specifies that the trust relationship is to be added to the domain called domain-name. The default is the domain currently being administered. Do not specify both /DOMAIN and /SERVER on the same command line.

/PERMITTED

Specifies that the domain is to be added to the list of domains permitted to trust this domain. Once the domain is added, you must set up the other domain to trust this domain in order to establish the trust relationship. You must specify either the /PERMITTED or /TRUSTED qualifier, but not both.

/SERVER=server-name

Specifies the name of a server that is a member of the domain to which to add the trust relationship. Do not specify both /DOMAIN and /SERVER on the same command line.

/TRUSTED

Specifies that the domain is to be added to the list of domains that this domain trusts. To properly establish the trust relationship, the specified domain should already have permitted this domain to trust it. You must specify either the /PERMITTED or /TRUSTED qualifier, but not both.

Examples

The following two examples together show how to establish a one-way trust relationship between the domain currently being administered (LANDOFOZ) and the domain called KANSAS. After this trust relationship has been established, users in the KANSAS domain will have access to resources in the LANDOFOZ domain after logging on to the KANSAS domain.
#1

 LANDOFOZ\\TINMAN> ADD TRUST LANDOFOZ "OverTheRainbow" - 
 _LANDOFOZ\\TINMAN> /DOMAIN=KANSAS/PERMITTED/NOCONFIRM 
 %PWRK-S-TRUSTADD, trust between domains "KANSAS" and "LANDOFOZ added" 
      

This example adds the domain LANDOFOZ to the list of permitted to trust domains on the domain called KANSAS. The password to be used to establish the trust will be "OverTheRainbow."

#2

 LANDOFOZ\\TINMAN> ADD TRUST KANSAS "OverTheRainbow"/TRUSTED 
 This may take some time, do you want to continue? [YES or NO] (YES) : 
 %PWRK-S-TRUSTADD, trust between domains "LANDOFOZ" and "KANSAS" added 
      

This example adds the domain KANSAS to the list of trusted domains on the domain currently being administered (LANDOFOZ). The password used to establish the trust is "OverTheRainbow." This example would complete the one-way trust between domains LANDOFOZ and KANSAS initiated in the first example.


Previous Next Contents Index