INSTALL JUMP ============@Installation instructions for JUMP V5.0 2005-02-19 (19-Feb-2005) Preparation -----------HIt is *strongly* recommended you thoroughly read the following filesbefore installing JUMP: - JUMP.HLP = HELP file. - JUMP_ACCESS.DAT = example Access List file8 - CHANGES.TXT = change history of each version of JUMP Requirements ------------FJUMP supports OpenVMS on VAX, Alpha and IA64. It requires versions of-OpenVMS which support the following features: - Pseudo-terminals - Callable Mail - LIB$TABLE_PARSE.JUMP does NOT require PERSONA system services.HJUMP is written almost entirely in HP Pascal and comes with pre-compiledHobject modules for all Pascal sources for all architectures (VAX, AlphaHand IA64). Compilation of Pascal sources is not required to build JUMP.DIf re-compilation is desired for some reason, HP Pascal is required.CNOTE: The definition of privilege sets has been adopted for ease ofH coding. The source for the information is SYS$LIBRARY:STARLET.PAS.F The definition will need reviewing with each release of OpenVMS!I*** CAUTION: JUMP has dependencies on the underlying architecture ***I*** (VAX, Alpha or IA64) and the version of OpenVMS. Any ***I*** changes to either of these REQUIRES JUMP to be re-linked. ***Caveats-------M*** CAUTION: JUMP executes some things in KERNEL or EXECUTIVE mode!!!! ***M*** DISCLAIMER: This software is provided "AS IS". It does NOT come ***M*** with any representations or warranties, implicit or otherwise, as ***M*** to its merchantability or fitness for any particular purpose. ***M*** The user assumes ALL risks and responsibilities associated with ***M*** installing and running this software. *** Installation ------------H 1. If you have not read the files specified in Preparation above, it is* *strongly* recommended that you do so.G 2. Ensure all requirements as specified in Requirements above are met.+ Ensure you have read the Caveats above!A 3. Unpack the JUMP distribution file into a single directory and" SET DEFAULT to that directory.G 4. The Message source file for JUMP (JUMP_MSG.MSG) contains a FacilityB ID for JUMP. The default value for this is 111. If a different: Facility ID is required, edit this file appropriately.E 5. If re-compiling Pascal sources and the Pascal compiler version isF V5.2 or earlier, edit the JUMP build procedure (BUILD_JUMP.COM) toA modify the default value of the DCL symbol "perform" to be 0. 6. Re-link JUMP (NO Traceback): $ @BUILD_JUMPF JUMP may also be built with the following options specified in P1:F "C" = Compile Pascal sources in addition to normal build actions@ "L" = Link NO Traceback - this is the default build actionD "T" = Link *with* Traceback; all other build actions as normal> For example, to re-compile the Pascal sources and re-link: $ @BUILD_JUMP CB NOTE: The build procedure will always re-compile Macro (.MAR),I Message (.MSG) and Command Line Definition (.CLD) source files.L You may wish to purge any multiple copies of object and executable files after building JUMP.? 7. Copy the JUMP executable (JUMP.EXE) to a suitable location:5 $ COPY /LOG JUMP.EXE device:[directory]JUMP.EXEF 8. JUMP *requires* one or other of the following actions. Both may be done, if desired.A a. If you intend to use the JUMP_ACCESS rights ID, create the. identifier - the value is not relevant:0 $ AUTHORIZE ADD /IDENTIFIER JUMP_ACCESS and/or? b. Define the JUMP_DOUBLE_CHECK logical name to be "FALSE":< $ DEFINE /SYSTEM /EXECUTIVE JUMP_DOUBLE_CHECK FALSED If the JUMP_ACCESS rights ID is *not* created, JUMP_DOUBLE_CHECK *must* be defined.F It is recommended that you use the JUMP_ACCESS rights ID and allowK the JUMP_DOUBLE_CHECK logical name to take its default value of "TRUE".E 9. If required, grant the JUMP_ACCESS rights ID to authorised users:8 $ AUTHORIZE GRANT /IDENTIFIER JUMP_ACCESS username;10. Create the mandatory audit trail file (JUMP_AUDIT.DAT):/ $ CREATE device:[directory]JUMP_AUDIT.DAT ^Z0 The default name for the audit trail file isF "SYS_MANAGER:JUMP_AUDIT.DAT". If a different file specification isE required, define the logical name JUMP_AUDIT_TRAIL appropriately:E $ DEFINE /SYSTEM /EXECUTIVE JUMP_AUDIT_TRAIL file-specificationF If you wish, you may simply redefine SYS_MANAGER as a logical name6 pointing to an appropriate directory. For example:E $ DEFINE /SYSTEM /EXECUTIVE SYS_MANAGER directory-specificationG NOTE: Ensure all logical names in the logical name translation tree; for specifications are defined in EXECUTIVE mode.>11. If required, create and edit the optional Access List fileD (JUMP_ACCESS.DAT) - see example file for details of syntax. ThisD file can be copied to a suitable location and edited if desired.0 The default name for the Access List file isG "SYS_MANAGER:JUMP_ACCESS.DAT". If a different file specification isE required, define the logical name JUMP_ACCESS_LIST appropriately:E $ DEFINE /SYSTEM /EXECUTIVE JUMP_ACCESS_LIST file-specificationF If you wish, you may simply redefine SYS_MANAGER as a logical name6 pointing to an appropriate directory. For example:E $ DEFINE /SYSTEM /EXECUTIVE SYS_MANAGER directory-specificationG NOTE: Ensure all logical names in the logical name translation tree; for specifications are defined in EXECUTIVE mode.H12. If required, create a secure directory for placing session log files. when executing EXACT jumps in secure mode.F $ CREATE /DIRECTORY /LOG /OWNER=username directory-specificationE The default name for the secure directory is "SYS_MANAGER:". If aE different directory specification is required, define the logical' name JUMP_SECURE_DIR appropriately:I $ DEFINE /SYSTEM /EXECUTIVE JUMP_SECURE_DIR directory-specificationF If you wish, you may simply redefine SYS_MANAGER as a logical name6 pointing to an appropriate directory. For example:E $ DEFINE /SYSTEM /EXECUTIVE SYS_MANAGER directory-specificationG NOTE: Ensure all logical names in the logical name translation tree; for specifications are defined in EXECUTIVE mode.?13. By default, the logical name JUMP_USER_DIR is defined to beE "SYS$LOGIN:". However, users may define this logical name in userG or supervisor mode to specify a user-specific directory for placingD session log files when executing EXACT jumps NOT in secure mode.I If you wish to override any user definitions, *explicitly* define the logical name. For example:G $ DEFINE /SYSTEM /EXECUTIVE JUMP_USER_DIR directory-specificationK The default name for the user directory is "SYS$LOGIN:". It is *highly*I recommended that you specify either "SYS$LOGIN:", or "SYS$DISK:[]" toH force the files into the user's login directory or current directory. respectively at the time of invoking JUMP.G NOTE: Ensure all logical names in the logical name translation treeJ for specifications are defined in EXECUTIVE mode. Both SYS$LOGINC and SYS$DISK are defined in EXECUTIVE mode by the system.+14. JUMP requires the following privileges:> CMEXEC, CMKRNL, DETACH (aka IMPERSONATE), SYSNAM, SYSPRVF If access is required by suitably UNprivileged users, install JUMP+ with the those privileges. For example:B $ INSTALL ADD device:[directory]JUMP /OPEN /HEADER /SHARED -9 /PRIVILEGE=(CMEXEC,CMKRNL,DETACH,SYSNAM,SYSPRV)F15. Define any other required logical names in the SYSTEM logical nameA table in EXECUTIVE mode (see help documentation for details).K16. Set appropriate secure access rights on all JUMP files and directories.3 The following file protections are recommended:A To make JUMP generally available to all (authorised) users:' JUMP.EXE (S:RWED,O:RWED,G,W:E)D Set protections appropriately if more restricted access to theC executable image is required. Use Access Control Lists (ACLs) if desired.? Other files should be (S:RWED,O:RWED,G,W). These include: JUMP_ACCESS_LIST JUMP_AUDIT_TRAIL JUMP distribution filesB It is recommended that the owner of all JUMP files be SYSTEM. 917. Define a foreign command to allow JUMP to be invoked:( $ JUMP :== $device:[directory]JUMPA If desired, this can be defined in the SYS$SYLOGIN procedure.H18. If desired, make the JUMP help available to JUMP users. As JUMP is aG powerful, privileged program, it is suggested that the help be made< available such that only authorised users can access it. 19. Boing!Troubleshooting---------------File access problems:H JUMP uses a number of files, most of which need to be secure. FromH time-to-time, messages such as "File not found" or "Cannot accessI file" may be generated for particular files. Pascal may generate G FILNOTFOU or ERRDUROPE errors. There are a number of possible causes.D 1. Check that a file which should exist is where it is expected toD be and has the correct name. (Remember that some JUMP files are# mandatory; some are optional.)E 2. If a file is being created (e.g., a session log), check that the" appropriate directory exists.H 3. Verify that the associated logical name has been defined correctly: - correct equivalence name+ - defined in SYSTEM logical name table - defined in EXECUTIVE modeB - all logical names in iterative translations also defined in EXECUTIVE modeD 4. Check that the security attributes on the file and/or directoryI (protections and ACLs) allow appropriate access. (Remember that JUMPG requires SYSPRV and so specific individual user access is unlikely to be required.)G 5. In the case of the logical name JUMP_USER_DIR, refer to step 13 inH the installation instructions above, and the JUMP help file on this topic. Cannot JUMP to a valid username:D 1. If using the JUMP_ACCESS rights ID, check that the username has* JUMP_ACCESS granted to it in the UAF.I If not using the JUMP_ACCESS rights ID, check that JUMP_DOUBLE_CHECK is defined.1 See installation instructions 8 and 9 above.B 2. For non-Systems Programmers, check that appropriate access is% granted in the Access List file.D 3. Check for a username and an identifier that have the same name. $ AUTHORIZE SHOW username+ $ AUTHORIZE SHOW /IDENTIFIER username H If an identifier exists that is the same as the username, but it isH not the username's UIC identifier, JUMP will assume the username isD intended, not the identifier. This affects how access lists are interpreted.G See the JUMP Help file (under "Access_List") for more information.