 INSTALL JUMP ============  @ Installation instructions for JUMP V5.0 2005-02-19 (19-Feb-2005)     Preparation  -----------   H It is *strongly*  recommended  you  thoroughly  read the following files before installing JUMP:      - JUMP.HLP = HELP file.   - JUMP_ACCESS.DAT = example Access List file8   - CHANGES.TXT = change history of each version of JUMP     Requirements ------------  F JUMP supports OpenVMS on VAX, Alpha and IA64.  It requires versions of- OpenVMS which support the following features:      - Pseudo-terminals   - Callable Mail    - LIB$TABLE_PARSE   . JUMP does NOT require PERSONA system services.  H JUMP is written almost entirely in HP Pascal and comes with pre-compiledH object modules  for all Pascal sources for all architectures (VAX, AlphaH and IA64).  Compilation of Pascal sources is not required to build JUMP.D If re-compilation is desired for some reason, HP Pascal is required.  C NOTE: The definition of privilege sets has been adopted for ease of H       coding. The source for the information is SYS$LIBRARY:STARLET.PAS.F       The definition will need reviewing with each release of OpenVMS!  I ***  CAUTION: JUMP has dependencies on the underlying architecture    *** I ***         (VAX, Alpha or IA64) and the version of OpenVMS.  Any     *** I ***         changes to either of these REQUIRES JUMP to be re-linked. ***      Caveats  -------   M ***  CAUTION: JUMP executes some things in KERNEL or EXECUTIVE mode!!!!   ***   M ***  DISCLAIMER: This software is provided "AS IS".  It does NOT come     *** M ***  with any representations or warranties, implicit or otherwise, as    *** M ***  to its merchantability or fitness for any particular purpose.        *** M ***  The user assumes ALL risks and responsibilities associated with      *** M ***  installing and running this software.                                ***      Installation ------------  H  1. If you have not read the files specified in Preparation above, it is*     *strongly* recommended that you do so.  G  2. Ensure all requirements as specified in Requirements above are met. +     Ensure you have read the Caveats above!   A  3. Unpack the JUMP distribution file into a single directory and "     SET DEFAULT to that directory.  G  4. The Message source file for JUMP (JUMP_MSG.MSG) contains a Facility B     ID for JUMP. The default value for this is 111. If a different:     Facility ID is required, edit this file appropriately.  E  5. If re-compiling Pascal sources and the Pascal compiler version is F     V5.2 or earlier, edit the JUMP build procedure (BUILD_JUMP.COM) toA     modify the default value of the DCL symbol "perform" to be 0.      6. Re-link JUMP (NO Traceback):         $ @BUILD_JUMP   F     JUMP may also be built with the following options specified in P1:  F       "C" = Compile Pascal sources in addition to normal build actions@       "L" = Link NO Traceback - this is the default build actionD       "T" = Link *with* Traceback; all other build actions as normal  >     For example, to re-compile the Pascal sources and re-link:         $ @BUILD_JUMP  C  B     NOTE: The build procedure will always re-compile Macro (.MAR),I           Message (.MSG) and Command Line Definition (.CLD) source files.   L     You may wish to purge any multiple copies of object and executable files     after building JUMP.  ?  7. Copy the JUMP executable (JUMP.EXE) to a suitable location:   5       $ COPY /LOG JUMP.EXE device:[directory]JUMP.EXE   F  8. JUMP *requires* one or other of the following actions. Both may be     done, if desired.   A     a. If you intend to use the JUMP_ACCESS rights ID, create the .        identifier - the value is not relevant:  0          $ AUTHORIZE ADD /IDENTIFIER JUMP_ACCESS  
     and/or  ?     b. Define the JUMP_DOUBLE_CHECK logical name to be "FALSE":   <          $ DEFINE /SYSTEM /EXECUTIVE JUMP_DOUBLE_CHECK FALSE  D     If the JUMP_ACCESS rights ID is *not* created, JUMP_DOUBLE_CHECK     *must* be defined.  F     It is recommended that you use the JUMP_ACCESS rights ID and allowK     the JUMP_DOUBLE_CHECK logical name to take its default value of "TRUE".   E  9. If required, grant the JUMP_ACCESS rights ID to authorised users:   8       $ AUTHORIZE GRANT /IDENTIFIER JUMP_ACCESS username  ; 10. Create the mandatory audit trail file (JUMP_AUDIT.DAT):   /       $ CREATE device:[directory]JUMP_AUDIT.DAT        ^Z  0     The default name for the audit trail file isF     "SYS_MANAGER:JUMP_AUDIT.DAT". If a different file specification isE     required, define the logical name JUMP_AUDIT_TRAIL appropriately:   E       $ DEFINE /SYSTEM /EXECUTIVE JUMP_AUDIT_TRAIL file-specification   F     If you wish, you may simply redefine SYS_MANAGER as a logical name6     pointing to an appropriate directory. For example:  E       $ DEFINE /SYSTEM /EXECUTIVE SYS_MANAGER directory-specification   G     NOTE: Ensure all logical names in the logical name translation tree ;           for specifications are defined in EXECUTIVE mode.   > 11. If required, create and edit the optional Access List fileD     (JUMP_ACCESS.DAT) - see example file for details of syntax. ThisD     file can be copied to a suitable location and edited if desired.  0     The default name for the Access List file isG     "SYS_MANAGER:JUMP_ACCESS.DAT". If a different file specification is E     required, define the logical name JUMP_ACCESS_LIST appropriately:   E       $ DEFINE /SYSTEM /EXECUTIVE JUMP_ACCESS_LIST file-specification   F     If you wish, you may simply redefine SYS_MANAGER as a logical name6     pointing to an appropriate directory. For example:  E       $ DEFINE /SYSTEM /EXECUTIVE SYS_MANAGER directory-specification   G     NOTE: Ensure all logical names in the logical name translation tree ;           for specifications are defined in EXECUTIVE mode.   H 12. If required, create a secure directory for placing session log files.     when executing EXACT jumps in secure mode.  F       $ CREATE /DIRECTORY /LOG /OWNER=username directory-specification  E     The default name for the secure directory is "SYS_MANAGER:". If a E     different directory specification is required, define the logical '     name JUMP_SECURE_DIR appropriately:   I       $ DEFINE /SYSTEM /EXECUTIVE JUMP_SECURE_DIR directory-specification   F     If you wish, you may simply redefine SYS_MANAGER as a logical name6     pointing to an appropriate directory. For example:  E       $ DEFINE /SYSTEM /EXECUTIVE SYS_MANAGER directory-specification   G     NOTE: Ensure all logical names in the logical name translation tree ;           for specifications are defined in EXECUTIVE mode.   ? 13. By default, the logical name JUMP_USER_DIR is defined to be E     "SYS$LOGIN:". However, users may define this logical name in user G     or supervisor mode to specify a user-specific directory for placing D     session log files when executing EXACT jumps NOT in secure mode.  I     If you wish to override any user definitions, *explicitly* define the      logical name. For example:  G       $ DEFINE /SYSTEM /EXECUTIVE JUMP_USER_DIR directory-specification   K     The default name for the user directory is "SYS$LOGIN:". It is *highly* I     recommended that you specify either "SYS$LOGIN:", or "SYS$DISK:[]" to H     force the files into the user's login directory or current directory.     respectively at the time of invoking JUMP.  G     NOTE: Ensure all logical names in the logical name translation tree J           for specifications are defined in EXECUTIVE mode. Both SYS$LOGINC           and SYS$DISK are defined in EXECUTIVE mode by the system.   + 14. JUMP requires the following privileges:   >       CMEXEC, CMKRNL, DETACH (aka IMPERSONATE), SYSNAM, SYSPRV  F     If access is required by suitably UNprivileged users, install JUMP+     with the those privileges. For example:   B       $ INSTALL ADD device:[directory]JUMP /OPEN /HEADER /SHARED -9           /PRIVILEGE=(CMEXEC,CMKRNL,DETACH,SYSNAM,SYSPRV)   F 15. Define any other required logical names in the SYSTEM logical nameA     table in EXECUTIVE mode (see help documentation for details).   K 16. Set appropriate secure access rights on all JUMP files and directories. 3     The following file protections are recommended:   A       To make JUMP generally available to all (authorised) users:   '         JUMP.EXE  (S:RWED,O:RWED,G,W:E)   D       Set protections appropriately if more restricted access to theC       executable image is required. Use Access Control Lists (ACLs)        if desired.   ?       Other files should be (S:RWED,O:RWED,G,W). These include:            JUMP_ACCESS_LIST         JUMP_AUDIT_TRAIL         JUMP distribution files   B     It is recommended that the owner of all JUMP files be SYSTEM.   9 17. Define a foreign command to allow JUMP to be invoked:   (       $ JUMP :== $device:[directory]JUMP  A     If desired, this can be defined in the SYS$SYLOGIN procedure.   H 18. If desired, make the JUMP help available to JUMP users. As JUMP is aG     powerful, privileged program, it is suggested that the help be made <     available such that only authorised users can access it.  
 19. Boing!     Troubleshooting  ---------------    File access problems:   H   JUMP uses a number of files,  most  of  which need to be secure.  FromH   time-to-time,  messages  such  as "File not found" or  "Cannot  accessI   file" may be  generated for  particular  files.  Pascal  may  generate  G   FILNOTFOU or ERRDUROPE errors. There are a number of possible causes.   D   1. Check that a file which should exist is where it is expected toD      be and has the correct name. (Remember that some JUMP files are#      mandatory; some are optional.)   E   2. If a file is being created (e.g., a session log), check that the "      appropriate directory exists.  H   3. Verify that the associated logical name has been defined correctly:      - correct equivalence name +      - defined in SYSTEM logical name table        - defined in EXECUTIVE modeB      - all logical names in iterative translations also defined in        EXECUTIVE mode   D   4. Check that the security attributes on the file and/or directoryI      (protections and ACLs) allow appropriate access. (Remember that JUMP G      requires SYSPRV and so specific individual user access is unlikely       to be required.)   G   5. In the case of the logical name JUMP_USER_DIR, refer to step 13 in H      the installation instructions above, and the JUMP help file on this      topic.     Cannot JUMP to a valid username:  D   1. If using the JUMP_ACCESS rights ID, check that the username has*      JUMP_ACCESS granted to it in the UAF.  I      If not using the JUMP_ACCESS rights ID, check that JUMP_DOUBLE_CHECK       is defined.  1      See installation instructions 8 and 9 above.   B   2. For non-Systems Programmers, check that appropriate access is%      granted in the Access List file.   D   3. Check for a username and an identifier that have the same name.         $ AUTHORIZE SHOW username +       $ AUTHORIZE SHOW /IDENTIFIER username        H      If an identifier exists that is the same as the username, but it isH      not the username's UIC identifier, JUMP will assume the username isD      intended, not the identifier. This affects how access lists are      interpreted.   G      See the JUMP Help file (under "Access_List") for more information.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 