I ************************************************************************* I *                                                                       * B *  JUMP -- INSTALL.TXT  	                                        *I *                                                                       * I ************************************************************************* I *  Author and Maintainer: Jonathan Ridler.                              * I *                                                                       * I *  This software is owned and maintained privately by the author,       * I *  Jonathan Ridler. It is NOT in any way produced, owned, supported,    * I *  maintained or endorsed by Hewlett Packard Pty Ltd or any of its      * I *  legal entities.                                                      * I *                                                                       * I *  Email: vmsjump@internode.on.net                                      * I ************************************************************************* I ************************************************************************* I ***                                                                   *** I ***                         LICENCE NOTICE                            *** I ***                                                                   *** I ***  This software is COPYRIGHT (c) 1993-2012 Jonathan Ridler.        *** I ***  ALL RIGHTS RESERVED.                                             *** I ***                                                                   *** I ***  Please READ the file JUMP_LICENCE.TXT which contains the         *** I ***  complete Licence and all conditions of use for JUMP.             *** I ***                                                                   *** I ************************************************************************* I *************************************************************************    INSTALL JUMP ============  A Installation instructions for JUMP V6.1a 2012-02-21 (21-Feb-2012) , 			      -----------------------------------   Preparation  -----------   I You must read the JUMP Licence in JUMP_LICENCE.TXT -- installation or use C of JUMP presumes you have read and agreed to abide by this licence.   I It is *strongly*  recommended  you  thoroughly  read  the following files  before installing JUMP:      - JUMP.HLP = HELP file.   - JUMP_ACCESS.DAT = example Access List fileC   - CHANGES.TXT = a summary of changes made in this version of JUMP      Requirements ------------  I JUMP  supports  OpenVMS  on  Alpha  and  Integrity  (IA64).   It requires 9 versions of OpenVMS which support the following features:      - Pseudo-terminals   - Callable Mail    - LIB$TABLE_PARSE   I JUMP does  not  require  PERSONA  system  services.   However, if PERSONA I system  services  are  available, they will be used, namely on  Alpha  or I Integrity versions from V7.2 onwards.  PERSONA system  services  are  not  available on VAX at all.  I NOTE: If you wish to use external authentication, PERSONA system services        are required.   I JUMP is written almost entirely in  HP Pascal and comes with pre-compiled I object  modules for all Pascal sources for all architectures (VAX,  Alpha I and Integrity).  Compilation of Pascal sources is not required  to  build I JUMP.   If  re-compilation  is  desired  for  some  reason,  HP Pascal is 	 required.   I NOTE: The definition of  privilege  sets  and  some  other structures and I       constants have been explicitly  defined  in  the  code  for ease of I       coding  or  to overcome architectural conflicts.  The  sources  for I       these definitions are in various library files in SYS$LIBRARY, most I       notably STARLET.PAS.  The definitions will need reviewing with each        release of OpenVMS!   H ***  CAUTION: JUMP has dependencies on the underlying architecture   ***H ***           (VAX, Alpha or Integrity) and the version of OpenVMS.  ***H ***           Any changes to these REQUIRE JUMP to be re-linked.     ***     Caveats  -------   M ***  CAUTION: JUMP executes some things in KERNEL or EXECUTIVE mode!!!!   ***   M ***  You must read the JUMP Licence in JUMP_LICENCE.TXT -- installation   *** M ***  or use of JUMP implies that you have read and agree to abide by the  *** M ***  JUMP Licence. Take particular notice of the sections relating to     *** , ***  liability, warranty and risk.					  ***     Installation ------------  I *** NOTE: The file  JUMP_STARTUP.COM  contains  many  (though not all) of I ***       the actions below, starting  from  action item 7 onwards.  Some I ***       of  the  included actions are required and some  are  optional. I ***       The startup file can be edited and  run  in  the  site-specific E ***       startup, if desired.  Please read the file for more detail.   H  1. If you have not read the files specified in Preparation above, it is*     *strongly* recommended that you do so.  G  2. Ensure all requirements as specified in Requirements above are met. +     Ensure you have read the Caveats above!   A  3. Unpack the JUMP distribution file into a single directory and "     SET DEFAULT to that directory.  G  4. The Message source file for JUMP (JUMP_MSG.MSG) contains a Facility B     ID for JUMP. The default value for this is 111. If a different:     Facility ID is required, edit this file appropriately.     5. Re-link JUMP (NO Traceback):         $ @BUILD_JUMP   F     JUMP may also be built with the following options specified in P1:  F       "C" = Compile Pascal sources in addition to normal build actions@       "L" = Link NO Traceback - this is the default build actionD       "T" = Link *with* Traceback; all other build actions as normal  B     For example, to re-compile the Pascal sources and re-link with     no traceback:          $ @BUILD_JUMP  C  F     NOTE: The build procedure will always re-compile any Macro (.MAR),I           Message (.MSG) and Command Line Definition (.CLD) source files.   L     You may wish to purge any multiple copies of object and executable files     after building JUMP.  '       $ PURGE /LOG JUMP.EXE*,JUMP*.OBJ*   L  6. Copy the appropriate JUMP executable for the architecture on which it is"     to run to a suitable location:  D       $ COPY /LOG JUMP.EXE_<architecture> device:[directory]JUMP.EXE  8     Refer to Step 15 below for setting file protections.  F  7. JUMP *requires* one or other of the following actions. Both may be     done, if desired.   A     a. If you intend to use the JUMP_ACCESS rights ID, create the .        identifier - the value is not relevant:  0          $ AUTHORIZE ADD /IDENTIFIER JUMP_ACCESS  
     and/or  ?     b. Define the JUMP_DOUBLE_CHECK logical name to be "FALSE":   <          $ DEFINE /SYSTEM /EXECUTIVE JUMP_DOUBLE_CHECK FALSE  D     If the JUMP_ACCESS rights ID is *not* created, JUMP_DOUBLE_CHECK     *must* be defined.  ?     Recommendation: Use the JUMP_ACCESS rights ID and allow the G     JUMP_DOUBLE_CHECK logical name to take its default value of "TRUE".   ?  8. If you defined the JUMP_ACCESS rights identifier, grant the #     identifier to authorised users:   :       $ AUTHORIZE GRANT /IDENTIFIER JUMP_ACCESS <username>  ;  9. Create the mandatory audit trail file (JUMP_AUDIT.DAT):   /       $ CREATE device:[directory]JUMP_AUDIT.DAT        ^Z  0     The default name for the audit trail file isF     "SYS_MANAGER:JUMP_AUDIT.DAT". If a different file specification isE     required, define the logical name JUMP_AUDIT_TRAIL appropriately:   G       $ DEFINE /SYSTEM /EXECUTIVE JUMP_AUDIT_TRAIL <file-specification>   F     If you wish, you may simply redefine SYS_MANAGER as a logical name6     pointing to an appropriate directory. For example:  G       $ DEFINE /SYSTEM /EXECUTIVE SYS_MANAGER <directory-specification>   G     NOTE: Ensure all logical names in the logical name translation tree ;           for specifications are defined in EXECUTIVE mode.   > 10. If required, create and edit the optional Access List fileC     (JUMP_ACCESS.DAT) - see the example file for details of syntax. G     You may, if you wish, copy this example file to a suitable location 8     and edit it to make it your actual Access List file.  0     The default name for the Access List file isG     "SYS_MANAGER:JUMP_ACCESS.DAT". If a different file specification is E     required, define the logical name JUMP_ACCESS_LIST appropriately:   G       $ DEFINE /SYSTEM /EXECUTIVE JUMP_ACCESS_LIST <file-specification>   F     If you wish, you may simply redefine SYS_MANAGER as a logical name6     pointing to an appropriate directory. For example:  G       $ DEFINE /SYSTEM /EXECUTIVE SYS_MANAGER <directory-specification>   G     NOTE: Ensure all logical names in the logical name translation tree ;           for specifications are defined in EXECUTIVE mode.   H 11. If required, create a secure directory for placing session log files.     when executing EXACT jumps in secure mode.  H       $ CREATE /DIRECTORY /LOG /OWNER=username <directory-specification>  E     The default name for the secure directory is "SYS_MANAGER:". If a E     different directory specification is required, define the logical '     name JUMP_SECURE_DIR appropriately:   K       $ DEFINE /SYSTEM /EXECUTIVE JUMP_SECURE_DIR <directory-specification>   F     If you wish, you may simply redefine SYS_MANAGER as a logical name6     pointing to an appropriate directory. For example:  G       $ DEFINE /SYSTEM /EXECUTIVE SYS_MANAGER <directory-specification>   G     NOTE: Ensure all logical names in the logical name translation tree ;           for specifications are defined in EXECUTIVE mode.   ? 12. By default, the logical name JUMP_USER_DIR is defined to be E     "SYS$LOGIN:". However, users may define this logical name in user G     or supervisor mode to specify a user-specific directory for placing D     session log files when executing EXACT jumps NOT in secure mode.  I     If you wish to override any user definitions, *explicitly* define the      logical name. For example:  I       $ DEFINE /SYSTEM /EXECUTIVE JUMP_USER_DIR <directory-specification>   K     The default name for the user directory is "SYS$LOGIN:". It is *highly* I     recommended that you specify either "SYS$LOGIN:", or "SYS$DISK:[]" to H     force the files into the user's login directory or current directory.     respectively at the time of invoking JUMP.  G     NOTE: Ensure all logical names in the logical name translation tree J           for specifications are defined in EXECUTIVE mode. Both SYS$LOGINC           and SYS$DISK are defined in EXECUTIVE mode by the system.   + 13. JUMP requires the following privileges:   >       CMEXEC, CMKRNL, DETACH (aka IMPERSONATE), SYSNAM, SYSPRV  E     If JUMP will only ever be used by users with these privileges, it C     is not necessary to INSTALL the image with privileges, although B     it may still be desirable to INSTALL the image for performance     reasons.  F     If access is required by suitably UNprivileged users, install JUMP1     with the those privileges above. For example:   B       $ INSTALL ADD device:[directory]JUMP /OPEN /HEADER /SHARED -9           /PRIVILEGE=(CMEXEC,CMKRNL,DETACH,SYSNAM,SYSPRV)   D     Remember to INSTALL REPLACE the image each time a new version is     created.  F 14. Define any other required logical names in the SYSTEM logical nameA     table in EXECUTIVE mode (see help documentation for details).   K 15. Set appropriate secure access rights on all JUMP files and directories. 3     The following file protections are recommended:   A       To make JUMP generally available to all (authorised) users:   '         JUMP.EXE  (S:RWED,O:RWED,G,W:E)   D       Set protections appropriately if more restricted access to theC       executable image is required. Use Access Control Lists (ACLs)        if desired.   ?       Other files should be (S:RWED,O:RWED,G,W). These include:            JUMP_ACCESS_LIST         JUMP_AUDIT_TRAIL         JUMP distribution files   L     It is *strongly* recommended that SYSTEM be the owner of all JUMP files.  J 16. If you intend to use JUMP /EXACT in forced single command mode (optionM     "U<number_list>" in the ACCESS.DAT file), a privileged logical name table O     must be created so that the commands are not visible to unprivileged users:   J       $ CREATE /NAME_TABLE /PARENT_TABLE=LNM$SYSTEM_DIRECTORY /EXECUTIVE ->           /PROTECTION=(S:RWCD,O:RWCD,G,W) JUMP_SINGLE_COMMANDS  ,     Define any commands required as follows:  7       $ DEFINE /TABLE=JUMP_SINGLE_COMMANDS /EXECUTIVE - 1           JUMP_SINGLE_CMD_n <actual_single_cmd_n>   :     where "n" is a positive integer without leading zeros.  >     To deassign a logical name in the table, do the following:  I       $ DEASSIGN /TABLE=JUMP_SINGLE_COMMANDS /EXECUTIVE JUMP_SINGLE_CMD_n   >     To delete the logical name table itself, do the following:  L       $ DEASSIGN /TABLE=LNM$SYSTEM_DIRECTORY /EXECUTIVE JUMP_SINGLE_COMMANDS  H 17. If desired, make the JUMP help available to JUMP users. As JUMP is aG     powerful, privileged program, it is suggested that the help be made <     available such that only authorised users can access it.  G     If the help is made available through execution of the JUMP program E     with the /HELP qualifier, only Systems Programmers can access the 	     help.   H     To make the help available, create a new help library file or use anD     existing one. To create a new help library file and add the help     file to it:   5       $ LIBRARY /CREATE /HELP <help-library-filename> B       $ LIBRARY /HELP <help-library-filename> <help-data-filename>  1     The default name for the help library file is @     "SYS_HELP:PUBHELP.HLB". If a different file specification isA     required, define the logical name JUMP_HELPLIB appropriately:   F       $ DEFINE /SYSTEM /EXECUTIVE JUMP_HELPLIB <help-library-filename>  9 18. Define a foreign command to allow JUMP to be invoked:   (       $ JUMP :== $device:[directory]JUMP  A     If desired, this can be defined in the SYS$SYLOGIN procedure.    19. Boing! Go JUMP!      Troubleshooting  ---------------    All Issues:   I   For all issues that are likely  to  be bugs in JUMP, please report them I   to  the  JUMP  developer so they may be investigated and  fixed,  if  a    genuine bug is found.   9   Please read AAA-DEVELOPER-NOTES.TXT and AAA-README.TXT.    File access problems:   I   JUMP uses a number of  files,  most  of  which need to be secure.  From I   time-to-time, messages such as "File not found" or "Cannot access file" I   may  be generated for particular files.  Pascal may generate  FILNOTFOU >   or ERRDUROPE errors.  There are a number of possible causes.  C   1. For JUMP configuration files, check that the file which should B      exist is where it is expected to be and has the correct name.D      Remember that some JUMP files are mandatory; some are optional.  G   2. For files created during a JUMP session (session logs, etc), check I      to see if the file has been created at all in the expected location.   H   3. Verify that all relevant logical names have been defined correctly:      - correct equivalence name +      - defined in SYSTEM logical name table        - defined in EXECUTIVE modeB      - all logical names in iterative translations also defined in        EXECUTIVE mode   /   4. Check that all relevant directories exist.   A   5. Check that the security attributes on all relevant files and F      directories (file protections and ACLs) allow appropriate access.B      Remember that JUMP requires SYSPRV and so specific individual,      user access is unlikely to be required.  G   6. In the case of the logical name JUMP_USER_DIR, refer to step 12 in H      the installation instructions above, and the JUMP help file on this      topic.     Cannot JUMP to a valid username:  H   1. If using the JUMP_ACCESS rights identifier, check that the username.      has JUMP_ACCESS granted to it in the UAF.  C      If not using the JUMP_ACCESS rights identifier, check that the /      JUMP_DOUBLE_CHECK logical name is defined.   1      See installation instructions 7 and 8 above.   B   2. For non-Systems Programmers, check that appropriate access is%      granted in the Access List file.   D   3. Check for a username and an identifier that have the same name.  !       $ AUTHORIZE SHOW <username> -       $ AUTHORIZE SHOW /IDENTIFIER <username>        H      If an identifier exists that is the same as the username, but it isH      not the username's UIC identifier, JUMP will assume the username isD      intended, not the identifier. This affects how access lists are4      interpreted. This is normal intended behaviour.  G      See the JUMP Help file (under "Access_List") for more information. 