1 JUMP JUMP allows a user to login exactly as another user without a password. It also allows a more restricted (non-exact) impersonation of another user. Use of JUMP is restricted to specific categories of users: Systems Programmers, Operators and any specifically authorised users. JUMP provides fine-grained access specifications and secure logging of exact jumps. All users are validated against an Access List file to determine any specific access to be granted or denied in addition to any default access (e.g. for Operators). The Access List file also may contain options relating to security monitoring of exact JUMP sessions. By default, all users can JUMP to themselves. The general syntax of the JUMP command is $ JUMP [username] [qualifiers] 2 Parameter JUMP takes a single optional parameter which is a username. This is the username which will be used (after validation) as the target user to which to change. If no username is specified, the username is defaulted to the current username of the process. If a non-exact jump without username is specified, JUMP returns all values of items to those of the current username. Only Systems Programmers and users specifically authorised in the Access List file can jump in any manner to a user with privileges in excess of those defined by the logical name JUMP_MINOR_PRIVS. 2 Qualifiers /ALL /ALL /NOALL (Default) Use of /ALL is restricted to Systems Programmers. It causes all "normal" actions of a non-exact jump _and_ the action of the SETUSER qualifier. /AUDIT /AUDIT (Default) /NOAUDIT By default, use of JUMP is audited to a site-specific audit trail file. Systems Programmers may use /NOAUDIT to prevent auditing of successful jumps. /ESCAPE_CHARACTER /ESCAPE_CHARACTER[=] /NOESCAPE_CHARACTER (Default) When jumping EXACT, an escape character can be defined, which will cause immediate termination of the pseudo-terminal process. To generate the escape character when logged in to the pseudo-terminal, simply hold down the control key (Ctrl) and press the defined letter, e.g., Ctrl-K if the letter 'K' is the defined escape character. The following letters are the only valid escape characters: D,F,G,I,K,L,N,P,U,V By default, there is no escape character. If the qualifier is specified without providing a specific character, the default escape character is the letter 'D'. Example: $ JUMP FRED /EXACT /ESCAPE_CHARACTER=F /EXACT /EXACT /NOEXACT (Default) Login exactly as the targeted user without a password. This is done by creating a pseudo-terminal logged in as the target user. The result is identical to logging in as the user with the correct password. The RECORD, SECURE_MODE and NOTIFY qualifiers can also be specified to generate, save and distribute a log of the session running on the pseudo-terminal. See also the help on the JUMP_SECURE_MODE logical name. /LOG /LOG (Default) /NOLOG By default, successful jumps are logged to SYS$OUTPUT. Use /NOLOG to change "quietly"! /NOTIFY /NOTIFY /NONOTIFY (Default) /NOTIFY=([NO]BEFORE,[NO]AFTER,[NO]INCLUDE,[NO]MAIL,[NO]OPCOM) This qualifier is used with /EXACT to notify specific users that an exact jump is being performed. Notification may be by OPCOM messages or via mail messages sent to the users specified by the logical name JUMP_NOTIFY_MAILLIST. /NOTIFY=BEFORE Issue notification before the JUMP is initiated. /NOTIFY=AFTER Issue notification after the JUMP has completed. /NOTIFY=INCLUDE When used with the RECORD and AFTER qualifiers, include a copy of the session log with the completion mail notification. /NOTIFY=MAIL Issue notification via mail messages. /NOTIFY=OPCOM Issue notification via OPCOM. /NOTIFY=EXIT_ON_MAIL_ERROR Terminate JUMP when MAIL notification fails If the NOTIFY qualifier is specified without any keywords, the default keywords are (BEFORE, AFTER, INCLUDE, MAIL, OPCOM, EXIT_ON_MAIL_ERROR). Individual keywords may be specifically negated as required. If NOTIFY=EXIT_ON_MAIL_ERROR is set (explicitly, or implicitly by JUMP), NOTIFY=BEFORE will also be set mandatorily. This ensures that identifiable problems with MAILing are flagged *before* a JUMP is performed. See also the help on the JUMP_SECURE_MODE logical name. /OVERRIDE_UAF /OVERRIDE_UAF /NOOVERRIDE_UAF (Default) Systems Programmers may use this qualifier to set their username to one which is not in the UAF when performing non-exact jumps, and to jump EXACT to users who have the DISUSER flag set in the UAF. *** WARNING!!! Jumping /EXACT to a username with the DISUSER flag *** *** set causes the pseudo-terminal process to be logged in with *** *** the username and UIC of the target user, but ALL other user *** *** profile information is that of the invoking user. BEWARE!!! *** *** Avoid jumping to a DISUSERed account. If you must do this, use *** *** a non-exact jump. *** /RECORD /RECORD /NORECORD (Default) This qualifier can be specified with /EXACT to generate a transcript (session log) of the actions performed whilst JUMPed to the specified user. The log file specification will be of the form JUMP_-._