To minimize effort in the event that SYSTEM/USERDATAFILE is accidentally lost,
-
Back up the file at regular intervals.
-
Use the library maintenance COPY statement to backup the file.
-
Do not use the MAKEUSER COPY statement. This statement only makes a copy of the syntax describing the USERDATAFILE, it does not copy the USERDATAFILE.
SYSTEM/USERDATAFILE is a private file, so privileged status is required to perform the copy.
On systems where security-administrator status is active, all copies of the SYSTEM/USERDATAFILE are protected so that only a user or process running under a usercode marked SECADMIN is permitted to open and copy the file.
You can take the following precautionary measures to reduce the likelihood of the loss of the USERDATAFILE, and to speed system recovery of the USERDATAFILE.
-
Assure that the DL USERDATA family is on the halt/load family, assuming that this family is routinely backed up to tape. Hence, it should always be possible to gain security-administrator status when the system is halt/loaded. Note, however, that this measure will not protect against catastrophic USERDATAFILE corruption.
-
Assure that the DL USERDATA family is on some type of redundant disk (either a RAID subsystem or on an MCP-mirrored family). Note, however, that this measure will not protect against catastrophic USERDATAFILE corruption.
-
Back up the USERDATAFILE as *SYSTEM/USERDATAFILE to multiple pack families including any CM +STANDBY families, on a daily basis. In the event that the DL USERDATA family is lost, it should be possible to quickly recover the USERDATAFILE with the following procedure:
-
STARTSYSTEM will wait on NO FILE SYSTEM/USERDATAFILE ON <DL USERDATA family> (DK). Enter:
<mix #> OF
-
A process named CONTROLLER/FIND/USERDATAFlLE will be initiated. Enter:
<mix #> IL PK <unit number of a member of another family with *SYSTEM/USERDATAFILE present>
-
If the current SYSTEM/USERDATAFILE is lost or rendered unusable,
-
Copy the backup file under the name SYSTEM/USERDATAFILE to the family on which the previous USERDATAFILE resided.
-
Copy the backup file under the name SYSTEM/USERDATAFILE to a different family if the previous family is no longer available.
-
Use the MAKEUSER RECALL statement to install a backup copy of the USERDATAFILE, if possible.
You can use the DL USERDATA form of the DL (Disk Location) system command to specify an appropriate family name for the new location of SYSTEM/USERDATAFILE. Given enough time and resources, a user could unscramble password information from a copy of the USERDATAFILE. This possibility could result in a serious compromise of system security. For this and other reasons, it is important to deny users the unrestricted ability to remove tapes from the secured area of the computer room.
For more information about physical security, refer to Controlling Access to the Physical System.
