1 JUMP JUMP is a program which allows selected users (Systems Programmers, Operators and specifically authorised users) to change elements of their process to those of another user, or to become *exactly* the target user in a pseudo-terminal. Limitations are placed on Operators: they cannot target users who have more than a certain set of privileges unless they are specifically authorised to do so. All users are validated against an access file to determine any specific access to be granted or denied in addition to any default access (e.g. for Operators). The access file also may contain options relating to security monitoring of sessions. For non-exact jumps, items which are changed to those of the target user are: Username (Systems Programmers only, using the SETUSER or ALL qualifier) UIC, Default Directory, Default Disk, LNM$GROUP. Privileges and process rights are NOT changed. By default, all users can JUMP to themselves. The general syntax of the JUMP command is $ JUMP [username] [qualifiers] 2 Parameter JUMP takes a single optional parameter which is a username. This is the username which will be used (after validation) as the target user to which to change. Systems Programmers may set their username to one which is not in the UAF using the OVERRIDE_UAF qualifier. If no username is specified, the username is defaulted to the current username of the process. If a non-exact jump without username is specified, JUMP returns all values of items to those of the current username. Only Systems Programmers and users specifically authorised in the access file can jump in any manner to a user with privileges in excess of those defined by the logical name JUMP_MINOR_PRIVS. 2 Qualifiers /ALL /ALL /NOALL (Default) Use of /ALL is restricted to Systems Programmers. It causes all "normal" actions of a non-exact jump _and_ the action of the SETUSER qualifier. /AUDIT /AUDIT (Default) /NOAUDIT By default, use of JUMP is audited to a site-specific audit trail file. Systems Programmers may use /NOAUDIT to prevent auditing of successful jumps. /EXACT /EXACT /NOEXACT (Default) Use this qualifier to create a pseudo-terminal which is logged in exactly as the user. The RECORD, SECURE_MODE and NOTIFY qualifiers can also be specified to generate, save and distribute a log of the session running on the pseudo-terminal. See also the help on the JUMP_SECURE_MODE logical name. /LOG /LOG (Default) /NOLOG By default, successful jumps are logged to SYS$OUTPUT. Use /NOLOG to change "quietly"! /NOTIFY /NOTIFY /NONOTIFY (Default) /NOTIFY=([NO]BEFORE,[NO]AFTER,[NO]INCLUDE,[NO]MAIL,[NO]OPCOM) This qualifier is used with /EXACT to notify specific users that an exact jump is being performed. Notification may be by OPCOM messages or via mail messages sent to the users specified by the logical name JUMP_NOTIFY_MAILLIST. /NOTIFY=BEFORE Issue notification before the JUMP is initiated. /NOTIFY=AFTER Issue notification after the JUMP has completed. /NOTIFY=INCLUDE When used with the RECORD and AFTER qualifiers, include a copy of the session log with the completion notification. /NOTIFY=MAIL Issue notification via mail messages. /NOTIFY=OPCOM Issue notification via OPCOM. If the NOTIFY qualifier is specified without any keywords, the default keywords are (BEFORE,AFTER,INCLUDE,MAIL,OPCOM). Individual keywords may be specifically negated as required. See also the help on the JUMP_SECURE_MODE logical name. /OVERRIDE_UAF /OVERRIDE_UAF /NOOVERRIDE_UAF (Default) Systems Programmers may use this qualifier to set their username to one which is not in the UAF when performing non-exact jumps. /RECORD /RECORD /NORECORD (Default) This qualifier can be specified with /EXACT to generate a transcript (session log) of the actions performed whilst JUMPed to the specified user. The log file specification will be of the form JUMP_-._