SYS$MANAGER:SYLOGIN.COM - Flexibility Requires Prudence

Processes are a foundational OpenVMS unit. Process creation is the common origin for all OpenVMS activity, whether an interactive session, batch job, network server, or detached process. While a process can be created without a CLI context, it is more common to create a process with a CLI context. In most cases, the CLI is the OpenVMS standard: DCL.

When a process is created with a DCL context, the image executed is SYS$SYSTEM:LOGINOUT.EXE. As part of its processing, LOGINOUT translates the system-wide logical name SYS$SYLOGIN. The file command file identified by that logical name is then invoked. Normally, SYS$SYLOGIN translates to SYS$MANAGER:SYLOGIN.COM (for convenience, SYLOGIN in the rest of this column). SYLOGIN is invoked before any user-written LOGIN.COM is executed.

SYLOGIN provides an extraordinarily powerful opportunity to intervene in the login process. SYLOGIN provides an opportunity for additional validation beyond that provided by SYS$SYSTEM:LOGINOUT.EXE. It is also possible to enforce adherence to site-specific standards. Code within the user login (normally SYS$LOGIN:LOGIN.COM) by contrast, executes at the pleasure of individual users.

With this power comes responsibility. Many products, both from Hewlett-Packard and third-parties, as well as in-house developed applications submit batch jobs, create network servers, and detached processes. The normal flow of process creation with DCL as the command interpreter will include the invocation of SYLOGIN. Unintentional actions in SYLOGIN can thus interrupt system availability.

Changes implemented in SYLOGIN fall into three general categories:

Changes to SYLOGIN in any of these three categories have system-wide implications. When changing SYLOGIN it is all too easy to inadvertently make a change which negatively impacts system operation.

Consider how process contexts evolve from the time that they are created:

Base OpenVMS Process ($CREPRC)
CLI Initialization (SYS$SYLOGIN)
User specific login (User1)
User specific login (User2)
Non-CLI Detached Process

In particular, detached processes have evolved in an interesting direction. In the past, many products and applications created detached processes without a CLI context. Thus, DCL was never invoked. In recent years, the utility of the standard CLI context, particularly DCL, has been recognized, leading ever increasing numbers of products and applications to create detached processes with a DCL context.

This drift in technical approach has created the potential to unveil problems with local changes to the user environment. What appears to be a harmless change to the standard DCL command set (e.g., changing DELETE to automatically log output by defining the symbol DEL*ETE to "DELETE/LOG") will now produce informational messages when the DELETE/SYMBOL command is used (DELETE/SYMBOL does not have a supported /LOG qualifier). These changes impact operation whether they are inserted into the environment as DCL symbols or using the SET COMMAND facility.

Changes can have unexpectedly widespread implications. Packaged applications or locally developed code may malfunction, not because of a change in SYLOGIN processing, but because of a product or application may change its use of detached processes to use DCL, thus exposing the application to long-standing, local alterations of the standard OpenVMS environment implemented using SYLOGIN.

Underlying presumptions are pernicious, and foundational presumptions about the about the basic OpenVMS process context environment are particularly pernicious. The difficulty encountered is often not the direct result of a recent change, but the confluence of several different changes, each one quite innocent, that interact in an unforeseen manner. It is this “under the radar” aspect that often presents the most challenging situations.

In future columns, I will examine safer methods to implement changes to the default environment, the group environment, and methods and techniques to be used in identifying problems caused by the execution of SYLOGIN.

URLs for referencing this entry

Picture of Robert Gezelter, CDP
RSS Feed Icon RSS Feed Icon
Follow us on Twitter
Bringing Details into Focus, Focused Innovation, Focused Solutions
Robert Gezelter Software Consultant Logo
+1 (718) 463 1079