1 CREATE Installs the specified image file as a known image. The CREATE command is a synonym for the ADD command. Requires the CMKRNL privilege. Also requires the SYSGBL privilege to create system global sections and the PRMGBL privilege to create permanent global sections. Format CREATE file-spec 2 Parameter file-spec Names the file specification of an image to be installed as a known image. The file specification must name an existing executable or shareable image, which must have been linked with the /NOTRACEBACK qualifier. If you omit the device and directory specification, the default SYS$SYSTEM is used. The default file type is .EXE. The highest existing version of the file is used by default. However, you can specify another version of the file as the known version of the image. Even if other versions of the file exist, the version that you specify will be the version that satisfies all known file lookups for the image. 2 Qualifiers /ACCOUNTING /ACCOUNTING /NOACCOUNTING (default) Enables image-level accounting for the specified image even if image accounting is disabled (by using the DCL command SET ACCOUNTING/DISABLE=IMAGE). When image accounting is enabled on the local node, it logs all images, and the /NOACCOUNTING qualifier has no effect. /ARB_SUPPORT /ARB_SUPPORT=keyword On Alpha systems, overrides the system parameter ARB_SUPPORT for this installed image. The following table shows the keywords you can use with the /ARB_ SUPPORT qualifier: Keyword Behavior None The obsolete kernel data cells are not maintained by the system. Fields are initialized to zero or set to invalid pointers at process creation. Clear The obsolete kernel data cells are cleared or set to invalid pointers when the code would have set up values for backward compatibility. Read-only The obsolete cells are updated with corresponding security information stored in the current Persona Security Block (PSB) when a $PERSONA_ASSUME is issued. Full Data is moved from the obsolete cells to the (default) currently active PSB on any security-based operation. For more information, refer to the ARB_SUPPORT system parameter in online help. /AUTHPRIVILEGES /AUTHPRIVILEGES[=(priv-name[,...])] /NOAUTHPRIVILEGES Installs the file as a known image installed with the authorized privileges specified. Usage Notes o If a privileged image is not located on the system volume, the image is implicitly installed /OPEN. o The set of privileges for a privileged image can be empty. You must, however, list each privilege every time you define or redefine privileges. o The /AUTHPRIVILEGES qualifier applies only to executable images. o You cannot specify this qualifier for an executable image linked with the /TRACEBACK qualifier. Table of Privilege Names You can specify one or more of the privilege names shown in an appendix of the OpenVMS Guide to System Security. /EXECUTE_ONLY /EXECUTE_ONLY /NOEXECUTE_ONLY (default) The /EXECUTE_ONLY qualifier is meaningful only to main programs. It allows the image to activate shareable images to which the user has execute access but no read access. All shareable images referenced by the program must be installed, and OpenVMS RMS uses trusted logical names (those created for use in executive or kernel mode). You cannot specify this qualifier for an executable image linked with the /TRACEBACK qualifier. /HEADER_RESIDENT /HEADER_RESIDENT /NOHEADER_RESIDENT Installs the file as a known image with a permanently resident header (native mode images only). An image installed header resident is implicitly installed open. /LOG /LOG /NOLOG (default) Lists the newly created known file entry along with any associated global sections created by the installation. /OPEN /OPEN /NOOPEN Installs the file as a permanently open known image. /PRIVILEGED /PRIVILEGED[=(priv-name[,...])] /NOPRIVILEGED Installs the file as a known image with active privileges specified. If a privileged image is not located on the system volume, the image is implicitly installed /OPEN. Usage Notes o The set of privileges for a privileged image can be empty. o You must list each privilege every time you define or redefine privileges. o The /PRIVILEGED qualifier applies only to executable images. o You cannot specify this qualifier for an executable image linked with the /TRACEBACK qualifier. Installing Shareable Images Installing an image with privileges declares that the image is trusted to maintain system integrity and security properly. To maintain that trust, any routine called by the privileged image must also be trusted. For this reason, any shareable images activated for use by a privileged image must be installed. Only trusted logical names (names defined in executive and kernel mode) can be used in locating shareable images to be used by a privileged image. Interaction of /PRIVILEGED and /AUTHPRIVILEGES When you CREATE a new entry, the privileges you assign with the /PRIVILEGED qualifier are also assigned as authorized privileges (if you do not assign specific authorized privileges with the /AUTHPRIVILEGES qualifier). If you do not want this default behavior, you can specify /AUTHPRIVILEGES=NOALL, which will assign no authorized privileges to the image. You can specify one or more of the privilege names shown in the table included in the description of the /AUTHOPRIVILEGES qualifier. For examples of how to use CREATE commands with /PRIVILEGES qualifiers, see the Examples section at the end of this command. /PROTECTED /PROTECTED /NOPROTECTED (default) Installs the file as a known image that is protected from user-mode and supervisor-mode write access. You can write into the image only from executive or kernel mode. The /PROTECTED qualifier together with the /SHARE qualifier are used to implement user-written services, which become privileged shareable images. /PURGE /PURGE (default) /NOPURGE Specifies that the image can be removed by a purge operation; if you specify /NOPURGE, you can remove the image only by a remove operation. /RESIDENT /RESIDENT[=([NO]CODE,[NO]DATA)] On Alpha systems, causes image code sections or read-only data sections to be placed in the granularity hint regions and compresses other image sections, which remain located in process space. If you do not specify the /RESIDENT qualifier, neither code nor data is installed resident. If you specify the /RESIDENT qualifier without keyword arguments, code is installed resident, and data is not installed resident. The image must be linked using the /SECTION_BINDING=(CODE,DATA) qualifier. An image installed with resident code or data is implicitly installed header resident and shared. /SHARED /SHARED[=[NO]ADDRESS_DATA] /NOSHARED Installs the file as a shared known image and creates global sections for the image sections that can be shared. An image installed shared is implicitly installed open. When you use the ADDRESS_DATA keyword with the /SHARED qualifier, P1 space addresses are assigned for shareable images. With the assigned addresses, the Install utility can determine the content of an address data section when the image is installed rather than when it is activated, reducing CPU and I/O time. A global section is created to allow shared access to address data image sections. /WRITABLE /WRITABLE /NOWRITABLE Installs the file as a writable known image as long as you also specify the /SHARED qualifier. The /WRITABLE qualifier only applies to images with image sections that are shareable and writable. The /WRITABLE qualifier is automatically negated if you do not specify the /SHARED qualifier. 2 Examples 1.INSTALL> CREATE/OPEN/SHARED WRKD$:[MAIN]STATSHR The command in this example installs the image file STATSHR as a permanently open shared known image. 2.INSTALL> CREATE/OPEN/PRIVILEGED=(GROUP,GRPNAM) GRPCOMM The command in this example installs the image file GRPCOMM as a permanently open known image with the privileges GROUP and GRPNAM. Any process running GRPCOMM receives the GROUP and GRPNAM privileges for the duration of the execution of GRPCOMM. The full name of GRPCOMM is assumed to be SYS$SYSTEM:GRPCOMM.EXE. 3.INSTALL> CREATE/LOG GRPCOMM The command in this example installs the image file GRPCOMM as a known image and then displays the newly created known file entry. 4.INSTALL> CREATE/SHARED=ADDRESS_DATA WRKD$:[MAIN]INFOSHR The command in this example installs the INFOSHR file as a shared known image and creates shared global sections for code sections and read-only data sections. Because the command includes the ADDRESS_DATA keyword, address data is also created as a shared global section. 5.INSTALL> CREATE STATSHR/PRIV The command in this example creates the STATSHR image with all privileges. 6.INSTALL> CREATE STATSHR/PRIV=OPER,SYSPRV The command in this example creates the STATSHR image with the OPER and SYSPRV privileges. 7.INSTALL> CREATE STATSHR/PRIV=NOALL The command in this example creates the STATSHR image with an empty set of privileges. 8.INSTALL> CREATE STATSHR/NOPRIV The command in this example creates the STATSHR image explicitly with no privileges.