Giant Sponsors Database Historical Documentation Page (Pruned)

Working from SponsorsDataAccountsDocumentationBig as a start, we attempt to indicate sections which are irrelevant and annotate others.

equipment database (PRUNED)

The equipment database has been moved to the new inventory database. Any old documentation relating to the equipment database has no relevance.

sponsors database

An understanding of the old sponsors "database" would be relevant to anyone trying to understand, or create, replacements of it.


Name:

     sponsors - the accounts-master package's sponsor database


Synopsis:



Description:

     The  sponsors  database  is  typically  stored  in a several
     files, one per sponsor,  in  several  directories,  one  per
     department.

     Blank lines, and those beginning with a are ignored.

     Lines  ending with a backslash, are considered to be contin-
     ued on the following line as if it were  part  of  the  same
     line.  (Ensure that the backslash really is the last charac-
     ter on the line and is not followed by a space.)

     In most cases the backslash isn't  required,  as  lines  may
     also  be  continued by indenting the continuation lines with
     tabs or spaces.

     Lines beginning with an equal sign  separate  sections.   By
     convention, eight equal signs (i.e. are used before each new
     billcode or class, and  four  equal  signs  (i.e.  are  used
     before each resource.

     Each  line  comprises  a  keyword, immediately followed by a
     colon, and a list of space-separated arguments.  Lists  must
     never  be  empty.  If a particular keyword does not apply or
     its value is unknown, the line should be  omitted  (or  com-
     mented out with a and not left with an empty list.

     If the first character of a list is a character, the rest of
     the line will be the name of a decommentable file  (relative
     to the current file if the first character of the name isn't
     The line will then behave as if the list were  the  contents
     of  that  file.   In  general this feature shouldn't be used
     except where necessary to automate  the  processing  of  the
     Registrar's data.


Structure:

     The  data  is  stored  in  a logical hierarchy, each sponsor
     being divided into several  billcodes,  each  billcode  into
     several  classes,  and  each  class  into several resources.
     Each billcode is assumed to  belong  to  the  most  recently
     encountered  sponsor,  and resets all information associated
     with any previously encountered billcodes.   Each  class  is
     assumed to belong to the most recently encountered billcode,
     and resets all information associated  with  any  previously
     encountered  classes.  Each resource is assumed to belong to
     the  most  recently  encountered  class,  and   resets   all
     information   associated  with  any  previously  encountered
     resource.

     Values for each keyword are accumulated until an keyword  is
     encountered,  at which point all accumulated data is applied
     to the userids named on that line.


Sponsor Section:

     This describes the person sponsoring everything that follows
     to the end of the file.

     Sponsor: Name of person

     Department: Sponsor's UW department, if any

     Address: Sponsor's paper mailing address, if any
          Multiple lines may be used if required.

     Email: Sponsor's e-mail address, if any

     Billing: NoCharge
          Sponsor is not charged for sponsored resources.

     Billing: Automatic
          Charges  are  automatically debited to sponsor's Finan-
          cial Services account.

     Statements: NoPaper
          A paper statement is not mailed  to  the  sponsor  each
          month.

     Statements: NoWeb
          The  sponsor's  monthly  statement is not posted in our
          web space.

     Infrastructure: FirstConnection

     Userids: userid:idnumber list
          Multiple lines  may  be  used  if  required.   See  the
          Resource subsubsubsection for details about the Userids
          list.


Billcode SubSection:

     This defines the University billing code to which  all  fol-
     lowing  classes, up to the end of the file or the next bill-
     code, will be charged.  If  a  University  billcode  is  not
     appropriate  (e.g.  resources  for internal use), some other
     string may be used.  Check with the accountING package main-
     tainer to see what is or is not appropriate.

     Billcode: UW billcode or equivalent


Class SubSubSection:

     This defines the the class to which all following resources,
     up to the end of the file or the  next  class  or  billcode,
     will be charged.

     Class names must be unique (i.e. no class may have more than
     one sponsor).  The reports produced by list_sponsors(8) will
     begin on a new page for each class.

     Class: Name of class
          There  are  currently  no rules about what a class name
          may be, but for the moment, to be consistent  with  the
          old  software,  they should be of the form where is one
          through five alphabetic characters,  is  three  digits,
          and is zero or one alphabetic characters.

          To  avoid  confusion  with  those classes automatically
          generated from the Registrar's  data,  one  should  use
          Dual-Case when creating new class names (e.g. Soft100).

     Description: Description of class
          A short description of the purpose of the class.

     Usage: Primary use of the class
          One of or The most significant value  is  as  it  means
          that  usage  under  this  class should not count toward
          active usage on a machine.  (e.g. for  a  staff  member
          that must occasionally sign onto a researcher's machine
          to maintain (but not use) its software.).

     Subsidy: Dean's subsidy
          or indicating whether or not the Dean's subsidy applies
          to  resources  sponsored  by  this class (by default it
          does).

     Instructors: Name of professor, class instructor(s), et al.
          The human(s) responsible for the class.

     Enrollment: Number of members
          The estimated size of the class.

     Load: low, moderate, high, or heavy
          The estimated cpu load for the class.

     Requirements: Extra requirements
          A short list of extra requirements (e.g. special  soft-
          ware) for the class.

     Fee: Lab fee
          The  lab  fee charge for one term.  Can be given as the
          number of cents, or suffixed with or The  two  keywords
          may be abbreviated by truncation.

     MembershipStarts: Date to start
          Any  following  membership lists will be ignored before
          this date.

     MembershipEnds: Date to end
          Any following membership lists will  be  ignored  after
          this  date.  If a start date is given, the end date may
          be expressed relatively (e.g.

     Members:
          A list of userids that belong to this class.  Note that
          they  will not automatically be assigned any resources;
          that must be done by giving a value to an trigger.


Resource SubSubSubSection:

     This defines a set of resources to be billed to the  current
     class  under  the  current billcode for the current sponsor.
     The first line must select a resource:

     Computing: List of host names
          This defines resources  for  computer  accounts  to  be
          billed  to the current class under the current billcode
          for the current sponsor.

     Printing: List of printer queue names
          This defines printer access to be billed to the current
          class  under the current billcode for the current spon-
          sor.

     MailAlias: mail-alias
          This defines a mail alias (e.g.  to be  billed  to  the
          current  class  under the current billcode for the cur-
          rent sponsor.  If the mail-alias is more than 7 charac-
          ters  long,  it  must  also  include square brackets to
          indicate allowable userid truncation.
          (e.g.  generates 5 aliases,
          but generates only one alias).

     PPP: List of PPP names
          This defines PPP access to be  billed  to  the  current
          class  under the current billcode for the current spon-
          sor.

     Any following lines define the  attributes  associated  with
     the resource, which is allocated whenever a

     AssignTo: List of userids

     line  is encountered.  More than one line may be given for a
     resource, typically either to avoid long lines or to apply a
     start or end date to some but not all users.

     The  special  userid  means  all  userids defined in members
     lists for this class.

     For the mailalias resource, the given  userids  may  contain
     at-signs,  and  other punctuation, including colons, and are
     not checked for validity.

     Otherwise, each userid should be immediately followed by  an
     optional  the redundancy providing checking for incorrect or
     misspelled userids.  In addition, if the userid (and id num-
     ber)  is  on  a machine not in the standard userid namespace
     (e.g. for accessing our printers), it should be followed  by
     indicating  the  name  of  another machine where the account
     resides.

     To avoid entering the id number each time  the  same  userid
     appears  for  the same sponsor, the id number may be omitted
     without generating any warnings if the userid and id  number
     are given in the list in the Sponsor section.

     If a

     IgnoreUserids: List of userids

     is  in effect when a userid list is encountered, any entries
     common to both lists will be ignored.   (This  is  currently
     implemented only for the resource.

     The following attributes are common to most resources.

     Quota: Restrictions on the amount of the resource
          For  PPP accounts it is not defined, for printers it is
          a money limit (format is as described in the  field  in
          the  subsubsection above), and for computer accounts it
          restricts the amount of  disk  space.   Disk  space  is
          assumed  to  be  in kilobytes, but may be suffixed with
          with or to indicate kilobytes, megabytes, or gigabytes.
          To  specify  a  quota  without limit, the abbreviatable
          keyword may be used.

     SponsorshipStarts: Date sponsorship takes effect
          This is a date before  which  the  sponsorship  of  the
          resource does not apply.

     SponsorshipEnds: Date sponsorship ends
          This  is  a  date  after  which  the sponsorship of the
          resource no longer applies.  If a start date is  given,
          the  end  date  may  be expressed relatively (e.g.  End
          dates are used, rather than simply deleting  the  data,
          because  the sponsorship information may be required by
          the accountING software for several  months  after  the
          resources  are no longer needed.  For the PPP resource,
          the end date may instead be given  as  the  name  of  a
          host.  In that case, the sponsorship of the resource is
          considered to have ended when the user no longer has an
          account on the specified host.

     Address: IP-Address
          This applies only to the PPP resource.  This causes the
          resource to be assigned this fixed  IP  address  rather
          than being assigned one arbitrarily each time a connec-
          tion is made.

     Groups: Group membership
          This applies only to the computing resource, and  lists
          unix groups of which the user should be a member.

     Hosts: List of hosts
          This  applies only to the mailalias resource, and lists
          unix regions on which the alias should apply.

     Account: Sponsoring account
          This applies only to the printing resource.  If  speci-
          fied,  the  single  account  name  that  will  be  used
          (instead of the class name) as the field in the printer
          quota  database.   (i.e. the value the must be supplied
          when using

          Note that this means that these account  names  are  in
          the  same namespace as class names, and therefore along
          with the class names should be unique.


Second Attempt At A Descripton:

     The following is meant to represent the  tree  structure  of
     the database.

        Each file contains one sponsor:

        Sponsor:
        Department:
        Address:
        Email:
        Userids:

        ======== Each sponsor is divided into one or more billcodes:

        Billcode1      ...      Billcode      ...      BillcodeN

        ======== Each billcode is divided into one or more classes:

            Class1        ...      Class        ...      ClassN
            Description1           Description           DescriptionN

        ==== Each class is divided into one or more resources:

        Computing...  Printing...  MailAlias...  PPP1...
        Starts        Starts       Starts        Starts
        Ends          Ends         Ends          Ends
        Quota         Quota        Hosts         Address
        Groups        Account

        Each resource is divided into one or more lists of userids:

              AssignTo1   ...   AssignTo2   ...   AssignToN

     Each sponsor, billcode, class, or resource section overrides
     all attributes defined by  previous  sections  of  the  same
     type.

     Whenever  an  AssignTo  list  is  found  for a resource, all
     attributes accumulated so far are assigned to each userid in
     the list.

     It  is  important  to  understand the difference between how
     values are accumulated as described in the previous two sen-
     tences.   The  Userid  list  does *not* reset any previously
     defined values for the current resource.  So  for  instance,
     if the file contained the sequence:

        ...
        Computing: math watdragon
        Quota: 100M

        AssignTo: *MEMBERS*

        SponsorshipStarts: 1996/01/01
        SponsorshipEnds: +1Year
        AssignTo: jdoe jsmith

        SponsorshipStarts: 1996/06/06
        AssignTo: fbaggins gabandabalf

     The  fbaggins account would also inherit the 100M quota and,
     perhaps more surprisingly, the January 1997 end date.


Files Used:


See Also:

     get_all_sponsors(3w), list_sponsors(8).


Copyright:

     Copyright (C) 1995,2006, MFCF, University of Waterloo.



list_equipment (PRUNED)

The equipment database has been moved to the new inventory database. Any old documentation relating to the equipment database has no relevance.

accounts-master package

An understanding of the old sponsors "database" would be relevant to anyone trying to understand, or create, replacements of it. The accounts-master package was where a typical sponsors "database" would be housed.



Name:

     accounts-master-package, accounts-master - description of
     the accounts-master package


Description:

     The accounts-master package allows one to manage distributed
     resources from a single centralized database.  It currently
     knows about printer quotas, PPP access, and UNIX accounts.

     The central database contains a description of who sponsors
     what resources.  The software determines what each resource
     provider should provide, passes this information to the
     resource providers, and tells them "make it so".

     The database also provides information for billing and
     accounting purposes, while the control files associated with
     individual resources provide information about why a user
     has the resources.


Sponsors Database:

     The database (described in sponsors(5)) consists of text
     files in an arbitrary structure under the "data/sponsors"
     directory.  A simple text editor (e.g.  vi(1)) provides the
     user interface, though if desired one could design a more
     elaborate mechanism.

     The sponsor_resources(8) program examines the database and
     produces a number of text files under the three directories
     "data/resources/{account,ppp,printer}".

     Each file under a resource directory bears the name of one
     of the resource providers (e.g.  "account/logos.math",
     "ppp/anik3.mfcf", "printer/ps_mfcf").


Sponsored Resources:

     The accounts-client(8) program distributes these resource
     files to each resource provider and does the appropriate
     things to make the resources correspond to the contents of
     the file.

     In the case of UNIX accounts, this means running the spon-
     sor_accounts(8) program on the machine of interest.  On each
     machine, a file, "/software/accounts/data/users", contains
     sponsor-related information for each entry in the
     "/etc/passwd" file.

     The program ignores accounts not created by the sponsors
     data, and adjusts the resources of all sponsored accounts to
     match the new resource data.  This involves changing disk
     quotas and the "/etc/passwd" and "/etc/group" files.  It
     does not actually remove entries from the passwd file, but
     instead simply marks them as expired, other jobs later
     making them unusable (expire_accounts(8)) and finally remov-
     ing them and their files (rmallusr(8)).


Sponsor Reports:

     The list_sponsors(8) program produces summaries of sponsored
     resources suitable for sending to the individual sponsors.
     Each report begins a new page for each class (a set of com-
     mon resources), showing the specific allocation of resources
     for each user.


Bugs:

     Currently, the sponsors data does not affect /etc/group.

     Currently, nothing uses the printer and ppp resource infor-
     mation.

     This package contains many other files and programs.


See Also:

     sponsors(5).


Copyright:

     Copyright (C) 1997, MFCF, University of Waterloo.

accounts-client command (VERY IMPORTANT)

accounts-client (and sponsor_resources ) were the programs/commands old maintainers of the old sponsors "database" would use most often (in many cases almost exclusively) to put changes they configured into production.


Name:

     accounts-client - updates accounts on remote clients


Synopsis:

     accounts-client [[host=]hostname]


Description:

     accounts-client uses the data compiled by the accounts-mas-
     ter(8) program ("/software/accounts-mas-
     ter/data/resources/*/*") and updates all accounts-controlled
     accounts on the specified "host=" host.

     If no explicit host is given, all hosts (i.e. those listed
     by `hostin group=mfcf_sponsored`, `hostin group=mfcf_ads`,
     `hostin group=mfcf_macs`, `hostin group=windows-masters`,
     and `hostin group=polaris-masters`) are updated.  (Replace
     "_mfcf" with "_cscf" or other appropriate administration.)

     For each of the "mfcf_sponsored" machines (the most common
     case), the account resource file is distributed to the
     machine and the sponsor_accounts(8) program is run on that
     machine to do the update.

     Processing for the other types of hosts is handled in a sim-
     ilar way, though the host where the update processing occurs
     might not be the same as the target host.


Note:

     Unlike accounts-master(8), this program does not detach
     itself, and so killing it might have some effect on the
     remote updates.


Example:

     When updating all clients, one would typically do something
     like this:
          math% accounts-client >&~/#ac
          math% cut -c1-79 ~/#ac | page

     For a single client, math% accounts-client student.math
     would be used.


See Also:

     accounts-master(8), sponsor_resources(8), do_polaris(8),
     sponsor_accounts(8), mfcf-course-accounts(i).


Copyright:

     Copyright (C) 1996, 1997, 2009, MFCF, University of Water-
     loo.

accounts-master command (Reasonably Important)

accounts-master is the command everyone forgot about. But, arguably, every time they ran sponsor_resources they should have been running accounts-master instead. accounts-master did a superset of sponsor_resources and the running of sponsor_resources alone was a sort of optimization in most situations. But an astonishing number of people were surprised to hear about the function of accounts-master. Perhaps that was partly because it tended to be run automatically once a day.

Apparently missing here is a man page for make_all_accounts which does the actual work



Name:

     accounts-master - gathers current information for maintain-
     ing accounts


Synopsis:

     accounts-master [{+|-}Verbose]


Description:

     accounts-master gathers information from various places and
     produces lists of accounts and resources that should exist
     on the machines it administers.  In addition, (some) printer
     quotas, man pages and web pages are updated.

     The program, accounts-client(8), should then be used to
     update the accounts on those machines (hostin group=stu-
     dents).

     The output, which is appended to the log file, is much more
     detailed than one would normally want to see, so unless one
     specifies "+Verbose", all blank lines and all lines begin-
     ning with "+++" are omitted from the output.  If one doesn't
     want to see the progress of the job as it proceeds, specify-
     ing "-Verbose" will suppress all lines beginning with "===",
     and in theory only the important messages (e.g. errors) will
     be displayed.

     Note that the real work is done by a program that is submit-
     ted by an rsh where it runs in the background independent of
     this program.  That means that one may kill the accounts-
     master program without affecting the actual update.


Bugs:

     This is still somewhat under development.

     What is actually considered to be important output isn't
     always correct.

     The output sometimes contains lines of the form "ADD1: ...".
     This indicates something I have to update by hand, but even-
     tually it will be automated.  The same list will appear
     every time, so you don't need to worry about telling me
     about them.


Files Used:

     /software/accounts-master/data/sponsors/
     /software/accounts-master/data/resources/
     /software/accounts/logs/accounts-master


See Also:

     accounts-client(8), sponsor_resources(8), mfcf-course-
     accounts(i).


Copyright:

     Copyright (C) 1994,1996, MFCF, University of Waterloo.

check_equipment command (PRUNED)

The equipment database has been moved to the new inventory database. Any old documentation relating to the equipment database has no relevance.

check_network command (PRUNED)

The equipment database has been moved to the new inventory database. Any old documentation relating to the equipment database has no relevance. Even if check_network had applications apart from the equipment database, CSCF never made use of the command.

get_printer_quotas command



Name:

     get_printer_quotas - merge requests for accounts


Synopsis:

     get_printer_quotas


Description:

     get_printer_quotas uses the "Printers" control file to
     determine the current printer quota allocations, and to pro-
     duce batch update files suitable for each printer.

     At the moment nothing beyond this is automated.  One must do
     the following by hand:

          math% get_printer_quotas
          math% cd /software/accounts-master/data/work
          math% lpquota_update_sucks -p ps_mfcf - < lpquotas.update.ps_mfcf
          math% lpquota_update_sucks -p [ ... ] - < lpquotas.update.[ ... ]
          math% mv lpquotas.new lpquotas

     making sure that each step works successfully.  The program
     will fail harmlessly if the file "lpquotas.new" exists.

     The very first time, the "lpquotas" file, which contains the
     current values of the printer quotas, must be created as an
     empty file.

     At the end of each term the following must be done, before
     switching to the Registrar's data for the next term.

     - Remove all non-cumulative entries from the Printers file.
     - Update as usual.
     - Zap the lpquotas file (to forget about everything).
     - Set up the Printers file for the new term.
     - Switch all the other accounts things for the new term.
     - Do all other accounts updates for the new term.
     - Update as ususal.


Files:

     /software/accounts-master/data/control/Printers
     /software/accounts-master/data/work/lpquotas
     /software/accounts-master/data/work/lpquotas.new
     /software/accounts-master/data/work/lpquotas.update.<printer>


See Also:

     lpquota_update_sucks(8),


Copyright:

     Copyright (C) 1992, MFCF, University of Waterloo.

get_student_registry command (OBSOLETE)

This command is probably a predecessor of download_accounts_data. (Used by accounts_master ).


Name:

     get_student_registry - fetch the current student registry
     from Data Processing


Synopsis:

     get_student_registry


Description:

     get_student_registry fetches the current student registry
     data provided by Data Processing.  The file contains the
     following colon-separated fields:
     - family name
     - given name(s)
     - initials
     - id number
     - faculty
     - program
     - year and term
     - degree type
     - courses (separated by commas)


Files

     /software/accounts-master/data/temp/student_registry


See Also:

     register_student_programs(8).


Copyright:

     Copyright (C) 1991, MFCF, University of Waterloo.

get_userid_status command



Name:

     get_userid_status - gather the userid statuses in our admin-
     istration


Synopsis:

     servers/get_userid_status host*


Example:

     set hosts=`include_files config/hosts_mail | decomment`
     get_userid_status `cat $hosts`  >addresses


Description:

     get_userid_status runs userid_status(8) on each host given
     on the command line filling in any known id numbers to pro-
     duce the mail address for each id.

     Output consists of one line per userid in the form
     "userid:id:host:status", where "id" is the student,
     employee, or other id number associated with the userid, and
     "status" is one of: "Active", "Zmail", "Sendmail",
     "Expired", "Unused", "DelForward", "Deleted", or "Unknown",
     as described in mail_registry(8).


Note:

     This program is normally run only by the register_mail(8)
     program to produce input for the mail_registry(8) program.


See Also:

     userid_status(8), mail_registry(8), register_mail(8).


Copyright:

     Copyright (C) 1995, MFCF, University of Waterloo.

inuse command

This used to be a superset of some sort over just querying WatIAM (or equivalent). It would keep track of userids used privately across campus to avoid further conflicts beyond just WatIAM.


Name:

     inuse - query IST's inuse userid database


Synopsis:

     inuse [grep arguments]


Description:

     inuse searches the database of inuse userids maintained by
     IST.

     Typically one would use this to see if an about-to-be-ass-
     signed userid is in use anywhere on campus.

     Userids can be in full or truncated-to-8 format.  For short
     userids one would likely want to check for that userid
     exactly (e.g.  "jsmith" shouldn't match "ajsmith" or
     "jsmithjones"), using the -w grep option.

          % inuse -w jsmith

     For long userids one would likely want to check for both
     forms:

          % inuse -w 'rbutterw\|rbutterworth'

          % inuse '\\\<rbutterw'

          % inuse -w 'rbutte.\*'

     Each line of output contains three fields: Date, Userid,
     Host, and Source, where the Source is an occasionally mean-
     ingful comment supplied by the program that registers the
     userid as being in use, and the Date is the most recent date
     that the information in the other three fields was received
     (unfortunately they don't record the earliest such date
     too).


Notes:

     The right number of backslashes to use isn't always obvious.

     This uses a lot of cpu on one of IST's machines, so don't
     abuse it.


Commands Used:

     /software/gnu/bin/grep -E


Copyright:

     Copyright (C) 1998, MFCF, University of Waterloo.

list_classes command



Name:

     list_classes - list MFCF-resource classes


Synopsis:

     list_classes [-Registration] [+Noresources] [+Colons]
          [Sponsors=/software/accounts-master/data/sponsors/REGISTRAR]
          [[fields=]ALL|Cents|Printer|Class|Kbytes|
                    |Host|Limit|Enrollment|Load|Instructor|Com-
          ment]*


Options:

     [Sponsors=/software/accounts-master/data/sponsors/REGISTRAR]
          Directory (or file) containing class sponsorship infor-
          mation.

     [+Noresources]
          List "nowhere" classes too (i.e. those used only for
          generating .classlists).

     [-Registration]
          Don't list faculty and department pseudo-classes (e.g.
          cs08, arts3).

     [+Colons]
          Display output as colon-separated fields.

     [[fields=]fieldname]*
          Each specified field (which may be abbreviated by non-
          ambiguous truncation) is displayed in the output in the
          order given.  "ALL" implies all fields.


Description:

     list_classes Sorts, culls, and lists the Registrar sponsored
     classes in what is intended to be a more readable format.
     Future options might include "Host=hostname" to select by
     host.


Examples:

          list_classes class enrollment load instructor comment \
               >/software/mfcf-specific/man/mani/mfcf-classes.i
          list_classes cents printer class kbytes host instructor +reg \
               >/software/mfcf-specific/mani/mfcf-class-resources.i


See Also:

     sponsors5


Copyright:

     Copyright (C) 1993,1997,2001, MFCF, University of Waterloo.

list_sponsors command



Name:

     list_sponsors - list resource sponsors


Synopsis:

     list_sponsors [HaveExpired=121] [WillEnd=183]
     [[sponsorpath=]/software/accounts-master/data/sponsors]*
     [Resources=ALL|Printing|MailAliases|PPP|Computing|Equip-
     ment|Users|Sponsors|Classes]
     [Severity=Warnings|Notes|Errors]
     [ListNames=Classes|Resources|Users|Sponsors]


Examples:

     Put report into "#ls-stdout" and errors into "#ls-stderr":
     % ( list_sponsors > #ls-stdout )  >&#ls-stderr
     List accounts sponsored by MFCF:
     % cd /software/accounts-master/data/sponsors && list_spon-
     sors +s MFCF


Options:

     [[sponsorpath=]/software/accounts-master/data/sponsors]*
          Files (or directories to be recursively descended) con-
          taining the sponsor data.

     [HaveExpired=121]
          Warn about entries that expired more than this many
          days ago.

     [WillEnd=183]
          Warn about entries that will expire in fewer than this
          many days.

ment|Users|Sponsors|Classes]
     [Resources=ALL|Printing|MailAliases|PPP|Computing|Equip-
          Restrict the report to a specific section.  Note that
          "Users" isn't really a resource.

     [Severity=Warnings|Notes|Errors]
          Omit problem reports that are less than this severity.
          The default is warnings and errors, with notes sup-
          pressed.

     [ListNames=Classes|Resources|Users|Sponsors]
          Special purpose formatted output (still under deveop-
          ment).


Description:

     list_sponsors formats the contents of the sponsors database
     into reports (or summaries) suitable for sending to the
     sponsors.

     If all you are interested in is checking the database for
     problems, use the "ListNames=users" option to minimize the
     time it takes and the size of the standard output produced.


Standard Output:

     For the "ListNames=users" form, a simple list containing all
     "userid@host" and "userid@@host" forms defined by the
     database is produced.  This is handy for comparing the
     database against which accounts are actually on each
     machine.  The double "@" indicates that the host is one that
     doesn't claim to use standard userids.

     The normal form of the output comprises one report for each
     sponsor, each beginning on a new page with the sponsor's
     name, address, etc.  followed by listings of the computer
     accounts and printer accounts they sponsor, followed by a
     list of all sponsored userids containing their names, id
     numbers, etc.

     Sponsors should check that the resources for each account
     are correct, and that the userids they have requested really
     do correspond to the people described in the last section.


Error Output:

     Stderr may contain three classes of messages, one per line,
     prefixed with "Note:", "Warning:", or "Error:".  Notes are
     unimportant things that can be fixed when the presence of
     these messages becomes annoying enough.  Warnings are impor-
     tant things that the program managed to correct, but which
     should be fixed as soon as possible.  Errors are serious
     problems that cause the program to exit prematurely, and
     which must be corrected.

     The most common messages you are likely to see are:

     "Error: unknown host"
          The host isn't reachable from this machine.

     "Error: userid xxx should be yyy"
          An obsolete userid was given for the user.

     "Error: userid xxx has id number yyy not zzz"
          The userid and id number don't match.

     "Error: userid xxx is not a standard userid"
          The userid isn't registered as a standard userid.

     "Error: disk quota xxx begins with a non-digit"

     "Warning: we don't administer host xxx"
          The host isn't in our adminstration, so we don't create
          accounts there.

     "Warning: userid xxx should have id number zzz"
          No id number was given with the userid, but one should
          be given so that the redundancy will help check for
          typos and other mistakes.  This will eventually become
          a fatal error.

     "Warning: ignoring group xxx"
          A group such as "users" or "none" was assigned to the
          account, but such groups are automatically given any-
          way.

     "Warning: xxx requires exactly one argument"
          A non-essential information field was given bad data.

     "Note: sponsor xxx, billcode yyy, has expired account zzz"
          The entry expired before the time indicated by the
          "HaveExpired=" option.

     "Note: userid xxx should possibly be yyy"
          An obsolete standard userid has been given, but it's on
          a host that doesn't claim to have standard userids, so
          it might actually be a different user.

     "Note: userid xxx should possibly have id number zzz"
          If this is a standard userid, it should have the given
          id number, but it's on a host that doesn't claim to
          have standard userids, so it might actually be a dif-
          ferent user.

     "Note: userid xxx is a non-standard userid"
          The userid is non-standard, but it's on a host that
          doesn't claim to have standard userids.


Files:

     /software/accounts-master/data/sponsors/*/*


Copyright:

     Copyright (C) 1993, 1994, MFCF, University of Waterloo.

mail_deletion command



Name:

     mail_deletion - gather invalid uwdir mail addresses


Synopsis:

     servers/mail_deletion <host-file Outputdirectory=path
          Registered=registered-file Status=status-file


Description:

     mail_deletion reads a list of uwdir mail addresses (from
     Registered=) and compares them to a list of known addresses
     (from Status=), as produced by get_userid_status(8), and
     writes the result to a file in the Outputdirectory:
     "uwdir_wrong".

     Registered addresses with hosts that are not named in the
     host-file are ignored.

     The "uwdir_wrong" file is suitable (with a little editing)
     for passing to uwdir-submit(8).


Note:

     This program is normally run only by the register_mail(8)
     program.


See Also:

     get_userid_status(8), userid_status(8), uwdir-submit(8).


Copyright:

     Copyright (C) 1995,2010 MFCF, University of Waterloo.

mail_registry command



Name:

     mail_registry - gather mail addresses suitable for uwdir


Synopsis:

     servers/mail_registry [Domain=uwaterloo.ca]


Description:

     mail_registry reads a list of mail addresses as produced by
     the get_userid_status(8) program, reformats it
     ("id:address:status"), and writes the result to standard
     output.

     The first field of the output is an valid e-mail address
     with a fully-qualified host-domain-name.

     The second field is one of the following statuses:

     Active
          - /etc/passwd:  the account has been assigned a pass-
          word.

     Zmail
          "/software/zmailer/data/config/lists"

     Sendmail
          "/var/adm/sendmail/aliases"

     Expired
          "/software/accounts/data/users" - the account is living
          on borrowed time and unless circumstances change will
          become

     DelForward
          "/etc/passwd" - login shell is "/etc/Deleting*", but
          the home directory contains a ".forward" file.

     Unused
          "/etc/passwd" - encrypted password is "New-User*".
          i.e. the account has not yet been assigned a password.

     Deleted
          "/etc/passwd" - login shell is "/etc/Deleting*".  i.e.
          the account is unusable and will be removed at the end
          of the month.

     Unknown
          - should never happen.

     Records with the "Deleted" status are not written.

     If a userid has the same status on two hosts, the status for
     the host that was given first on the command line will be
     used.

     If a userid has different statuses on two hosts, the status
     that appears first in the above list will be used.  Note
     that the order of the above statuses is not the same as the
     priority used on the individual hosts by userid_status(8).


Note:

     This program is normally run only by the register_mail(8)
     program.


See Also:

     get_userid_status(8), userid_status(8), uwdir-submit(8).


Copyright:

     Copyright (C) 1995,2010, MFCF, University of Waterloo.

make_remote_accounts command (IMPORTANT)

Details in this page, however, are severely out-of-date. Details in this page, however, are severely out-of-date. Now it primarily exectutes, remotely, on the appropriate regional server, _sponsor_aliases_ and _sponsor_accounts_ (and different cases for special cases, such as Active Directory masters).


Name:

     make_remote_accounts - makes remote accounts.


Synopsis:

     servers/make_remote_accounts [-h hostname]


Description:

     This should not be called by anyone or anything other than
     by the accounts-client(8) program.

     make_remote_accounts Takes the information produced by
     make_all_accounts(8), and sends it to the specified machine
     (or all machines in `hostin group=students`), and then runs
     mkstuds(8) remotely to update the accounts.


Files Used:

     /software/accounts-master/data/control/{Classes,Special},
     /software/accounts-master/data/work/*.


Bugs:

     Can only handle userids that have student id numbers.


See Also:

     accounts-master(8), accounts-client(8), make-all-
     accounts(8), mfcf-course-accounts(i), mkstuds(8).


Copyright:

     Copyright (C) 1994, MFCF, University of Waterloo.

merge_account_requests command (OBSOLETE)

This has been superseded by something.


Name:

     merge_account_requests - merge requests for accounts


Synopsis:

     sort requests  merge_account_requests


Description:

     merge_account_requests fetches requests for accounts from
     standard input (which must be sorted by id number) and
     merges them with the student registry data.  The output con-
     tains the following colon-separated fields:
     - id number
     - initials
     - family name
     - given name(s)
     - courses (separated by commas)


Files:

     /software/accounts-master/data/temp/student_registry_mfcf


See Also:

     register_userids(8), get_special(8), get_student_reg-
     istry(8).


Copyright:

     Copyright (C) 1991, MFCF, University of Waterloo.

net_update_sql command



Name:

     net_update_sql - produce SQL commands to update inventory
     database SNMP info


Synopsis:

     servers/net_update_sql [Input=]/software/accounts-mas-
     ter/data/networks/NetInfo


Description:

     net_update_sql examines the ping and SNMP data compiled by
     network scanning and produces SQL commands to update the
     inventory database.


See Also:

     scan_network(8), check_network(8), update_network(8).


Copyright:

     Copyright (C) 2008 MFCF, University of Waterloo.

register_mail command



Name:

     register_mail - send preferred mail addresses to uwdir


Synopsis:

     servers/register_mail


Description:

     register_mail examines the mail address for all userids in
     the administration (actually the hosts named in the file
     "/software/accounts-master/config/hosts_mail" less those
     named in the file ".../config/hosts_nomail"), and sends them
     to the uwdir database.

     Because of the way quwdir(1) works, changes cannot be made
     to existing addresses.  Instead two updates are sent.

     The first update contains records for invalid mail addresses
     (no such userid on the machine, or the account is about to
     be deleted and has no ".forward" file), requesting that the
     entries be deleted.

     The second contains records for all userids in the adminis-
     tration.  Only those entries matching uwdir mail addresses
     that are empty will be filled in.


See Also:

     get_userid_status(8), userid_status(8), mail_deletion(8),
     mail_registry(8), quwdir(1).


Copyright:

     Copyright (C) 1995,2008 MFCF, University of Waterloo.

register_student_programs command (OBSOLETE)

This has been superseded by something.


Name:

     register_student_programs - merge requests for accounts


Synopsis:

     register_student_programs <input >output


Description:

     register_student_programs fetches requests for accounts from
     standard input (which are in the computing services format
     (see get_student_registry(8))) and produces records with the
     following colon-separated fields:
     - id number
     - initials
     - family name
     - given name(s)
     - courses (separated by commas)

     An additional item is added to the courses list of the form
     "faculty#", where "faculty" is the faculty the student is
     registered in, and "#" is the year the student is registered
     in, with "6" indicating a Masters student, "7" indicating a
     Doctors student, and "0" indicating a non-degree student or
     other unknown program.


Files:

     /software/accounts-master/data/temp/student_registry,
     /software/accounts-master/data/temp/student_registry_mfcf.


See Also:

     register_userids(8), get_special(8), get_student_reg-
     istry(8).


Copyright:

     Copyright (C) 1991, MFCF, University of Waterloo.

scan_network command (PRUNED)

The equipment database has been moved to the new inventory database. Any old documentation relating to the equipment database has no relevance.

select_classes command



Name:

     select_classes - select classes of users for account cre-
     ation


Synopsis:

     select_classes


Description:

     select_classes reads account requests from its standard
     input and selects those that match entries in the Classes
     file.


Files:

     /software/accounts-master/data/host/Classes


See Also:

     make_account_requests(8).


Copyright:

     Copyright (C) 1991, MFCF, University of Waterloo.

sponsor_resources command (VERY IMPORTANT)

sponsor_resources (and accounts-client ) were the programs/commands old maintainers of the old sponsors "database" would use most often (in many cases almost exclusively) to put changes they configured into production.


Name:

     sponsor_resources - generate resource data from sponsors
     data

     'Warning: This is still under development."


Synopsis:

     sponsor_resources Severity=Warnings|Notes|Errors
     [sponsors=]/software/accounts-master/data/sponsors
     Configdirectory=/software/accounts-master/data/sponsors/.Config
     Resources=/software/accounts-master/data/resources
     Expired=90
     Today=today


Options:

     [sponsors=]/software/accounts-master/data/sponsors
          Directories or files containing the sponsors database.

     Configdirectory=/software/accounts-master/data/spon-
          sors/.Config
          Directory containing configuration files.

     Resources=/software/accounts-master/data/resources
          Directory to contain the sponsored resources output.

     Severity=Warnings|Notes|Errors
          Omit problem reports that are less than this severity.
          The default is warnings and errors, with notes sup-
          pressed.

     Expired=90
          Warn about sponsorship which ended more than the given
          number of days before the current time.

     Today=today
          Change the assumed date (time) used for all time-based
          calculations such as SponsorshipEnds.  The format "21
          Jan 2009" is accepted, as are various other date for-
          mats.


Description:

     sponsor_resources takes the sponsors data and sorts it by
     resource-type (account, printer, ppp) and by resource-
     provider (hostname, printername, anikname), and merges com-
     mon resources for each userid.

     The output is put into a number of files and directories.
     Each resource-type has an output directory, and each
     resource-provider has a file containing the resources it
     should provide.  For instance, the file "/software/accounts-
     master/data/resources/computing/math" will contain all the
     sponsored accounts that should be on the host "math".
     The output contains one line for each resource for each
     userid, with each field separated by colons.  The first
     field is always the userid.

     The accounts records then have fields for personal-name, id
     number, and preferred uid.

     The final field is a comma-separated list of resource quo-
     tas.  These are of the form: "Class-name(quotas)", where in
     the case of printers, the quotas are in pages; in ppps, the
     quotas are nonexistent; and in the case of accounts, the
     quotas are in kilobytes and may be followed by a semicolon
     and a comma-separated list of groups.


Files:

     /software/accounts-master/data/sponsors/*/*
     /software/accounts-master/data/resources/{account,printer,ppp}/*


See Also:

     accounts-master(8) - calls sponsor_resources and even more
     accounts-client(8) - update remote accounts
     list_sponsors(8) - explanation of error messages


Copyright:

     Copyright (C) 1996, 1997, MFCF, University of Waterloo.

update_network command (PRUNED)

The equipment database has been moved to the new inventory database. Any old documentation relating to the equipment database has no relevance.

update_web_pages command



Name:

     update_web_pages - update mfcf web pages with mfcf.math data


Synopsis:

     update_web_pages


Options:

     none


Description:

     update_web_pages is normally run from the crontab, but can
     be run safely at any time.

     It is intended to solve some of the problems caused by hav-
     ing the authoritative source for some information on
     "mfcf.math", while the MFCF web server is on "www.math", a
     different machine.

     The program is a script that simply calls other programs
     that produce automated web pages, and then distributes the
     results to the MFCF web space.


See Also:

     webify_owner_groups(8)


Copyright:

     Copyright (C) 2001, MFCF, University of Waterloo.

webify_owner_groups command



Name:

     webify_owner_groups - produce supported host web pages from
     Owners data


Synopsis:

     servers/webify_owner_groups
     [outputDirectory=/software/accounts-master/data/work/web-
     ify_owner_groups]
     [GroupDescriptions=/software/accounts-master/data/own-
     ers/.Config/groups]
     [[ownerpath=]/software/accounts-master/data/owners]


Options:

     outputDirectory=
          Directory where the html files are to be dumped

     GroupDescriptions=
          File containing host group descriptions.

     [ownerpath=]
          File or directory containing owner information.


Description:

     webify_owner_groups takes the hosts in the owners database
     (ownerpath=), and produces a web page for each group
     (including configured group descriptions (GroupDescrip-
     tions=)), and an "index.html" file therefor.

     All output is put into the specified directory (outputDirec-
     tory=).  The program will exit with a fatal error if it
     attempts to overwrite any existing file, so be sure to empty
     the directory before calling it.

     This program is intended to be run by another program (nor-
     mally from the crontab), which then distributes the new web
     pages to "www.math".

     The options are provided mostly for debugging purposes, and
     are not normally needed.


Files:

     /software/accounts-master/data/work/webify_owner_groups/*
     /software/accounts-master/data/owners/.Config/groups
     /software/accounts-master/data/owners/*
     check_owners(8)


Copyright:

     Copyright (C) 2001, MFCF, University of Waterloo.


diskquota command (OBSOLETE)

Eventually things changed so the vendor quota command would work.


Name:

     diskquota - show disk quota


Synopsis:

     diskquota [-Remote] [userid|uid]*


Description:

     The diskquota command shows the calling or specified user's
     disk quota on the current host and on all hosts from which
     writable filesystems are remotely mounted.  The -Remote flag
     will prevent any remote filesystems from being checked.

     If disk usage exceeds the user's soft limit, the hard limit
     is also displayed (in square brackets).

     On most machines, each user's disk quota and usage is nor-
     mally public information, available for any other user to
     see.  On machines where this policy isn't followed, users in
     group "operator" or "accounts" may query anyone's quota,
     even if the filesystem's quota file does not have general
     read permissions.

     If it checks any filesystems whose disk usage is in the pro-
     cess of being reinitialized (e.g. the Network Appliances
     fileservers for the student and general regions) this com-
     mand will exit with status 1.


See Also:

     quota(1)


Files Used:

     /software/accounts/config/regional/fashosts
     /software/accounts/config/regional/rquotahosts


Copyright:

     Copyright (C) 1993,2003,2005,2008 MFCF, University of Water-
     loo.

groups command (BEWARE)

Some people did not like the sometime tendency of xhier to provide locally enhanced versions of standard commands.



NAME

     groups - show group memberships


SYNOPSIS

     groups [-s<sep>] [-p] [user]
     groups [-s<sep>] [-p] -{g|G} group_name
     groups [-s<sep>] [-p] -{g|G} group_id


DESCRIPTION

     The groups command shows the groups to which you or the
     optionally specified user belong.

     If the -p flag is used, only the principal group for users
     is listed; in other words, only /etc/passwd is examined.  If
     -p is used, a group or userid must be specified.

     If the -g flag is used, all members of the specified group
     are shown.  (The group may be specified either by its name
     or numeric group id.)

     If the -G flag is used, only the user names of accounts for
     which the specified group is the principal group are listed;
     in other words, only /etc/passwd is examined.  The -G flag
     is obsolete - use -p -g instead.

     The string given as argument to the -s flag is used as the
     separator between the user names or group names listed,
     instead of a newline (the default for the -g/-G form) or a
     space (the default for the other form).  The string is
     parsed for escape sequences of the form "\x" where x is in
     the set {a, b, f, n, r, t, v}: these are mapped to
     corresponding ASCII character codes as per K&R 2nd ed. sec-
     tion 2.3.

     Each user belongs to a group specified in the password file
     /etc/passwd and possibly to other groups as specified in the
     file /etc/group.  If you do not own a file but belong to the
     group which it is owned by then you are granted group access
     to the file.

     When a new file is created it is given the group of the con-
     taining directory.


SEE ALSO

     setgroups(2)


FILES

     /etc/passwd, /etc/group


BUGS

     More groups should be allowed.
     groups in.


UW DIFFERENCES

     The -g, -G, -p, and -s options are UW enhancements.

init_home command (Somewhat Important)

This is probably less important than rmallusr. Standard Ubuntu Linux provides means to create home directories, e.g. on first login. Creating is easy. Removing the directories later, at an appropriate time, to recover disk space, is harder.


Name:

     init_home - reinitialize your home directory


Synopsis:

     init_home [userid]*


Description:

     This command tries to set up your home directory as it would
     be if the account had just been created.

     Usually this just means giving you the latest versions of
     the standard .cshrc and .profile files.  Any conflicting
     files will be renamed and a warning displayed.

     The optional userid arguments may only be given if you are
     root.

     If no userid is given, the directory specified by the
     "$HOME" environment variable will be used.  If that variable
     is not set, the home directory field in your "/etc/passwd"
     entry will be used.

     If your reason for using this command is that your ".cshrc"
     file is so messed up that you can't even execute any com-
     mands, you will have to invoke the command using its full
     pathname: /software/accounts/bin/init_home.

     Note that this command does not affect X11 files, such as
     ".xsession", which can be reinitialized by simply removing
     or renaming them and logging in again.


Configuration:

     Files and directories are copied, following symlinks, from
     the package's "init_home" configuration directories.

     It is a common practice for administrators to have accounts
     automatically created on all hosts that they are responsible
     for.  Such users can be listed as "userid@homehost" in the
     "admin/common_users" configuration file.  init_home will
     initialize the ".forward" and ".rhosts" files for these
     accounts (but will not replace existing instances thereof).


Files Used:

     /software/accounts/config/*/init_home
     /software/accounts/config/admin/common_users


See Also:

     .cshrc(5)


Copyright:

     Copyright (C) 1990, 1997, 2005, 2006, MFCF, University of
     Waterloo.

lastlog command (PRUNED)

laston command (PRUNED)

password command

This was suspiciously close to a local cover for standard vendor commands.


Name:

     password - change a user's password


Synopsis:

     password  Userid_Or_Idnumber
     password  Userid_Or_IdNumber  +Randompassword
     password  Userid_Or_IdNumber  Encryptedpassword=string


Description:

     This command enables certain non-super-users to change a
     user's password, though it is also handy for super-users,
     and can be used by non-privileged users to set their own
     passwords (in particular if they forget the spelling of
     "passwd").

     For students, it is best to give this command the 8-digit
     "id number", since it isn't possible to know their official
     userid from the information given on id cards (e.g. jsmith
     vs. j2smith).

     This mapping from id number to userid is likely to work only
     on machines that have MFCF standard userids.  Userid matches
     are performed before id-number matches, so administrations
     may use the payment[sic] field of the "users" file for some-
     thing other than the id-number without worrying about incor-
     rect matches.  (See users(5)).

     The "+Randompassword" option will generate a random password
     and ask if that is what you want it set to.

     The "Encryptedpassword=string" option will set the
     /etc/passwd entry to the given string.  Only a super user
     can set the string to be a single "*".  Don't try it unless
     you know what you're doing.

     New accounts are usually created with an illegal encrypted
     password, typically something like "New-User-S96".  (Illegal
     means anything that isn't exactly 13 characters chosen from
     the set of digits, letters, and the characters "/" and ".".)
     Some accounts may have illegal passwords simply because they
     are not intended ever to be logged into.  In such cases the
     illegal password entry should begin with the character "*".

     Someone in group "operator", "opcons", or "staff" may change
     passwords only on accounts that have an illegal encrypted
     value, providing the first character is not a "*".  Someone
     in group "accounts" may change any password provided that
     the encrypted form is not a single "*".

     No one but the super-user may change a vendor-supplied
     account (e.g.  "root" or "daemon"), as defined by the file
     "/software/setpw/config/arch/vendor.passwd".


See Also:

     passwd(1)


Copyright:

     Copyright (C) 1989, 1998, MFCF, University of Waterloo.

courses file (INTERESTING HISTORY)

This probably predates the current sponsors data set of files. The current sponsors data set of files was designed by admininstrative assistant Christie Gillin.



Name:

     Courses - accounts database of student courses


Synopsis:

     /software/regtape/data/Courses
     /software/accounts/data/host/Courses


Description:

     The file /software/regtape/data/Courses contains information
     describing the courses for which student accounts are to be
     created.  The file is maintained on the central regtape
     host, and distributed elsewhere to
     /software/accounts/data/host/Courses.

     The file consists of a series of records, one per line.
     Anything after '#' is treated as a comment and ignored, as
     are blank lines.  Fields are separated by blanks or tabs and
     are aligned only for human readability.


Example:

          #
          #course    host           kbytes   # Comments
          #

          # Modelling With Ordinary Differential Equations
          am250      crocus         500      # Marshman
          am250      dahlia         500      # Marshman
          am250      trillium       500      # Marshman

          # Modelling with Systems of Ordinary Diffiqueues
          am251      crocus         500      # Marshman
          am251      dahlia         500      # Marshman
          am251      trillium       500      # Marshman


Files:

     /software/regtape/data/Courses
     /software/accounts/data/host/Courses


Copyright:

     Copyright (c) 1990, MFCF, University of Waterloo.

fashosts file



Name:

     fashosts - declare remote fileserver information


Synopsis:

     /software/accounts/config/regional/fashosts


Description:

     The file /software/accounts/config/regional/fashosts lists
     the remote quota trees which are maintained remotely on ded-
     icated fileservers.  Blank lines, and any line whose first
     non-blank character is a "#" are ignored.

     Each line consists of the hostname of a remote fileserver
     (typically a faserver), optionally followed by a colon, and
     a list of one or more quota tree names, separated by commas.


Examples:

     The following lines might be used to declare remote filesys-
     tems on remote fileserver "hooke.math".  The first line
     assumes defaults will be used, while successive lines spec-
     ify more details of quota tree(s) explicitly.

          hooke.math
          hooke.math:vol1
          hooke.math:vol1/home
          hooke.math:vol1/home,vol1/mail

     Assuming that a user with a uid of 123 in the "/etc/passwd"
     file has a sponsored disk quota value of 5000 kbytes in the
     "data/users" file, the last line in the above example would
     produce these two lines in the fileserver's "/etc/quotas"
     file:

          123 user@/vol/vol1/home 5000K
          123 user@/vol/vol1/mail 5000K


Bugs:

     Until the parser can be made smarter, the "vol1/" values
     must be identical for all entries on a line.

     More significantly, each hostname must be different.

     Together these restrictions imply that each host can have
     only one "/vol1" value.


Development:

     Perhaps the syntax could be extended to allow the quotas on
     multiple qtrees to be different, with relative percentages
     or absolute amounts.  e.g.:

          hooke.math:vol1/home,vol1/mail(50%),vol1/scratch(20G)


See Also:

     mkquota(8)


Copyright:

     Copyright (C) 2008, MFCF,CSCF, University of Waterloo.

users file (VERY IMPORTANT)

/software/accounts/data/users aka /.software/regional/accounts/data/users was how appropriate user resource information got from the accounts master to the regional master, and from the regional master to its clients (where needed). (For example the userinfo command was basically a query of /software/accounts/data/users .


Name:

     users - user account related information


Synopsis:

     /software/accounts/data/users


Description:

     The file /software/accounts/data/users contains information
     about user accounts, complementing the /etc/passwd file,
     with which there should be a one-to-one mapping.

     The file consists of a series of records, one per line.
     Fields within a record are separated by a colon.  For his-
     torical reasons, the fields are called: "name", "quota",
     "date", "type", "payment", and "info".

     name contains the full untruncated userid of the user.

     quota
          contains the disk quota associated with the account.
          If not suffixed with "K", "k", "m", "M", "g", or "G",
          the value is considered to be in kilobytes.  [It is
          possible that this value may be followed by a comma and
          other quota values (e.g. monthly credit limit for
          printer pages or resource dollars), but such values are
          not currently set or used by any software in the
          accounts or accounts_client packages.]

     date the date the account was created in "yyyy/mm/dd" for-
          mat.  [historically, some other date formats were used]

     type [potentially] determines what controls the existence of
          this account.  If the field is "vendor" or "xhier", the
          account is vendor-sponsored or xhier-sponsored, as
          determined by /software/setpw/config/arch/vendor.passwd
          and /software/*/export/passwd.  If the first eight
          characters of the field are "sponsor-", the account is
          controlled by the sponsor_accounts(8) program in the
          accounts_client package.

          The vendor and xhier entries are automatically set by
          the accounts package's Install script, while other
          sponsored entries are maintained by accounts_client(8)
          updates.

          This sponsor method is the only one still used by MFCF.

          If the first two characters are apparently meaningless,
          and the rest of the field is "student", the account is
          controlled by the mkmerge(8) program in the accounts
          package, via calls from the make_remote_accounts(8)
          program in the accounts-master package.  If the field
          contains anything else, the account is not affected by
          either of these two accounts maintenance mechanisms.

     payment
          contains the id number of the owner of the account, if
          controlled by the sponsor or student mechanisms.  For
          sponsored accounts, this may be followed by the name of
          the user within parentheses.

     info For student accounts, this contains the classes in
          which the user is enrolled, in the form: "Name-Number-
          Term-dd/mm/yy".  For sponsored accounts, this contains
          the sponsoring classes, in the form:
          "class(quota[;group[,group]...])yyyy/mm/dd".  In both
          cases, the date is when the account was registered into
          that class on the host machine.  For xhier accounts,
          this field contains the names of the sponsoring xhier
          packages.


Files:

     /software/acccounts/data/users


See Also:


Bugs:


Copyright:

     Copyright (C) 1991,1996,2005, MFCF, University of Waterloo.

accounts package configuration

This must contains errors because of obsolete details.


Name:

     accounts-config - configuring the accounts package


Description:

     The accounts package can be configured to suit various
     administrations and individual hosts.  Some of those config-
     urations are described below.


Mail (old method):

     Questions and requests regarding user's accounts and
     resources are traditionally mailed to the userid "accounts".
     The home directory of the "accounts" account has a ".for-
     ward" file that redirects the mail to the mail alias
     "admin_accounts", which is controled by the package's admin-
     istration file "export/aliases".  Administrators can set
     whatever alias is appropriate in this export file on their
     central administration host.

     Those wanting to send this mail elsewhere for a specific
     machine can override that ".forward" file by adding an alias
     to the file /software/local_[hostname]/export/aliases for
     the userid "accounts".  (An installation of that package is
     required for the alias to take effect).  This alias may, but
     doesn't have to, send a copy to "admin_accounts" as well as
     to the interested individuals.


Mail (new method):

     It is not necessary to have an "accounts" passwd entry.
     Without it, the default ".forward" file will have no effect.
     Instead one may (either via the package's "export/aliases"
     file or by centralized automated alias administration) sim-
     ply do something such as setting
     "accounts->admin_accounts@adminhost" everywhere, and then
     have an alias for "admin_accounts" on the central admin
     host.


Configuring first-time user's information:

     When an account is created, the standard ".cshrc", ".pro-
     file", and ".xsession" files typically contain an invocation
     of the "first_login" program, which asks the user for finger
     data, displays some messages, and finally removes itself
     from the user's file.

     By default, the messages are produced by the "con-
     fig/share/first_time" file.

     An administration can override this file by editing, on the
     administration host, the file "config/admin/first_time",
     which will be automatically distributed to all other hosts
     in the same administration.

     Similarly, each host can have its own messages by editing
     the file "config/local/first_time", which will not be dis-
     tributed.

     Note that these files are "source"ed by a "csh" program, so
     they may source the other versions of the file if the intent
     is simply to add to, rather than replace, the standard mes-
     sages.


Account expiry:

     (Applies to the "accounts_client" package only.)

     The regional file "config/regional/grace" may contain a line
     giving the number of days of grace that an account should be
     granted between its expiry and its being disabled.

     If the decommented file is empty a default value (currently
     21) will be used.


Basic disk quota:

     (Applies to the "accounts_client" package only.)

     The regional file "config/regional/quota_basic" may contain
     a line giving the number of kilobytes of basic disk quota
     (e.g. for .cshrc files, mailboxes, etc.)  to be given to
     each account in addition to whatever other quota might be
     assigned to it via the sponsors database.  A default of 200
     kbytes will be used if this file is decomment-empty.


Configuring orphan:

     The crontab runs a program that periodically walks the
     filesystem looking for improperly owned files.  The
     behaviour of this program can be configured by the
     (non)existence of the userid "orphan" and the groups "every-
     one", and "orphan", and by the files "con-
     fig/local/orphan_ignore".  and "config/local/orphan_nfs".

     The "orphan_nfs" configuration is used by this package's
     crontab to determine which NFS-mounted filesystems will be
     examined.  See orphan(8) for other configuration details.


Configuring accounts_check:

     The crontab runs a program that periodically checks for con-
     sistency among the home directories and various user
     accounts files ("/etc/passwd", "/etc/group", etc.).  See
     "man accounts_check" for how to control the checks per-
     formed.


Configuring home directory creation:

     When the acount_update(8) program needs to create a home
     directory for a new account, it first looks for directories
     named "/u#", where "#" is a single digit.  Any such
     directories will be ignored if they contain a file called
     ".ManualHomeDirectoryCreation".

     If more than one "/u#" directory is found, the program will
     pick one randomly to start with and will cycle through them
     for each additional home directory that needs to be created.

     If no "/u#" directories are found, the directory "/u" will
     be used instead.


Configuring home directory content:

     New home directories are initialized using the templates
     defined by "config/*/init_home".  They are copied into place
     in the standard xhier configuration order (i.e.  share,
     arch, admin, regional), with the last found instance of any
     file being the one used.

     For backward compatibility, if the directory "/soft-
     ware/accounts/data/host/standard" exists, it alone will be
     used to do the initialization.  Administrators are encourage
     to remove this directory and to use the regional configura-
     tion instead.

     Note that the copying is done by following symbolic links,
     not copying them.  This means that one cannot initialize
     symbolic links in home directories.


Configuring initial .forward and .rhosts:

     Some users will automatically get accounts on many machines
     (e.g. the accounts maintenance people, or UNIX maintainers)
     and if they are not aware of them these machines might
     become sink-holes for their mail.  To avoid that problem,
     the "config/admin/common_users" file can contain lines of
     the form "userid@hostname.uwaterloo.ca".  By itself, this
     will not have any immediate effect, but whenever a new
     account is created with a matching userid, this information
     will be used to initialize the new account's ".forward" and
     ".rhosts" files, forwarding mail to and allowing rlogin
     access from the given userid and hostname.  This configura-
     tion also affects the init_home(1) program.


Configuring initial login shell:

     New accounts are created using the shell determined by "xh-
     options  -p accounts  -c initial  Shell", i.e. by the
     "Shell=" option in the files "config/*/initial".


Configuring accounts-maintenance:

     The last step of sponsor_accounts(8), which performs updates
     of account resources, will call an optional mkfinal program
     to do whatever may be needed on each local machine.  If
     "config/regional/mkfinal" is decomment-empty, it will be
     run.  Otherwise if "config/admin/mkfinal" is decomment-
     empty, it will be run.


Configuring mounted home directories:

     The file "config/regional/rquotahosts" contains lines of the
     form "hosts:filesystem" that define hosts that can, for the
     given filesystems, supply rquotad(8) service (in particular
     to the  diskquota (1) command).  Typically this will be all
     faservers, and any other NFS server that supports the rquo-
     tad(8) protocol.

     If home directories are mounted from one or more faservers,
     the file "config/regional/fashosts" should contain a list of
     the names of those hosts.  This is used by (at least) the
     mkquota(8) command so that it can initialize disk quotas on
     the servers.

     Note that the program that updates disk quotas (mkquota)
     ignores "/u" and "/u#" directories that are NFS mounted, so
     it will use the rquotad config file to determine where else
     it might be necessary to update the quota files.


Configuring group control

     Hosts with accounts managed by the sponsors mechanism nor-
     mally do not allow local control of group membership.  the
     "edit_group" configuration allows one to optionally turn all
     group membership over to local control (not recommended), or
     to allow local control for some specific groups.  See
     edit_group(8) for specific details.


Configuring id conformance:

     Some hosts may wish to conform to a common set of numeric
     uids and gids.  The "id_registry" configuration specifies
     which id registry host to use (default none), and what level
     of conformance to follow (default none).  See idregistry(8)
     for specific details.


Bugs:

     The local version of the first_time file is probably a lot
     less useful than a regional version.


Files:

     /software/accounts/config/{share,admin,local}/first_time
     /software/accounts/config/{admin,regional}/mkfinal
     /software/accounts/config/regional/grace
     /software/accounts/config/regional/homehosts
     /software/accounts/config/regional/rquotahosts
     /software/accounts/config/regional/fashosts
     /software/accounts/config/local/orphan_ignore
     /software/accounts/config/local/orphan_nfs
     /software/accounts/data/standard/first_login
     /software/accounts/config/regional/edit_group
     /software/accounts/config/*/init_home
     /software/accounts/config/*/initial
     /u#/.ManualHomeDirectoryCreation


Copyright:

     Copyright (C) 1992, 2005, MFCF, University of Waterloo

accounts_backup command (WAS VERY USEFUL)



Name:

     accounts_backup - save copies of some important files.


Synopsis:

     accounts_backup


Description:

     accounts_backup makes copies of some important files, such
     as /etc/passwd, /etc/group, .../host/users, and secu-
     rity/data/super_users.


Copyright:

     Copyright (C) 1988, MFCF, University of Waterloo.

accounts_check command



Name:

     accounts_check - check inconsistencies in accounts files


Synopsis:

     accounts_check [-doRegionalClient] [-checkCoursePasswords]
     [+checkUsersFile] [+checkRootPasswords] [+checkAllHomes]

     Note that default options may vary from machine to machine
     (see the configuration section below for details).  Use
     "accounts_check {+|-}HELP" to find the current defaults.


Description:

     accounts_check examines the files "/etc/passwd",
     "/etc/group", "/software/accounts/data/host/users", and
     "/software/security/data/super_users", "/software/secu-
     rity/data/securid_users", and reports any inconsistencies
     between them.

     Unless the "+doRegionalClient" option is given, on regional
     clients the program will skip certain tests that would
     already have been performed on the regional server.

     Warnings include:

     -    duplicate entries.

     -    entries out of order.

     -    passwd entries with non-existent home directories.  If
          an account is really not supposed to have a home direc-
          tory, the value "/dev/null" should be entered into the
          passwd file.
          Unless the "+checkAllHomes" option is specified, miss-
          ing home directories that begin with "/software/", and
          accounts that come with missing home directories in the
          stock passwd file will not be reported since such prob-
          lems are the responsibility of the corresponding xhier
          package or software vendor and are not something that
          can be fixed by the people normally responsible for the
          passwd file.
          Home directories will not be checked at all on xhier
          regional clients unless at least one of the "+checkAll-
          Homes" or "+doRegionalClient" options are given.

     -    missing required groups or userids.

     -    misnumbered aliases.  If the groups "other" and "users"
          both exist, they should have the same gid.  Similarly
          for "root" and "wheel".

     -    course accounts with passwords other than "*".  Course
          accounts are considered to be any userid ending with
          three digits and possibly a single letter.  This check
          can be disabled by using the "-checkCoursePasswords"
          option.  This can often be done in the "admin" configu-
          ration file to avoid having to individually configure
          every machine individually.

     -    discrepancies between the passwd file and users file.
          Since some administrations do not record data for all
          accounts in the users file, this option is by default
          disabled, but can be enabled, typically in the admin
          configuration file, by using the "+checkUsersFile"
          option.

     -    userids in the group file that are missing from the
          passwd file.

     -    gids in the passwd file that are missing from the group
          file.

     -    userids in the super_users file that are missing from
          the passwd file.

      -   root accounts (uid=0) with valid login passwords and
          shells.  Since some architectures require a root pass-
          word to work, this check is by default disabled, but
          can be enabled by using the "+checkRootPasswords"
          option.

     -    userids in the passwd file but not the users file (and
          vice versa).  This test is currently not performed.


Configuration:

     The files "/software/accounts/config/<type>/accounts_check",
     where "type" is one of "admin", "regional", or "local", may
     be used to control some of the checks performed by this pro-
     gram by entering the default values for any of the command
     line options one per line into whichever of these configura-
     tion files are appropriate.

     There is an additional option,
     "RootPasswordHosts=host1,host2,...", that can be used only
     in an admin config file to allow some set of machines to
     bypass the check for valid root passwords.  Setting this
     automatically implies "+checkRootPasswords" if the current
     host is not in the list, and "-checkRootPasswords" if it is
     in the list, in both cases regardless of any explicit set-
     tings of that option in any of the configuration files.

     Options given on the command line always override defaults
     set by configuration files.


See Also:

     syntax(i)


Copyright:

     Copyright (C) 1988, 1996 MFCF, University of Waterloo.

accounts_check_region command



Name:

     accounts_check_region - record and check xhier regions


OBSOLETE:

     These hostin groups have now moved to the xhier package
     where they should have been in the first place.  See
     RT#12751.


Synopsis:

     accounts_check_region {Client|Server}


Description:

     accounts_check_region is run by the Install script of the
     accounts package, its argument indicating whether xh-is-
     regional-server(8) thinks the host is an xhier regional
     server or client.

     On an xhier regional server machine, checks are made to
     ensure that this is the only machine claiming to be the
     server for this region, that this server machine does not
     also claim to be a regional client, and that all clients
     have recently (within 25 days) registered themselves as
     regional clients.

     On an xhier regional client machine, checks are made to
     ensure that this client machine does not also claim to be a
     regional server, that there is exactly one host claiming to
     be a regional server, and that this server has recently reg-
     istered itself as the regional server.


Files Used:

     The change date on each file indicates when this program
     last registered the host as the regional server or as a
     client.
     /software/accounts/data/regional-server/<hostname>
     /software/accounts/data/regional-clients/<hostname>*

     Note that if the configuration of a region changes, one may
     remove any of the above files, but one should never manually
     create or rename any of them.  That is this program's job.


Bugs:

     The command should be called xh-check-region(8), and all of
     this should be in the xhier package.  I don't understand why
     it isn't.

     Actually, since it makes changes rather than simply report-
     ing problems, it shouldn't even have the word "check" in its
     name.


Copyright:

     Copyright (C) 1995, MFCF, University of Waterloo.

check_rhosts command



Name:

     check_rhosts - report dubious .rhosts entries


Synopsis:

     check_rhosts [userid=]userid * [+Verbose]


Description:

     This command is still somewhat under development.

     Rule #1:  Hostname must be in our domain.

     Rule #2:  Userid must be the same user.

     Rule #3:  There is no rule #3.


Copyright:

     Copyright (C) 1995, MFCF, University of Waterloo.

currentdisk command



Name:

     currentdisk - display usage for local file systems with
     quota


Synopsis:

     currentdisk [+FileSystems] [+Headings] [+Percent]


Description:

     This program displays the current disk usage, as reported by
     the kernel, for all local file systems with disk quota.

     Fields are separated by a colon, and by default only the
     userid and number of kilobytes used are displayed.

     +Percent displays the quota and percentage in use; +FileSys-
     tems displays the name of the filesystem; and +Headings pre-
     cedes the output with the following line (omitting fields as
     necessary):
     Userid:Filesystem:kbytes:Quota:Percent


Examples:

     # Find top-ten users
     currentdisk |  sort  -t :  -k 2,2nr  | head -10  | align -f:

     # Find over-quota users
     currentdisk +percent | sort  -t :  -k 4,4nr  -k 3,3nr | head | align -f:


Configuration:

     There are two regional configuration files:

     /software/accounts/config/regional/accounting_ignore
          all filesystems named in this file are silently
          ignored.

     /software/accounts/config/regional/accounting_nfs
          any filesystems named in this file are processed even
          though nfs mounted.

     Both files are decommentable and have lines with the format
     "hostname:filesystem", where the colon may be surrounded by
     white-space.

     Note that the hostname is the name of the host in the region
     (typically the regional server) that is supposed to process
     the disk accounting for this filesystem (typically nfs
     mounted from a machine not part of the region (e.g. a
     faserver)); it is not the name of the host where the files
     are mounted from.


Copyright:

     Copyright (C) 1999,2000,2007 MFCF, University of Waterloo.

disable_user command

Will something like this be easily available to, e.g. MFCF consultants and CSCF help desk?


Name:

     disable_user, enable_user - disable or enable an exceptional
     user


Synopsis:

     disable_user [userid=]userid [Reason='The reason.']
                  [SecretReason='The real reason.']
                  [cannedMessage=various-message-names]
     enable_user [userid=]userid [Reason='The reason.']


Description:

     This command should not be used except under unusual circum-
     stances.  It is not intended for normal accounts mainte-
     nance, but for cases where an account must be disabled imme-
     diately by a non-accounts person in order to prevent further
     abuse by the user.

     disable_user allows someone in group operator or accounts to
     disable the specified userid's account by changing the login
     shell.

     Exactly one of Reason= or cannedMessage= must be given.  The
     new shell will display this reason whenever the user
     attempts to sign on.  The names of the available canned mes-
     sages may vary from machine to machine, but can be found at
     any time using the command "disable_user -HELP".  Use "+"
     instead of "-" for even more details.

     An optional SecretReason= can be recorded, but not shown to
     the user.  This could be used to convey information to the
     people that might be reenabling the account without making
     that information available to the user.


Notes:

     The "disable_user" command will complain if you try to use
     it without the "accounts_client" package, which is not a
     dependency of the "accounts" package, and must be explicitly
     requested before this command can be used.  This dependency
     was intentionally not made so as to avoid dragging in too
     many xhier packages for those that don't want it.


Files Used:

     /software/accounts/logs/disable
     /software/accounts/config/*/disabled_messages/*
     /software/accounts/data/disabled/secret_why/userid
     /software/accounts/data/disabled/why/userid


Copyright:

     Copyright (C) 1995, 1996, MFCF, University of Waterloo.

disabled_shell command

Part of the account disabling feature.


Name:

     disabled_shell - politely reject a user


Synopsis:

     /xhbin/disabled_shell


Description:

     The disabled_shell looks for specific messages for the user,
     displays them (or a generic rejection message if none is
     found), sleeps for a few seconds, and finally exits.


Files Used:

     "/software/accounts/data/disabled/why/<userid>"


See Also:

     disable_user(8).


Copyright:

     Copyright (C) 1995, 2000, MFCF, University of Waterloo.

edit_finger command (Obsolete)

Privacy overrides publication in the current world order.


Name:

     edit_rhosts, edit_forward, edit_shell, edit_finger - set or
     change .rhosts, .forward, shell, or finger info for a non-
     password userid.


Synopsis:

     edit_rhosts userid
     edit_forward userid
     edit_shell userid
     edit_finger userid


Description:

     edit_rhosts etc. allow someone in group accounts to edit the
     ".rhosts" or ".forward" file, or shell or finger information
     of any userid with uid not less than 32 that has an
     encrypted password beginning with the "*" character.

     This is primarily intended for setting up course accounts
     and other multiple-user userids.  Such userids should not
     have passwords since that would allow anonymous access.


See Also:

     setpasswd(8) - edit or change some fields in passwd file.


Copyright:

     Copyright (C) 1990, 1996, 1998, MFCF, University of Water-
     loo.

edit_forward command (Unimportant)



Name:

     edit_rhosts, edit_forward, edit_shell, edit_finger - set or
     change .rhosts, .forward, shell, or finger info for a non-
     password userid.


Synopsis:

     edit_rhosts userid
     edit_forward userid
     edit_shell userid
     edit_finger userid


Description:

     edit_rhosts etc. allow someone in group accounts to edit the
     ".rhosts" or ".forward" file, or shell or finger information
     of any userid with uid not less than 32 that has an
     encrypted password beginning with the "*" character.

     This is primarily intended for setting up course accounts
     and other multiple-user userids.  Such userids should not
     have passwords since that would allow anonymous access.


See Also:

     setpasswd(8) - edit or change some fields in passwd file.


Copyright:

     Copyright (C) 1990, 1996, 1998, MFCF, University of Water-
     loo.

edit_group command

Provided limited privilege for, e.g. course co-ordinators At some point it was decided there was no need to use Posix groups for anything.


Name:

     edit_group - set or change /etc/group entries


Synopsis:

     edit_group [group=]groupname [+Create] [+Differences]
     [Add=userid[,...]]*  [Delete=userid[,...]]*  [Comment='To
     remember why.']


Description:

     edit_group allows one to create or change the "/etc/group"
     entry for the given group.  One may not add any userids to
     the group "none", since that group by definition is the
     group to which no users belong.

     [group=]groupname
          is the name of the group to be edited.

     +Create
          must be given if a new group is to be created, and must
          not be given otherwise.

     Add=userid,...
          specifies userid(s) to be added to the group.

     Delete=userid,...
          specifies userid(s) to be deleted from the group.

     Comment=Why.
          gives an optional comment to be entered into the log
          file.

     +Differences
          shows the differences between the old and new entries
          and confirms that they should be applied.


Configuration:

     The file "/software/accounts/config/regional/edit_group" may
     contain the following options:

     MaxGroups=number
          restricts the maxumum number of groups that any userid
          may belong to.  This should be used on systems where
          NFS software causes problems when someone is in more
          than 15 groups.  The default is 0, which means unlim-
          ited.  Note that it is more efficient to omit this
          option (or to set it to 0), than to set it to a very
          large number.

     LocalControl=TRUE
          allows this command to be used even though the "/soft-
          ware/accounts/data/users" file indicates that some
          accounts are remotely controlled by sponsors data.
          It's recommended that you don't use this option.

     SubGroups=group1_## group2_## ...
          allows local control of the specified subgroups, inde-
          pendent of the sponsored control of all other groups.
          The entry in the configuration file contains literal
          number signs ("#"), and not real digits.  In use, typi-
          cally the groups will be like "cs446_03" or "cs452_17",
          with the number of number signs indicating the number
          of digits allowed in the subgroup.  If an account
          exists with a name that matches the group name (e.g.
          "cs446"), that account will be allowed to make addi-
          tions and deletions to the account's subgroups.


Bugs:

     Doesn't yet allow the renaming of groups.

     Doesn't yet allow the deletion of groups.


Files Used:

     /software/accounts/logs/edit_group
     /software/accounts/config/regional/edit_group
     /etc/group
     /etc/group.lock


See Also:

     setpasswd(8) - edit or change some fields in passwd file.


Copyright:

     Copyright (C) 1995,2003, MFCF, University of Waterloo.

edit_rhosts command (Unimportant)



Name:

     edit_rhosts, edit_forward, edit_shell, edit_finger - set or
     change .rhosts, .forward, shell, or finger info for a non-
     password userid.


Synopsis:

     edit_rhosts userid
     edit_forward userid
     edit_shell userid
     edit_finger userid


Description:

     edit_rhosts etc. allow someone in group accounts to edit the
     ".rhosts" or ".forward" file, or shell or finger information
     of any userid with uid not less than 32 that has an
     encrypted password beginning with the "*" character.

     This is primarily intended for setting up course accounts
     and other multiple-user userids.  Such userids should not
     have passwords since that would allow anonymous access.


See Also:

     setpasswd(8) - edit or change some fields in passwd file.


Copyright:

     Copyright (C) 1990, 1996, 1998, MFCF, University of Water-
     loo.

edit_shell command (Consider)



Name:

     edit_rhosts, edit_forward, edit_shell, edit_finger - set or
     change .rhosts, .forward, shell, or finger info for a non-
     password userid.


Synopsis:

     edit_rhosts userid
     edit_forward userid
     edit_shell userid
     edit_finger userid


Description:

     edit_rhosts etc. allow someone in group accounts to edit the
     ".rhosts" or ".forward" file, or shell or finger information
     of any userid with uid not less than 32 that has an
     encrypted password beginning with the "*" character.

     This is primarily intended for setting up course accounts
     and other multiple-user userids.  Such userids should not
     have passwords since that would allow anonymous access.


See Also:

     setpasswd(8) - edit or change some fields in passwd file.


Copyright:

     Copyright (C) 1990, 1996, 1998, MFCF, University of Water-
     loo.

enable_user command



Name:

     disable_user, enable_user - disable or enable an exceptional
     user


Synopsis:

     disable_user [userid=]userid [Reason='The reason.']
                  [SecretReason='The real reason.']
                  [cannedMessage=various-message-names]
     enable_user [userid=]userid [Reason='The reason.']


Description:

     This command should not be used except under unusual circum-
     stances.  It is not intended for normal accounts mainte-
     nance, but for cases where an account must be disabled imme-
     diately by a non-accounts person in order to prevent further
     abuse by the user.

     disable_user allows someone in group operator or accounts to
     disable the specified userid's account by changing the login
     shell.

     Exactly one of Reason= or cannedMessage= must be given.  The
     new shell will display this reason whenever the user
     attempts to sign on.  The names of the available canned mes-
     sages may vary from machine to machine, but can be found at
     any time using the command "disable_user -HELP".  Use "+"
     instead of "-" for even more details.

     An optional SecretReason= can be recorded, but not shown to
     the user.  This could be used to convey information to the
     people that might be reenabling the account without making
     that information available to the user.


Notes:

     The "disable_user" command will complain if you try to use
     it without the "accounts_client" package, which is not a
     dependency of the "accounts" package, and must be explicitly
     requested before this command can be used.  This dependency
     was intentionally not made so as to avoid dragging in too
     many xhier packages for those that don't want it.


Files Used:

     /software/accounts/logs/disable
     /software/accounts/config/*/disabled_messages/*
     /software/accounts/data/disabled/secret_why/userid
     /software/accounts/data/disabled/why/userid


Copyright:

     Copyright (C) 1995, 1996, MFCF, University of Waterloo.

findall command




NAME

     findall - find files owned by any of a group of users


SYNOPSIS

     server findall [ f=fileout ] [ d=dirout ] [ u=userin ]
     directory users ...


DESCRIPTION

     Findall locates files under the specified directory owned by
     any of the indicated users.  It's similar to find(1) but is
     faster at doing this simplified task.

     Findall prints the names of all the located files on the
     standard output.  Options f=fileout and d=dirout can be used
     to direct the output of file names and directory names
     respectively to ``fileout'' and ``dirout''.  Option u=userin
     can be used to specify a file of usernames, one per line,
     instead of specifying usernames on the command line.

     Findall traverses directories in depth-first order, so for
     instance file names that it prints can safely be removed in
     the order given.

     Findall is typically used by administrative shell scripts
     that want to locate files owned by users who are about to be
     deleted.


EXAMPLES

     findall /u user1 user2 user3
          find files in /u owned by user1, user2 or user3

     findall f=/dev/null /u user1 user2 user3
          Find files under /u but only print the names
          of the directories.


SEE ALSO

     find(1)

fsuserclean command



Name:

     fsuserclean - find and process files owned by deleted users


Synopsis:

     servers/fsuserclean [Orphan='orphan'] [Remove=/u[,...]]
     [Start=/] Uids=filename


Description:

     fsuserclean walks the filesystem tree rooted at "Start", and
     finds all the files that belong to any of the numeric uids
     given (one per line) in the "Uids" file, removing any that
     are within any of the "Remove" subtrees.  For any files that
     aren't in those subtrees, it reports them on standard output
     and chowns them to the "Orphan" userid.

     NFS filesystems are ignored unless "Start" itself is NFS
     mounted.  Except for those paths given on the command-line,
     no symbolic links are followed.


Options:

     [Orphan=orphan]
          Userid to which to chown non-deleted files.  Give an
          empty string to suppress this action.  If the default
          is used and that userid does not exist, this option
          will be silently ignored.

     [Remove=/u[,...]]
          Comma-separated list of filesystems from which to
          remove rather than chown user files.

     [Start=/]
          Filesystem root.

     Uids=
          File containing numeric uids, one per line, whose files
          are to be removed.


See Also:

     rmallusr(8)


Copyright:

     Copyright (C) 2002, MFCF, University of Waterloo.

id_renumber command



Name:

     id_renumber - walk directory tree changing file ownership


Synopsis:

     id_renumber [+Quiet] [+Test] [+NFS] [Map=map]...  [+Stdin]
     [directory]...


Where:

     +Quiet
          produces no output if nothing is renumbered

     +Test
          shows changes which would be made without making them

     +NFS allows NFS filesystems to be traversed.

     Map=map
          specifies an id mapping to perform.

     +Stdin
          causes id mappings to be read from standard input.

     directory
          must be an absolute pathname (begin with "/" )


Description:

     Id_renumber walks directory trees performing uid or gid map-
     ping on files and directories.

     The Test option can be specified to cause the output to
     indicate what files would have ownership changed, without
     actually performing the changes.

     Normally, the output begins and ends with headers indicating
     start time and finish time, even if no other output is gen-
     erated.  If the Quiet option is given, those headers will
     only be generated if other output occurs.

     id_renumber does not follow symlinks or NFS mounted file
     systems.  NFS mounted filesystems can be checked by using
     the +NFS option, but in that case non-NFS filesystems will
     be ignored.

     While walking a tree, it will skip (stop walking) any paths
     in the decomment(1)able file "/software/accounts/con-
     fig/local/orphan_ignore".  These paths must begin with "/"
     If one of these roadblock paths is a symlink, it will be
     treated as its target.  (See "Note" below).


Mappings:

     Mappings must be of the form:

          uid:oldnumber:newnumber
     or
          gid:oldnumber:newnumber

     There may be leading or trailing blanks, but no embedded
     blanks.  Comments beginning with "#" may be placed on the
     same line, after the mapping.  The input on stdin may also
     contain blank lines (containing zero or more space charac-
     ters), or comment lines beginning with "#" after zero or
     more space characters, which will be ignored.


Diagnostics:

     The program must be given at least one mapping to perform.
     If no mappings are found, the program complains and exits
     prematurely, on the assumption that there is no point in
     taking the possibly very long time to walk all the directory
     trees to do essentially nothing.


Note:

     Because the roadblocks are implemented using device and
     inode numbers, if the "orphan_ignore" file contains
     "/one/two" and id_renumber is invoked with path
     "/one/two/three", this tree will not be ignored since the
     roadblock will never be encountered.

     Similarly, any "orphan_ignore" path that contains a symlink
     will use the device and inode numbers of the target.  E.g.
     if "/one/two -> /eight/nine/ten" then roadblocks "/one/two"
     and "/eight/nine/ten" will have the same effect, as will
     "/one/two/three" and "/eight/nine/ten/three".


Caveats:

     id_renumber performs no sanity checking on its input.  If
     differing mappings are given with the same  oldnumber, the
     later one is the only effective one.  Remappings will not be
     performed.  Multiple  oldnumbers can be mapped to the same
     newnumber; after all that might be appropriate in some
     cases.

     Also, if a newnumber also occurs as an oldnumber, the change
     will end up being made.  That is, you could actually switch
     two ids by mapping each to the other, since the result of
     the mapping will not be evaluated.  (A problem might occur
     if the mapped inodes are moved to a different place in the
     directory trees, and later walked again).

     The given directories are walked from right to left,  I.e.
     the directory specified last on the line is processed first.


Examples:

          # map gid 60042 to gid 1 in given directories
          id_renumber map=gid:60042:1 `pwd`/test `pwd`/test2

          # show effect of mapping uid 109 to 60042, but don't make changes
          id_renumber +test map=uid:109:60042 `pwd`/test

          # also apply mappings read from stdin
          id_renumber +s m=uid:109:60042 `pwd`/test < file


Bugs:

     It seems strange to use "/software/accounts/con-
     fig/local/orphan_ignore" to roadblock this program, but it's
     probably appropriate.

     It could be argued that id_renumber should not require the
     user to change relative paths to absolute paths, but should
     determine the absolute paths itself.

     You could actually switch two ids by mapping each to the
     other, since the result of the mapping will not be evalu-
     ated.  But a problem might occur if the mapped inodes are
     moved to a different place in the directory trees, and later
     walked again.  Therefore, since this is not theoretically
     sound, perhaps it should be disallowed.


See Also:

     accounts-config(7) - configuring the accounts package
     orphan(8) - look for unowned files
     decomment(1) - remove shell-style comments


Copyright:

     Copyright (C) 2008, MFCF, CSCF, University of Waterloo.

idregistry command



Name:

     idregistry - send request to the uidregd id registry daemon


Synopsis:

     idregistry {Request|Require|Report|Control} [RegistryHost=]
     [Conformance=None|Advisory|Strict] [Type=User|Group] [name=]


Where:

     RegistryHost=
          specifies the name of the host that registers our user
          and group ids.

     Conformance={None|Advisory|Strict}
          specifies our conformance level. (See "Configuration"
          section below).  One would normally not specify this,
          letting idregistry use the default from the "accounts"
          package configuration.

     Type specifies whether the names and id numbers are for
          userids or groups.

     name specifies a userid or group name.  If the name is sim-
          ply "-", standard input should contain a one-per-line
          list of names.  For reporting id maps, names must
          acually be pairs of the form "userid:uid" or
          "group:gid".  The "name=" keyword may be omitted,
          except when using a name of "-" to indicate standard
          input.


Description:

     idregistry provides a command-line interface to the
     uidregd(8) id registry daemon in the uid-registry package.

     Except for requests for current information ("idregistry
     request"), this command does not generally need to be used
     manually.  Automated account maintenance programs automati-
     cally query the registry whenever creating new userids or
     groups, and ensure that existing IDs get regularly reported,
     to prevent them from expiring.

     Request and Require
          supply one or more names and ask the daemon for corre-
          sponding "name:id" pairs.  If the name does not cur-
          rently exist in the database, the id will be "UNKNOWN"
          for Requests, and will cause a new uid to be assigned
          and registered for Requires.  Except when a new id
          pairing was generated this will not update the "last-
          seen" date in the registry.

     Report
          supplies one or more "name:id" pairs for the daemon to
          register as currently used.  If a pair matches what is
          in the registry no output is generated, and the reg-
          istry "last-seen" information will be updated.  Other-
          wise, if there is a mismatch, the pairing is echoed
          back, possibly with a full uwuserid even if the submit-
          ted name was truncated to 8 characters, and possibly
          with the id number part changed to "NAMEINUSE" or "IDI-
          NUSE".

     Control
          makes a privileged request of a special action of the
          daemon.  Currently available actions (specified by set-
          ting the name parameter) are Die and Cleanup.  The for-
          mer simply kills the daemon, while the latter requests
          that the filesystem version of the database be cleaned
          up (e.g. remove entries which have been unreported for
          a long time).


Output:

     For most subcommands, output is of the form "name:number".
     The remote daemon may supply a brief error code in place of
     the number:

     IDINUSE
          The reported "number" is already assigned to a differ-
          ent name.

     NAMEINUSE
          The reported "name" is already assigned to a different
          id number.

     UNKNOWN
          The given "name" is not in the registry.

     More serious problems may also be returned:

     *UNAVAILABLE
          No more id numbers are available for assignment.  (i.e.
          ask someone to reduce the daemon's configured data
          expiry time).

     *NOID
          The reported number field was empty or non-numeric.

     *NOCOLON
          The reported "name:number" didn't contain a colon.


Configuration:

     The files "/software/accounts/config/*/id_registry", where
     "*" is any of "share", "admin", and "regional", may contain
     the following options:

     RegistryHost=hostname
          The name of the host running the idregd(8) daemon.  The
          shared default is to have no such daemon.  For idreg-
          istry to work, this value must be set.

     Conformance={strict|advisory|none}
          How this region wishes to conform to the registry
          host's standard ids.  "none" means that nothing hap-
          pens.  "strict" means that all new passwd and group
          entries created by the sponsor mechanism or by
          edit_group(8) will automatically conform to the reg-
          istry host's standard ids.  If conformance isn't possi-
          ble, the account or group will not be created.  In
          addition, a nightly cron job will register the host's
          passwd and group files with the registry and report any
          discrepancies by mail to "accounts".  "advisory" means
          that new ids will conform to the standard whenever pos-
          sible, and ids will be reported to the registry each
          night, but any discrepancies will be ignored.  The
          shared default is "none".


See Also:

     uidregd(8) - maintains uid and gid registry database


Copyright:

     Copyright (C) 2003, MFCF, University of Waterloo.

initialize_users command



Name:

     initialize_users - update the vendor and xhier entries in
     the data/users file


Synopsis:

     sort  -t :  -k 1,1  users  |  initialize_users  >users.new


Description:

     For each entry in the vendor passwd file that has an exist-
     ing entry in the "/etc/passwd" file, initialize_users makes
     sure that there is a corresponding entry in the data/users
     file, copying the finger information to the payment[sic]
     field, and setting the type field to "vendor".

     For each existing non-vendor account in any "/.soft-
     ware/*/*/export/passwd" or "/soft-
     ware/xhier/data/region/passwds/*" file, the type field is
     set to "xhier" and the info field is set to a comma-sepa-
     rated list of packages that require the account.


See Also:

     users(5).


Files Used:

     /software/setpw/config/arch/vendor.passwd


Copyright:

     Copyright (C) 1997,2009 MFCF, University of Waterloo.

make_cifs_exports command



Name:

     make_cifs_exports - rebuild the links to user cifs_exports
     directories


Synopsis:

     servers/make_cifs_exports


Description:

     The make_cifs_exports command creates symlinks under "/soft-
     ware/accounts/data/cifs_exports/all" from all
     "/u[0-9]/*/cifs_exports," or if they don't exist, from all
     "/u/*/cifs_exports".

     In addition, any /u-type subdirectories found in "/soft-
     ware/accounts/config/local/other_cifs_homes/" will also be
     searched, but no symlinks created in the first pass will be
     replaced.

     The directory is intended to be mounted on a PC client to
     allow easier browsing of other user's files.

     The command is normally run from the package's crontab on
     the regional server.


Options:

     None.


Files Used:

     "/software/accounts/data/cifs_exports/all/"
     /u/*/cifs_exports
     /u[0-9]/*/cifs_exports
     /software/accounts/config/local/other_cifs_homes/*/*/cifs_exports


Copyright:

     Copyright (C) 1998, 2003, MFCF, University of Waterloo.

mergefasquotas command



Name:

     mergefasquotas - Generate a quotas file based on fragments
     generated by mkquota.


Synopsis:

     mergefasquotas hostname [fasgroupname]*


Description:

     This command generates a quotas file on the faserver "host-
     name" from quotas file fragments generated by the "mkquota"
     command and defined by "fasgroupname" and then reinitilizes
     quotas on the faserver.


Note:

     This command assumes the faserver has only one volume.


See Also:

     mkquota(8) - set all quotas according to the .../users file.


Author:

     Written in July 2003 by Jason Testart, CSCF, University of
     Waterloo.

mkfasquotafile command



Name:

     mkfasquotafile - generate a fas quota file from  a users
     file.


Synopsis:

     mkfasquotafile [FileSystem=] [DefaultQuota=] [UserFilename=]
     [fasVolume=] [FasHost=]


Where:

     FileSystem=
          specifies the name of the filesystem, as known to the
          relevant FAServer, on which to grant quota.

     DefaultQuota=
          specifies a default amount to use for users for whom no
          sponsored amount can be determined.  Units should be
          specied as "K" (default), or "M", or "G".

     UserFilename
          specify a filename to use instead of the default /soft-
          ware/accounts/data/users.

     fasVolume=
          specify a name for the FAServer volume, in place of the
          default /vol/.

     FasHost=
          specifies the name of the FAServer host to use.  (This
          is reserved for future use; i.e. currently not used for
          anything).


Description:

     This command writes on stdout a FAServer-style quota file
     (fragment), which would allocate quota for users as speci-
     fied in the indicated UserFilename (default /soft-
     ware/accounts/data/users), according to the specified param-
     eters.


Notes

     Normally an automated process will be used to update the
     /software/accounts/data/users file, or equivalent.

     Normally, another automated process will take output from
     one or more relevant invokations of mkfasquotafile and com-
     bine them, perhaps with other fragments, to make a complete
     quota file for a FAServer.


Files Used:

     /etc/passwd or equivalent
     /software/accounts/data/users


Copyright:

     Copyright (C) 2008, CSCF, MFCF, University of Waterloo.

mkhomes command (Somewhat Important)

This is probably less important than rmallusr. Standard Ubuntu Linux provides means to create home directories, e.g. on first login. Creating is easy. Removing the directories later, at an appropriate time, to recover disk space, is harder.


Name:

     mkhomes - create and initialize home directories


Synopsis:

     mkhomes


Description:

     mkhomes is normally invoked via the sponsor_accounts(8) pro-
     gram.  Any non-existent home directories of the form
     "/u/realuserid" or "/u#/realuserid" in the "/etc/passwd"file
     are created (mode 0751) and initialized.


See Also:

     realuser(1), init_home(1), link_homes(8).


Copyright:

     Copyright (C) 1996 MFCF, University of Waterloo.

mkmerge command



NAME

     mkusers, mkmerge - merge commandline or file data to update
     and create user accounts


EXAMPLE

     mkusers userid

     You probably don't really want to use any of the other
     options.

     Though maintained by us, this program is no longer used by
     MFCF or CSCF.


SYNOPSIS

     mkmerge [ -a ] [ -e ] [ -f ] [ -m ] [ -u[u] ]
           [ -l uidlen ] [ -k num_fs ] [ -P passwd ] [ -U users ]
           pwd_merge usr_merge

     mkusers [ -a ] [ -e ] [ -f ] [ -m ] [ -u[u] ]
           [ -l uidlen ] [ -k num_fs ] [ -P passwd ] [ -U users ]
           [ -p 'student'|'batch'|password ] [ -c comment ]
           [ -g group ] [ -h home ] [ -s shell ] [ -t type ]
           [ -q quota ] [ -i imagen ] [ -r resource ]
           [ -n 'fullname' ] [ -v vmid ] [ -b vmbillcd ]
           userid:sponsor ...

     where
     -m   - do *not* run mkpw after update,
            normally one rebuilds the passwd dbm to install changes
     -a   - add-only, do *not* update existing users,
            ie create an account, but do nothing if it already exists
     -e   - existing accounts only, do *not* create new users,
            ie update info fields for existing accounts only
     -f   - force finger info to be overidden by the update,
            normally values for active users are retained
     -u   - verify mode, do *not* update active files or logfile
            -uu, update active files, do *not* create home_dirs etc.
     -P   - flag: next option is to be used as active passwd filename
            also turns off creation of home_dirs, quota updates etc.
            default: /etc/passwd, /etc/ypsrc/mad/passwd (SUN domains)
     -U   - flag: next option is to be used as active users filename
            also turns off creation of home_dirs, quota updates etc.
            default: /etc/users,  /etc/ypsrc/mad/users  (SUN domains)
     -p   - flag: next option is the password or one of the keywords
            ('student','batch')
            default: '*No*Password*' unusable password
     -c   - flag: next option is a comment inserted into us_type
            (see mkstuds for valid student classes xystudent-zzzz)

     the remaining options can be set in /software/accounts/data/standard/stdopts
     -l   - maximum userid length
            default: UIDLEN (pre-programmed constant, eg 12)

     -g   - flag: next option is a valid group name in /etc/group
            default: 'other'
     -h   - flag: next option is the home directory or filesystem/,
            default: /u[0-9]*/userid  (selected by max freespace)
     -k   - count of home filesystems over which to spread users,
            default: 0 (don't spread, use maximum free space instead)
     -s   - flag: next option is the users shell
            default: /bin/csh
     -t   - flag: next option is the type of user, used to select
            initial .dotfiles from /software/accounts/data/standard/{type}
            default: 'other'
     -q   - flag: next option is the disk soft quota,
            the hard quota is computed as 120% of the soft quota
            use a quota of 0 to indicate that no quota is desired
            default: 1000 disk blocks
     -i   - flag: next option is the imagen pagelimit
            default: 0    no imagen access
     -r   - flag: next option is the dollar resources (not used)
            default: -1   unlimited
     -n   - flag: next option is usually 'fullname',
            a comment field for finger information
            default: ""  (mandatory on some systems - eg Eng)

     the next options are activated by placing an entry in stdopts
     -v   - flag: next option is a VM id number (dcsu)
            default: (mandatory entry)
     -b   - flag: next option is a VM billcode  (dcsu)
            default: (mandatory entry)
     -d   - flag: next option is a Sun domain (not used)
            default: 'mad' (maintenance and development)

     userid:comment - the userid string, and an optional comment
            inserted into the us_payment field. If a keyword has
            been given for a password, then the actual password
            is taken from this comment field. Usually this field
            gives the sponsor or reason for the account.
            (For MFCF students, this is the student number).


DESCRIPTION

     Mkusers creates accounts or updates accounts info for one or
     more users as specified by the selected options and/or cor-
     responding system defaults.

     The entries are built in memory and merged with the active
     system files as documented in mkmerge below.

     Mkmerge merges information contained in the passwd- and
     users-formatted files pwd_merge and usr_merge with that in
     the active or indicated files, and carries out all appropri-
     ate system tasks to update or create new users as required.
     Updates to the merge entries are written back out to the
     merge files so they reflect the actual active account after
     merging (For example, the actual value of the uid number
     used in creating the account will be returned).

     The vmid and vmbillcd options are local options used only on
     WatDcsu.


NOTE

     Consult your local accounts person for administration prac-
     tices in specifying information and commentary fields.

     The presence of a null string ("") in the standard options
     file /software/accounts/data/standard/stdopts makes the cor-
     responding option mandatory.

     The format of the stdopts file is:
         [     keyword = value  [     keyword = value  [     ...
     where current keywords are {umask, group, home, shell, type,
     name, quota, impages, dollars, vmid, vmbillcd, domain}.


CONFIGURATION OPTIONS

     The directories "/software/accounts/config/*/init_home" con-
     tain templates for new home directories.  They are copied
     into place in the standard xhier configuration order (i.e.
     share, arch, admin, regional), with the last found instance
     of any file being the one used.

     For backward compatibility, if the directory "/soft-
     ware/accounts/data/host/standard" exists, it alone will be
     used to do the initialization.  Administrators are encourage
     to remove this directory and to use the regional configura-
     tion instead.

     Note that the copying is done by following symbolic links,
     not copying them.  This means that one cannot initialize
     symbolic links in home directories.


FILES

     /etc/passwd                        the password file itself
     /etc/ptmp                          the password lockfile
     /software/accounts/data/users      local additions to passwd
     /u/username                        user home directory
     /u[0-9]+/username                        ditto
     /software/accounts/data/standard   default options
     /software/accounts/config/*/init_home default home directory
                                        templates and options
     /software/accounts/data/host/standard local overrides
                                        of default (deprecated)
     /u[0-9]/quotas                     system quota entries
     /software/accounts/logs/change     log file


SEE ALSO

     accounts_admin(i), rmusr(8), undelete(8), edquota(8),
     vipw(8), add_all(8), .login(5), .profile(5)

mkpw command




NAME

     mkpw - update the passwd dbm files


SYNOPSIS

     mkpw


DESCRIPTION

     Mkpw is a kludge used to update the passwd dbm files from
     its source.


FILES

     /etc/passwd    the password file itself
     /etc/passwd.pag
     /etc/passwd.dir
     /etc/ptmp password file lock

mkquota command



Name:

     mkquota - set all quotas according to the .../users file.


Synopsis:

     mkquota [+TEST] [-Verbose] [fasgroup=...]  [userid]*


Description:

     This command finds all users with home directories on file
     systems with quota and sets their quota according to the
     value in the .../users file.

     A list of file systems with quotas and a summary of all
     accounts updated are displayed (updates will not be shown
     for faserver filesystems).  Userids without entries in the
     .../users file are also reported.

     If the command is given the argument "+test", the output is
     the same, but no actual updates are performed.

     Unless the option "-verbose" is given, on systems with
     faserver quotas, the program will not exit until the quotas
     are properly initialized, displaying the current state of
     the initialization every few seconds until they are.

     The value of the option "fasgroup" is only used when there
     are faserver quotas in use.  When used, the option will
     maintain a "quotas.fasgroupname" on the faserver instead of
     the standard quotas file.

     If any userids are given on the command line, if possible
     only those user's quotas will be set.

     Normally the configured quota is assigned to each user's
     home directory's filesystem, and a minimal quota is assigned
     to every other filesystem.  However (for various historical
     reasons), every user with an explict entry in "/etc/group"
     will be assigned the quota on all filesystems that have
     quota controls.  One may take advantage of this by creating
     a dummy group to cause the users in that group to have the
     same disk quota on all filesystems.  Or, to affect all users
     on the machine, one may create a memberless /etc/group entry
     called "quota_everywhere".


Configuration:

     If the ".../fashosts" file contains any host names, a
     faserver quota file will be constructed, copied to those
     hosts, and the quotas on those faservers will be reinitial-
     ized unless the "fasgroup" option is used.

     If the "fasgroup" command line option is used, a faserver
     quota file with the fasgroup name appended will be con-
     tructed, copied to those hosts, but the quota on those
     faservers will NOT be reinitialized.  In this case, the ini-
     tialization must be handled by the mergefasquotas command.


Notes:

     Some machines mount their file sytems from other machines,
     so it is important to run this program in the right place.

     Manually changing quota values in the .../users file will
     only have a temporary effect for entries flagged as "spon-
     sor-math".  Such entries are updated automatically by the
     account updates run from the accounts-master machine.


Files Used:

     /etc/passwd
     /software/accounts/data/users
     /software/accounts/config/regional/fashosts
     /software/accounts/config/regional/rquotahosts


Copyright:

     Copyright (C) 1989, 1998, MFCF, University of Waterloo.

mkstudents command




NAME

     mkstudents - process the registrar's student file


SYNOPSIS

     mkstudents     [-g] [term]

     Options:
     g    - Keep grads
     term - term to be processed (eg S86)


DESCRIPTION

     Mkstudents adds and deletes students on Unix machines with
     appropriate updates to the USERS source file, the PASSWD
     source file, the GROUP source file and the home directory to
     conform to the current state of the students file.

     A list of course names that deserve VAX/UNIX accounts is
     required as the file Courses.

     This is the last in the series of student accounts mainte-
     nance programs. It should not be run directly by naive
     users.  Use add_all from the master machine instead.


FILES

     /usr/accounts/data/Courses
     /usr/accounts/data/students
     /usr/accounts/logs/change
     /usr/accounts/logs/mkstud
     /usr/accounts/standard/student/home/*
     /etc/passwd
     /etc/group
     /etc/users
     /u/USERID


SEE ALSO

     regtape(8), add_all(8), mkmatch(8), mkstuds(8), mkpw(8)


BUGS

     Mkstudents does not rebuild any dbm files.

mkstuds command




NAME

     mkstuds - process the registrar's student file


SYNOPSIS

     mkstuds   [-g] [-h home] [-P pwdfile] [-U usrfile] [term]

     Options:
     -g   delete grads (normally they are not deleted)
     -h   home filesystem
          default: /u[0-9]*  selected for maximum free space
     -P   flag next option as the name of the passwd file
          default: /etc/passwd, /etc/ypsrc/mad/passwd
     -U   flag next option as the name of the users file
          default: /etc/users,  /etc/ypsrc/mad/users
     term select accounts for semester 'term' of form 'S87'
          if not interactive a bad or missing term is an error,
          if interactive the program will prompt for input.

     Note: the users:type field is preset to xystudent[-zzzz] for
     student accounts where x={u,g}, y={h,m,d,x} and
     zzzz={special,wait,ta}.
     The tag student is mandatory as it is used for identifica-
     tion.


DESCRIPTION

     Mkstuds adds and deletes students on Unix machines by making
     appropriate updates to the USERS file, and the PASSWD file
     to conform to the current entries in the file
     /usr/accounts/data/students.

     A list of course names with quotas that are to be given Unix
     accounts on any particular machine is required in the file
     /usr/accounts/data/Courses.

     The actual PASSWD and USERS file should not be updated
     directly.  Rather the output from mkstuds (default: pwd,
     usr) should be installed with mkmerge to insure no conflicts
     occur and the appropriate directories and quotas are
     created.

     This is the last in the series of student accounts mainte-
     nance programs.


FILES

     /usr/accounts/data/Courses
     /usr/accounts/data/students
     /usr/accounts/data/pwd
     /usr/accounts/data/usr
     /usr/accounts/logs/change
     /usr/accounts/logs/mkstud
     /usr/accounts/standard/student/home/*
     /etc/users
     /u[0-9]*/USERID


SEE ALSO

     regtape(8), add_all(8), mkmatch(8), mkusers(8)


BUGS

     Bugs?

mkusers command



NAME

     mkusers, mkmerge - merge commandline or file data to update
     and create user accounts


EXAMPLE

     mkusers userid

     You probably don't really want to use any of the other
     options.

     Though maintained by us, this program is no longer used by
     MFCF or CSCF.


SYNOPSIS

     mkmerge [ -a ] [ -e ] [ -f ] [ -m ] [ -u[u] ]
           [ -l uidlen ] [ -k num_fs ] [ -P passwd ] [ -U users ]
           pwd_merge usr_merge

     mkusers [ -a ] [ -e ] [ -f ] [ -m ] [ -u[u] ]
           [ -l uidlen ] [ -k num_fs ] [ -P passwd ] [ -U users ]
           [ -p 'student'|'batch'|password ] [ -c comment ]
           [ -g group ] [ -h home ] [ -s shell ] [ -t type ]
           [ -q quota ] [ -i imagen ] [ -r resource ]
           [ -n 'fullname' ] [ -v vmid ] [ -b vmbillcd ]
           userid:sponsor ...

     where
     -m   - do *not* run mkpw after update,
            normally one rebuilds the passwd dbm to install changes
     -a   - add-only, do *not* update existing users,
            ie create an account, but do nothing if it already exists
     -e   - existing accounts only, do *not* create new users,
            ie update info fields for existing accounts only
     -f   - force finger info to be overidden by the update,
            normally values for active users are retained
     -u   - verify mode, do *not* update active files or logfile
            -uu, update active files, do *not* create home_dirs etc.
     -P   - flag: next option is to be used as active passwd filename
            also turns off creation of home_dirs, quota updates etc.
            default: /etc/passwd, /etc/ypsrc/mad/passwd (SUN domains)
     -U   - flag: next option is to be used as active users filename
            also turns off creation of home_dirs, quota updates etc.
            default: /etc/users,  /etc/ypsrc/mad/users  (SUN domains)
     -p   - flag: next option is the password or one of the keywords
            ('student','batch')
            default: '*No*Password*' unusable password
     -c   - flag: next option is a comment inserted into us_type
            (see mkstuds for valid student classes xystudent-zzzz)

     the remaining options can be set in /software/accounts/data/standard/stdopts
     -l   - maximum userid length
            default: UIDLEN (pre-programmed constant, eg 12)

     -g   - flag: next option is a valid group name in /etc/group
            default: 'other'
     -h   - flag: next option is the home directory or filesystem/,
            default: /u[0-9]*/userid  (selected by max freespace)
     -k   - count of home filesystems over which to spread users,
            default: 0 (don't spread, use maximum free space instead)
     -s   - flag: next option is the users shell
            default: /bin/csh
     -t   - flag: next option is the type of user, used to select
            initial .dotfiles from /software/accounts/data/standard/{type}
            default: 'other'
     -q   - flag: next option is the disk soft quota,
            the hard quota is computed as 120% of the soft quota
            use a quota of 0 to indicate that no quota is desired
            default: 1000 disk blocks
     -i   - flag: next option is the imagen pagelimit
            default: 0    no imagen access
     -r   - flag: next option is the dollar resources (not used)
            default: -1   unlimited
     -n   - flag: next option is usually 'fullname',
            a comment field for finger information
            default: ""  (mandatory on some systems - eg Eng)

     the next options are activated by placing an entry in stdopts
     -v   - flag: next option is a VM id number (dcsu)
            default: (mandatory entry)
     -b   - flag: next option is a VM billcode  (dcsu)
            default: (mandatory entry)
     -d   - flag: next option is a Sun domain (not used)
            default: 'mad' (maintenance and development)

     userid:comment - the userid string, and an optional comment
            inserted into the us_payment field. If a keyword has
            been given for a password, then the actual password
            is taken from this comment field. Usually this field
            gives the sponsor or reason for the account.
            (For MFCF students, this is the student number).


DESCRIPTION

     Mkusers creates accounts or updates accounts info for one or
     more users as specified by the selected options and/or cor-
     responding system defaults.

     The entries are built in memory and merged with the active
     system files as documented in mkmerge below.

     Mkmerge merges information contained in the passwd- and
     users-formatted files pwd_merge and usr_merge with that in
     the active or indicated files, and carries out all appropri-
     ate system tasks to update or create new users as required.
     Updates to the merge entries are written back out to the
     merge files so they reflect the actual active account after
     merging (For example, the actual value of the uid number
     used in creating the account will be returned).

     The vmid and vmbillcd options are local options used only on
     WatDcsu.


NOTE

     Consult your local accounts person for administration prac-
     tices in specifying information and commentary fields.

     The presence of a null string ("") in the standard options
     file /software/accounts/data/standard/stdopts makes the cor-
     responding option mandatory.

     The format of the stdopts file is:
         [     keyword = value  [     keyword = value  [     ...
     where current keywords are {umask, group, home, shell, type,
     name, quota, impages, dollars, vmid, vmbillcd, domain}.


CONFIGURATION OPTIONS

     The directories "/software/accounts/config/*/init_home" con-
     tain templates for new home directories.  They are copied
     into place in the standard xhier configuration order (i.e.
     share, arch, admin, regional), with the last found instance
     of any file being the one used.

     For backward compatibility, if the directory "/soft-
     ware/accounts/data/host/standard" exists, it alone will be
     used to do the initialization.  Administrators are encourage
     to remove this directory and to use the regional configura-
     tion instead.

     Note that the copying is done by following symbolic links,
     not copying them.  This means that one cannot initialize
     symbolic links in home directories.


FILES

     /etc/passwd                        the password file itself
     /etc/ptmp                          the password lockfile
     /software/accounts/data/users      local additions to passwd
     /u/username                        user home directory
     /u[0-9]+/username                        ditto
     /software/accounts/data/standard   default options
     /software/accounts/config/*/init_home default home directory
                                        templates and options
     /software/accounts/data/host/standard local overrides
                                        of default (deprecated)
     /u[0-9]/quotas                     system quota entries
     /software/accounts/logs/change     log file


SEE ALSO

     accounts_admin(i), rmusr(8), undelete(8), edquota(8),
     vipw(8), add_all(8), .login(5), .profile(5)

orphan command



Name:

     orphan - walk a directory tree looking for unowned files


Synopsis:

     orphan [+NFS] [directory]...


Description:

     Orphan walks directory trees looking for files whose uid or
     gid is no longer in the passwd or group file.

     If the userid "orphan" exists, any owner-orphaned files are
     adopted by that userid.  Otherwise they are left as orphans.

     If the group "orphan" exists, any group-orphaned files are
     adopted by that group.  Otherwise they are adopted by group
     "none".

     If the userid "delgroup" exits, any entries in the group
     file that have that userid as a member will be ignored.
     This allows one to mark a group for removal and let orphan
     claim all files that might be in that group, before actually
     removing the group entry from the file.  Not using this
     method, or removing the entry before the files are found
     could cause problems if another group entry is added with
     the same gid, as any existing files will suddenly and inap-
     propriately become owned by that group.

     The groups "everyone", "other", or "users" are checked for
     existence in that order and the first one found is treated
     specially.  For security, anything in that group is changed
     to be in group "none".

     Any files owned by the userids "delgroup", "help", "user-
     home", or "who" will be claimed by orphan, since these spe-
     cial-purpose userids are not intended for file ownership.

     It does not follow symlinks or NFS mounted file systems.
     When the NFS mounted filesystems can be checked by using the
     +NFS option, but in that case non-NFS filesystems will be
     ignored.

     While walking a tree, it will skip any paths (which must
     begin with "/") contained in the decomment(1)able file
     "/software/accounts/config/local/orphan_ignore".  If one of
     these roadblock paths contains a symlink, it will be treated
     as if it were its target.  (See "Note" below.)


Configuration:

     This program is automatically run by an entry in the
     crontab, once examining all non-NFS filesystems, and once
     examinining any NFS filesystems named in "/soft-
     ware/accounts/config/local/orphan_nfs".


Note:

     Because the roadblocks are implemented using device and
     inode numbers, if the "orphan_ignore" file contains
     "/one/two" and orphan is invoked as "orphan /one/two/three",
     this tree will not be ignored since the roadblock will never
     be encountered.

     Similarly, any "orphan_ignore" path that contains a symlink
     will use the device and inode numbers of the target.  E.g.
     if "/one/two -> /eight/nine/ten" then roadblocks "/one/two"
     and "/eight/nine/ten" will have the same effect, as will
     "/one/two/three" and "/eight/nine/ten/three".


See Also:

     accounts-config(7)


Copyright:

     Copyright (C) 1994, MFCF, University of Waterloo.

rmallusr command (VERY IMPORTANT)



NAME

     rmallusr - do final removal of deleted userids and their
     files.


SYNOPSIS

     rmallusr


DESCRIPTION

     rmallusr finds all userids in the passwd file that have a
     "/xhbin/Deleting*" login shell and completely removes them
     from the host.  This program normally runs from the crontab
     on the 1st of each month.

     Deleted userids are removed from /etc/passwd, /etc/group,
     and /software/accounts/data/host/users.

     All home directories under "/u/.", "/u[0-9]/.",
     "/backup`absolute /u/.`", "/backup`absolute /u[0-9]/.`", and
     all substructure are removed.

     All files owned by the deleted userids anywhere under
     "/u/.", "/u[0-9]/.", "/backup/.", and "/usr/spool/."  are
     removed.

     All remaining files owned by the deleted userids are
     reported.


FILES

     Log files are left under "/software/accounts/logs/.".


BUGS

     Deleted userids in mailing lists or aliases are detected,
     but not removed.

     The program is an sh script that makes too many assumptions
     about portability and its own abilities.

rmclean command



Name:

     rmclean - clean out files for deleted users on regional
     clients


Synopsis:

     servers/rmclean


Description:

     rmclean is normally called by rmallusr(8) during month-end
     account cleanup.  It runs on each regional client, cleaning
     up everything belonging to about to be deleted accounts.

     e.g. removing (or chowning to "orphan") filesystem entries,
     removing crontab entries, and killing processes.


Options:

     None.


Files Used:

     "/software/accounts/data/temp_regional/delete_uids"
     "/software/accounts/data/temp_regional/delete_userids"


Copyright:

     Copyright (C) 2003, MFCF, University of Waterloo.

rmusr command



NAME

     rmusr - remove user accounts


SYNOPSIS

     rmusr userid


DESCRIPTION

     Rmusr is used to disable an account and flag it for deletion
     given a userid.  It simply calls chsh (ypchsh) to install an
     /xhbin/Deleting shell.  The account is finally deleted on
     the 1st of the month, so be aware that removing an account
     on the last day of a month means that it will actually dis-
     appear very soon.


FILES

     /etc/passwd
     /etc/shells_system
     /usr/accounts/logs/change


SEE ALSO

     undelete(8), rmallusr(8)

setpasswd command



NAME

     setpasswd - change some fields in the passwd file.


SYNOPSIS

     setpasswd -help

     This command has been superseded by password(1), chfn(1),
     and chsh(1).


DESCRIPTION

     T.B.A.

stripnames command



Name:

     stripnames - strip entries and members from
     /etc/{group,passwd} type files


Synopsis

     stripnames entry [Input=-] [FieldNumber=0] [Name-
     File=/dev/null] [[name=]null]* [IfMember=killme]
     stripnames member [Input=-] [FieldNumber=0] [Name-
     File=/dev/null] [[name=]null]*

     [Input=-]
          Path of input file to be stripped.  Default is standard
          input.

     [FieldNumber=0]
          Number of the colon-separated field containing the mem-
          ber names.  A field number of 0 indicates that there is
          no such field.

     [NameFile=/dev/null]
          Path of a decommentable file containing names, one per
          line, to be stripped from the input file.

     [[name=]null]*
          Names to be stripped from the input file.  May be used
          with or instead of "NameFile".

     [IfMember=killme]
          For the "stripnames"entry command, the entry will be
          stripped only if the given name is in the list in field
          position "FieldNumber".


Examples:

          # Remove groups "curly", "larry", and "moe" from /etc/group,
          but only if "userhome" is a member of the group:
          % cat /etc/group \
          | stripnames entry fn=4 im=userhome curly larry moe \
          >/etc/group.lock

          # Remove userids "curly", "larry", and "moe" from /etc/group:
          % cat /etc/group \
          | stripnames member fn=4 curly larry moe \
          >/etc/group.lock

          # Remove userids "curly", "larry", and "moe" from /etc/passwd:
          % cat /etc/passwd \
          | stripnames entry curly larry moe \
          >/etc/ptmp


Description:

     stripnames is invoked with one of two subcommands.

     The member subcommand causes all occurences of the given
     "name"s to be removed from the comma-separated list in the
     given "FieldNumber" colon-separated field.

     The entry subcommand causes all lines whose first colon-
     separated field is the same as any of the given "name"s to
     be deleted.  If the "IfMember" option is used, then the
     lines will be deleted only if the give member name is a mem-
     ber of the comma-separated list in the given "FieldNumber"
     field.


Copyright:

     Copyright (C) 1999, MFCF, University of Waterloo.

undelete command



NAME

     undelete - restore user accounts deleted by rmusr


SYNOPSIS

     undelete userid


DESCRIPTION

     Undelete is used to renable an account that has been flagged
     for deletion but has not yet been deleted.  It simply calls
     chsh (ypchsh) to change an /xhbin/Deleting shell.


FILES

     /etc/passwd
     /etc/shells_system
     /usr/accounts/logs/change


SEE ALSO

     rmusr(8), rmallusr(8)

xhier_admin command


     [OBSOLETE: use `hostin group=admin_master`]


Name:

     xhier_admin - return the name of the xhier admin server


Synopsis:

     xhier_admin_server


Description:

     xhier_admin_server checks the local machine's configuration
     and reports the name of its xhier admin server.


Files Used:

     /software/xhier/config/local/allowed-types


Bugs:

     This command doesn't belong in the accounts package.


Copyright:

     Copyright (C) 1995, MFCF, University of Waterloo.

xhier_admin_server command


     [OBSOLETE: use `hostin group=admin_master`]


Name:

     xhier_admin - return the name of the xhier admin server


Synopsis:

     xhier_admin_server


Description:

     xhier_admin_server checks the local machine's configuration
     and reports the name of its xhier admin server.


Files Used:

     /software/xhier/config/local/allowed-types


Bugs:

     This command doesn't belong in the accounts package.


Copyright:

     Copyright (C) 1995, MFCF, University of Waterloo.

xhier_regional_clients command

An understanding of the regional clients concept is important for understanding the basis of much of the old accounts maintenance system.

     [OBSOLETE: Superseded by `hostin group=regional_clients`]


Name:

     xhier_regional_clients - return the name(s) of all clients
     in the region


Synopsis:

     xhier_regional_clients


Description:

     xhier_regional_clients checks the local machine's configura-
     tion and reports the names, if any, of all clients in the
     xhier region.  The regional server is not included in this
     list.


Files Used:

     /software/accounts/data/regional-clients/<hostname>


Bugs:

     The returned hostnames are the same as that returned by the
     hostname(1) command on each client, and as such may or may
     not be fully qualified with the domain name.

     The information is reliable only if the accounts package is
     installed on each client in the region.

     This command doesn't belong in the accounts package, but for
     some unknown reason the xhier package doesn't provide this
     basic xhier information.


Copyright:

     Copyright (C) 1995, MFCF, University of Waterloo.

xhier_regional_server command


     [OBSOLETE: use `hostin group=regional_server`]


Name:

     xhier_regional_server - return the name of the xhier
     regional server


Synopsis:

     xhier_regional_server


Description:

     xhier_regional_server checks the local machine's configura-
     tion and reports the name of its xhier regional server.


Files Used:

     /software/accounts/data/regional-server/<hostname>


Bugs:

     The returned hostname is the same as that returned by the
     hostname(1) command on the server, and as such may or may
     not be fully qualified with the domain name.

     This command doesn't belong in the accounts package, but for
     some unknown reason the xhier package doesn't provide this
     basic xhier information.


Copyright:

     Copyright (C) 1995, MFCF, University of Waterloo.

accounts administration policy



Name

     Accounts_Admin - Account Administration Policy


Terminology:

     A "userid" is a name used to identify a computer user, inde-
     pendent of its existence on any particular machine.

     An "account" is used to identify a particular instance of a
     userid on an particular machine.  It is typically repre-
     sented in the form "userid@host".


Userid Creation:

     For each administration, there will be one central registry
     containing all userids issued by that administration.

     No one should ever create (an account with) a new userid
     without first registering the userid.

     Details about the user, such as full name, UW student num-
     ber, employee number, SIN, association with UW, etc. will be
     required.  This information is especially important for
     identifying the user when requests for passwords or other
     account changes are made.

     Note that the administration may issue a different userid
     than the one requested, either because the requested userid
     has already been assigned to another user or because the
     requested userid does not conform to the administration's
     standards.

     In the case of the MFCF administration, all userids are reg-
     istered in the accounts-userids package on the host "math".
     Requests for new userids or questions about existing userids
     should be mailed to "accounts@math".


Passwords:

     If more than one person knows something, it isn't a secret.
     Thus, a good rule for security is that any password should
     never be known by more than one person.  In particular, when
     creating communal accounts, such as cs123, one should not
     give an explicit password to the account, but use the
     account's ".rhosts" file to grant access to specific users.


Account Accounting:

     No one should ever create an account on any machine without
     notifying the administration of the fact and including
     details as to who is sponsoring the account.

     In the case of the MFCF administration, this information
     should be mailed to "accounts@math".


Warning:

     Accounts that were not created following these rules may be
     disabled or removed by the administration (or by automated
     software) without warning.


Summary:

     In general it is always best to ask the central administra-
     tion to create accounts rather than attempting it oneself.


Account Creation:

     No one should ever create an account on any machine without
     first verifying that the userid is already registered to the
     same person for whom the account is intended.

     In the case of the MFCF administration, requests for new
     userids or other related questions should be mailed to
     "accounts@math".

     It is not generally safe to assume that a userid listed by
     the uwdir(1) command is necessarily the standard userid for
     your administration (in particular it often isn't for MFCF.
     It is generally safe to assume that if an account on one of
     the machines listed by "hostin group=mfcf_accounts", will
     have an MFCF-standard userid, but be sure you know the full
     form of the userid (e.g. the last component of the home
     directory shown by finger(1)).

     If you are going to manage your own accounts, you must be in
     group "accounts", and should set your search rules with the
     showpath(1) command to include the "accounts:guru" type.
     Here is a summary of some commands you will likely want to
     use:

     # mail accounts@math
          If you have any doubts that the userid you are about to
          use is the standard userid assigned to the person or
          organization you are creating it for, please ask first
          to make sure.

     # mkusers full-length-userid
          This creates the account and initializes the home
          directory.  Be sure to use the full length userid (i.e.
          not a truncated form) so that mail and other programs
          will recognize the account properly.  In any further
          commands, the userid may be entered in a shorter form
          so long as it is at least 8 characters long.

     # password +r userid
          This sets the user's login password to a randomly gen-
          erated string.  The user can change it to something
          else later using the "password" command without any
          arguments.

     # edit_rhosts userid
          This lets you create and change the user's ".rhosts"
          file.

     # edit_forward userid
          This lets you create and change the user's ".forward"
          file.

     # rmusr userid
          Once the account is no longer needed, this command will
          change the login shell to prevent its further use.  At
          the end of the month, the program rmallusr(8) will
          remove the "/etc/passwd" entry and clean up the home
          directory, mail spool, /etc/group, etc.

     # undelete userid
          If you change your mind before the end of the month,
          this will reset the user's login shell.


See Also:

     userids(i),
     mfcf-policy(i),


Copyright:

     (C) 1992, 1996, MF, University of Waterloo

groups information



Name:

     groups - how to use groups on MFCF supported machines.


Description:

     When your new account is created, a group is assigned to
     your home directory (by default group "none") and one or
     more groups are assigned to your userid (by default group
     "everyone").  Some machines are configured to assign a per-
     sonal group (bearing the same name as the userid) to each
     account.  In that case, this group will be used as both the
     login group and the home directory group.

     All files created directly under a directory will automati-
     cally inherit the group associated with that directory.
     Thus if you do nothing special, all your files and sub-
     directories will end up in group "none".  (Note that this
     isn't true if you run commands on IBM AIX or other SysV-
     semantic machines.)  You may use the chgrp(1) command to
     change the group associated with a file or directory to
     something else.  This will not affect any files already
     under the changed directory, but any files created there in
     the future will inherit this new group.  You may of course
     only change the group of a file that you own, and only to a
     group to which you belong (or to group "none", a group to
     which no user belongs).

     Normally, you will only belong to the one group "everyone",
     and all of your files will belong to the one group "none",
     so you don't need to be worry about groups.

     In some cases, you (i.e. your userid) will be assigned to
     more than one group.  For instance you might be put into
     group "source" so that you may be permitted to read system
     source files.  This is done by having the source directory
     owned by group "source", and that directory granting read
     and execute permissions to its group, but no permissions to
     others.  Files and directories under that directory should
     be created with general read permissions and not in group
     source, but because of the roadblock in the parent directory
     they will only be accessible by those in group source.

     Similarly, for a class project you and your partner(s) may
     have a special group, say "cs123_45", created for you.  What
     you would both then do is to create directories under each
     of your own accounts, put those directories into that new
     group, and change the permissions so that only you and your
     partner may use that directory.
          % mkdir  $HOME/cs123_45
          % chgrp  cs123_45  $HOME/cs123_45
          % chmod  770  $HOME/cs123_45    (or use ug=rwx instead of 770)
     Now, both of you may freely create or remove files or direc-
     tories under that directory, even though it might not be
     under your own home directory.  No one else will even be
     able to find so much as the names of the files though.

     Note that for courses you are officially registered in,
     course directories will be automatically created under your
     home directory.  A command, fixclassperms(1), allows course
     instructors to change the permissions on these directories
     to allow them to access your files for marking.

     In order for the files you create under such a directory to
     be readable by others in your group, you must have your
     "$UMASK" environment variable set to something like 022.
     This will allow others in your group to read the files, but
     not to change them.  More likely though, you will want them
     to be able to change them as well, so you would set your
     mask to 002.  In that case you would probably put the com-
     mand "umask 002" into your "$HOME/.cshrc" file, so that all
     files that you ever create will allow writing for members of
     their group, but not for anyone else.


See Also:

     .cshrc(5):  Initial shell configuration
     umask(1):  Determine permissions of newly created files
     mkdir(1):  Create a new directory
     chgrp(1):  Change the group of a file or directory
     find(1):  Search for files under a directory
     ls(1):  Show ownership etc. of files
     fixclassperms(1):  For TAs: resets groups and permissions
     classgroup(1):  For TAs: subshell to get around NFS problems


Copyright:

     (C) 1988, 1996, MFCF, University of Waterloo.



check_userids command



Name:

     check_userids - check Userids file.


Synopsis:

     check_userids


Description:

     check_userids checks that the Userids file is valid.


Files

     /software/accounts-userids/data/Userids


Bugs

     You cannot specify an alternate file to check.


Copyright:

     Copyright (C) 1991, MFCF, University of Waterloo.

id-to-userid command



Name:

     id-to-userid - filter to map ID numbers to userids in colon-
     separated fields


Synopsis:

     id-to-userid [Id=1] [Userid=0]


Examples:

          % cat input
          one:two:71212246:four:five
          % id-to-userid <input id=3
          one:two:rbutterworth:four:five
          % id-to-userid <input id=3 u=3
          one:two:rbutterworth:71212246:four:five
          % id-to-userid <input id=3 u=-4
          one:two:71212246:rbutterworth:five
          % id-to-userid <input id=2
          one:?:71212246:four:five
          % id-to-userid <input id=3 u=10
          one:two:71212246:four:five:::::rbutterworth


Options:

     [Id=1]
          Field number (origin 1) of the input ID number.  IDs
          can be watcard numbers (71212246), uwdir numbers
          (P-35580), etc.

     [Userid=0]
          Field number (origin 1) of the output userid.  The
          default, "0", means to replace the ID field.  A nega-
          tive number means to replace the specified field.  Oth-
          erwise an addition field is inserted before the given
          field.


Description:

     id-to-userid reads records of colon-separated fields from
     standard input and writes the records to standard output,
     replacing or inserting a field containing the userid that
     corresponds to the given "Id" field number.

     As processing the Userids database requires significant
     overhead, when multiple IDs need to be evaluated it is best
     to provide them all to a single invocation of this command
     rather than calling it once for each ID.


Files:

     /software/accounts-userids/data/Userids


Copyright:

     Copyright (C) 2006, MFCF, University of Waterloo.

isuser command



Name:

     isuser - check if a user id is in a list of ids


Synopsis:

     isuser known_id id_1 id_2 id_3 ...


Example:

     if ( { isuser $user1 91999123 joe 11119876 } ) then
          echo $user1 matched at least one of the other ids
     endif


Description:

     isuser looks in the "Userids" file and finds all knows ids
     and userids for each of the ids on the command line.


Returns:

     If any of the ids for the first argument match any of the
     ids for any of the other arguments, the function exits 0.
     Otherwise it exits 1.


Files Used:

     /software/accounts-userids/data/Userids


See Also:

     realuser(1), sameuser(1), truncuser(1)


Copyright:

     Copyright (C) 1996, MFCF, University of Waterloo.

update_userids command



Name:

     update_userids - update the Userids database with uwdir data


Synopsis:

     servers/update_userids


Description:

     update_userids

     This program normally runs from the crontab.

     It uses uwdir_update(8) to merge the latest dump of the
     UWdir database with the Userids database.

     Detected changes are logged, and the cron entry mails the
     signifcant parts to "accounts@math".


Files:

     watserv1:/sagroup/UWdir-II/Extract /software/accounts-
     userids/data/Userids /software/accounts/logs/userids_update


See Also:

     uwdir_update(8), check_userids(8)


Copyright:

     Copyright (C) 2002, MFCF, University of Waterloo.

uwdir_update command



Name:

     uwdir_update - merge UWdir data into the Userids database


Synopsis:

     servers/uwdir_update
     [Extract=/software/accounts-userids/data/work/Extract]
     [Userids=/software/accounts-userids/data/Userids]


Options:

     Extract=/software/accounts-userids/data/work/Extract
          Dump of UWdir data to be merged.

     Userids=/software/accounts-userids/data/Userids
          Master Userids database.

     The options are provided mostly for debugging purposes, and
     are not normally needed.


Description:

     uwdir_update is intended to be run by another program (nor-
     mally from the crontab).  It updates the master Userids
     database with IST uwdir data, reporting errors and inconsis-
     tencies.  IST records with errors are ignored, while serious
     MFCF errors cause abnormal termination.

     The name of the updated file will be the same as the input
     file, but with a ".new" suffix appended.


Output:

     Serious errors with the program itself are reported on
     stderr, as is the message indicating that fatal problems
     were discovered in the input data.

     All other problem reports appear on standard output, the
     most serious being prefixed with "***", and the least impor-
     tant being prefixed with "+++".  In addition to the wording
     shown below, most messages will also indicate the text in
     which the problem was found, and mention the line number and
     file name where it was encountered.

     "*** Fatal: illegal missing newline"
          Badly formatted input data.

     "*** Fatal: illegal id number"
          The id number doesn't match any of the known id-number
          formats.

     "*** Fatal: illegal userid"
          The userid doesn't meet the standard for userids.

     "*** Fatal: mfcf record repeats id"
          The same id appears twice in the same record.

     "*** Fatal: two mfcf records with same id"
          The same id appears in two different records.

     "*** Fatal: mfcf record repeats userid"
          The same userid appears twice in the same record.

     "*** Fatal: two mfcf records with same userid"
          The same userid appears in two different records.

     "*** Fatal: file got shorter"
          Something strange happened.

     "Error: id xxx matches mfcf's userid1 and userid2"
          An IST record has ids that match two mfcf records.

     "Error: id xxx matches ist's userid1 and userid2"
          An mfcf record has ids that match two IST records.

     "Error: userid xxx matches mfcf's id1 and id2"
          An IST record has a userid that matches two mfcf
          records.

     "Error: userid xxx matches ist's id1 and id2"
          An mfcf record has a userid that matches two IST
          records.

     "Error: userids differ for xxx ist=yyy mfcf=zzz"
          An user has different uwdir and mfcf userids.

     "Error: userids match but no common ids"
          A userid occurs in both databases, but the entries have
          no other ids in common, and so might be for different
          users.

     "IST error: student id number"

     "IST error: HR id number"

     "IST error: userid"

     "IST error: other id"
          The ID doesn't match any of the known id formats.  (IST
          records all kinds of ids in the same namespace.)

     "IST error: ist record repeats id"
          The same id appears twice in the same record.

     "IST error: two ist records with same id"
          The same id appears in two records.

     "IST error: ist record repeats userid"
          The same userid appears twice in the same record.

     "IST error: two ist records with same userid"
          The same userid appears in two records.

     "+++ changed %s: old-name -> new-name"
          A user's name has changed.

     "+++ removed privacy for xxx"

     "+++ added privacy for xxx"
          A user's privacy request has changed.

     "+++ added xxx to yyy"
          An existing userid entry got an additional id number.

     "+++ added [new userid entry]"
          A new userid entry was added to the Userids database.

     "+++ can't add xxx: no id number"
          A new userid doesn't have a valid id number.


Handling problems:

     Fatal errors mean that no update happened.  The cause needs
     to be corrected as soon as possible.

     Non-fatal Errors affect only individual records.  The cause
     should be investigated and corrected to allow those individ-
     ual updates to proceed, but this isn't as urgent (except
     possibly for the individuals affected) as the rest of the
     updates are still processed normally.

     IST errrors generally require corrections to the UWdir
     database itself.  These are even less urgent, as they simply
     prevent bad data from entering the Userids database.  Note
     that IST doesn't consider many of them to actually be errors
     (e.g. two records with the same id), in which case MFCF must
     make the corrections.

     The most commonly seen problems are:

     "Error: id xxx matches mfcf's userid1 and userid2"

     "Error: userid xxx matches mfcf's id1 and id2"
          One IST record matched two MFCF records.  This usually
          means that the two MFCF records should be merged (after
          determining which userid is the correct one to retain).

     "Error: id xxx matches ist's userid1 and userid2"

     "Error: userid xxx matches ist's id1 and id2"
          One MFCF record matched two IST records.  This usually
          means that the two IST records should be merged.  It is
          best to let IST know about it so they can investigate
          further before merging their records.

     "Error: userids differ for xxx ist=yyy mfcf=zzz"
          A user has different userids in the two databases.
          This can be caused by:

          -    the user's existing uwuserid changed, so change
               the userid in the Userids database.

          -    the user lost their uwdir entry (or never had one)
               and their recently created entry was given a dif-
               ferent userid.  Determine which of the two userids
               is the appropriate one to use, and change the
               Userids or UWdir database accordingly.

     "Error: userids match but no common ids"
          A userid appears in both databases, but the software
          can't tell that they are for the same person.  These
          problems must be investigated by hand.  If it turns out
          that they are for the same person, simply add one of
          the UWdir ids to the Userids entry to identify them.
          It they are for different people, it is usually the
          case that the Userids entry is old and no longer worth
          preserving, so simply remove it.


See Also:

     update_userids(8), check_userids(8)


Copyright:

     Copyright (C) 2002, MFCF, University of Waterloo.

.classlist command



Name:

     classlist, .classlist - list of students registered in a
     class.


Synopsis:

     /u/<classname>/.classlist

     Supported on undergrad.math only.


Format:

     The file contains the following colon-separated fields, one
     per line.  Blank lines and lines beginning with a "#" char-
     acter may be ignored (e.g. use decomment(1) to extract the
     data).

     Id Number
          the student id number associated with the userid.

     Userid
          the standard userid assigned to the account.

     Name the student's family name, a comma, and any given
          names.  Some names might be prefixed with an asterisk
          (*).  In such cases, University policy requires that
          these names not be made publicly available, and as such
          are restricted to internal administrative use only.  In
          particular this applies to setting finger information
          on machines, publishing email addresses, and producing
          any other form of directory.

     Lecture
          the lecture section that the student is registered in.

     Study
          the study field (i.e. department (sort of)) that the
          student is registered in.

     Plan the plan that the student is registered in.

     Group
          the group (i.e. faculty) that the student is registered
          in.

     Year the current year the student is registered in.

     Degree
          the degree the student is currently registered in.

     Initials
          the given initials of the student (as currently
          recorded by the Registrar).

     Family
          the student's family name.

     Status
          the student's status (R-registered, E-pre-registered,
          W-withdrawn).

     Time the student's attendance (P-partime, F-fulltime).

     Session
          the session that the student is registered in.

     Sections
          The section number given in the fourth field is for
          lecture ("lec") enrollment.  This lists that and all
          other sections in a comma separated list.  e.g.
          "lec=002,tut=101,tst=201".

     Other
          Additional fields may be added in the future without
          further warning, so do not write programs that rely on
          there being exactly the current number.

     In some unusual cases, e.g. for non-student or non-people
     accounts, fields such as "student id number" and "family
     name" might have completely different meanings.


Description:

     The information in these files is based on data provided to
     MFCF from the Registrar by Data Processing (and occasionally
     on other data).  The files are updated soon after new data
     becomes available, quite frequently at the beginning of each
     term and less frequently at the end.

     These files are not created for all classes, but only those
     for which the instructors have made explicit requests.


Access:

     The file for say class cs123 will be called
     "/u/cs123/.classlist" and will be owned by the userid
     "cs123" and the group "cs123".  Since id numbers are consid-
     ered confidential, the files do not have general read per-
     mission.  Typically the course instructors and TAs will be
     members of the group and will possibly be in the account's
     ".rhosts" file, which allows them to rlogin(1c) to the
     account.


Examples:

          #Print a list of names and userids, sorted by family name
          decomment /u/cs123/.classlist | cut -d: -f3,2 | sort


See Also:

     decomment(1), cut(1), cl2sc(1).


Bugs:

     For students registered in more than one department or fac-
     ulty, only one of their registrations will appear in the
     file.


Copyright:

     Copyright (C) 1992,1996,2000,2001 MFCF, University of Water-
     loo.

account_update command



Name:

     account_update - merge account information with /etc/passwd
     etc.


Synopsis:

     servers/account_update [+Groupcheck] [Update=-]
     [NewGroup=-] [NewPasswd=-] [NewUsers=-]
     [Group=/u/rbutterworth/test/group]
     [Passwd=/u/rbutterworth/test/passwd]
     [Users=/u/rbutterworth/test/users]


Description:

     account_update is normally invoked from sponsor_accounts(8).

     The Update data (defaulting to standard input) contains
     records with the following colon-separated fields: Userid
     (full, non-truncated), Name (typically "Family, Given"), ID
     (student id or employee id), UID (suggested number), and
     Classes (comma-separated list with format:
     "Name(diskquota;group,group,...)"), as described in
     "<accounts/resources.h>".

     Group is normally "/etc/group", Passwd is normally
     "/etc/passwd", and Users is normally "/soft-
     ware/accounts/data/users".

     The three resulting sets of output (by default standard out-
     put) are normally set to temporary files (e.g "/etc/ptmp")
     that are eventually moved to replace the originals.

     +Groupcheck causes the program to report any unsponsored
     group memberships.

     If there are any "/u#" directories, new home directories
     will be created under them, starting at one randomly chosen
     and cycling through them for each new home directory.  Oth-
     erwise home directories will be created under "/u".  If any
     potential home directory directory contains a file called
     ".ManualHomeDirectoryCreation", that directory will not be
     considered.


See Also:

     sponsor_accounts(8), /usr/include/accounts/resources.h


Copyright:

     Copyright (C) 1996 MFCF, University of Waterloo.

cl2sc command


NAME
  cl2sc - filter to convert a ".classlist" file into "sc" form

SYNOPSIS
  cl2sc

EXAMPLES
       cayley% cl2sc <~cs456/.classlist >list
       cayley% sc list

DESCRIPTION
  cl2sc is a filter that converts a .classlist file as produced by the
  accounts package in the home directories of course accounts into a file
  that the sc command will accept as input.  The output is sorted by surname,
  and then given names.  The spreadhseet columns defined are:
       Surname GivenNames StudentID Userid Division Section
  The titles for the columns are in row 0 of the spreadsheet.

FILES

  ~CourseNumber/.classlist
       - where class list files are kept.

SEE ALSO
  sc(1) - the spreadsheet that uses the output of this command.

BUGS
  It's not obvious that this is useful when a .classlist file is updated.

classgroup command



Name:

     classgroup - start a subshell in a class project group


Synopsis:

     classgroup groupnumber ['command and args']


Example:

     [201]% wmi
     cs123@cayley (Group everyone) on ttyub at /u1/cs123
     [202]% groups
     everyone ... cs123 ...
     [203]% classgroup 45
     1>[57]% wmi
     cs123@cayley (Group everyone) on ttyub at /u1/cs123
     1>[58]% groups
     everyone ... cs123 ... cs123_45
     1>[59]% exit
     [204]% /* Back where we started */


Description:

     The classgroup command is necessary on those systems that
     allow the class account to be in a very limited number of
     groups.

     If the caller is a class account (e.g.  "cs123"), and in
     group "classgroup", a subshell, using "/bin/csh" if the
     "$SHELL" environment variable is not set, will be started in
     the given numbered project group.

     Note that leading zeros are significant in the group number.
     "cs123_4" is not the same as "cs123_04".


See Also:

     fixclassperms(1)
     userinfo(1)
     groups(i)


Copyright:

     Copyright (C) 1995, 1996, MFCF, University of Waterloo.

classlist command



Name:

     classlist, .classlist - list of students registered in a
     class.


Synopsis:

     /u/<classname>/.classlist

     Supported on undergrad.math only.


Format:

     The file contains the following colon-separated fields, one
     per line.  Blank lines and lines beginning with a "#" char-
     acter may be ignored (e.g. use decomment(1) to extract the
     data).

     Id Number
          the student id number associated with the userid.

     Userid
          the standard userid assigned to the account.

     Name the student's family name, a comma, and any given
          names.  Some names might be prefixed with an asterisk
          (*).  In such cases, University policy requires that
          these names not be made publicly available, and as such
          are restricted to internal administrative use only.  In
          particular this applies to setting finger information
          on machines, publishing email addresses, and producing
          any other form of directory.

     Lecture
          the lecture section that the student is registered in.

     Study
          the study field (i.e. department (sort of)) that the
          student is registered in.

     Plan the plan that the student is registered in.

     Group
          the group (i.e. faculty) that the student is registered
          in.

     Year the current year the student is registered in.

     Degree
          the degree the student is currently registered in.

     Initials
          the given initials of the student (as currently
          recorded by the Registrar).

     Family
          the student's family name.

     Status
          the student's status (R-registered, E-pre-registered,
          W-withdrawn).

     Time the student's attendance (P-partime, F-fulltime).

     Session
          the session that the student is registered in.

     Sections
          The section number given in the fourth field is for
          lecture ("lec") enrollment.  This lists that and all
          other sections in a comma separated list.  e.g.
          "lec=002,tut=101,tst=201".

     Other
          Additional fields may be added in the future without
          further warning, so do not write programs that rely on
          there being exactly the current number.

     In some unusual cases, e.g. for non-student or non-people
     accounts, fields such as "student id number" and "family
     name" might have completely different meanings.


Description:

     The information in these files is based on data provided to
     MFCF from the Registrar by Data Processing (and occasionally
     on other data).  The files are updated soon after new data
     becomes available, quite frequently at the beginning of each
     term and less frequently at the end.

     These files are not created for all classes, but only those
     for which the instructors have made explicit requests.


Access:

     The file for say class cs123 will be called
     "/u/cs123/.classlist" and will be owned by the userid
     "cs123" and the group "cs123".  Since id numbers are consid-
     ered confidential, the files do not have general read per-
     mission.  Typically the course instructors and TAs will be
     members of the group and will possibly be in the account's
     ".rhosts" file, which allows them to rlogin(1c) to the
     account.


Examples:

          #Print a list of names and userids, sorted by family name
          decomment /u/cs123/.classlist | cut -d: -f3,2 | sort


See Also:

     decomment(1), cut(1), cl2sc(1).


Bugs:

     For students registered in more than one department or fac-
     ulty, only one of their registrations will appear in the
     file.


Copyright:

     Copyright (C) 1992,1996,2000,2001 MFCF, University of Water-
     loo.

expire_accounts command



Name:

     expire_accounts - warn and/or disable expired accounts


Synopsis:

     expire_accounts


Description:

     expire_accounts looks at the "users" file for expired
     accounts (i.e. those marked as no longer having reason to
     exist), and each account that has exceeded the host's grace
     period (default 21 days) is disabled (currently the login
     shell is set to "/xhbin/Deleting").  Accounts are not dis-
     abled on Friday, Saturday, or Sunday though.

     A warning is mailed to each expired account the day after it
     expires, every 5 weeks after that, and every week during its
     last month of life.


Note:

     This command is not privileged but should be run as root.


Files Used:

     /software/accounts/data/users -- state of regional accounts
     /software/accounts/config/regional/grace -- set grace period


Copyright:

     Copyright (C) 1992,1999, MFCF, University of Waterloo.

fixclassperms command



Name:

     fixclassperms - fix the permissions on a student's course
     directory


Synopsis:

     fixclassperms userid


Description:

     The caller must be "root" or in the appropriate class
     group(s).  Note that course accounts are normally in their
     own group, but TA's and instructors are not normally in the
     course group unless they explicitly request it (since they
     are usually in the course's ".rhosts" file and so can use
     "rsh -l cs123 ..."  or "rlogin -l cs123 ...").

     The fixclassperms command determines which classes the given
     student is enrolled in, and modifies the group ownership and
     permissions on all the student's class directories (e.g.
     "/u/userid/cs123") to allow the files to be read by the
     course instructors but not by anyone else.

     For courses that use subgroups for group projects, (e.g.
     "/u/userid/cs488_03"), these subdirectories will also be
     given group write permissions.  Students should be warned to
     put their group projects under these directories and not
     under the general course directory to prevent the group per-
     missions from being changed incorrectly.

     Note that the class directories (e.g. cs123) are created
     automatically when the student enrolls in the course, but
     the group directories (e.g. cs123_45) must initially be cre-
     ated by the students.


See Also:

     userinfo(1)
     classgroup(1)
     groups(i)


Copyright:

     Copyright (C) 1993, 1997, MFCF, University of Waterloo.

link_homes command



Name:

     link_homes - create symlinks to home directories


Synopsis:

     link_homes [{+|-}NFS] directory


Description:

     link_homes creates symlinks to all the home directories in
     the /etc/passwd file that are under "/u#".

     Typically this is run as part of the accounts creation pro-
     cess, with the "directory" containing the new links being
     "/u".

     To avoid accidents, by default an error message will appear
     if the directory is nfs mounted.  The "+NFS" option causes
     an error unless the directory is nfs mounted, while the
     "-NFS" option causes the progam to silently exit if the
     directory is nfs mounted.


Configuration:

     The file "/software/accounts/config/local/link_homes" may
     contain default option flags (currently only "+NFS"), one
     per line.


Copyright:

     Copyright (C) 1992, 1998, MFCF, University of Waterloo.

mac_pw_sync command



Name:

     mac_pw_sync  - synchronizes passwords on a Mac with the cur-
     rent UNIX host


Synopsis:

     mac_pw_sync [+Debug] [hostname=]mac-hostname*


Description:

     mac_pw_sync fetches the accounts information from the speci-
     fied Macs, selects those entries with "/u/..." home directo-
     ries, replaces all but the home directory and  shell  fields
     with  the  corresponding  entries  on  the current host, and
     updates the Mac with the result.

     The +Debug flag displays the resulting update commands with-
     out actually executing them.


See Also:

     mac_to_passwd(8).


Copyright:

     Copyright (C) 2005, MFCF, University of Waterloo.

mac_to_passwd command



Name:

     mac_to_passwd - converts a Mac dump to /etc/passwd format


Synopsis:

     mac_to_passwd [no arguments]


Description:

     mac_to_passwd is a filter that takes the output of one or
     more instances of the Mac command "nicl . -read
     /users/USERID" on standard input and produces the equivalent
     "/etc/passwd" style data on standard output.

     Note that in addition to the usual passwd fields, the Mac
     version also includes three fields (class, change, and
     expire) between the gid and gecos fields.


Copyright:

     Copyright (C) 2005, MFCF, University of Waterloo.

ppp_dialup_update command (PRUNED)

Anything related to the ppp (telephone modem) type of resources was never used in recent memory.

ppp_update command (PRUNED)

Anything related to the ppp (telephone modem) type of resources was never used in recent memory.

sponsor_accounts command



Name:

     sponsor_accounts - update the sponsored accounts


Synopsis:

     servers/sponsor_accounts [+Force] [+GroupCheck]


Description:

     sponsor_accounts is normally invoked via an rsh from the
     accounts-master machine after it has first copied a list of
     sponsored accounts to the file "/soft-
     ware/accounts_client/data/sponsor_requests/accounts".

     If this update doesn't exist, or is the same as "/soft-
     ware/accounts_client/data/sponsor_requests/accounts.old", or
     if "/etc/passwd" is busy, the program exits with a message
     to that effect.  Specifying +Force will cause the program to
     continue even if the update is the same as the old state.

     The update is merged with the current "/etc/passwd",
     "/etc/group", and "/software/accounts/data/users" files
     (account_update).

     Then missing home directories are created (mkhomes), sym-
     links to home directories from under /u are updated
     (link_homes), and disk quotas are updated (mkquota).

     Finally, if "/software/accounts/config/regional/mkfinal" is
     decomment empty it is run to do anything extra that is spe-
     cific to this host.  Otherwise "/software/accounts/con-
     fig/admin/mkfinal" will similarly be tried.


See Also:

     account_update(8), mkquota(8), mkhomes(8), link_homes(8).


Copyright:

     Copyright (C) 1996, 2001, MFCF, University of Waterloo.

sponsor_aliases command



Name:

     sponsor_aliases - update the sponsored mail aliases


Synopsis:

     servers/sponsor_aliases [+Force]


Description:

     sponsor_aliases is normally invoked via an rsh from the
     accounts-master machine after it has first copied a list of
     sponsored mail aliases to the file "/soft-
     ware/accounts_client/data/sponsor_requests/aliases".

     If this update doesn't exist, or is the same as "/soft-
     ware/accounts_client/data/sponsor_requests/aliases.old", the
     program exits with a message to that effect.  Specifying
     +Force will cause the program to continue even if the update
     is the same as the old state.

     The update is put into the "/soft-
     ware/accounts_client/export/aliases" file.

     Then the package is reinstalled on all regional clients.


See Also:

     sponsor_accounts(8), account_update(8), mkquota(8),
     mkhomes(8), link_homes(8).


Copyright:

     Copyright (C) 2004, MFCF, University of Waterloo.

sponsor_ppp command (PRUNED)

Anything related to the ppp (telephone modem) type of resources was never used in recent memory.

usergroups command



Name:

     usergroups - creates a private group for each user


Synopsis:

     servers/usergroups [[groups=]everyone]*


Description:

     usergroups is used to give each user a personal /etc/group
     entry.  The program exits silently if there is no "userhome"
     /etc/passwd entry.

     First, the program finds all passwd entries having login
     gids in the specified forbidden group(s).

     Then, for each such entry:
     if the home directory is under "/u", or "/u#",
     and the home directory path ends with the user's userid,
     and no existing group has the same name as the userid,
     a new personal group entry is added to the "/etc/group"
     file, with the group being named after the userid, and, to
     mark it as a personal group, having as a member the userid
     "userhome".

     Then, after the /etc/group file has been updated, the
     "/etc/passwd" file is examined, and all entries with gids
     for personal "/etc/group" entries (i.e. those with with
     userid "userhome" as a member) have their gids reset.


Copyright:

     Copyright (C) 1995, 2003, MFCF, University of Waterloo.

userid_status command



Name:

     userid_status - show the status of all userids on this host


Synopsis:

     servers/userid_status


Description:

     userid_status checks various files, looking for all login
     and mail alias userids on the host, and determines the sta-
     tus of each one.

     Output consists of one line per userid in the form
     "userid:status", sorted alphabetically by userid.

     If more than one status applies to a userid, the first one
     encountered in the following list will be used.

     Zmail
          "/software/zmailer/data/config/lists"

     Sendmail
          "/var/adm/sendmail/aliases"

     DelForward
          "/etc/passwd" - login shell is "/xhbin/Deleting*", but
          the home directory contains a ".forward" file.

     Deleted
          "/etc/passwd" - login shell is "/xhbin/Deleting*".
          i.e. the account is unusable and will be removed at the
          end of the month.

     Expired
          "/software/accounts/data/users" - the account is living
          on borrowed time and unless circumstances change will
          become "Deleted".

     Unused
          "/etc/passwd" - encrypted password is "New-User*".
          i.e. the account has not yet been assigned a password.

     Active
          - /etc/passwd:  the account has been assigned a pass-
          word.


Note:

     This program is normally called only by get_userid_status(8)
     in the accounts-master package.


Copyright:

     Copyright (C) 1995, MFCF, University of Waterloo.

userinfo command (Reasonably Important)

userinfo allowed users to see their own account information/status on the regional client hosts they used. However, it stopped be available for users when the accounts_client package was no longer installed everywhere. That was sort of bad, because it left users no way to check their own status.


Name:

     userinfo - show information about a user


Synopsis:

     userinfo [userid|idnumber] [{+|-}Sponsors]


Description:

     The userinfo command shows various information about a user.
     General information is shown first, followed by information
     specific to the current host.

     The amount and type of information depends both upon how
     privileged the caller is, and upon what information is
     available on the current host.  For instance an anonymous
     user will be shown very little information, while root on
     the accounts_master machine ("math" for MFCF), will be shown
     much more.

     The userid "root", and the groups "operator" and "accounts"
     make extra information available.  Other users may only use
     the command for themselves (no command arguments), or for
     other users (by id number only).

     Unless the -Sponsors option (may be abbreviated as "-spon",
     "-s", etc.)  is given, information about various sponsored
     resources (printers, accounts, ppp access) will be shown
     (available only on the accounts_master machine).  This
     information can be suppressed, since in many cases it can be
     quite verbose (and boring) and make the rest of the output
     difficult to read.


Notes:

     Sometimes the "Name:" field begins with an asterisk.  This
     is based on a flag in the University's uwdir database, indi-
     cating that the user's name (and other personal information)
     must not be made public.  Typically this occurs when a stu-
     dent's registration form requests that home phone numbers
     etc. not be published, though IST may also set the flag for
     other reasons.

     If the caller does not have the "$USER" environment variable
     set, or if that variable is defined as "help", the program
     will interactively ask for a student id number, indicate the
     status of the account, and make suggestions as to where the
     user can go for help.  This behaviour is used for the login
     shell of the "help" userid.


Exit Status:

     The program exits with a status of 1 if no information at
     all can be found about the user on this machine.


Files Used:

     "/software/accounts/config/regional/grace"
     "/software/accounts/data/users"
     "/software/accounts/data/Classes"
     "/software/accounts-userids/data/Students"
     "/software/accounts-userids/data/Userids"
     "/software/accounts/data/Accounts"


Copyright:

     Copyright (C) 1992, 1998, MFCF, University of Waterloo.

-- AdrianPepper - 2019-02-05

Topic revision: r3 - 2019-02-11 - AdrianPepper
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback