DataMuseum.dk

top - download

    Length: 18435 (0x4803)
    Types: TextFile
    Names: »mcp.n«

└─⟦a0efdde77⟧ Bits:30001252 EUUGD11 Tape, 1987 Spring Conference Helsinki
    └─ ⟦this⟧ »EUUGD11/euug-87hel/sec8/mcp/man/mcp.n« 

TextFile

.pi /usr/bin/col
.TH MCP ODU
.SH NAME
mcp \- autoMated acCounts Program
.SH SYNOPSIS
/etc/mcp [ options ]
.SH DESCRIPTION
\fIMcp\fR is a program designed to organize and simplify the creation,
modification and removal of user accounts.  Complete support for the locking
and modification of \fB/etc/passwd\fR and \fB/etc/group\fR is provided; thus
\fImcp\fR can (and should) be used in preference to \fIvipw(8)\fR.
\fIMcp\fR may also be configured to handle updating the \fIsendmail(8)\fR
aliases database as well as creating/removing user home directories and mail.
.SH OVERVIEW
\fIMcp\fR should be considered an account \fIeditor\fR.  Like most
editors, \fImcp\fR copies all the files to be edited into buffers, and then
edits the buffers rather than the actual files.  However one of \fImcp\fR's
functions is to take away the tedium of editing sensitive files like
\fB/etc/passwd\fR with a normal text editor.
.sp
So instead of forcing the user to graphically edit the various account data
files, \fImcp\fR interprets the data and allows the user to change the data
in terms of logical units such as users, groups, classes, aliases, etc.
Such logical units can be manipulated interactively using simple commands;
no changes are made to the actual data files until specifically requested
via a \fBsave-changes\fR or \fBsave-and-exit\fR command.  You can see what
changes \fImcp\fR will make beforehand by using the \fBdescribe-changes\fR
command.
.sp
In order to affect changes, \fImcp\fR must be invoked as the super-user.
When \fImcp\fR is invoked by a non-privileged user, none of the commands
which would cause change are available.  The latter is useful when you want
to peruse the account files without altering them.
.SH INTERACTION
When \fImcp\fR is invoked without arguments it will start an interactive
session.  Various startup messages are printed, followed by the command
prompt.  The prompt is ``(   )'' for normal users, ``(mcp)'' for the
super-user.  \fIMcp\fR then loops, accepting and executing various commands
from the keyboard, until a \fBexit-mcp\fR or \fBsave-and-exit\fR is
encountered.  Don't be disturbed if the startup messages disappear too
fast to be read; \fImcp\fR displays them only as reassurance that all is well
during its sometimes lengthy startup phase.
.sp
\fIMcp\fR commands are meant to be descriptive and easy to understand.
Unfortunately this makes them long and cumbersome to type.  To ease typing,
\fImcp\fR offers Tenex-style name and command completion, which condenses most
commands to no more than three keystrokes.
.sp
Because of the Tenex input editor
some characters are treated specially.
.TP 8
.B ?
\fIMcp\fR displays the current completion list.  This is a good way to figure
out what sort of thing \fImcp\fR is asking for, if it's not immediately apparent.
.TP
.B <ESC>
Causes \fImcp\fR to try to complete the word preceding the cursor using the
current completion list.
.TP
.B <TAB>
Same as
.B <ESC>
above.
.TP
.B <BS>
Delete the character preceding the cursor.
.TP
.B <DEL>
Same as
.B <BS>
above.
.TP
.B ^W
Word delete.  Deletes the word preceding the cursor.
.TP
.B ^U, ^X
Line kill.  Deletes everything on the current line.
.TP
.B ^T
Transposes (swaps) the two characters immediately preceding the cursor.
.TP
.B ^R
Redraws the current line.
.PP
At \fImcp\fR's command prompt (either ``(   )'' or ``(mcp)'') a few other keys
have meanings.
.TP 8
.B <SPC>
Activates word completion \fIiff\fR this is the first word on the line.  The
first word restriction is needed to insure that you are permitted to use
spaces for other purposes (like delimiting words that
\fIaren't\fR in the the completion list!)
.TP
.B ^P
Goes back one command in the history list.
Repeated
.B ^P's
go back further in the history.
\fIMcp\fR keeps a history list of commands similar to that of
.I csh(1).
However this is a bare-bones facility: none of the fancy
.I csh
substitutions are supported.
.TP
.B ^N
Goes forward one command in the history list.  Using
.B ^P
and
.B ^N
you may freely traverse the history list; upon finding the command
you want, press
.B <cr>
and the command will be passed to \fImcp\fR to be executed, just as if you
had re-typed it manually.  The history list will contain at most the last 40
commands.
.PP
Other than the special keys, \fImcp\fR resolutely ignores control
characters.  Also \fImcp\fR disallows colons since these will corrupt
\fB/etc/passwd\fR.
.sp
Documentation of all \fImcp\fR commands and terminology is available from
within the program via the \fBdescribe-command\fR and what-is commands.
\fBDescribe-command\fR describes any \fImcp\fR command, and what-is gives an
explanation of \fImcp\fR terminology (jargon).
.SH ADDING USERS
Account creation is the primary function of \fImcp\fR.  There are only two
commands that create accounts: \fBadd-user\fR and \fBload-file\fR.
.sp
\fBAdd-user\fR takes a single optional argument which, if present, should be
login name of the new user.  If no login name is specified, \fImcp\fR will
generate one using a predetermined set of rules.  (These rules may be viewed
with \fBdescribe-command add-user\fR.)
.sp
\fIMcp\fR will ask you various questions about the new user.  Most of these
questions will have default answers that you can agree with by typing
return, or override by typing a response of your own.  If you specify the
word ``generate'' when \fImcp\fR asks for a password for the new user,
\fImcp\fR will generate a random password for the user and display it.
.sp
A typical \fBadd-user\fR sequence might look like this:
.sp
.nf
\fB(mcp) add-user
Real Name: \fIAngus George Michaels\fB
login name is "agm"
Id: \fI229983397\fB
Password [229983397]: \fIgenerate\fB
password is "GC558h"
Group [student]: \fIfaculty\fB
Uid [63]: 
Shell [/bin/csh]: 
Home [/usr1/fac/agm]: 
added
(mcp) \fR
.fi
.sp
\fIMcp\fR output is shown in \fBbold face\fR while user responses are shown in
\fIitalics\fR.
.sp
Note that \fImcp\fR supplied correct default home, shell, and uid
information so the user only needed to press return.  The \fBId\fR entry
should be something that uniquely identifies the user.  The idea behind this
is that if the user already has an account, \fImcp\fR will be able to detect
it and warn the system administrator.  For non-human accounts the special Id
``exception'' is permitted.  The default password would have been the
\fBId\fR entry if the user had not overridden this with the
\fBgenerate\fR command.
.sp
\fBLoad-file\fR allows you to add a number of accounts directly from a
file.  The file must begin with short header that consists of a series of
lines that dictate what groups, classes, and sigs the new users will be put
into, what shell they will use, etc.  The precise format for these files is
given in the help page for \fBload-file\fR.
.SH REMOVING USERS
Accounts are deleted with the \fBremove-cryos\fR, and \fBremove-user\fR commands.
.sp
\fBRemove-user\fR takes one argument which should be the login name of the
user to be deleted.  All references to this user are removed.  Depending on
how the program was configured, \fImcp\fR may also ask whether the user's
home directory should be removed, and also make a note to remove the user's
mail, and secretmail.
.sp
\fBRemove-cryos\fR removes users that are ``frozen''.  Freezing is explained below.
.SH FREEZING USERS
Typically when the time comes to delete accounts, it is desired to archive
the victim users' files to tape before deleting them.  The \fBfreeze-user\fR
command changes a user's shell to /usr/misc/freeze, which is usually a
script that outputs a explanatory message and exits.  This keeps the user
out of the account while it is (presumably) being archived.  This also can
serve as a simple way to warn a user that his account has been deemed
expendable and give a grace period for (heh) appeal.
.sp
The \fBfreeze-inactives\fR command takes an argument \fIn\fR which should be
number of days inactivity.  Users that have been inactive (haven't logged
in) for \fIn\fR days are frozen with this command.  \fIVig\fR (\fIV\fRery
\fII\fRmportant \fIG\fRroup) members are never considered inactive and are
therefore exempt from being victims of this command.  Vigs are described
in the next section.
.sp
\fBFreeze-deadbeats\fR freezes users that are not members of any \fIclass\fR,
\fIsig\fR, or vig.  Classes and sigs are described two sections hence.
.SH GROUPS
Manipulation of standard UNIX groups (see \fIgroup(5)\fR) is supported.
Groups are added with \fBadd-group\fR and removed with \fBremove-group\fR.
Existing users may be added and removed from groups via the
\fBadd-to-group\fR and \fBremove-from-group\fR commands.
.sp
In addition, groups can be marked as \fIvigs\fR.  Users with base group IDs
that correspond to a vig are exempt from being considered as inactives or
deadbeats.  System accounts such as \fBuucp\fR, and \fBnews\fR should made
members of a vig to prevent accidental freezing via \fBfreeze-deadbeats.
.SH OTHER USER GROUPINGS
Besides the standard UNIX groups, \fImcp\fR supports two other group
abstractions:  classes and sigs (\fIS\fRpecial \fII\fRnterest
\fIG\fRroups).  Classes and sigs are identical in attributes, which are
name, expiration date and description.  \fIMcp\fR was developed on a machine used
to support both college courses and research groups; thus the purely
technical distinction between classes and sigs.
.sp
Classes and sigs are added with \fBadd-class\fR and \fBadd-sig\fR and
removed with \fBremove-class\fR and \fBremove-sig\fR.  Existing users are
added to classes and sigs via the \fBadd-to-class\fR and \fBadd-to-sig\fR
commands and removed from the same with the \fBremove-from-class\fR and
\fBremove-from-sig\fR commands.
.sp
Classes and sigs may have an optional expiration date.  Nothing spectacular
happens when this date passes; it is just a convenient way to remind the
system administrator when the accounts associated with a particular project
may be removed.  \fIMcp\fR will report expired classes and sigs (among other
things) when invoked with the \fB-c\fR flag.
.sp
The usual scenario here at ODU is: the system administrator uses \fImcp
-c\fR to see which classes and sigs have expired and removes them.  He then
issues a \fBfreeze-deadbeats\fR to freeze those users whose accounts need no
longer exist, due to the vanished classes and sigs.  A grace period of about
a week is given and then the frozen accounts are archived to tape and
removed.
.SH UID RANGES
Some sites bundle users that are in the same base group into set ranges of
uids to allow rapid scanning of the password file.  Although \fImcp\fR is
designed to minimize human contact with \fB/etc/passwd\fR, uid ranges are
supported.
.sp
\fBAdd-range\fR takes as an argument the name of a group to which a uid range
should be assigned.  \fIMcp\fR will prompt you for the bounds of the range and
whether the range is to be \fIshared\fR or \fIexclusive\fR.  If the range is
exclusive, only new users with base group IDs correspoding to the range will
be given uids in that range.  If the range is shared, new users may be given
a uid in that range without being members of the corresponding group.  Thus
shared ranges automatically are fodder for new users with base groups that
do not correspond to a range.
.sp
Once a range has been assigned to a group, new users with base group IDs
that correspond this group have their uids chosen from the corresponding
range.  If there are no available uids left in the range, \fImcp\fR will
search though the shared ranges for a free uid.  If still none are found,
\fImcp\fR will search the uids not covered by any range.  If \fImcp\fR still
cannot find a uid, you probably have BIG problems.  Think about it.
.sp
.SH MAINTAINING SENDMAIL ALIASES
Optionally, \fImcp\fR can be configured to manage the sendmail aliases database
(see \fIaliases(5)\fR).  Aliases are added and deleted with the \fBadd-alias\fR
and \fBremove-alias\fR commands.  Addresses can be added and removed from existing
aliases via the \fBadd-to-alias\fR and \fBremove-from-alias\fR commands.
.sp
As an aid to managing mailing lists, \fImcp\fR supports \fIbinding\fR
classes, sigs, and groups to aliases.  Once a class, sig or group is bound
to an alias any members of the class, sig or group are immediately a member
of the alias.  If the class, sig or group is subsequently unbound from the
alias (or removed) its members are removed from the alias unless they have
another reason to be in it.  Being a member of another class, sig or group
that is bound to the same alias suffices, as does having been a member of
the alias before the class, sig or group was bound.  An example will clarify
this.
.nf
.sp
\fB(mcp) \fIdescribe-class sp200\fB
Class: sp200
Instructor: Rich Little
.sp
Public Speaking, lecture, 3 hours, 3 credits.
.sp
.TS
;
l3 l21 l .
reagan	Ronald Reagan	128
bresh_l	Leonid Breshnev	183
beebl_z	Zaphod Beeblebrox	184
khan	Genghis Khan	185
kirk	James T. Kirk	186
.TE
.sp
5 members.
(mcp) \fIdescribe-alias leaders\fB
Name: leaders
        - Addressees -
reagan   
1 addressee
(mcp) \fIbind-class sp200\fB
To-Aliases: leaders
1 bound
(mcp) \fIdescribe-alias leaders\fB
Name: leaders
Bound to class  : sp200 
        - Addressees -
beebl_z   bresh_l   khan      kirk      reagan    
5 addressees
(mcp) \fIunbind-class sp200\fB
From-Aliases: \fIleaders\fB
1 unbound
(mcp) \fIdescribe-alias leaders\fB
Name: leaders
        - Addressees -
reagan   
1 addressee
(mcp) \fR
.fi
.sp
Note that the user ``reagan'' remained in the alias ``leaders'' regardless
of the bindings because his membership was not dependent on that binding.
.SH OPTIONS
\fIMcp\fR has very few command line options:
.TP 4
.B -B
When invoked with \fB-B\fR, \fImcp\fR will create or rebuild account
data files that are missing or disturbed.  This should be used
whenever \fImcp\fR is 
re-configured and \fImust\fR be used when \fImcp\fR is first installed.
\fIMcp\fR keeps /etc/passwd sorted by uid for efficiency, and if this order is
disturbed (e.g. by someone using \fIvipw\fR) \fImcp\fR will complain.  If
this happens you can use \fImcp -B\fR to reorder /etc/passwd.
.TP
.B -c
Goop and glop checker.  Some checks are done only if \fImcp\fR is invoked as
the super-user.  Reports the existence of:
.sp 0.5
.in +3
.ti -3
\(bu  references to nonexistent
classes, sigs, and users
.br
.ti -3
\(bu  empty aliases
.br
.ti -3
\(bu  empty classes and sigs
.br
.ti -3
\(bu  expired classes and sigs
.br
.ti -3
\(bu  nonexistent home directories and shells (super-user only)
.br
.ti -3
\(bu  home directories owned by wrong user (super-user only)
.br
.ti -3
\(bu  references to gids that have no corresponding group
.br
.ti -3
\(bu  super-user and vig login names with no password
.TP
.B -l
\fIMcp\fR lists each group, sig, and class and the number of members
in each.  The expiration dates are displayed for classes and sigs.
.TP
.B -s
\fIMcp\fR will print a brief summary of the accounting information: the
number of users, groups, classes, sigs and aliases.
.TP
.B -v
Prints the current \fImcp\fR version and patchlevel.
.SH MISCELLANEOUS
Some important things to remember when interacting with \fImcp\fR:
.TP 3
\(bu
Changes are made to the accounting files ONLY when a \fBsave-changes\fR or
\fBsave-and-exit\fR is executed.  If you have made some ghastly error and just
want to abort the \fImcp\fR session, use \fBexit-mcp\fR; you will be asked
if you really want to exit without saving.  If you want to see what
\fImcp\fR will do when \fBsave-changes\fR is invoked, use
\fBdescribe-changes\fR.
.TP
\(bu
\fIMcp\fR backs up each account data file (e.g. \fB/etc/passwd.bak\fR) before
overwriting it.  This is only done once per \fImcp\fR session, thus the
backup will represent the file before the session began, regardless of how
many saves were done.
.TP
\(bu
\fIMcp\fR can be configured to checkpoint all account data files (e.g.
\fB/etc/passwd.mcp\fR) that have changed periodically during a session.
Also a checkpoint can be forced with the \fBcheckpoint-changes\fR command.
.TP
\(bu
At any point within a command, if \fImcp\fR is prompting you for input, you can
type the interrrupt character to abort the command, without the command
taking effect.
.TP
\(bu
\fIMcp\fR expects lists of things to be separated by spaces, NOT commas.
Since \fImcp\fR must handle sendmail's aliases file, words surrounded by double
quotes ``"'' are considered to be a single argument.  \fINote that the quotes
are considered part of the word, not just a delimiter.\fR
.TP
\(bu
Default responses to \fImcp\fR requests, if any, are shown in brackets
``[]''.  If you just type return when a default response is provided, the
default response is assumed.
.TP
\(bu
When \fImcp\fR is prompting you for information, if you are in doubt
about what you are being asked, type a ? and \fImcp\fR will print the
completion list for this query, if there is one.
.TP
\(bu
\fIMcp\fR tries to output only useful information to standard output.
Keyboard input is taken through standard input but the keystrokes are echoed
to /dev/tty as are '?' completion list requests (see below).  What this
means is that you can re-direct \fImcp\fR's output into a file to create neat
class rolls.  Just:
.sp
.ul
% mcp > roll
.sp
\fRUse \fBdescribe-class\fR to get the roll and then \fBexit-mcp\fR
and you will
have the class description devoid of cursor motion sequences and other
garbage you would get had you used \fIscript(1)\fR.
.SH CAVEATS
\fIMcp\fR discards all comments in the sendmail aliases file.
.sp
Make sure ALL your system and daemon accounts (human or otherwise) are vig
members, lest you unwittingly freeze and later remove them.
.SH ENVIRONMENT
.TS
;
l1 l .
PAGER	\- pager to use instead of the default
VISUAL	\- visual editor to use instead of the default
EDITOR	\- for dumb terminals, editor to use instead of the default
TERM	\- terminal type
SHELL	\- shell to use on shell-escapes instead of the default
.TE
.SH SEE ALSO
.I accounts(5), adduser(8), classes(5), group(5), passwd(5), ranges(5),
.I shells(l), sigs(5), vigs(5), vipw(8)
.SH BUGS
Perhaps \fB/etc/termcap\fR should be searched to make \fImcp\fR work on odd
terminals.
.sp
\fIMcp\fR should allow the user to specify a series of productions
to create default user names and home directory names, instead of inflicting
ODU conventions upon all.
.SH AUTHOR
Kyle Jones, ODU Computer Science, Norfolk, VA
.br
.in +4
(with many, many helpful suggestions from Tad Guy)