./_Man_NeXT_html/html8/nu.8.html

Manual page for NU(8)

nu - manage user login accounts (create, modify, destroy UNIX accounts)

SYNOPSIS

/etc/nu -a
/etc/nu -m
/etc/nu -d
/etc/nu -k user1 user2 ...

DESCRIPTION

Nu is a program to help a UNIX system manager create, modify, delete, and destroy accounts on that machine. While everything accomplished by nu can be done manually by editing files and issuing shell commands, nu will steer you through getting all the details right, checking for typos, etc.

When nu is run with the -a option, it adds new accounts. The program prompts you for the login id, password, name, and other information about each new user, and then goes off and creates the account, creates its directories, initializes their contents, and makes an entry in a log file.

When nu is run with the -m option, it modifies existing accounts. It asks for account names and instructions for the changes that you want to make to those accounts, until you tell it that you are done making changes. At that time it updates the account records and records them into the users database in netinfo.

When nu is run with the -d option, it deletes accounts while still leaving a users entry in netinfo for the deleted account. This will prevent that uid from being reused, and will enable you to make sense out of accounting data after deleting an account. The program repeatedly asks you for the names of accounts to be deleted, and how much deleting you really want to do to them.

When nu is run with the -k option and a list of login id's, it deletes from the system almost all information pertaining to those login id's. Specifically, it removes the entry from the users database in netinfo, deletes the login directory and all of its contents, and deletes the mailbox. It does not currently remove that user from any mailing lists in /etc/sendmail/aliases. The -k option is not interactive: the complete list of accounts to be deleted is provided on the command line after the -k.

CONFIGURATION

When nu is started up, it reads configuration commands from the file /etc/nu.cf. This file specifies the details of how new accounts are to be created on your machine. Typically you will need to change only the GroupHome declarations in that file, which declare the file systems that hold the login directories for members of different groups. However, you can change anything that you find there if your system management policies require it.

When nu wants to create a new directory, it runs a shell script named in /etc/nu.cf. Similarly, when it wants to initialize the files in a newly-created directory, it runs another shell script whose name it determines from /etc/nu.cf. By way of configuration and customization, you can edit those shell scripts to conform to local practices. When you do that editing, please remember that nu runs as root and that the shell scripts contain statements like ``rm -rf *''; it goes without saying that you must be quite cautious. There is a debug mode available, in which nu will try not to hurt anything, but whenever you are running as root you should be unusually careful. Nu can be run by non-root users if its debug mode is enabled by a ``Debug=1'' statement in /etc/nu.cf.

CONFIGURATION FILE FORMAT

The configuration file /etc/nu.cf is a text file containing a series of statements, one statement per line. A semicolon that is not inside a quoted string causes the rest of that line to be treated as a comment. Each line in the file that is nonblank after stripping comments is treated as an assignment statement. Each statement assigns a value to one variable. With the exception of the variable "GroupHome", which is special, all of the variables act like ordinary shell variables, which is to say that they can take either integer values or string values. All integers are decimal; all strings must be delimited with double-quotes ("). There is no quoting or doubling convention for putting a doublequote character inside a string.

Here are the configuration variables and what they mean. Case is significant.

NetInfoDomain

This is the domain in which nu will make its changes. Currently the program only checks the specified domain for consistency. Nu should only be run on the machine serving the domain specified. Attempting to modify a remote domain is bound to fail.

CreateDir

This string variable identifies the shell script that is run whenever nu needs to create a new directory. That shell script must be executable. It is called with 6 arguments: 1, the integer uid; 2, the integer groupid; 3, the name of the user's actual home directory; 4, the name of a symbolic link that should be set up to point to that home directory; 5, an integer that is nonzero iff it is ok to clobber an existing directory of the same name as argument 4; and 6, an integer that is nonzero iff nu is running in debug mode. The standard value for CreateDir is /etc/nulib/nu1.sh.

CreateFiles

This string variable identifies the shell script that is run whenever nu needs to initialize a directory (newly-created or otherwise) with some standard files. For example, /usr/skel/.[a-z]* are often copied into a new login directory. This shell script must be executable. It is called with 5 arguments: 1, the name of the login directory to be initialized; 2, the integer uid of the user; 3, the integer groupid of the user; 4, an integer that is nonzero iff an MH-format mailbox is to be set up with some initial contents; and 5, an integer that is nonzero iff nu is running in debug mode. The standard value for CreateFiles is /etc/nulib/nu2.sh.

Debug

This integer variable is set nonzero to cause nu to run in debug mode. Debug mode is intended to help you get the bugs out of your shell scripts before you go foolishly running them as root. If Debug is nonzero, then you do not need to be logged on as root to run nu. The standard value for Debug is 0.

DefaultAccount

This string variable contains the default account to use when setting up new users. This is only effective if accounting is enabled. See the description for the variable WantAccounting.

DefaultGroup

This integer variable is set to the group number of the default user group. The default is used if the person running nu types a carriage return in response to the question asking for a group id for the new user. nu requires that a valid GroupHome assignment exist for the default group number. The standard value for DefaultGroup is any group number from /etc/group.

DefaultHome

This string variable is set to the file system or top-level directory that will be used to hold the login directory for accounts in groups not explicitly set up to have their login directories somewhere else. When you are creating a new account, nu asks you what group number you would like the account in. If that group number is mentioned in a GroupHome declaration (see below), then the home directory for the group is the one named in that GroupHome declaration. If the group number is not mentioned in a GroupHome declaration, then login accounts created in that group will have their login directories put into DefaultHome. The standard value for DefaultGroup is /mnt.

DefaultShell

This string variable is set to the name of the shell file to use by default. The standard value for DefaultShell is /bin/csh.

DeleteAccts

This string variable identifies the shell script that is run whenever nu needs to delete a user's account that was created in some earlier session with nu. Deleting accounts involves changing the password so that the user cannot log in, deleting all of his files and directories, and deleting his mailbox. This shell script must be executable. It is called with 5 arguments: 1, the login id of the account to be deleted; 2, the login directory for that account; 3, the name given in the netinfo users directory for the login directory (which might possibly be a symbolic link to item 2, above, and therefore needs to be named separately); 4, the name of the log file in which account changes are being logged, and 5, an integer that is nonzero iff nu is running in debug mode. The standard value for DeleteAccts is /etc/nulib/nu4.sh.

DestroyAccts

This string variable identifies the shell script that is run whenever nu needs to destroy a user's account that was created in some earlier session with nu. Destroying accounts involves removing the user from the password file, deleting all of his files and directories, and deleting his mailbox. For a (slightly) less drastic account removal action, see ``DeleteAccts'', above. This shell script must be executable. It is called with 5 arguments: 1, the login id of the account to be deleted; 2, the login directory for that account; 3, the name given in in the netinfo users directory for the login directory (which might possibly be a symbolic link to item 2, above, and therefore needs to be named separately); 4, the name of the log file in which account changes are being logged, and 5, an integer that is nonzero iff nu is running in debug mode. The standard value for DestroyAccts is /etc/nulib/nu3.sh.

GroupHome

This pseudo-variable is the only name defined in the configuration file that has any trickery attached to it. GroupHome is not really a variable; rather, it is a name by which the configuration code can load entries into a directory location table. In particular, if you provide two GroupHome declarations, they are both processed, while if you provide two of any other declaration, only the latest one has any effect. A typical set of GroupHome declarations might look something like this:

   GroupHome= 10 "/usr"
   GroupHome= 20 "/mnt"
   GroupHome= 25 "/usr/cis"
   GroupHome= 31 "/usr/guest"

The GroupHome declarations serve as default login directory location information for new accounts. You can put any account anywhere you want; the GroupHome information is used to make the defaults come out in the right places, so that the process of creating a new account consists mostly of hitting the return key to accept the defaults. The sample declarations above cause group 10 to default to /usr, i.e. /usr/smith or /usr/jones, and group 31 to default to /usr/guest, i.e. /usr/guest/smith or /usr/guest/jones. If the login group is not mentioned in a GroupHome declaration, then the DefaultHome variable is used. A GroupHome declaration is required for the default group (see variable DefaultGroup); all others are optional.

Logfile

This string variable names the file in which all nu transactions are logged. The standard value of Logfile is /usr/adm/nu.log.

MaxNameLength

This integer variable gives the maximum number of characters permitted in a login name. For unmodified 4BSD systems it should be set to 8.

SymbolicLinkDir

This string variable gives the name of a directory that can be filled with symbolic links to real login directories. The value of SymbolicLinkDir is ignored unless the variable WantSymbolicLinks is nonzero. See its description, below, for more information. Standard values for SymbolicLinkDir are /user or /udir.

WantAccounting

The integer variable WantAccounting determines whether nu should prompt for accounting information when users are added to the system. Specifying a 1 requests that accounting information should be asked for.

WantMHsetup

This integer variable should be set to 1 if you would like nu to take care of initializing mailbox contents. Initializing an MH mailbox turns out to be a pleasant way to provide new users with information about the system, and to give them a tutorial on the use of MH. Nu just passes the value of WantMHsetup through to the shell script named in CreateFiles, which is responsible for doing the actual initialization. Standard value is 1.

WantSymbolicLinks

This integer variable controls whether login directory names or symbolic links to them are put in the actual netinfo users database. If WantSymbolicLinks is nonzero, then all created accounts are given uniform login directory names in some directory that exists only for the purpose of holding symbolic links, e.g. /user/smith and /user/jones; the file /user/smith or /user/jones is then made to be a symbolic link to the real login directory. This is preferable to the ~smith or ~jones scheme for finding login directories because the ~ notation is not handled by the kernel, but must be handled individually by all programs that open files. If the variable WantSymbolicLinks is 0, then accounts will be created such that the true directory name is stored in the netinfo users database.

EXPERT OPTIONS

In order to allow scripts and programs to take advantage of nu, four expert options are available. These options are analogs of the interactive options which are represented by the lowercase letters a, m, k and d. If you are using nu from a shell, you should most likely stick with the interactive options. They will prompt you for confirmation, and will help you to select reasonable values to use. Use the expert options with caution, they will not prompt for confirmation. The four options are A, M, K, and D. In addition to the option, each has a number of arguments. All arguments must be present in the command, and there are no default values. The arguments are as follows:

: -A name realname uid gid shell pwd home reuse mh domain
: -M currentuid name pwd uid gid realname home shell domain
: -K name domain
: -D uid domain
currentuid: currentuid in the -M option is the current uid, it will be replaced by the uid specified later in the line.
gid: gid is the UNIX group identification number. It defines the default group of the user.
domain: domain overrides the NetInfoDomain specified in the nu.cf file.
home: home is the user's home directory.
mh: mh tells nu that this user should be set up mail as a MH format. This option should normally be N except for expert UNIX users who are already familiar with MH.
name: name corresponds to the name prompted for in LoginWindow. It must be unique for each user.
pwd: pwd is the text representation of the users passwd. It is identical to what the LoginWindow expects when the user logs in. It will be modified before it is stored. If you wish to have spaces in your password, you must enclose it in double quotes.
realname: realname is the full name of the user. If you wish to have spaces in the name, it must be enclosed in double quotes.
reuse: reuse tells nu to reuse the home directory if it already exists.
shell: shell is the users default shell when a Terminal or Shell is launched.
uid: uid is the UNIX user identification number. Like the name, it also must be unique for each user.

SYSTEM ISSUES

Nu traps INTR characters (e.g. ^C) and refuses to die if you try to stop it in the middle of a critical section. Critical sections are primarily the updates the netinfo database. A list of all changes is recorded in a log file, usually /usr/adm/nu.log.

FILES

/etc/nu.cf Configuration file
/etc/nulib/*.sh Shell scripts to perform the work
others nu.cf and nulib/*.sh reference other
files.

AUTHOR

Brian Reid, Erik Hedberg, Fred Yankowski

BUGS

The extensive use of shell scripts for doing sensitive things like purging accounts means that somebody can make nu fail in horrible ways without having access to the source code. With increased flexibility comes increased responsibility.