NU(8)NU(8)NAMEnu - manage user login accounts (create, modify, destroy UNIX accounts)
SYNOPSIS
/etc/nu -a
/etc/nu -m
/etc/nu -d
/etc/nu -k user1 user2 ...
DESCRIPTION
Nu is a program to help a UNIX system manager create, modify, delete,
and destroy accounts on that machine. While everything accomplished by
nu can be done manually by editing files and issuing shell commands, nu
will steer you through getting all the details right, checking for
typos, etc.
When nu is run with the -a option, it adds new accounts. The program
prompts you for the login id, password, name, and other information
about each new user, and then goes off and creates the account, creates
its directories, initializes their contents, and makes an entry in a
log file.
When nu is run with the -m option, it modifies existing accounts. It
asks for account names and instructions for the changes that you want
to make to those accounts, until you tell it that you are done making
changes. At that time it updates the account records and records them
into the users database in netinfo.
When nu is run with the -d option, it deletes accounts while still
leaving a users entry in netinfo for the deleted account. This will
prevent that uid from being reused, and will enable you to make sense
out of accounting data after deleting an account. The program
repeatedly asks you for the names of accounts to be deleted, and how
much deleting you really want to do to them.
When nu is run with the -k option and a list of login id's, it deletes
from the system almost all information pertaining to those login id's.
Specifically, it removes the entry from the users database in netinfo,
deletes the login directory and all of its contents, and deletes the
mailbox. It does not currently remove that user from any mailing lists
in /etc/sendmail/aliases. The -k option is not interactive: the
complete list of accounts to be deleted is provided on the command line
after the -k.
CONFIGURATION
When nu is started up, it reads configuration commands from the file
/etc/nu.cf. This file specifies the details of how new accounts are to
be created on your machine. Typically you will need to change only the
GroupHome declarations in that file, which declare the file systems
that hold the login directories for members of different groups.
However, you can change anything that you find there if your system
management policies require it.
When nu wants to create a new directory, it runs a shell script named
in /etc/nu.cf. Similarly, when it wants to initialize the files in a
newly-created directory, it runs another shell script whose name it
determines from /etc/nu.cf. By way of configuration and customization,
you can edit those shell scripts to conform to local practices. When
you do that editing, please remember that nu runs as root and that the
shell scripts contain statements like ``rm -rf *''; it goes without
saying that you must be quite cautious. There is a debug mode
available, in which nu will try not to hurt anything, but whenever you
are running as root you should be unusually careful. Nu can be run by
non-root users if its debug mode is enabled by a ``Debug=1'' statement
in /etc/nu.cf.
CONFIGURATION FILE FORMAT
The configuration file /etc/nu.cf is a text file containing a series of
statements, one statement per line. A semicolon that is not inside a
quoted string causes the rest of that line to be treated as a comment.
Each line in the file that is nonblank after stripping comments is
treated as an assignment statement. Each statement assigns a value to
one variable. With the exception of the variable "GroupHome", which is
special, all of the variables act like ordinary shell variables, which
is to say that they can take either integer values or string values.
All integers are decimal; all strings must be delimited with double-
quotes ("). There is no quoting or doubling convention for putting a
doublequote character inside a string.
Here are the configuration variables and what they mean. Case is
significant.
NetInfoDomain
This is the domain in which nu will make its changes. Currently
the program only checks the specified domain for consistency. Nu
should only be run on the machine serving the domain specified.
Attempting to modify a remote domain is bound to fail.
CreateDir
This string variable identifies the shell script that is run
whenever nu needs to create a new directory. That shell script
must be executable. It is called with 6 arguments: 1, the integer
uid; 2, the integer groupid; 3, the name of the user's actual home
directory; 4, the name of a symbolic link that should be set up to
point to that home directory; 5, an integer that is nonzero iff it
is ok to clobber an existing directory of the same name as
argument 4; and 6, an integer that is nonzero iff nu is running in
debug mode. The standard value for CreateDir is /etc/nulib/nu1.sh.
CreateFiles
This string variable identifies the shell script that is run
whenever nu needs to initialize a directory (newly-created or
otherwise) with some standard files. For example, /usr/skel/.[a-
z]* are often copied into a new login directory. This shell script
must be executable. It is called with 5 arguments: 1, the name of
the login directory to be initialized; 2, the integer uid of the
user; 3, the integer groupid of the user; 4, an integer that is
nonzero iff an MH-format mailbox is to be set up with some initial
contents; and 5, an integer that is nonzero iff nu is running in
debug mode. The standard value for CreateFiles is
/etc/nulib/nu2.sh.
Debug
This integer variable is set nonzero to cause nu to run in debug
mode. Debug mode is intended to help you get the bugs out of your
shell scripts before you go foolishly running them as root. If
Debug is nonzero, then you do not need to be logged on as root to
run nu. The standard value for Debug is 0.
DefaultAccount
This string variable contains the default account to use when
setting up new users. This is only effective if accounting is
enabled. See the description for the variable WantAccounting.
DefaultGroup
This integer variable is set to the group number of the default
user group. The default is used if the person running nu types a
carriage return in response to the question asking for a group id
for the new user. nu requires that a valid GroupHome assignment
exist for the default group number. The standard value for
DefaultGroup is any group number from /etc/group.
DefaultHome
This string variable is set to the file system or top-level
directory that will be used to hold the login directory for
accounts in groups not explicitly set up to have their login
directories somewhere else. When you are creating a new account,
nu asks you what group number you would like the account in. If
that group number is mentioned in a GroupHome declaration (see
below), then the home directory for the group is the one named in
that GroupHome declaration. If the group number is not mentioned
in a GroupHome declaration, then login accounts created in that
group will have their login directories put into DefaultHome. The
standard value for DefaultGroup is /mnt.
DefaultShell
This string variable is set to the name of the shell file to use
by default. The standard value for DefaultShell is /bin/csh.
DeleteAccts
This string variable identifies the shell script that is run
whenever nu needs to delete a user's account that was created in
some earlier session with nu. Deleting accounts involves changing
the password so that the user cannot log in, deleting all of his
files and directories, and deleting his mailbox. This shell script
must be executable. It is called with 5 arguments: 1, the login id
of the account to be deleted; 2, the login directory for that
account; 3, the name given in the netinfo users directory for the
login directory (which might possibly be a symbolic link to item
2, above, and therefore needs to be named separately); 4, the name
of the log file in which account changes are being logged, and 5,
an integer that is nonzero iff nu is running in debug mode. The
standard value for DeleteAccts is /etc/nulib/nu4.sh.
DestroyAccts
This string variable identifies the shell script that is run
whenever nu needs to destroy a user's account that was created in
some earlier session with nu. Destroying accounts involves
removing the user from the password file, deleting all of his
files and directories, and deleting his mailbox. For a (slightly)
less drastic account removal action, see ``DeleteAccts'', above.
This shell script must be executable. It is called with 5
arguments: 1, the login id of the account to be deleted; 2, the
login directory for that account; 3, the name given in in the
netinfo users directory for the login directory (which might
possibly be a symbolic link to item 2, above, and therefore needs
to be named separately); 4, the name of the log file in which
account changes are being logged, and 5, an integer that is
nonzero iff nu is running in debug mode. The standard value for
DestroyAccts is /etc/nulib/nu3.sh.
GroupHome
This pseudo-variable is the only name defined in the configuration
file that has any trickery attached to it. GroupHome is not really
a variable; rather, it is a name by which the configuration code
can load entries into a directory location table. In particular,
if you provide two GroupHome declarations, they are both
processed, while if you provide two of any other declaration, only
the latest one has any effect. A typical set of GroupHome
declarations might look something like this:
GroupHome= 10 "/usr"
GroupHome= 20 "/mnt"
GroupHome= 25 "/usr/cis"
GroupHome= 31 "/usr/guest"
The GroupHome declarations serve as default login directory
location information for new accounts. You can put any account
anywhere you want; the GroupHome information is used to make the
defaults come out in the right places, so that the process of
creating a new account consists mostly of hitting the return key
to accept the defaults. The sample declarations above cause group
10 to default to /usr, i.e. /usr/smith or /usr/jones, and group 31
to default to /usr/guest, i.e. /usr/guest/smith or
/usr/guest/jones. If the login group is not mentioned in a
GroupHome declaration, then the DefaultHome variable is used. A
GroupHome declaration is required for the default group (see
variable DefaultGroup); all others are optional.
Logfile
This string variable names the file in which all nu transactions
are logged. The standard value of Logfile is /usr/adm/nu.log.
MaxNameLength
This integer variable gives the maximum number of characters
permitted in a login name. For unmodified 4BSD systems it should
be set to 8.
SymbolicLinkDir
This string variable gives the name of a directory that can be
filled with symbolic links to real login directories. The value of
SymbolicLinkDir is ignored unless the variable WantSymbolicLinks
is nonzero. See its description, below, for more information.
Standard values for SymbolicLinkDir are /user or /udir.
WantAccounting
The integer variable WantAccounting determines whether nu should
prompt for accounting information when users are added to the
system. Specifying a 1 requests that accounting information should
be asked for.
WantMHsetup
This integer variable should be set to 1 if you would like nu to
take care of initializing mailbox contents. Initializing an MH
mailbox turns out to be a pleasant way to provide new users with
information about the system, and to give them a tutorial on the
use of MH. Nu just passes the value of WantMHsetup through to the
shell script named in CreateFiles, which is responsible for doing
the actual initialization. Standard value is 1.
WantSymbolicLinks
This integer variable controls whether login directory names or
symbolic links to them are put in the actual netinfo users
database. If WantSymbolicLinks is nonzero, then all created
accounts are given uniform login directory names in some directory
that exists only for the purpose of holding symbolic links, e.g.
/user/smith and /user/jones; the file /user/smith or /user/jones
is then made to be a symbolic link to the real login directory.
This is preferable to the ~smith or ~jones scheme for finding
login directories because the ~ notation is not handled by the
kernel, but must be handled individually by all programs that open
files. If the variable WantSymbolicLinks is 0, then accounts will
be created such that the true directory name is stored in the
netinfo users database.
EXPERT OPTIONS
In order to allow scripts and programs to take advantage of nu, four
expert options are available. These options are analogs of the
interactive options which are represented by the lowercase letters a,
m, k and d. If you are using nu from a shell, you should most likely
stick with the interactive options. They will prompt you for
confirmation, and will help you to select reasonable values to use.
Use the expert options with caution, they will not prompt for
confirmation. The four options are A, M, K, and D. In addition to the
option, each has a number of arguments. All arguments must be present
in the command, and there are no default values. The arguments are as
follows:
-A name realname uid gid shell pwd home reuse mh domain
-M currentuid name pwd uid gid realname home shell domain
-K name domain
-D uid domain
currentuid
currentuid in the -M option is the current uid, it will be
replaced by the uid specified later in the line.
gid
gid is the UNIX group identification number. It defines the
default group of the user.
domain
domain overrides the NetInfoDomain specified in the nu.cf file.
home
home is the user's home directory.
mh
mh tells nu that this user should be set up mail as a MH format.
This option should normally be N except for expert UNIX users who
are already familiar with MH.
name
name corresponds to the name prompted for in LoginWindow. It must
be unique for each user.
pwd
pwd is the text representation of the users passwd. It is
identical to what the LoginWindow expects when the user logs in.
It will be modified before it is stored. If you wish to have
spaces in your password, you must enclose it in double quotes.
realname
realname is the full name of the user. If you wish to have spaces
in the name, it must be enclosed in double quotes.
reuse
reuse tells nu to reuse the home directory if it already exists.
shell
shell is the users default shell when a Terminal or Shell is
launched.
uid
uid is the UNIX user identification number. Like the name, it
also must be unique for each user.
SYSTEM ISSUES
Nu traps INTR characters (e.g. ^C) and refuses to die if you try to
stop it in the middle of a critical section. Critical sections are
primarily the updates the netinfo database. A list of all changes is
recorded in a log file, usually /usr/adm/nu.log.
FILES
/etc/nu.cf Configuration file
/etc/nulib/*.sh Shell scripts to perform the work
others nu.cf and nulib/*.sh reference other
files.
SEE ALSOgroup(5), passwd(5), vipw(8)AUTHOR
Brian Reid, Erik Hedberg, Fred Yankowski
BUGS
The extensive use of shell scripts for doing sensitive things like
purging accounts means that somebody can make nu fail in horrible ways
without having access to the source code. With increased flexibility
comes increased responsibility.
NeXT Computer, Inc. June 30, 1989 NU(8)
