nu(8)
NAME
nu − setup and manage user login accounts
SYNTAX
/etc/nu
DESCRIPTION
The nu command is a program to help a system manager create, modify, and delete accounts on that machine. While everything accomplished by nu can be done manually by editing files and issuing shell commands, nu will guide you through getting all the details right, worrying about file locking, checking for typos, and so on.
When you add new accounts, the program prompts you for the login ID, password, name, and other information about each new user, and then goes off and creates the account, creates its directories, initializes their contents, and records an entry in a log file.
When you modify an existing account, nu repeatedly asks for account names and instructions for the changes that you want to make to those accounts, until you tell it that you are done making changes. At that time it sorts the updated account records and merges them all at once into /etc/passwd.
When you delete accounts using nu, you have two options available. You may leave a passwd entry for the deleted user in the /etc/passwd file, (delete a user) or you may remove all references to the user entirely (kill a user). If you leave the old user’s passwd entry in the /etc/passwd file, this prevents that UID from being reused, and enables you to make sense out of accounting data after deleting an account. The old user’s password is changed to NOLOGINS to ensure that he stays off the system. When you kill a user account, all references to the user are deleted, including the old user’s /etc/passwd entry, the user’s login (HOME) directory and its contents, and the user’s mailbox. Kill does not currently remove the old user from any mailing lists in /usr/lib/aliases.
CONFIGURATION
When nu is started up, it reads configuration commands from the file /etc/nu.cf. This file specifies the details of how new accounts are to be created on your machine. Typically you will need to change only the GroupHome declarations in that file, which declare what file systems hold the login directories for members of different groups. However, you can change anything that you find there, should your system management policies require it.
When nu wants to create a new directory, it runs a shell script named in the configuration file. Similarly, when it wants to initialize the files in a newly-created directory, it runs another shell script whose name it determines from /etc/nu.cf. By way of configuration and customization, you can edit those shell scripts to conform to local practices. When you do that editing, remember that nu runs as root and that the shell scripts contain statements like “rm −rf *”. It goes without saying that you must be quite cautious. There is a debug mode available, in which nu will try not to hurt anything, but whenever you are running a modified shell script, you should be unusually careful. To run nu in debug mode, change the Debug=0 line in /etc/nu.cf to Debug=1.
CONFIGURATION FILE FORMAT
The configuration file /etc/nu.cf is a text file containing a series of statements, one statement per line. A semicolon that is not inside a quoted string causes the rest of that line to be treated as a comment. Each line in the file that is nonblank after stripping comments is treated as an assignment statement. Each statement assigns a value to one variable. With the exception of the variable "GroupHome", which is special, all of the variables act like ordinary shell variables, which is to say that they can take either integer values or string values. All integers are decimal; all strings must be delimited with double-quotes ("). There is no quoting or doubling convention for putting a doublequote character inside a string.
Here are the configuration variables and what they mean. Case is significant.
Backupfile
This string variable gives the pathname that nu will use to make a backup copy of /etc/passwd, to protect itself from disaster in case something happens while it is writing to /etc/passwd. Typical value of Backupfile is /usr/adm/nu.passwd.
CreateDir
This string variable identifies the shell script that is run whenever nu creates a new directory. This shell script must be executable. It is called with 5 arguments: 1, the integer uid; 2, the integer groupid; 3, the name of the user’s actual home directory; 4, an integer that is nonzero if and only if it is ok to clobber an existing directory of the same name as argument 3; and 5, an integer that is nonzero if and only if nu is running in debug mode. The standard value for CreateDir is /etc/nulib/nu1.sh.
CreateFiles
This string variable identifies the shell script that is run whenever nu needs to initialize a directory (newly-created or otherwise) with some standard files. For example, /usr/skel/.[a-z]* are often copied into a new login directory. This shell script must be executable. It is called with 4 arguments: 1, the integer uid of the user; 2, the integer groupid of the user; 3, the name of the login directory to be initialized; and 4, an integer that is nonzero if and only if nu is running in debug mode. The standard value for CreateFiles is /etc/nulib/nu2.sh.
Debug
This integer variable is set to cause nu to run in debug mode. Debug mode is intended to help you get the bugs out of your shell scripts before running them for real. The standard value for Debug is 0.
DefGroup
This integer variable is set to the group number of the default user group. The default is used if the person running nu types a carriage return in response to the question asking for a group id for the new user. The nu command requires that a valid GroupHome assignment exist for the default group number. The standard value for DefGroup is any group number from /etc/group.
DefHome
This string variable is set to the file system or top-level directory that will be used to hold the login directory for accounts in groups not explicitly set up to have their login directories somewhere else. When you are creating a new account, nu asks you what group number you would like the account in. If that group number is mentioned in a GroupHome declaration (see below), then the home directory for the group is the one named in that GroupHome declaration. If the group number is not mentioned in a GroupHome declaration, then login accounts created in that group will have their login directories put into DefHome. The standard value for DefHome is /usr/guest.
DefShell
This string variable is set to the name of the shell file to use by default. The standard value for DefShell is /bin/csh.
DeleteAccts
This string variable identifies the shell script that is run whenever nu needs to delete a user’s account. Deleting accounts involves changing the password so that the user cannot log in (NOLOGINS), deleting all of his files and directories, and deleting his mailbox. This shell script must be executable. It is called with 4 arguments: 1, the login id of the account to be deleted; 2, the login directory for that account; 3, the name of the log file in which account changes are being logged, and 4, an integer that is nonzero if and only if nu is running in debug mode. The standard value for DeleteAccts is /etc/nulib/nu3.sh.
KillAccts
This string variable identifies the shell script that is run whenever nu needs to kill a user’s account. Killing an account destroys the login account. This involves removing the user from the /etc/passwd file, deleting all of his files and directories, and deleting his mailbox. For a slightly less drastic account removal action, see DeleteAccts, above. This shell script must be executable. It is called with 4 arguments: 1, the login id of the account to be deleted; 2, the login directory for that account; 3, the name of the log file in which account changes are being logged, and 4, an integer that is nonzero if and only if nu is running in debug mode. The standard value for KillAccts is /etc/nulib/nu4.sh.
Dummyfile
This string variable holds the name of the hard link that is created as part of the locking process on /etc/passwd; see vipw(8). The correct value for Dummyfile is /etc/vipw.lock. The only reason that it is specified in the configuration file and not hardwired into the code of nu is that in debugging, you might not want to use the real lock and may in fact not even have permissions to lock it.
GroupHome
This pseudo-variable is the only name defined in the configuration file that has any trickery attached to it. GroupHome is not really a variable; rather, it is a name by which the configuration code can load entries into a directory location table. In particular, if you provide two GroupHome declarations, they are both processed, while if you provide two of any other declaration, only the latest one has any effect. A typical set of GroupHome declarations might look something like this:
GroupHome= 10 "/usr"
GroupHome= 20 "/usr/users"
GroupHome= 25 "/usr/staff"
GroupHome= 31 "/usr/guest"
The GroupHome declarations serve as default login directory location information for new accounts. You can put any account anywhere you want. The GroupHome information is used to make the defaults come out in the right places, so that the process of creating a new account consists mostly of hitting the return key to accept the defaults. The sample declarations above cause group 10 to default to /usr, that is /usr/smith or /usr/jones, and group 31 to default to /usr/guest, that is /usr/guest/smith or /usr/guest/jones. If the login group is not mentioned in a GroupHome declaration, then the DefHome variable is used. A GroupHome declaration is required for the default group (see variable DefGroup); all others are optional.
Linkfile
See also Dummyfile. This string variable gives the name of the file to which links are made for the purpose of locking the password file. Any value other than /etc/ptmp is suspect.
Logfile
This string variable names the file in which all nu transactions are logged. The standard value of Logfile is /usr/adm/nu.log.
MaxNameLength
This integer variable gives the maximum number of characters permitted in a login name.
PasswdFile
This string variable gives the name of the file into which nu will write its new account entries. Unless you are debugging, its value should be /etc/passwd.
Tempfile
This string variable names the file that nu will use for building a scratch copy of /etc/passwd during the account modification process. The value doesn’t really matter much; it is created at the beginning of a nu execution and destroyed before exit. A typical value for Tempfile is /usr/adm/nu.temp.
SYSTEM ISSUES
The nu command obeys the standard locking protocol for /etc/passwd. It traps INTR characters (for example, ^C) and refuses to die if you try to stop it in the middle of a critical section. Critical sections are primarily the updates of /etc/passwd. A list of all changes is recorded in a log file, usually /usr/adm/nu.log.
RESTRICTIONS
The extensive use of shell scripts for doing sensitive things, like purging accounts, means that somebody can make nu fail in horrible ways without having access to the source code. With increased flexibility comes increased responsibility.
FILES
/etc/passwdSystem password file
/etc/groupSystem group file
/etc/ptmpLock file
/etc/vipw.lockDummy file linked to by /etc/ptmp
/etc/nu.cfConfiguration file
/etc/nulib/*.shShell scripts to perform the work