<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9"> <TITLE>Coda File System User and System Administrators Manual: System Administration: Users </TITLE> <LINK HREF="manual-12.html" REL=next> <LINK HREF="manual-10.html" REL=previous> <LINK HREF="manual.html#toc11" REL=contents> </HEAD> <BODY> <A HREF="manual-12.html">Next</A> <A HREF="manual-10.html">Previous</A> <A HREF="manual.html#toc11">Contents</A> <HR> <H2><A NAME="SysAdmUsr"></A> <A NAME="s11">11. System Administration: Users </A></H2> <P> <P> <H2><A NAME="AddUsers"></A> <A NAME="ss11.1">11.1 Adding users </A> </H2> <P>There are several steps in adding a new user to the Coda file system. First, create a Unix account for the new user on some or all of the Coda clients. Second, add the user to the Coda authentication database and the protection database (described below). Third, create a volume for the user and mount it at the appropriate place in the Coda name space (See Section <A HREF="manual-10.html#CreateVol">XXX</A>). <P> <H3>Constructing new protection database files</H3> <P> <P>Add a line for each new user to the <CODE>user.coda</CODE> file using the userId from the new users Unix account. @Foot(If you are at Carnegie Mellon and the user you intend to add does not have a CMU-CS account, STOP! The user <B>must</B> get a CMU-CS account before you may continue. To determine the UID, <B>grep</B> for the login name in <CODE>/etc/passwds</CODE>.) You may copy the user's entry in <CODE>/etc/passwds</CODE> to the user.coda file for this purpose if you wish. Note that only the login name (the first field) and the uid (the third field) are relevant and that you may delete the other fields as long as you leave all the "<B>:</B>" characters intact. <P>Now, add the users name to the appropriate group in the file <CODE>groups.coda</CODE>. Note that Coda groups are totally separate from Unix groups. Adding a user to group <B>System:Administrators</B> is about the equivalent of giving that user root privileges. Only System Administrators should be in this group. As an example, we add all Coda developers (hard and soft core) to the <B>system:coda</B> group. Add other Coda users to groups as appropriate. <P>Execute <CODE>% pwd2pdb -u /vice/db/user.coda -g /vice/db/group.coda > /vice/db/vice.pdb</CODE> <P>to generate a Coda protection database. <P>Finally, execute <CODE>pcfgen /vice/db/vice.pdb</CODE> to generate the file <CODE>vice.pcf</CODE>. <P> <H3>Installing the protection database files</H3> <P> <P>Now that you have generated the new protection database files, you must install these files. Follow these steps: <P> <OL> <LI>Login into the SCM.</LI> <LI><CODE>cd /vice/db</CODE></LI> <LI><CODE>/vice/bin/mvdb <srcdir> vice.pdb vice.pcf</CODE>) where <srcdir> is the name of the directory containing the new vice.pdb and vice.pcf.</LI> </OL> <P> <H3>Modifying the authentication database</H3> <P>User accounts are added to the authentication database with the <B>au</B> program, which can also delete and modify user accounts, change passwords, and get tokens. To add a user, run <CODE> au -h <SCM> nu</CODE> on a Coda client workstation, giving the System Control Machine's name in <SCM>. <P>In response to the prompts, provide your Coda userId and password and then the new users name and temporary password. (Give the new users full name to the "Other info" prompt.) You must be a member of the system:administrators group in order to successfully modify the authentication database. The following example illustrates adding the user "guest" to the authentication database. Note that the new password will echo to the screen. <P> <BLOCKQUOTE><CODE> <PRE> au -h your-scm.host nu Your Vice name: raiff Your password: RPC2_Bind () --> RPC2_SUCCESS Vice user: guest New password: guestpwd New info: Guest User </PRE> </CODE></BLOCKQUOTE> <P>Updates made via <B>au</B> will be automatically distributed to the other servers by the Update daemon. Now, the <B>auth</B> server knows about the new users. New users may change their temporary passwords using the <B>cpasswd</B> command. <P> <H2><A NAME="ss11.2">11.2 Monitoring Auth Server Activity</A> </H2> <P> <P>The file <CODE>/vice/auth2/AuthLog</CODE> has a log of the auth server activity and can be used to monitor failed login attempts. You can also monitor password changes in the file <CODE>/vice/db/auth2.pw</CODE>. <HR> <A HREF="manual-12.html">Next</A> <A HREF="manual-10.html">Previous</A> <A HREF="manual.html#toc11">Contents</A> </BODY> </HTML>