Removing a user from your system may be as simple as inserting a word such as VO I D in that user's encrypted password field in /etc/passwd. However, if the user has created many files that must be saved, you may need to find all files owned by the user, back them up, examine each of them, determine who else uses the files, change the ownership of shared files, remove links, and finally delete the user's password entry.
This section introduces the most moderate form of user removal first and then discusses additional steps that make the removal more extreme. The Macintosh interface for dragging user folders to the Trash is also discussed.
Gentle deletion
The first step in removing a user from your system is to deny the user access to it. The cleanest way to do this is to edit the user's / etc/passwd entry and enter the word VOID in the encrypted password field. This makes it impossible for anyone to log in as that user, although that user's files remain unaffected.
• Note: Do not leave the password field blank. A blank password is a serious security breach because anybody can log in to the system using the login name without a password.
Do not delete the whole / etc/passwd entry for that user yet. If you do, you will not only deny the user access to the system but also affect the files owned by that user. Commands that use login names as arguments (for example, chown and find) or that print information relating to login names (for example, Is -1) check the / etc/passwd file for the user names and numbers. If there is no login name for a file's owner, it is replaced by a number (when you enter Is -1, for instance). If you delete a few /etc/passwd entries, you will probably get confused about which files belong to which former user.
3-34 AlUX Local System Administration
Backup and selective deletions
You need to be careful when deleting a user's files. In general, it is a good idea to back up a user's files before deleting them, for two reasons:
• These files may contain information that you will need later.
• These files may be used by other users on your system.
To locate all the files owned by the user, follow these steps:
1. Void the user's password; see the preceding section, "Gentle Deletion."
2. Find all the ftles belonging to the user, regardless of their location, with the command
find / -user login-name -print > someftle
3. Back up the fdes using either tar or epio, or drag them onto a floppy disk.
See Chapter 2, "Getting Around in A/UX," in A/UX Essentials. Also see the information on partial backups in Chapter 4, "Backing Up Your System."
4. Delete the user's fdes after fmding out if anyone is currently executing any commands or using any data fdes owned by that user.
Inquire personally or through mail or use the acctcom command (see Chapter 9,
"System Accounting Package") to find out if any others regularly use files created by that user. If they do, change the ownership of those files. If a file is linked to that user, remove the link. Then delete the files.
Dragging the account folder to the Trash
An alternate way to remove an account is to open the / use r s folder and drag the user's account folder to the Trash. The password file entry must then be removed as described above.
Chapter 3 User and Group Administration 3-35
Troubleshooting
Most user administration problems can be traced to ownership and group membership questions or to erroneous entries in the /ete/passwd and jete/group files.
(1
Suggestions for solving these potential problems, indicated by alert boxes and messages, ~
follow. The problem area is given first, followed by the message that the system displays, which tells you what action to take.
If the Name field has a name that isn't listed in /ete/passwd:
Sorry, that user name is unknown. Please retype the name or contact the system administrator.
If the user's password is incorrect:
Sorry, your password is incorrect. Please reenter it.
If the user's home directory (as listed in /ete/passwd) can't be found:
Your home directory, [name of home directo~, is inaccessible. Perhaps that directory is on a file system which is not mounted. Please contact the system administrator.
(Another possibility is that the system administrator made a directory in which the name differed from that in the / ete/passwd file.)
If the user's default shell program, for example /bin/ esh, as listed in / ete/passwd can't be found:
Your default shell program, [name of default shell program], does not exist.
Please contact the system administrator.
If the user doesn't have permission to execute the default shell program: (perhaps the system administrator made a directory in which the name differed from that in the
/ ete/passwd file):
shell program, [name of shell program]. please contact the system administrator.
3-36 A/UX Local System Administration
If the user ID (as listed in / e t e / pas s wd) is out of range:
Invalid user id [ID numben. Please contact the system administrator.
If the group ID (as listed in / e t e / pas s wd) is out of range:
Invalid group id [group ID numben. Please contact the system administrator.
There are three standard shells- /bin/ sh, /bin/ esh, and /bin/ksh. If the user's entry in /ete/passwd lists a different shell, this message is displayed in an alert box whenever the user chooses the Every Session or This Session Only button in the Change Session Type dialog box:
Your shell program, [name of shell program], is not a standard shell; thus,the session type will be Console Emulator.
To tell the system that this shell is a standard one, add it to jete/shells or contact your system administrator.
If /mae/bin/mae32, or the chosen session type is missing, the following message is displayed:
The [kind of session] session startup program, [name of startup program], does not exist. A console emulator session will be started instead.
If /mae/bin/mae32, or the chosen session type, is not executable by this user:
You don't have permission to execute the [name of session] session startup program, [name of program]. A console emulator session will be started instead.
The root user's default shell, for example/bin/esh as listed in /ete/passwd, doesn't exist:
Your default shell program, [name of default program], does not exist.
/bin/ sh will be used instead.
This alert is displayed when a console message is received:
The following console message was received: [console message].
Chapter 3 User and Group Administration 3-37
Password requirements are not met. These messages are displayed when the user attempts to click OK in the Change Password dialog box:
Your password must be at least six characters long.
Your password must contain at least two alphabetic characters and one numeric or punctuation character.
Your password cannot be a circular shift of your login name.
Your new password must differ from your old one by at least three characters.
This password can be changed only by the superuser.
Sorry, your account has password aging restrictions. It has not been long enough since your password was last changed.
If the user retypes his or her password in the confirmation dialog box incorrectly, this message is displayed:
This doesn't match your original entry. Please try again.
Only one user can change the password file at a time. Someone else may be editing it with
vipw or the passwd(1) command:
Another user is modifying the password file. Please try again later.
3-38 A!UX Local System Administration
(
I~
Chapter 4 Backing Up Your System
This chapter discusses the various methods by which you can back up your system. Backing up means that you copy the data on your hard disk to an alternate medium, such as a floppy disk or a magnetic tape, from which you can restore the data to your hard disk, if necessary. The topics covered in this chapter include:
• Full and partial backups
• Standard A!UX device files
• Mounted and unmounted file systems
• Kinds of backup media and their storage capacities
• A!UX backup utilities: pax, epio, tar, dump. bsd, and restore
Making regular backup copies of files and file systems is one of the most important duties of the A/UX system administrator. Computer data stored on disk can be damaged by hardware failure, or users may accidentally remove it. If you make regular backups, you increase your ability to restore data that is damaged, lost, or destroyed.
Store backups in a safe place-off-site if necessary. Also, keep a backup log as a written record of what was backed up.
There are many ways to back up data. To decide on the best technique, compare the time it takes to complete a backup with the time it may take to restore a backup. Also consider how often your data is changed, how valuable the data is, and how many people use the system. The safest plan is to devise an overlapping strategy, combining two or three backup techniques. Generally, if you use a regular schedule for full backups and supplement those with one or two partial backups, you can be assured
4-1
that you will be able to rebuild your system, if necessary. You may want to customize backup commands in a shell script to keep all backups
consistent.
You may also use the A!UX backup utilities to store directories no longer needed on the system. By storing unused data on floppy disks or tape cartridges, you free the system disk for use and improve performance.
The backup and restore utilities available on the A!UX system include
epio, tar, pax, and dump .bsd. The backup utility under the Macintosh Operating System provides an easy way to make full backups onto a 40-megabyte tape cartridge.
Backing up and restoring are mutually dependent activities with epio or
tar. If you back up with tar, you can use only tar to retrieve the data;
the same is true for epio. The pax command, however, enables you to read or write tar or epio archives. Archives are copies of files or file system data that the user stores on a removable medium, usually floppy disks or magnetic tape.
4-2 A/UX Local System Administration
I
\