NU
Section: Maintenance Commands (8)
Updated: June 30, 1989
Index
Return to Main Contents
NAME
nu - manage user login accounts (create, modify, destroy UNIX accounts)
SYNOPSIS
/etc/nu -a
/etc/nu -m
/etc/nu -d
/etc/nu -k user1 user2 ...
DESCRIPTION
Nu
is a program to help a UNIX system manager create, modify, delete, and destroy
accounts on that machine. While everything accomplished by nu
can be done manually by editing files and issuing shell commands, nu
will steer you through getting all the details right, checking for typos, etc.
When nu is run with the -a option, it adds new accounts. The
program prompts you for the login id, password, name, and other information
about each new user, and then goes off and creates the account, creates its
directories, initializes their contents, and makes an entry in a log file.
When nu is run with the -m option, it modifies existing
accounts. It asks for account names and instructions for the changes that
you want to make to those accounts, until you tell it that you are done
making changes. At that time it updates the account records and records
them into the users database in netinfo.
When nu is run with the -d option, it deletes accounts while
still leaving a users entry in netinfo for the deleted account. This
will prevent that uid from being reused, and will enable you to make sense
out of accounting data after deleting an account. The program repeatedly
asks you for the names of accounts to be deleted, and how much deleting you
really want to do to them.
When nu is run with the -k option and a list of login id's, it
deletes from the system almost all information pertaining to those login
id's. Specifically, it removes the entry from the users database in
netinfo, deletes the login directory and all of its contents, and deletes
the mailbox. It does not currently remove that user from any mailing lists
in /etc/sendmail/aliases. The -k option is not interactive:
the complete list of accounts to be deleted is provided on the command line
after the -k.
CONFIGURATION
When
nu
is started up, it reads configuration commands from the file
/etc/nu.cf. This file specifies the details of how new accounts are
to be created on your machine. Typically you will need to change only the
GroupHome declarations in that file, which declare the file systems that
hold the login directories for members of different groups. However, you
can change anything that you find there if your system management policies
require it.
When nu wants to create a new directory, it runs a shell script named
in /etc/nu.cf. Similarly, when it wants to initialize the files in a
newly-created directory, it runs another shell script whose name it
determines from /etc/nu.cf. By way of configuration and
customization, you can edit those shell scripts to conform to local
practices. When you do that editing, please remember that nu runs as
root and that the shell scripts contain statements like ``rm -rf *''; it
goes without saying that you must be quite cautious. There is a debug mode
available, in which nu will try not to hurt anything, but whenever
you are running as root you should be unusually careful. Nu can be
run by non-root users if its debug mode is enabled by a ``Debug=1''
statement in /etc/nu.cf.
CONFIGURATION FILE FORMAT
The configuration file /etc/nu.cf is a text file containing a series of
statements, one statement per line. A semicolon that is not inside a quoted
string causes the rest of that line to be treated as a comment. Each line in
the file that is nonblank after stripping comments is treated as an
assignment statement. Each statement assigns a value to one variable. With
the exception of the variable "GroupHome", which is special, all of the
variables act like ordinary shell variables, which is to say that they can
take either integer values or string values. All integers are decimal; all
strings must be delimited with double-quotes ("). There is no quoting or
doubling convention for putting a doublequote character inside a string.
Here are the configuration variables and what they mean. Case is significant.
-
NetInfoDomain
-
- This is the domain in which nu will make its changes. Currently the
program only checks the specified domain for consistency. Nu should
only be run on the machine serving the domain specified. Attempting to
modify a remote domain is bound to fail.
-
CreateDir
-
- This string variable identifies the shell script that is run whenever
nu needs to create a new directory. That shell script must be
executable. It is called
with 6 arguments: 1, the integer uid; 2, the integer groupid; 3, the name
of the user's actual home directory; 4, the name of a symbolic link that
should be set up to point to that home directory; 5, an integer that is
nonzero iff it is ok to clobber an existing directory of the same name as
argument 4; and 6, an integer that is nonzero iff nu is running in debug
mode. The standard value for CreateDir is /etc/nulib/nu1.sh.
-
CreateFiles
-
- This string variable identifies the shell script that is run whenever
nu needs
to initialize a directory (newly-created or otherwise) with some standard
files. For example, /usr/skel/.[a-z]* are often copied into a new login
directory. This shell script must be executable. It is called with 5
arguments: 1, the name of the login directory to be initialized; 2, the
integer uid of the user; 3, the integer groupid of the user; 4, an integer
that is nonzero iff an MH-format mailbox is to be set up with some initial
contents; and 5, an integer that is nonzero iff nu is running in debug
mode. The standard value for CreateFiles is /etc/nulib/nu2.sh.
-
Debug
-
- This integer variable is set nonzero to cause nu to run in debug mode.
Debug mode is intended to help you get the bugs out of your shell scripts
before you go foolishly running them as root. If Debug is nonzero, then you
do not need to be logged on as root to run nu. The standard value for
Debug is 0.
-
DefaultAccount
-
- This string variable contains the default account to use when setting
up new users. This is only effective if accounting is enabled. See the
description for the variable WantAccounting.
-
DefaultGroup
-
- This integer variable is set to the group number of the default user group.
The default is used if the person running nu types a carriage return in
response to the question asking for a group id for the new user. nu
requires that a valid GroupHome assignment exist for the default group number.
The standard value for DefaultGroup is any group number from /etc/group.
-
DefaultHome
-
- This string variable is set to the file system or top-level directory that
will be used to hold the login directory for accounts in groups
not explicitly set up to have their login directories somewhere else.
When you are creating a new account, nu asks you what group number you
would like the account in. If that group number is mentioned in a GroupHome
declaration (see below), then the home directory for the group is the one
named in that GroupHome declaration. If the group number is not mentioned in
a GroupHome declaration, then login accounts created in that group will have
their login directories put into DefaultHome. The standard value for
DefaultGroup is /mnt.
-
DefaultShell
-
- This string variable is set to the name of the shell file to use by default.
The standard value for DefaultShell is /bin/csh.
-
DeleteAccts
-
- This string variable identifies the shell script that is run whenever
nu needs to delete a user's account that was created in some earlier
session with nu. Deleting accounts involves changing the password so
that the user cannot log in,
deleting all of his files and directories, and deleting his
mailbox. This shell script must be executable. It is called with 5 arguments:
1, the login id of the account to be deleted; 2, the login directory for that
account; 3, the name given in the netinfo users directory for the login
directory (which might possibly be a symbolic link to item 2, above, and
therefore needs to be named separately); 4, the name of the log file in
which account changes are being logged,
and 5, an integer that is nonzero iff nu is running in debug mode. The
standard value for DeleteAccts is /etc/nulib/nu4.sh.
-
DestroyAccts
-
- This string variable identifies the shell script that is run whenever
nu needs to destroy a user's account that was created in some earlier
session with nu. Destroying accounts involves removing the user from the
password file, deleting all of his files and directories, and deleting his
mailbox. For a (slightly) less drastic account removal action, see
``DeleteAccts'', above.
This shell script must be executable. It is called with 5 arguments: 1, the
login id of the account to be deleted; 2, the login directory for that
account; 3, the name given in in the netinfo users directory for the login
directory (which might possibly be a symbolic link to item 2, above, and
therefore needs to be named separately); 4, the name of the log file in
which account changes are being logged, and 5, an integer that is nonzero
iff nu is running in debug mode. The standard value for DestroyAccts
is /etc/nulib/nu3.sh.
-
GroupHome
-
- This pseudo-variable is the only name defined in the configuration file that
has any trickery attached to it. GroupHome is not really a variable; rather,
it is a name by which the configuration code can load entries into a
directory location table. In particular, if you provide two GroupHome
declarations, they are both processed, while if you provide two of any other
declaration, only the latest one has any effect. A typical set of GroupHome
declarations might look something like this:
GroupHome= 10 "/usr"
GroupHome= 20 "/mnt"
GroupHome= 25 "/usr/cis"
GroupHome= 31 "/usr/guest"
The GroupHome declarations serve as default login directory location
information for new accounts. You can put any account anywhere you want;
the GroupHome information is used to make the defaults come out in the
right places, so that the process of creating a new account consists mostly
of hitting the return key to accept the defaults. The sample declarations
above cause group 10 to default to /usr, i.e. /usr/smith or
/usr/jones, and group 31 to default to /usr/guest, i.e.
/usr/guest/smith or /usr/guest/jones. If the login group is
not mentioned in a GroupHome declaration, then the DefaultHome variable is
used. A GroupHome declaration is required for the default group (see
variable DefaultGroup); all others are optional.
-
Logfile
-
- This string variable names the file in which all nu transactions are
logged. The standard value of Logfile is /usr/adm/nu.log.
-
MaxNameLength
-
- This integer variable gives the maximum number of characters permitted in a
login name. For unmodified 4BSD systems it should be set to 8.
-
SymbolicLinkDir
-
- This string variable gives the name of a directory that can be filled with
symbolic links to real login directories. The value of SymbolicLinkDir is
ignored unless the variable WantSymbolicLinks is nonzero. See its
description, below, for more information. Standard values for SymbolicLinkDir
are /user or /udir.
-
WantAccounting
-
- The integer variable WantAccounting determines whether nu should prompt
for accounting information when users are added to the system. Specifying a
1 requests that accounting information should be asked for.
-
WantMHsetup
-
- This integer variable should be set to 1 if you would like nu to take
care of initializing mailbox contents. Initializing an MH mailbox turns out
to be a pleasant way to provide new users with information about the system,
and to give them a tutorial on the use of MH. Nu just passes the value
of WantMHsetup through to the shell script named in CreateFiles, which is
responsible for doing the actual initialization. Standard value is 1.
-
WantSymbolicLinks
-
- This integer variable controls whether login directory names or symbolic
links to them are put in the actual netinfo users database. If
WantSymbolicLinks is nonzero, then all created accounts are given uniform
login directory names in some directory that exists only for the purpose of
holding symbolic links, e.g. /user/smith and /user/jones; the
file /user/smith or /user/jones is then made to be a symbolic
link to the real login directory. This is preferable to the ~smith or
~jones scheme for finding login directories because the ~ notation is not
handled by the kernel, but must be handled individually by all programs
that open files. If the variable WantSymbolicLinks is 0, then accounts will
be created such that the true directory name is stored in the netinfo users
database.
EXPERT OPTIONS
In order to allow scripts and programs to take advantage of nu, four
expert options are available. These options are analogs of the interactive
options which are represented by the lowercase letters a, m, k and d. If
you are using nu from a shell, you should most likely stick with the
interactive options. They will prompt you for confirmation, and will help
you to select reasonable values to use. Use the expert options with
caution, they will not prompt for confirmation. The four options are A, M,
K, and D. In addition to the option, each has a number of arguments. All
arguments must be present in the command, and there are no default values.
The arguments are as follows:
-
-
-A name realname uid gid shell pwd home reuse mh domain
-
-
-M currentuid name pwd uid gid realname home shell domain
-
-
-K name domain
-
-
-D uid domain
-
-
currentuid
-
- currentuid in the -M option is the current uid, it will be replaced
by the uid specified later in the line.
-
gid
-
- gid is the UNIX group identification number.
It defines the default group of the user.
-
domain
-
- domain overrides the NetInfoDomain specified in the nu.cf file.
-
home
-
- home is the user's home directory.
-
mh
-
- mh tells nu that this user should be set up mail as a MH format.
This option should normally be N except for expert UNIX users who are
already familiar with MH.
-
name
-
- name corresponds to the name prompted for in LoginWindow. It must be unique
for each user.
-
pwd
-
- pwd is the text representation of the users passwd. It is identical to
what the LoginWindow expects when the user logs in. It will be modified
before it is stored. If you wish to have spaces in your password, you must
enclose it in double quotes.
-
realname
-
- realname is the full name of the user. If you wish to have spaces in the
name, it must be enclosed in double quotes.
-
reuse
-
- reuse tells nu to reuse the home directory if it already exists.
-
shell
-
- shell is the users default shell when a Terminal or Shell is launched.
-
uid
-
- uid is the UNIX user identification number. Like the name, it also must be
unique for each user.
SYSTEM ISSUES
Nu traps INTR characters (e.g. ^C) and refuses to die if you try to
stop it in the middle of a critical section. Critical sections are
primarily the updates the netinfo database. A list of all changes is
recorded in a log file, usually /usr/adm/nu.log.
FILES
/etc/nu.cf Configuration file
/etc/nulib/*.sh Shell scripts to perform the work
others nu.cf and nulib/*.sh reference other
files.
SEE ALSO
group(5), passwd(5), vipw(8)
AUTHOR
Brian Reid, Erik Hedberg, Fred Yankowski
BUGS
The extensive use of shell scripts for doing sensitive things like purging
accounts means that somebody can make nu fail in horrible ways without
having access to the source code. With increased flexibility comes increased
responsibility.
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- CONFIGURATION
-
- CONFIGURATION FILE FORMAT
-
- EXPERT OPTIONS
-
- SYSTEM ISSUES
-
- FILES
-
- SEE ALSO
-
- AUTHOR
-
- BUGS
-
This document was created by
man2html,
using the manual pages.
Time: 00:58:19 GMT, September 26, 2024