Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!yale!cs.yale.edu!anselmo-ed From: anselmo-ed@cs.yale.edu (Ed Anselmo) Newsgroups: comp.unix.large Subject: Re: Survey Message-ID: <26107@cs.yale.edu> Date: 11 Sep 90 21:28:49 GMT References: <6f7y02Ubc6wm01@amdahl.uts.amdahl.com> <25894@boulder.Colorado.EDU> Sender: news@cs.yale.edu Organization: Yale University, Dept. of Computer Science, New Haven, CT Lines: 99 Nntp-Posting-Host: bigbird.cf.cs.yale.edu In-reply-to: fwp1@CC.MsState.Edu's message of 10 Sep 90 19:04:22 GMT >>>>> On 10 Sep 90 19:04:22 GMT, fwp1@CC.MsState.Edu (Frank Peters) said: Frank> b) We would like to delegate many tasks such as tape control, Frank> backup, printer control and such to our operators. At the Frank> same time we don't want to share the root password. There are Frank> a few systems out there to allow the delegation of tasks to Frank> certain users. All of these, of course, have security issues Frank> involved that must be considered. We have a setuid-root program that allows most of the above to be done without having to be logged in as a super-user. Users in group wizard can kill runaway processes (among other things....): Menu for wizard. 0. Exit this Menu. 1. Control Printer Queues. 2. Remove Job(s) From Printer Queues. 3. Reboot System. 4. Halt System. 5. Terminate A Process. 6. Write To All Users Logged On This Machine. 7. Set Date & Time. 8. Alter Priority of Process. 9. Rebuild UserDataBase Alias Files. 10. Remove IPC Resources. (The last option was added to remove IPC resources that ill-mannered Linda programs started leaving around). The similar "operator" program allows members of group "operator" to do backups from a regular account. Both programs log every action performed by the user. Frank> (4) Userid management. Most UNIX boxes come with instructions about Frank> which several files should be edited to add a user to the system. Frank> We are developing programs to manage the addition of userids in a Frank> relatively bullet proof way so that non-technical personnel can Frank> add new users. While there are programs to do that around very Frank> few address the large system issues such as password file locking Frank> and batch additions of large groups of users like a class roll. Yale CS uses the all-singing, all-dancing "User Database Program" (udb) which tracks users, uids, mailboxs, mailing lists, machines, serial numbers (among other things). Through a series of programs and Shell Scripts from Hell, it's used to build and delete accounts (assigning unique uids, and keeping them consistent across machines), and rebuild the sendmail aliases files. It has also managed to keep several generations of Yale undergraduate summer programmers entertained for months on end. anselmo[371] % xdb Yale Data Base access program (xdb). Version 1.4 (Exp) of 89/10/02 15:42:52 by long. Type '?' at any prompt for help. Trying eli.cs.yale.edu...[Connected]...[OK] Establishing identity...[OK] The Database Daemon welcomes anselmo-ed@bigbird Figuring out who you are...[OK] Checking for wizardhood...[Wizard] I welcome Wizard anselmo-ed Loading entities: distribution...entity...field...machine...mailing-list...person...program...pseudo-user...[Done] wizard> sh anselmo ** person anselmo-ed Fullname: Ed Anselmo Status: staff Expiration: 1999 Birthday: 4/25/59 Work-address: 51 Prospect St. (AKW) Room 012 Work-phone: 432-6428 Room-number: 012 Home-phone: 469-2562 Capability: arpanet, database Workstation: bigbird Group: facility ID Number: 118 Mailbox: 'anselmo@ra, 'anselmo@yale-rt-alaska wizard> sh machine bigbird ** machine bigbird Fullname: bigbird.cf.cs.yale.edu Description: alaska client Operating-system: sun os Host-id: 51005683 Component/Make/Model/Ser-Num: cpu sun 4/60fgx-12-p4 935f2634 yaleid: 066099 Install-date: 9/89 Location: 012 Primary-user: anselmo-ed principle-investigator: facility Owner: facility Grant: overhead wizard> -- Ed Anselmo anselmo-ed@cs.yale.edu {harvard,cmcl2}!yale!anselmo-ed