ngs@duke.cs.duke.edu (Neil Sullivan) (05/27/88)
At Duke University Computer Science, we have developed a simple system for
account maintenance under Unix. We have been plagued by inactive users and
account abuse, especially from non-departmental users, who have historically
been allowed access to much of our hardware.
The system is a database, which keeps track of current users on all systems.
The functions are:
delete_user
modify_user
find_user
mail_expirations
The first three functions are obvious. The fourth is an intermittently run
function that checks expiration dates in the database. These dates could
apply to the account itself or to account features such as a temporarily
higher quota or temporary access to special equipment. When the expiration
date is reached, mail is sent to the user, explaining what is going to happen
and what action he must take, if any. Mail is also sent to the accounts
manager, explaining what action he should take.
Users can be listed alphabetically as well as by UID, and searches can be
performed on various parameters. Throughout the database, we take advantage
of users' group IDs to set and reference attributes. Any attribute, such as
the sponsor of an account or an expiration date, can be added or updated for
any user via the modify_user command.
The database is built (and users are added) automatically by performing
consistency checks with the passwd files on all machines (which are, by
definition, the correct lists of current users). The system works with the
traditional /etc/passwd as well as with yellow pages.
The system is running in a network environment under Berkeley 4.3 and Sun 3.2.
Our environment is currently more than 700 users on one VAX 8600, four
MicroVAXes, two Convex C-1s, about two dozen Sun 3 workstations, three Sun 3
servers, and two Sun 4 servers.
I would like to know if people out there are interested in a system like this.
Would it be useful to you? What types of information would you like to see in
the database, and what features would you like to see available? If you would
like more detailed information of our plans please contact me via e-mail. If
you have suggestions or general questions, please feel free to use either news
or e-mail to communicate them. I am hoping that useful discussions can be
generated publicly here or privately.
Neil G. Sullivan
Dept of Computer Science, Duke University, Durham, NC 27706 (919 684-5110)
UUCP: {ihnp4, decvax, mcnc}!duke!ngs
CSNET: ngs@duke
ARPA: ngs@cs.duke.edu