bw@uecok.ecok.edu (Bill Walker CS Faculty) (12/31/90)
We have just installed a brand-spanking new Altos 5000 running "SCO Unix". This thing has two levels of "security" that can be selected at installation time for the OS. One level is "C2", and seems to provide a lot of audit trails and so forth. The other level, called "relaxed" by SCO, looks more like the usual Unix. It does not however store encrypted passwords in /etc/passwd, but instead keeps the passwords, and other information in a data base under a directory called "/tcb". We have chosen "relaxed" security. The problem comes when we try to remove a user from the system, or find it necessary to change a user's user number. (This is sometimes required when using TCP/IP, and the number needs to match a user number on another system.) The manuals ALL caution the operator NOT to mess with /etc/passwd or any of the /tcb files with an editor. The manuals apparently mean it, too. I had to reload everything a couple of times before I believed it. There is a "shell" called "sysadmsh" that purports to handle all administrative chores via a (heaven help us) menu. It allows you to "retire" a user, but does not allow you to flat remove a user from the system. Adding a user also requires working your way through this menu. I find this repulsive, as well as inefficient. Also, the thought that I cannot remove a user altogether really bugs me, since this is a university, and we often have to add or delete 300 or so users in a single day. I tried to remove a user by removing the line from /etc/passwd, and tracking down all the seemingly relevant files under /tcb, but managed only to make a real mess. Has anyone else had to deal with this ? How did you solve it ? We are missing a couple of manuals, and that may be part of the problem. However, I suspect that the problem may lie in the bowels of the OS, rather than in the manuals. Any suggestions ? I would appreciate e-mail on the topic. If the situation warrents, I will be glad to summarize and post. Bill Walker East Central University Ada, Oklahoma bw@cs.ecok.edu