aboutsummaryrefslogtreecommitdiff
path: root/ADMIN.md
diff options
context:
space:
mode:
Diffstat (limited to 'ADMIN.md')
-rw-r--r--ADMIN.md95
1 files changed, 95 insertions, 0 deletions
diff --git a/ADMIN.md b/ADMIN.md
new file mode 100644
index 0000000..c02c482
--- /dev/null
+++ b/ADMIN.md
@@ -0,0 +1,95 @@
+# Account maintainance commands
+
+Within commands below, Don't take square brackets, angle brackets and triple-dots literally:
+
+ * *< This >* should be replaced with your own info - including the angle brackets
+ * *[This]* is optional parts of the command - including the square brackets
+ * *...* means "repeat ad libitum" - leave it out or add more stuff similar to that right before the dots
+
+## Normal users
+
+### Create new account
+
+ 1. Pick a username:
+ * Start with the initials of the user
+ * Include also second letter of either first name or surname
+ * If necessary, add third letter of first name or surname (or a trailing number)
+ * The result should be practical (short and related to the name of the user) but must not be a nickname or initals: A username is comparable to the shape of a key - the user may get confused in every day use if it looks like a toy or jewelery!
+ 2. Create the account:
+
+ localadduser <username> <fullname> <cellphone> [<otherphone>] <addresshint> [<addresshint>...]
+
+ * Full name: Full name (Capital and small letters allowed, as is space and special characters, but no comma!)
+ * Cellphone: Cellphone number including country code but without other spaces. Like this: +45 40843136
+ * Addresshint: local part of email address, followed by @-sign, and optionally followed by mailgroup. Like these: jonas@ js@pool_of_maildomains
+ 3. Send an email based on [[intro/email.en]] skeleton:
+ * If an ouside working email address has been provided, then use that as recipient. Alternatively use the contact person of the new user (teacher, boss etc.) as recipient.
+ * Add \<username>@example.com as Cc:
+ * Add hostmaster@example.com as Bcc:
+ * Add teknik@lists.example.com as Reply-To:
+ 4. Send a cellphone text message based on [[intro/sms.en]], adding the the password spit out from the command above.
+
+TODO: Automate more: sending out sms and email should happen automatically.
+
+### Attach groups to account
+
+ 1. Attach the account to relevant organisational groups:
+
+ (user=<username>; for group in <group1> [<group2> ...]; do adduser $user $group; done)
+
+### Add/replace additional email addresses to account
+
+Use the following command to change hinting of an existing user account:
+
+ chfn <username>
+
+
+## Update email address info in smtp server
+
+ 1. Run this command:
+
+ localmaildomainprepare
+
+ 2. Check and correct warnings, and repeat above command.
+
+ 3. When satisfied with result, run this command:
+
+ localmaildomainupdate
+
+FIXME: localmaildomainupdate should email diff file to postmaster@example.com
+
+
+## Extend password lifespan
+
+If a user exceeds password lifespan, and still remembers the old password, the lifespan can be extended slightly to open a new window for changing it:
+
+ localresetpasswdexpiry <username>
+
+TODO: The above command should ideally emit an sms and/or email rewuesting the user to immediately change password
+
+## Reset password
+
+ 1. Reset the actual password using the following command:
+
+ localresetpasswd <username>
+
+ 2. Send a cellphone text message similar to the one for creating a new account.
+
+TODO: The above command should ideally emit an sms and/or email rewuesting the user to immediately change password
+
+## Warn about password expiry
+
+ 1. Notice log messages warning about passwords soon expiring
+ 2. Send a cellphone textmessage with the following content:
+
+ You must change your password - it soon expires! Read how and why at the web page http://support.redpill.dk/intro
+
+ Or in danish:
+
+ Du skal ændre din adgangskode - den udløber snart! Læs hvordan og hvorfor på websiden http://support.redpill.dk/intro
+
+TODO: Rewrite as automated syslog-ng plugin or cron script passing the message to an sms gateway.
+
+### Locate users with short password lifespan
+
+ (group=<gruppe>; echo $group:; for user in `members $group`; do chage -l $user|egrep -q '^Maximum:\[[:blank:]]*[0-9]{2}$' && printf $user'\t' && chage -l $user|egrep '^Password Expires:'; done)