From ae5b0cf83c048ab15c9a8a397d294b95595ddea1 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Mon, 8 Aug 2016 17:53:25 +0200 Subject: Restructure to new file naming convention. --- ADMIN.md | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 34 ++++++++++++++++++++++ doc/admin.md | 95 ------------------------------------------------------------ doc/intro.md | 34 ---------------------- 4 files changed, 129 insertions(+), 129 deletions(-) create mode 100644 ADMIN.md create mode 100644 README.md delete mode 100644 doc/admin.md delete mode 100644 doc/intro.md diff --git a/ADMIN.md b/ADMIN.md new file mode 100644 index 0000000..c02c482 --- /dev/null +++ b/ADMIN.md @@ -0,0 +1,95 @@ +# Account maintainance commands + +Within commands below, Don't take square brackets, angle brackets and triple-dots literally: + + * *< This >* should be replaced with your own info - including the angle brackets + * *[This]* is optional parts of the command - including the square brackets + * *...* means "repeat ad libitum" - leave it out or add more stuff similar to that right before the dots + +## Normal users + +### Create new account + + 1. Pick a username: + * Start with the initials of the user + * Include also second letter of either first name or surname + * If necessary, add third letter of first name or surname (or a trailing number) + * The result should be practical (short and related to the name of the user) but must not be a nickname or initals: A username is comparable to the shape of a key - the user may get confused in every day use if it looks like a toy or jewelery! + 2. Create the account: + + localadduser [] [...] + + * Full name: Full name (Capital and small letters allowed, as is space and special characters, but no comma!) + * Cellphone: Cellphone number including country code but without other spaces. Like this: +45 40843136 + * Addresshint: local part of email address, followed by @-sign, and optionally followed by mailgroup. Like these: jonas@ js@pool_of_maildomains + 3. Send an email based on [[intro/email.en]] skeleton: + * If an ouside working email address has been provided, then use that as recipient. Alternatively use the contact person of the new user (teacher, boss etc.) as recipient. + * Add \@example.com as Cc: + * Add hostmaster@example.com as Bcc: + * Add teknik@lists.example.com as Reply-To: + 4. Send a cellphone text message based on [[intro/sms.en]], adding the the password spit out from the command above. + +TODO: Automate more: sending out sms and email should happen automatically. + +### Attach groups to account + + 1. Attach the account to relevant organisational groups: + + (user=; for group in [ ...]; do adduser $user $group; done) + +### Add/replace additional email addresses to account + +Use the following command to change hinting of an existing user account: + + chfn + + +## Update email address info in smtp server + + 1. Run this command: + + localmaildomainprepare + + 2. Check and correct warnings, and repeat above command. + + 3. When satisfied with result, run this command: + + localmaildomainupdate + +FIXME: localmaildomainupdate should email diff file to postmaster@example.com + + +## Extend password lifespan + +If a user exceeds password lifespan, and still remembers the old password, the lifespan can be extended slightly to open a new window for changing it: + + localresetpasswdexpiry + +TODO: The above command should ideally emit an sms and/or email rewuesting the user to immediately change password + +## Reset password + + 1. Reset the actual password using the following command: + + localresetpasswd + + 2. Send a cellphone text message similar to the one for creating a new account. + +TODO: The above command should ideally emit an sms and/or email rewuesting the user to immediately change password + +## Warn about password expiry + + 1. Notice log messages warning about passwords soon expiring + 2. Send a cellphone textmessage with the following content: + + You must change your password - it soon expires! Read how and why at the web page http://support.redpill.dk/intro + + Or in danish: + + Du skal ændre din adgangskode - den udløber snart! Læs hvordan og hvorfor på websiden http://support.redpill.dk/intro + +TODO: Rewrite as automated syslog-ng plugin or cron script passing the message to an sms gateway. + +### Locate users with short password lifespan + + (group=; echo $group:; for user in `members $group`; do chage -l $user|egrep -q '^Maximum:\[[:blank:]]*[0-9]{2}$' && printf $user'\t' && chage -l $user|egrep '^Password Expires:'; done) diff --git a/README.md b/README.md new file mode 100644 index 0000000..ceb3633 --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +# Accounts + +Each user has a single, personal account. + +The account, and what it provides access to, is protected by a personal +[[password|intro]]. + + +## Personal resources + +Each account can have various personal resources attached: + + * Email [[addresses]] + * Personal [[file shares|files]] + * A personal [[homepage]] + * One or more [[websites]] + + +## Shared services + +User accounts provide access to various shared resources: + + * Collaborative [[file shares|files]] + * [[Addressbooks|contact]] + * [[Calendars|event]] + + +## Account administration + +User accounts are administered by the technical supporters using a set of +[[account/commands]] + +New users are pointed to the [[intro]] page by [[intro/email]] and +[[intro/sms]]. diff --git a/doc/admin.md b/doc/admin.md deleted file mode 100644 index c02c482..0000000 --- a/doc/admin.md +++ /dev/null @@ -1,95 +0,0 @@ -# Account maintainance commands - -Within commands below, Don't take square brackets, angle brackets and triple-dots literally: - - * *< This >* should be replaced with your own info - including the angle brackets - * *[This]* is optional parts of the command - including the square brackets - * *...* means "repeat ad libitum" - leave it out or add more stuff similar to that right before the dots - -## Normal users - -### Create new account - - 1. Pick a username: - * Start with the initials of the user - * Include also second letter of either first name or surname - * If necessary, add third letter of first name or surname (or a trailing number) - * The result should be practical (short and related to the name of the user) but must not be a nickname or initals: A username is comparable to the shape of a key - the user may get confused in every day use if it looks like a toy or jewelery! - 2. Create the account: - - localadduser [] [...] - - * Full name: Full name (Capital and small letters allowed, as is space and special characters, but no comma!) - * Cellphone: Cellphone number including country code but without other spaces. Like this: +45 40843136 - * Addresshint: local part of email address, followed by @-sign, and optionally followed by mailgroup. Like these: jonas@ js@pool_of_maildomains - 3. Send an email based on [[intro/email.en]] skeleton: - * If an ouside working email address has been provided, then use that as recipient. Alternatively use the contact person of the new user (teacher, boss etc.) as recipient. - * Add \@example.com as Cc: - * Add hostmaster@example.com as Bcc: - * Add teknik@lists.example.com as Reply-To: - 4. Send a cellphone text message based on [[intro/sms.en]], adding the the password spit out from the command above. - -TODO: Automate more: sending out sms and email should happen automatically. - -### Attach groups to account - - 1. Attach the account to relevant organisational groups: - - (user=; for group in [ ...]; do adduser $user $group; done) - -### Add/replace additional email addresses to account - -Use the following command to change hinting of an existing user account: - - chfn - - -## Update email address info in smtp server - - 1. Run this command: - - localmaildomainprepare - - 2. Check and correct warnings, and repeat above command. - - 3. When satisfied with result, run this command: - - localmaildomainupdate - -FIXME: localmaildomainupdate should email diff file to postmaster@example.com - - -## Extend password lifespan - -If a user exceeds password lifespan, and still remembers the old password, the lifespan can be extended slightly to open a new window for changing it: - - localresetpasswdexpiry - -TODO: The above command should ideally emit an sms and/or email rewuesting the user to immediately change password - -## Reset password - - 1. Reset the actual password using the following command: - - localresetpasswd - - 2. Send a cellphone text message similar to the one for creating a new account. - -TODO: The above command should ideally emit an sms and/or email rewuesting the user to immediately change password - -## Warn about password expiry - - 1. Notice log messages warning about passwords soon expiring - 2. Send a cellphone textmessage with the following content: - - You must change your password - it soon expires! Read how and why at the web page http://support.redpill.dk/intro - - Or in danish: - - Du skal ændre din adgangskode - den udløber snart! Læs hvordan og hvorfor på websiden http://support.redpill.dk/intro - -TODO: Rewrite as automated syslog-ng plugin or cron script passing the message to an sms gateway. - -### Locate users with short password lifespan - - (group=; echo $group:; for user in `members $group`; do chage -l $user|egrep -q '^Maximum:\[[:blank:]]*[0-9]{2}$' && printf $user'\t' && chage -l $user|egrep '^Password Expires:'; done) diff --git a/doc/intro.md b/doc/intro.md deleted file mode 100644 index ceb3633..0000000 --- a/doc/intro.md +++ /dev/null @@ -1,34 +0,0 @@ -# Accounts - -Each user has a single, personal account. - -The account, and what it provides access to, is protected by a personal -[[password|intro]]. - - -## Personal resources - -Each account can have various personal resources attached: - - * Email [[addresses]] - * Personal [[file shares|files]] - * A personal [[homepage]] - * One or more [[websites]] - - -## Shared services - -User accounts provide access to various shared resources: - - * Collaborative [[file shares|files]] - * [[Addressbooks|contact]] - * [[Calendars|event]] - - -## Account administration - -User accounts are administered by the technical supporters using a set of -[[account/commands]] - -New users are pointed to the [[intro]] page by [[intro/email]] and -[[intro/sms]]. -- cgit v1.2.3