path: root/doc/admin.md
blob: 3c36ffa2ab84af5e5146253259db3acc13aaca34 (plain)

Account maintainance commands

Within commands below, Don't take square brackets, angle brackets and triple-dots literally:

  • < This > should be replaced with your own info - including the angle brackets
  • [This] is optional parts of the command - including the square brackets
  • ... means "repeat ad libitum" - leave it out or add more stuff similar to that right before the dots

Normal users

Create new account

  1. Pick a username:
  • Start with the initials of the user
  • Include also second letter of either first name or surname
  • If necessary, add third letter of first name or surname (or a trailing number)
  • The result should be practical (short and related to the name of the user) but must not be a nickname or initals: A username is comparable to the shape of a key - the user may get confused in every day use if it looks like a toy or jewelery!
  1. Create the account:

    localadduser <username> <fullname> <cellphone> [<otherphone>] <addresshint> [<addresshint>...]
  • Full name: Full name (Capital and small letters allowed, as is space and special characters, but no comma!)
  • Cellphone: Cellphone number including country code but without other spaces. Like this: +45 40843136
  • Addresshint: local part of email address, followed by @-sign, and optionally followed by mailgroup. Like these: jonas@ js@pool_of_maildomains
  1. Send a cellphone text message to the new user with the following text and the password spit out from the command above:

    Here is a temporary password for your account. You MUST change it within 14 days. More info at http://wiki.homebase.dk/BrugerKonto . Password: <password>

    Or in danish:

    Her er en midlertidig adgangskode til din konto. Du SKAL skifte den inden 14 dage. Mere info på http://wiki.homebase.dk/BrugerKonto . Koden er: <adgangskode>
  2. Compose an email based on [[introemail]] skeleton:

  • If an ouside working email address has been provided, then use that as recipient. Alternatively use the contact person of the new user (teacher, boss etc.) as recipient.
  • Add <username>@homebase.dk as Cc:
  • Add hostmaster@homebase.dk as Bcc:
  • Add teknik@lists.homebase.dk as Reply-To:

TODO: Automate more: sending out sms and email should happen automatically.

Attach groups to account

  1. Attach the account to relevant organisational groups:

    (user=<username>; for group in <group1> [<group2> ...]; do adduser $user $group; done)

Add/replace additional email addresses to account

Use the following command to change hinting of an existing user account:

chfn <username>

Update email address info in smtp server

  1. Run this command:

  2. Check and correct warnings, and repeat above command.

  3. When satisfied with result, run this command:


FIXME: localmaildomainupdate should email diff file to postmaster@homebase.dk

Extend password lifespan

If a user exceeds password lifespan, and still remembers the old password, the lifespan can be extended slightly to open a new window for changing it:

localresetpasswdexpiry <username>

TODO: The above command should ideally emit an sms and/or email rewuesting the user to immediately change password

Reset password

  1. Reset the actual password using the following command:

    localresetpasswd <username>
  2. Send a cellphone text message similar to the one for creating a new account.

TODO: The above command should ideally emit an sms and/or email rewuesting the user to immediately change password

Warn about password expiry

  1. Notice log messages warning about passwords soon expiring

  2. Send a cellphone textmessage with the following content:

    You must change your password - it soon expires! Read how and why at the web page http://wiki.kaospilot.no/BrugerKonto

    Or in danish:

    Du skal ændre din adgangskode - den udløber snart! Læs hvordan og hvorfor på websiden http://wiki.kaospilot.no/BrugerKonto

TODO: Rewrite as automated syslog-ng plugin or cron script passing the message to an sms gateway.

Locate users with short password lifespan

(group=<gruppe>; echo $group:; for user in `members $group`; do chage -l $user|egrep -q '^Maximum:[[:blank:]]*[0-9]{2}$' && printf $user'\t' && chage -l $user|egrep '^Password Expires:'; done)