diff options
Diffstat (limited to 'account/commands.mdwn')
-rw-r--r-- | account/commands.mdwn | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/account/commands.mdwn b/account/commands.mdwn new file mode 100644 index 0000000..e6e7ba3 --- /dev/null +++ b/account/commands.mdwn @@ -0,0 +1,95 @@ +# Account maintainance commands + +Within commands below, Don't take square brackets, angle brackets and triple-dots literally: + + * *< This >* should be replaced with your own info - including the angle brackets + * *[This]* is optional parts of the command - including the square brackets + * *...* means "repeat ad libitum" - leave it out or add more stuff similar to that right before the dots + +## Normal users + +### Create new account + + 1. Pick a username: + * Start with the initials of the user + * Include also second letter of either first name or surname + * If necessary, add third letter of first name or surname (or a trailing number) + * The result should be practical (short and related to the name of the user) but must not be a nickname or initals: A username is comparable to the shape of a key - the user may get confused in every day use if it looks like a toy or jewelery! + 2. Create the account: + + localadduser <username> <fullname> <cellphone> [<otherphone>] <addresshint> [<addresshint>...] + + * Full name: Full name (Capital and small letters allowed, as is space and special characters, but no comma!) + * Cellphone: Cellphone number including country code but without other spaces. Like this: +45 40843136 + * Addresshint: local part of email address, followed by @-sign, and optionally followed by mailgroup. Like these: jonas@ js@pool_of_maildomains + 3. Send an email based on [[intro/email.en]] skeleton: + * If an ouside working email address has been provided, then use that as recipient. Alternatively use the contact person of the new user (teacher, boss etc.) as recipient. + * Add \<username>@example.com as Cc: + * Add hostmaster@example.com as Bcc: + * Add teknik@lists.example.com as Reply-To: + 4. Send a cellphone text message based on [[intro/sms.en]], adding the the password spit out from the command above. + +TODO: Automate more: sending out sms and email should happen automatically. + +### Attach groups to account + + 1. Attach the account to relevant organisational groups: + + (user=<username>; for group in <group1> [<group2> ...]; do adduser $user $group; done) + +### Add/replace additional email addresses to account + +Use the following command to change hinting of an existing user account: + + chfn <username> + + +## Update email address info in smtp server + + 1. Run this command: + + localmaildomainprepare + + 2. Check and correct warnings, and repeat above command. + + 3. When satisfied with result, run this command: + + localmaildomainupdate + +FIXME: localmaildomainupdate should email diff file to postmaster@example.com + + +## Extend password lifespan + +If a user exceeds password lifespan, and still remembers the old password, the lifespan can be extended slightly to open a new window for changing it: + + localresetpasswdexpiry <username> + +TODO: The above command should ideally emit an sms and/or email rewuesting the user to immediately change password + +## Reset password + + 1. Reset the actual password using the following command: + + localresetpasswd <username> + + 2. Send a cellphone text message similar to the one for creating a new account. + +TODO: The above command should ideally emit an sms and/or email rewuesting the user to immediately change password + +## Warn about password expiry + + 1. Notice log messages warning about passwords soon expiring + 2. Send a cellphone textmessage with the following content: + + You must change your password - it soon expires! Read how and why at the web page http://[[template id=supporthost]]/intro + + Or in danish: + + Du skal ændre din adgangskode - den udløber snart! Læs hvordan og hvorfor på websiden http://[[template id=supporthost]]/intro + +TODO: Rewrite as automated syslog-ng plugin or cron script passing the message to an sms gateway. + +### Locate users with short password lifespan + + (group=<gruppe>; echo $group:; for user in `members $group`; do chage -l $user|egrep -q '^Maximum:\[[:blank:]]*[0-9]{2}$' && printf $user'\t' && chage -l $user|egrep '^Password Expires:'; done) |