path: root/account/commands.mdwn

Account maintainance commands
Normal users
Create new account

Pick a username:


Start with the initials of the user
Include also second letter of either first name or surname
If necessary, add third letter of first name or surname (or a trailing number)
The result should be practical (short and related to the name of the user) but must not be a nickname or initals: A username is comparable to the shape of a key - the user may get confused in every day use if it looks like a toy or jewelery!



Create the account:
localadduser <username> <fullname> <cellphone> [<otherphone>] <addresshint> [<addresshint>...]




Full name: Full name (Capital and small letters allowed, as is space and special characters, but no comma!)
Cellphone: Cellphone number including country code but without other spaces. Like this: +45 40843136
Addresshint: local part of email address, followed by @-sign, and optionally followed by mailgroup. Like these: jonas@ js@pool_of_maildomains


Compose an email based on [[introemail]] skeleton:


If an ouside working email address has been provided, then use that as recipient. Alternatively use the contact person of the new user (teacher, boss etc.) as recipient.
Add <username>@homebase.dk as Cc:
Add hostmaster@homebase.dk as Bcc:
Add teknik@lists.homebase.dk as Reply-To:



Send a cellphone text message to the new user with the following text:
Here is your new password. It MUST be changed within 14 days - read http://wiki.homebase.dk/BrugerKonto and check your mail. The code is: <adgangskode>

Or in danish:
Her er din nye adgangskode. Den SKAL ændres inden 14 dage - læs websiden http://wiki.homebase.dk/BrugerKonto og check din mail. Koden er: <adgangskode>



TODO: Make this routine semi-automatic: sending out sms should happen automatically.
Attach groups to account


Attach the account to relevant organisational groups:
(user=<username>; for group in <group1> [<group2> ...]; do adduser $user $group; done)



Add/replace additional email addresses to account
Use the following command to change hinting of an existing user account:
chfn <username>

Update email address info in smtp server


Run this command:
localmaildomainprepare



Check and correct warnings, and repeat above command.


When satisfied with result, run this command:
localmaildomainupdate



FIXME: localmaildomainupdate should email diff file to postmaster@homebase.dk
Extend password lifespan
When a user has changed password into something personal, the password lifespan is extended to 1 year:
(user=<username>; chage -M360 -W30 $user)

TODO: The above command should ideally never ever be invoked manyally, but automatically through PAM
Reset password
(user=<username>; gpw && finger $user && passwd $user && chage -M30 -W14 $user)

Warn about password expiry


Notice log messages warning about passwords soon expiring


Send a cellphone textmessage with the following content:
You must change your password - it soon expires! Read how and why at the web page http://wiki.kaospilot.no/BrugerKonto

Or in danish:
Du skal ændre din adgangskode - den udløber snart! Læs hvordan og hvorfor på websiden http://wiki.kaospilot.no/BrugerKonto



TODO: Rewrite as automated syslog-ng plugin or cron script passing the message to an sms gateway.
Locate users with short password lifespan
(group=<gruppe>; echo $group:; for user in `members $group`; do chage -l $user|egrep -q '^Maximum:[[:blank:]]*[0-9]{2}$' && printf $user'\t' && chage -l $user|egrep '^Password Expires:'; done)