gbch-uchange - update or change user permissions
gbch-uchange [ -options ] [ users ]
gbch-uchange is a shell tool that may be used to update the user permissions file giving the user profiles of various users and the operations which they may be permitted to perform within the GNUbatch system. Alternatively the ``default permissions'' may be updated. These are the permissions which are assigned by default to new GNUbatch users.
Further options allow for a ``password dump'' file to be maintained. This is for the benefit of NIS-type environments where reading through most of the password database can take an unacceptably long time, the user name and userid hash table is maintained in a file and updated as necessary.
The invoking user must have write admin file permission.
Note that the order of treatment, letters and keywords described below may be modified by editing the file btrest.help - see btsyntax(5).
The environment variable on which options are supplied is GBCH_UCHANGE and the
environment variable to specify the help file is BTRESTCONF.
Causes a summary of the other options to be displayed without taking further action.
Copy the default profile to all users before setting other permissions on the named users (with the -u option) or after setting the defaults (with the -D option).
The privileges of the invoking user are not changed by this operation.
Indicate that the other options are to apply to the default profile for new users.
Set the default job priority to num, which must be between 1 and 255.
Set the default permissions on jobs according to the format of the modes argument.
Set the minimum job priority to num, which must be between 1 and 255.
Set the maximum load level for any one job to num, which must be between 1 and 32767.
Set the maximum job priority to num, which must be between 1 and 255.
Cancel the -R option.
Set the privileges of the user(s) as specified by the argument.
Rebuild the user permissions file btufile incorporating any changes in the password list.
Set the special load level for the user(s) to num, which must be
between 1 and 32767.
Cancel the effect of the -A option
Set the total load level for the user(s) to num, which must be
between 1 and 32767.
Indicate that the other options are to apply to the users specified on the rest of the command line, resetting any previous -D option.
Set the default permissions on variables according to the format of the modes argument.
Dump out the hash table of the password file to avoid re-reading the password file within the other programs.
Default handling of password hash file dump - rebuild if it is already present and -R specified, otherwise not.
Delete any existing dumped password hash file.
Save all the current options in a .gnubatch file in the current directory.
Save all the current options in a .gnubatch file in the user's home directory.
In one operation gbch-uchange either adjusts the default permissions, to be applied to new users, if -D is specified, or specified users, if nothing or -u is specified. So first set the required defaults:
        gbch-uchange -D -n 20 -p CR,SPC,ST,Cdft -A
Then set named users
        gbch-uchange -p ALL jmc root batch
After adding new users to the system, you should rebuild the user control file by running
        gbch-uchange -R
On a system with a large number of users, this can take a long time, so the previous method of adding new users as they were encountered meant that various hold-ups occurred in standard utilities or the scheduler, whichever was the first to ``notice'' the changes, which might, in the event, be half-complete.
We suggest that this command be added to the ``add new user'' procedure for your installation.
When any of the GNUbatch programs which may require to map numeric user ids to names and vice versa start, one of the first operations is to build the appropriate hash tables. This may take some time if there are a large number of user names, especially if NIS (a.k.a. yellow pages) is in use.
A short cut is to dump out the password file into a hash table file, by default pwdump6, which may be quickly read in by the relevant programs instead of rebuilding the hash table each time.
You may opt to create the dumped password file by running
        gbch-uchange -X
This should only be done when the scheduler is stopped.
Afterwards, each time the user control file is rebuilt using the -R option (or equivalents in other programs such as gbch-user(1)), this file will also be rebuilt. -X does not have to be specified again.
If you ever decide you want to dispense with this file, run gbch-uchange with the -Z option.
For completeness, the -Y option is provided to cancel -X or -Z in case they are provided in the environment or a .gnubatch file, an extremely bad idea.
The following may be specified as the argument to -p, as one or more (comma-separated) of argument may be one or more of the following codes, optionally preceded by a minus to turn off the corresponding privilege.
read admin file
write admin file
create
special create
stop scheduler
change default
or user and group modes
or user and other modes
or group and other modes.
ALL may be used to denote all of the permissions, and then perhaps
to cancel some. For example:
        -p CR,ST,Cdft
        -p ALL,-WA
A hexadecimal value is also accepted, but this is intended only for the benefit of the installation routines.
The argument to the -J and -V options provides for a wide variety of operations.
Each permission is represented by a letter, as follows:
read permission
write permission
reveal permission
read mode
set mode
give away owner
assume owner
give away group
assume group
delete
kill (only valid for jobs)
Each section of the mode (job, group, others) is represented by the
prefixes U:, G: and O: and separated by commas.
For example:
        -J U:RWSMPDK,G:RWSDK,O:RS
would set the permissions for the user, group and others as given. If the prefixes are omitted, as in
        -J RWSDK
then all of the user, group and other permissions are set to the same
value. Alternatively two of the J, G or O may be run together
as in
        -J U:RWSKD,GO:RWS
if ``group'' or ``other'' (in this case) are to have the same permissions.
~/.gnubatch configuration file (home directory)
.gnubatch configuration file (current directory)
btrest.help message file
btufile user permissions file
pwdump saved password file
space-separated options to override defaults.
location of alternative help file.
gbch-ulist(1), gbch-user(1), btsyntax(5).
Various diagnostics are read and printed as required from the message file btrest.help.
Copyright (c) 2009 Free Software Foundation, Inc. This is free software. You may redistribute copies of it under the terms of the GNU General Public License <http://www.gnu.org/licenses/gpl.html>. There is NO WARRANTY, to the extent permitted by law.
John M Collins, Xi Software Ltd.