The CDPD Public Domain Collection for CDTV 3

home *** CD-ROM | disk | FTP | other *** search

/ The CDPD Public Domain Collection for CDTV 3 / CDPDIII.bin / pd / utilities / misc / multiuser / multiuser.doc next >

Wrap

Text File | 1993-03-30 | 30KB | 725 lines

/ / / / / / / / \ \ \ \/ / / -+*+- MultiUser Release 1.2a -+*+- \ \/\ \/ / \ \/\ \/ DISCLAIMER WITH THIS DOCUMENT I MAKE NO WARRANTIES OR REPRESENTATIONS, EITHER EXPRESSED OR IMPLIED, WITH RESPECT TO THE PRODUCT DESCRIBED HEREIN. THE INFORMATION PRESENTED HEREIN IS BEING SUPPLIED ON AN "AS IS" BASIS AND IS EXPRESSLY SUBJECT TO CHANGE WITHOUT NOTICE. THE ENTIRE RISK AS TO THE USE OF THIS INFORMATION IS ASSUMED BY THE USER. IN NO EVENT WILL I BE LIABLE FOR DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY CLAIM ARISING OUT OF THE INFORMATION PRESENTED HEREIN, EVEN IF I HAVE BEEN ADVISED OF THE POSSIBILITIES OF SUCH DAMAGES. COPYRIGHT This package is freeware. This means you can copy it freely as long as you don't ask any money for it, except perhaps a nominal fee for copying. The package is however Copyright © Geert Uytterhoeven, All Rights Reserved. The author reservers the right to change the status of this package whenever he may find it appropriate. This package should not be spread in any other form than an LhA archive and all parts of it should be spread together. The package may not be altered in any way and cannot be used for commercial purposes without the prior written permission of the author. If you want the development of the MultiUserFileSystem to continue, you can help us in our monetary needs by sending some money to the address listed at the end of this document. 1. Introduction You've got an Amiga with Kickstart 2.0 or higher and several people are regularly fooling around with it ... Last week your sister deleted your 20MB GIF collection by mistake and you don't want this to happen again ... Well, here's the answer: The Multi-User File-System, short muFS! muFS allows you to create a *IX-like environment where several users live together in harmony, unable to delete each others files, unable to read those private love-letters of other users ... And this even if several users are working on the machine at the same time (on a terminal hooked up to the serial port) ... You are the sole user of your computer? Well, make sure it stays that way by installing muFS! People without a valid login ID and password won't be able to access files you have made private with muFS. If you make all files private (not readable for others), the only useful thing they could do, is boot from a floppy ... So you see, you simply have to install muFS ... To live without it is a bore! 2. System Requirements Your Amiga should be equipped with Kickstart 2.04 (37+) or higher. Since the aim of the program is to protect files on a harddisk, you'll probably need one, though it could also (in theory) be used on floppy-disks. The package was written on an A4000/040 running Kickstart 39.106 and was tested on the following configurations: - A4000/040, 120 MB IDE harddisk, 2 MB chip-ram, 8 MB fast-ram - A4000/040, 120 MB IDE harddisk, 2 MB chip-ram, 8 MB fast-ram, Retina graphics board, Retina WB emulation - A3000T 25MHz, 500+ MB harddisk, 2 MB chip-ram and 16 MB fast ram, Kickstart 37.175, GVP '040 accel, Retina graphics board, Retina WB emulation, Vortex 486 SLC board (this is shit!), Amax II+, IV-24 graphics board,... ( Not mine :-( A demonstration model in a store I frequently visit :^) ) - A3000 25MHz, 52 MB + 120 MB harddisk, 2 MB chip-ram and some MB static column ram. Kickstart 39.110 (developer) - A500, 20 MB harddisk (A590 XT), 512 K chip-ram, 512 K ranger-mem, 2 MB fast-ram, old chipset, 68010 processor, kickstart 2.04 softkicked (developer) On all these configuration the file-system seemed to work fine, so I guess you can run it on almost any machine (with a bit of spare memory). You do need the reqtools.library version 38 or higher. Reqtools is Copyright © Nico François. If you want to use SetOwner, you need Kickstart 39.106 or higher. 37.xx users can replace SetOwner by the SetOwner37 command. 3. Installation o Extract the muFS.lha archive and change the current directory to the directory where you have extracted the archive to. (Preferably RAM:) o Copy the necessary stuff with the following Copy commands: Copy Libs/multiuser.library LIBS: Copy L/multiuserfilesystem L: Copy C/#? C: o If you've got installed the TCP/IP packet from Commodore (AS225) you already have a valid password file (inet:db/passwd). Make sure there's an entry for a 'root' user with 65535 for the user and group number, e.g.: root||65535|65535|The Bastard Operator From Hell|SYS:Homes/Root|cli ^^^^^ ^^^^^ o If you haven't installed the TCP/IP packet from Commodore you must create a password-file with the following commands: Assign inet: S: MakeDir inet:db Copy db/passwd inet:db Append the next line to your S:User-Startup file: Assign inet: S: o Append the next line to your S:User-Startup file (AFTER any inet: assign definitions!): Logout GUI GLOBAL o Pick a name for your computer ... This name will appear in the login/out requester. Let's say you wanna call your system "Pythagoras", then you have to execute the following: Echo "Pythagoras" >ENVARC:HostName o Start HDToolBox to install the Multi-User File-System NOTE: The following text describes the use of the version of HDToolBox that is supplied with 3.0. Other versions may slightly differ. x Choose the drive you want to protect. If you want to protect more than one drive, you simply repeat this for each of the drives. Select the drive by clicking on it in the listview where all connected drives are displayed. x Press the <Partition Drive> button. Now a new display should appear containing a large box which may be divided up into several partitions ... x Activate the <Advanced Options> checkbox. Now some additional options should appear ... x Press the <Add/Update...> button in the filesystem section of the HDToolBox window. (There's only one gadget labeled <Add/Update...>, so you can't miss it.) x Now the window should contain a list of currently installed file-systems and some additional buttons. If you are updating your Multi-User File-System, there should already be an entry with the 0x6d754653 identifier. If this is the case, click on it and press <Update File System...>, in all other cases, press the <Add New File System...> button. x Now a requester appears. Enter "L:MultiUserFileSystem" in the string-gadget of the requester and "0x6d754653" in the identifier (also called DosType) gadget. If your version of HDToolBox asks you to enter a version number, you should use 39. Some versions of HDToolbox (the one with 3.0) uses two requesters for the needed information, so it may be necessary to select the <Ok> button of the requester before you can fill in the DosType. x Press the <Ok> button of the requester (if you haven't done this yet). Now you should be back in the FileSystems display. Go back to the Partitions display by pressing the <Ok> button. x Select the partition on the drive that you wanna protect. If you want to protect more than one partition (it is recommended to protect all partitions on the drive), you simply repeat the following stuff for every partition. You select a partition by clicking on the part of the large box (which represents your harddisk) that represents that partition. x Press the <Change ...> or <Change File System> button. x Select the <Custom File System> gadget and enter "0x6d754653" into the <Identifier> gadget. x Press the <Ok> button to return to the Partitions display. You should repeat the above steps for all the partitions you wish to protect before continuing ... x Press the <Ok> button to return to the main HDToolBox display. x Press the <Save Changes to Drive> button. If HDToolBox complains that there isn't enough space on the drive to save all of the configuration data, you should return to the FileSystem Maintenance section of HDToolBox by pressing <Partition Drive> and <Add/Update ...> buttons. Now you should select another file-system than the one with identifier 0x6d754653, press <Delete File System>, return to the main HDToolBox display and try saving the configuration again. Note that you should make sure no partitions use the filesystem you just deleted! This is why it is recommended that all partitions on the drive should use the Multi-User File-System. x Select Exit and confirm the reboot request of HDToolBox. Now your machine should automaticly reset. o After the reboot, a requester should appear (if you changed the S:User-Startup correcly and copied the library into LIBS:). Simply enter "root" as login id. You should now be logged in as root, having access to all files. o The first thing you should do is to change your password. This is done by entering the Passwd GUI command in a shell you open or with the <Execute Command ...> option of the Workbench. You are prompted to enter your old password, so simply press enter. Now you are asked to enter your new password twice. If you enter the same password twice, this will from now on (until you change it again) be the password root has to enter at a login request. o Now you have to protect some important files using the MProtect and SetOwner(37) commands. We will use SetOwner in this description, but if you aren't using Kickstart 39.106 or higher, you should use SetOwner37 instead! SetOwner inet:db/passwd root MProtect inet:db/passwd rwd SetOwner S:startup-sequence root MProtect S:startup-sequence srwd group r other r SetOwner S:user-startup root MProtect S:user-startup srwd group r other r SetOwner SYS:Tools/HDToolBox root MProtect SYS:Tools/HDToolBox rwed ... and any other files you wish to protect ... it is recommended to leave most files readable for others, except of course the files you really wanna keep to yourself. .info files and .backdrop files should be readable for everybody if you don't want complications when using the Workbench. 4. The password file The passwd file should be located in your inet:db directory and contains all the information the system needs on the users that are allowed to access the system. Each line of the file contains information on one user. The syntax of such a line is as follows: <id>"|"<passwd>"|"<user>"|"<group>"|"<name>"|"<home>"|"<port> <id> is the same as the name this user will need to give at a login request. This name may be upto 32 characters long. <passwd> if the user has a password, this is his coded password. If you add new users, you should make this field empty, this means the user doesn't have a password yet. Then login as that user and change his password using the Passwd command. <user> is the user identifier, a number between 1 and 65535. Each user should have a different user identifier! The identifier 65535 is reserved for root! <group> is the group identifier, a number between 0 and 65535. Users with the same group identifier belong to the same group and can access each others files depending on the group-protection bits. Users with different group identifiers can access each others files depending on the other-protection bits. The identifier 65535 is reserved for root! <name> is the real name of the user. You can enter whatever you like for this. At the moment this is limited to 220 characters. This name is displayed when user information is asked using the UserInfo command. <home> is the home directory of the user. When a logout is performed, a requester will appear prompting for a new login. If a user logs in using this requester, the current directory will be changed to the home of this user and the local environment variable HOME will be set to the name of the home-directory. This doesn't happen when a Login command is used. <port> is only used by the TCP/IP packet from Commodore (AS225). If you haven't installed that package you should leave this field empty. A passwd file could look like this: root||65535|65535|The Bastard Operator From Hell|SYS:Homes/Root|cli geert|Fqhg_IYBiU`|3|1|Geert Uytterhoeven|SYS:Homes/Geert|cli kurt|fNXjuAgFBFF|2|1|Kurt Haenen|SYS:Homes/Kurt|cli guest||1|0|Anonymous Guest|SYS:Homes/Guest|cli 5. Support Commands The support commands are used to login/out of the system, change the protection bits of a file, change the owner of a file, change the default protection bits for a group of tasks, ... The number of support commands may grow in future releases. Here are the commands that are currently supported. They can only be executed from the shell or with the <Execute Command...> option of the Workbench. This may change in future releases! 5.1. Login This command will put a new owner on top of the current owner of the task. *IX users may think of this as the *IX su command. The effect of a succesful login can be reversed with the Logout command. The owner-list of a task is sort of a stack: with Login you put a new owner on top of the stack, with Logout, you take an owner of the stack (unless the stack is empty). Options ... (/K means the keyword is needed!) GUI Normally the login prompt appears in the shell-window that was used to execute Login, but if this option is specified, a requester is used. The GUI mode is much safer than the normal mode, 'cause console window normally have history, so one could recall the password you typed in. TASK/K Login another task than the one we're currently working in. A task name should be specified after the TASK keyword. You can only login tasks which you own (unless you are root)! OWN Login another task than the one we're currently working in by changing it's owner to the owner of the current task. This works only with tasks that are owner by nobody (unless you are root)! This option must be used in conjunction with the TASK option. GLOBAL Login all tasks connected to the current task. It's a bit difficult to explain what connected means, but you could say that a parent task and all its children are connected unless one of them was logged in/out without the GLOBAL option. Well, this will probably change in future releases, so simply try it out to see what it does! 5.2. Logout This command is the inverse of Login if the stack of owners of the current task isn't empty. If the stack is empty or becomes empty after executing the Logout command, a login prompt will appear. After login, the current directory will be changed to the user's home-directory and if there's a .profile file in this directory, it will be executed. Options ... (/K means the keyword is needed!) GUI If a login request is generated by Logout, should it use a requester? TASK/K See Login ... GLOBAL This option only works when the owner stack is or becomes empty when executing the Logout command. If this option is specified in such a case, not only this task will change its owner, but all connected task as well. It's a bit difficult to explain what connected means, but you could say that a parent task and all its children are connected unless one of them was logged out without the GLOBAL option. Well, this will probably change in future releases, so simply try it out to see what it does! It's very useful to logout all your tasks from your current session. QUIET Tells logout never to generate a login request. If the owner stack becomes empty, you will simply be logged in as nobody. This may be removed in future releases, but since it isn't really useful, this shouldn't be a problem. 5.3. Passwd The Passwd command is used to change your password. Simply type in the command in the shell and you will be prompted to enter your old password and type your new password twice. If you did this correctly, your password will be changed! Options ... GUI If this option is specified, Passwd uses requesters to prompt for your passwords instead of simple console I/O. 5.4. MList This is a simple list replacement. It takes none, one or more path-names as parameters and lists the files in those path(s) or in the current directory if no path-name was specified, together with all their protection bits and some other info. Options ... DIR The path-name(s) of the directorie(s) you want information on. The standard AmigaDOS wildcards may be used here. 5.5. SetOwner This command is used to change the owner of a file. You can only change the owner of files you own or of files that are owned by nobody. If you don't have Kickstart 39.106 or higher, you should use SetOwner37 instead of SetOwner! Options ... FILE The file or directory you want to change the owner of. The standard AmigaDOS wildcards may be used here. USER The UserID of the user that should become the owner of the file or directory. If no user is specified, the current task owner will be taken. NOBODY Set the owner of the file or directory to nobody. ALL Recursively scan all directories from within the specified directory and process all found files and directories. QUIET Process silently. 5.6. SetDefProtect This commands sets the default protection bits for the current task and for all connected tasks (see Logout.GLOBAL). Options ... (/K means the keyword is needed!) FLAGS The protection flags used for the owner of the file. GROUP/K The protection flags used for users in the same group as the owner of the file. OTHER/K The protection flags used for users outside the owner's group. 5.7. MProtect This command change the protection flags for files or directories. Options ... (/K means the keyword is needed!) FILE The file or directory you want to change the protection flags of. The standard AmigaDOS wildcards may be used here. FLAGS The protection flags used for the owner of the file. GROUP/K The protection flags used for users in the same group as the owner of the file. OTHER/K The protection flags used for users outside the owner's group. ADD Add all specified protection flags to the flags that are already set. SUB Subtract all specified protection flags from the flags that are already set. ALL Recursively scan all directories from within the specified directory and process all found files and directories. QUIET Process silently. 5.8. UserInfo This command can be used to get some information on the users of this system. Options ... (/K means the keyword is needed!) ALL Give information on all the users of this system. This means all users listed in the inet:db/passwd file. ID/K Give information on the user with the id specified after the ID option. The id is the name you have to enter at a login prompt. UID/K Same as ID, but this time info on the user whose userid is specified is listed. The userid is the number given as second entry in the inet:db/passwd file. GID/K Same thing as UID, but this time for all users in the group with the specified group ID. NAME/K Gives info on the user with the specified real name. An exact match is necessary, but the case is ignored. PLAN If you add this option, the .plan file of the users you asked info on, will be displayed. If the user hasn't got a .plan file in his home directory, it will just be ignored. / / / / / / / / / / / / / / / / \ \ \ \/ / / / \ \ \ \ / / / \ \ \ \/ / / \ \/\ \/ / \ \ \ / \ \/\ / History ... Version 39.134 Release 1.0ß First public release of the MultiUserFileSystem. All the work on this one was done by Geert Uytterhoeven. Version 39.135 (no public release) Update of the library and the support programs to allow global logging out. (Kurt Haenen) - The way the library manages the linking of tasks and owners was changed to allow a kind of global control over all tasks of a single user. It still isn't quite the way I'd like it, but it's getting closer ... - The GLOBAL option was added to the Logout command to allow the user to logout all tasks connected to the same tasknode (private structure). This means that you can logout/login a task and all its children by executing a LOGOUT GLOBAL command from one of them. Very useful 'cause now you can logout the workbench without having to quit it ... - TASK option added to Login and Logout to allow you to login/logout another task (of which you are the owner or that's owner by nobody or whatever task if you are root). - QUIET option added to Logout to force Logout so that nobody will become owner of the task. We're still discussing this, so it may be removed again in the future ... Version 39.136 (no public release) Update of the filesystem, library and support programs so that default protection bits can be set and are used by the file-system. (Geert Uytterhoeven) - The file-system and library were updated to keep track of default protection bits and to use them whenever a file is created. - A new utility SetDefProtect (name may change in the future) was added to allow the user to specify the default protection bits for a tasknode. Version 39.137 Release 1.1 Update of the library to support .profiles and allow hiding of the password on any terminal (I hope)! Update to the file-system to support protection of files against locking. (Geert Uytterhoeven en Kurt Haenen) - The Logout command now also executes a .profile script after login. - An exclusive lock can only be taken on a file you have write-, or delete-rights on. A shared lock can be obtained on a file you have read-, write-, execute- or delete-rights on or that's owned by you. - The UserInfo command can now display the .sig file located in the home of the user on which info is demanded. To do this, you have to give the SIG option. The .sig file should be readable for the one asking information about the owner of the .sig! Version 39.140 Release 1.2 - The password file should be compatible with the TCP/IP package from Commdore (AS225) (I hope :-). - Wildcards added in some support commands. - If a user don't have a password he won't be asked for it no more during Login/Logout. - Finally: autodoc and includes added!! - .sig renamed to .plan. SIG option renamed to PLAN. - PURE bit set for the support commands. They were also pure in earlier releases, but I forgot the magic bit. - Some other minor changes I can't remember :-) Version 39.141 Release 1.2a Only some bug fixes :-( - SetOwner37: opened wrong dos.library version. - Setowner[37]: crashed when bad operating system version. - Password encryption still wasn't compatible with AS225 because of an ambiguity in the ACrypt() documentation (I passed the UserName instead of the UserID). Plans for the future ... - All commands should get an icon and when started from the Workbench, they should allow selection of the files to change using a Reqtools file-requester. - There's a lot of work in the library: the linking of tasks with users should change and become more performant to allow more complex logins/logouts. - Support for owner change during execution (cfr. *IX). Any suggestions to do this?? --------------------------------------------------------------------------- How to contact the author(s): Snail mail ... Geert Uytterhoeven Geert Uytterhoeven Huysmansstraat 12 or 'till end june '93 Tervuursevest 119 B-3128 BAAL B-3001 HEVERLEE BELGIUM BELGIUM Kurt Haenen Kurt Haenen Homsemstraat 53 or 'till end june '93 Verbindingslaan 13 B-3891 BORLO B-3001 HEVERLEE BELGIUM BELGIUM Email ... o Geert Uytterhoeven uytterho@cs.kuleuven.ac.be o Kurt Haenen stud16 @ cc4.kuleuven.ac.be or fhgaa99 @ cc1.kuleuven.ac.be These addresses are at least valid 'till end June 1993, although we won't be reading mail during exams! --------------------------------------------------------------------------- Special thanks go to ... o Nico François for developing ReqTools. o Jorrit Tyberghein for developing the magnificent PowerVisor! o Ives Aerts for testing the filesystem on an A3000 running 2.04. o All of you who are going to contribute to our "Don't let us starf"-fund, by sending some money to one of the snail-mail addresses listed above. (Hope a lot of you will do so) o Kai 'wusel' Siering, Markus Illenseer and Tako Schotanus for their comments and tips. o The Department of Computer Science at the Katholieke Universiteit Leuven for allowing me to use the InterNet for this MultiUser project. --------------------------------------------------------------------------- Filesystem : Geert Uytterhoeven Library : Geert Uytterhoeven & Kurt Haenen Support Commands : Geert Uytterhoeven & Kurt Haenen Documentation : Kurt Haenen / / / / / / / / / / / / / / / / \ \ \ \/ / / / \ \ \ \ / / / \ \ \ \/ / / \ \/\ \/ / \ \ \ \ / \ \/\ \/ Only Amiga makes it possible ... But wouldn't Linux for Amiga be nice! /\ /XX\ /XXXX\ /XXXXXX\ /XXXXXXXX\ /\ \XXXXXXXX/ /\ /XX\ \XXXXXX/ /XX\ /XXXX\ \XXXX/ /XXXX\ /XXXXXX\ \XX/ /XXXXXX\ /XXXXXXXX\ \/ /XXXXXXXX\ \XXXXXXXX/ /\ \XXXXXXXX/ \XXXXXX/ /XX\ \XXXXXX/ \XXXX/ /XXXX\ \XXXX/ \XX/ /XXXXXX\ \XX/ \/ /XXXXXXXX\ \/ \XXXXXXXX/ \XXXXXX/ \XXXX/ \XX/ \/