home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The CDPD Public Domain Collection for CDTV 4
/
CDPD_IV.bin
/
fish
/
891-910
/
ff905
/
multiuser
/
multiuser.doc
next >
Wrap
Text File
|
1994-05-04
|
50KB
|
1,221 lines
/ / / /
/ / / /
\ \ \ \/ / / -+*+- MultiUser Release 1.4 -+*+-
\ \/\ \/ /
\
\
/\
\
/
DISCLAIMER
WITH THIS DOCUMENT I MAKE NO WARRANTIES OR REPRESENTATIONS, EITHER
EXPRESSED OR IMPLIED, WITH RESPECT TO THE PRODUCT DESCRIBED HEREIN. THE
INFORMATION PRESENTED HEREIN IS BEING SUPPLIED ON AN 'AS IS' BASIS AND IS
EXPRESSLY SUBJECT TO CHANGE WITHOUT NOTICE. THE ENTIRE RISK AS TO THE USE
OF THIS INFORMATION IS ASSUMED BY THE USER. IN NO EVENT WILL I BE LIABLE
FOR DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES RESULTING FROM
ANY CLAIM ARISING OUT OF THE INFORMATION PRESENTED HEREIN, EVEN IF I HAVE
BEEN ADVISED OF THE POSSIBILITIES OF SUCH DAMAGES.
COPYRIGHT
This package is shareware. This means you can copy it freely as long as
you don't ask any money for it, except perhaps a nominal fee for copying.
If you like and use this package on a regular base, I'd appreciate it if
you send me a contribution of 500 BEF or USD 15. Please send money by
International Money Order, EuroCheck (in BEF!) or Cash, because it's very
difficult for me to cash in other checks.
This package should not be spread in any other form than an LhA archive
and all parts of it should be spread together. The package may not be
altered in any way and cannot be used for commercial purposes without the
prior written permission of the author. This does not apply to the source
of the support commands, they are full public domain, only the copyright
message should be preserved.
The package is Copyright © Geert Uytterhoeven, All Rights Reserved. The
author reservers the right to change the status of this package whenever he
may find it appropriate.
1. Introduction
You've got an Amiga with Kickstart 2.04 or higher and several people are
regularly fooling around with it ... Last week your sister deleted your
20MB JPEG collection by mistake and you don't want this to happen again ...
Well, here's the answer: MultiUser!
MultiUser allows you to create a *IX-like environment where several users
live together in harmony, unable to delete each others files, unable to
read those private love-letters of other users ... And this even if
several users are working on the machine at the same time (on a terminal
hooked up to the serial port) ...
You are the sole user of your computer? Well, make sure it stays that
way by installing MultiUser! People without a valid login ID and password
won't be able to access files you have made private with MultiUser. If you
make all files private (not readable for others), the only useful thing
they could do, is boot from a floppy ...
And ... you do not have to reformat your hard drive!
2. System Requirements
Your Amiga should be equipped with Kickstart 2.04 (V37+) or higher, and
with a hard drive/controller combination that supports the CBM Rigid Disk
Block protocol (e.g. an A590 or A2091, an A3000 SCSI controller, an A4000
IDE controller and most GVP SCSI controllers). MultiUser can NOT be used
on floppy drive systems.
You do need an original FastFileSystem (V36.102 (release 2.04), V36.104
(release 2.05 or 2.1) or V39.27 (release 3.0)), which should have been
included with your system software.
The package was written on an A4000/040 running Kickstart 39.106 and was
tested on the following configurations:
o A4000/040, 120 MB IDE harddisk, 2 MB chip-ram, 8 MB fast-ram
o A4000/040, 120 MB IDE harddisk, 2 MB chip-ram, 8 MB fast-ram, Retina
graphics board, Retina WB emulation
o A3000T 25MHz, 500+ MB harddisk, 2 MB chip-ram and 16 MB fast ram,
Kickstart 37.175, GVP '040 accel, Retina graphics board, Retina WB
emulation, Vortex 486 SLC board (this is shit!), Amax II+, IV-24
graphics board,... (Not mine :-( A demonstration model in a store Kurt
frequently
visits :^)
o A3000 25MHz, 52 MB + 120 MB harddisk, 2 MB chip-ram and some MB static
column ram. Kickstart 39.110 (developer)
o A500, 20 MB harddisk (A590 XT), 512 K chip-ram, 512 K ranger-mem, 2 MB
fast-ram, old chipset, 68010 processor, Kickstart 2.04 softkicked
(developer)
o A500, 84 or 105 MB harddisk (A590 SCSI), 512 K chip-ram, 512 K
ranger-mem, 2 MB fast-ram, old chipset, Kickstart 2.04 softkicked
(developer)
On all these configuration the package seems to work fine, so I guess you
can run it on almost any machine (with a bit of spare memory).
You do need the reqtools.library version 38 or higher. Reqtools is
Copyright © Nico François.
3. Installation
WARNING: Read the installation part completely BEFORE you apply it! If
you still don't know what we're talking about, you'd better don't use this
package! It's NOT for the casual user; managing a MultiUser system is a
difficult and tedious task!
If anything fails during the installation, don't forget to restore your
system to it's original state, else you could be surprised in a very bad
way!
o Extract the archive and change the current directory to the directory
MultiUser located in the directory where you extracted the archive to.
(Preferably RAM:)
o Install the library and the support commands with the following
commands:
Copy Libs/multiuser.library LIBS:
Copy C/#? C:
o The MultiUserFileSystem is distributed as a patch for the original
FastFileSystem. There are patches for the FastFileSystems of release
2.04 (V36.102), release 2.05 (V36.104), release 2.1 (V36.104) and
release 3.0 (V39.27) of the operating system. Make sure you have one
of these FastFileSystems in the L: directory! If it's not there you
can copy it from the L directory on the Install disk of the operating
system install disk set. If you're not sure about the version of your
FastFileSystem use the command 'Version L:FastFileSystem'. Now Create
a MultiUserFileSystem with the command:
Patch/Patch L:FastFileSystem Patch/MultiUserFileSystem_xxx.patch
L:MultiUserFileSystem
where xxx stands for '2.04', '2.05', '2.1' or '3.0', depending on your
operating system release.
o Choose the partitions you want to protect and the directory where you
want to store the MultiUser configuration stuff. Make sure this
directory is located on one of the partitions you want to protect!
Let's say your configuration directory is 'App:MultiUser' (Replace
'App:MultiUser' anywhere in this document by the name of your
configuration directory if you use another directory name). Copy the
configuration stuff to this directory with the following command:
Copy Config/#? App:MultiUser
o If you've installed the TCP/IP package from Commodore (AS225) you
already have a valid password file (inet:db/passwd). The inet:db
directory must be located on one of the partitions you want to protect!
Make sure there's an entry for a 'root' user with '65535' for the user
and group number, e.g.:
root||65535|65535|The Bastard Operator From Hell|SYS:Homes/Root|cli
^^^^^ ^^^^^
o Append the next line to your 'S:User-Startup' file:
Logout GUI GLOBAL
o Pick a name for your computer ... This name will appear in the
login/logout requester. Let's say you want to call your system
'Pythagoras', then you have to execute the following:
Echo 'Pythagoras' >ENVARC:HostName
o Let's say you want to protect the partitions 'SYS:' and 'App:'. You
can protect as many partitions as you like, just add their name to the
list below. Create the required Keyfiles on these partitions with the
following command if you haven't installed the TCP/IP package from
Commodore:
MakeKeyfiles App:MultiUser App:MultiUser SYS: App:
TCP/IP users should use a command line like this:
MakeKeyfiles inet:db App:MultiUser SYS: App:
o Start HDToolBox to install the MultiUserFileSystem. If HDToolBox does
not find your hard drive, you probably have to start it from the shell
with 'HDToolBox <hddev>', where <hddev> stands for the name of your
hard drive controller device (e.g. 'scsi.device' for CBM controllers
or 'gvpscsi.device' for GVP controllers). If that fails to, you can't
use MultiUser on your system.
NOTE: The following text describes the use of the version of
HDToolBox that is supplied with 3.0. Other versions may
slightly differ.
x Choose the drive you want to protect. If you want to protect more
than one drive, you simply repeat this for each of the drives.
Select the drive by clicking on it in the listview where all
connected drives are displayed.
x Press the <Partition Drive> button. Now a new display should
appear containing a large box which may be divided up into several
partitions ...
x Activate the <Advanced Options> checkbox. Now some additional
options should appear ...
x Press the <Add/Update...> button in the file system section of the
HDToolBox window. (There's only one gadget labeled
<Add/Update...>, so you can't miss it.)
x Now the window should contain a list of currently installed file
systems and some additional buttons. If you are updating your
MultiUserFileSystem, there should already be an entry with the
0x6d754653 ('muFS' in HEX ASCII) identifier. If this is the case,
click on it and press <Update File System...>, in all other cases,
press the <Add New File System...> button.
x Now a requester appears. Enter 'L:MultiUserFileSystem' in the
string-gadget of the requester and '0x6d754653' in the identifier
(also called DosType) gadget. If your version of HDToolBox asks
you to enter a version number, you should use 39. Some versions of
HDToolbox (the one with 3.0) uses two requesters for the needed
information, so it may be necessary to select the <Ok> button of
the requester before you can fill in the DosType.
x Press the <Ok> button of the requester (if you haven't done this
yet). Now you should be back in the File Systems display. Go back
to the Partitions display by pressing the <Ok> button.
x Select the partition on the drive that you wanna protect. If you
want to protect more than one partition (it is recommended to
protect all partitions on the drive), you simply repeat the
following stuff for every partition. You select a partition by
clicking on the part of the large box (which represents your
harddisk) that represents that partition.
x Press the <Change ...> or <Change File System> button.
x Select the <Custom File System> gadget and enter '0x6d754653'
('muFS' in HEX ASCII) into the <Identifier> gadget.
x Press the <Ok> button to return to the Partitions display. You
should repeat the above steps for all the partitions you wish to
protect before continuing ...
x Press the <Ok> button to return to the main HDToolBox display.
x Press the <Save Changes to Drive> button. Don't care about the
warning that this will destroy the data on your partition, no data
will be lost :-). If HDToolBox complains that there isn't enough
space on the drive to save all the configuration data, you should
return to the File System Maintenance section of HDToolBox by
pressing <Partition Drive> and <Add/Update ...> buttons. Now you
should select another file system than the one with identifier
0x6d754653, press <Delete File System>, return to the main
HDToolBox display and try saving the configuration again. Note
that you should make sure not to delete any file system that's
still used on any partition! This is why it is recommended that
all partitions on the drive should use the MultiUserFileSystem.
x If everything went OK, select Exit and confirm the reboot request
of HDToolBox. Now your machine should automatically reset.
o After the reboot, a requester should appear. Simply enter 'root' as
login id. You should now be logged in as root, having access to all
files.
o The first thing you should do is to change your password. This is done
by entering the Passwd GUI command in a shell you open or with the
<Execute Command ...> option of the Workbench. You are prompted to
enter your old password, so simply press enter. Now you are asked to
enter your new password twice. If you enter the same password twice,
this will from now on (until you change it again) be the password root
has to enter at a login request.
o Now you have to protect some important files using the MProtect and
SetOwner[37] commands. We will use SetOwner in this description, but
if you aren't using Kickstart 39.xx or higher, you should use
SetOwner37 instead!
You should protect the Keyfiles on all protected partitions. Execute
the following commands for every protected partition:
SetOwner <VOL>.MultiUser.keyfile root
MProtect <VOL>.MultiUser.keyfile R
where <VOL> stands for a partition name (e.g. 'SYS:' or 'App:' in our
example. Protect some other important files, too:
SetOwner App:MultiUser/passwd root
MProtect App:MultiUser/passwd RWD
SetOwner App:MultiUser/MultiUser.config root
MProtect App:MultiUser/MultiUser.config RWD
SetOwner App:MultiUser/.profile root
MProtect App:MultiUser/.profile SRWED
SetOwner S:Startup-Sequence root
MProtect S:Startup-Sequence SRWED GROUP R OTHER R
SetOwner S:User-Startup root
MProtect S:User-Startup SRWED GROUP R OTHER R
SetOwner SYS:Tools/HDToolBox root
MProtect SYS:Tools/HDToolBox RWED
... and any other files you wish to protect ...
It is recommended to leave most files readable for others, except of
course the files you really wanna keep to yourself. .info files and
.backdrop files should be readable for everybody if you don't want
complications when using the Workbench.
4. The password file
The passwd file should be located in your inet:db directory and contains
all the information the system needs on the users that are allowed to
access the system. Each line of the file contains information on one user.
The syntax of such a line is as follows:
<id>'|'<passwd>'|'<user>'|'<group>'|'<name>'|'<home>'|'<port>
<id> is the same as the name this user will need to give at a login
request. This name may be upto 32 characters long.
<passwd> if the user has a password, this is his coded password. If you
add new users, you should make this field empty, this means the
user doesn't have a password yet. Then login as that user and
change his password using the Passwd command.
<user> is the user identifier, a number between 1 and 65535. Each user
should have a different user identifier! The identifier 65535 is
reserved for root!
<group> is the group identifier, a number between 0 and 65535. Users
with the same group identifier belong to the same group and can
access each others files depending on the group-protection bits.
Users with different group identifiers can access each others
files depending on the other-protection bits. The identifier
65535 is reserved for root!
<name> is the real name of the user. You can enter whatever you like
for this. At the moment this is limited to 220 characters. This
name is displayed when user information is asked using the
UserInfo command.
<home> is the home directory of the user. When a logout is performed, a
requester will appear prompting for a new login. If a user logs
in using this requester, the current directory will be changed to
the home of this user and the local environment variable HOME
will be set to the name of the home-directory. This doesn't
happen when a Login command is used.
<port> is only used by the TCP/IP package from Commodore (AS225). If
you haven't installed that package you should leave this field
empty.
A passwd file could look like this:
root||65535|65535|The Bastard Operator From Hell|SYS:Homes/Root|cli
geert|Fqhg_IYBiU`|2|1|Geert Uytterhoeven|SYS:Homes/Geert|cli
kurt|fNXjuAgFBFF|3|1|Kurt Haenen|SYS:Homes/Kurt|cli
guest||1|0|Anonymous Guest|SYS:Homes/Guest|cli
If there are bad lines in the password file, a warning will be posted and
the bad line will be ignored. The warning requester will disappear
automatically after 10 seconds if the user doesn't respond.
5. The configuration file
The configuration file defines some settings. It contains lines with
options and values - in the form <OPTION>=<VALUE> -, and comments.
Comments must be preceeded with a semicolon. If an option is missing, the
default value will be taken. 0 is used for OFF, 1 for ON.
The 'MultiUser.config' example delivered with the package reflects the
default settings.
If there are bad options in the configuration file, a warning will be
posted and the bad line will be ignored. The warning requester will
disappear automatically after 10 seconds if the user doesn't respond.
5.1. LIMITDOSSETPROTECTION
If this options is turned on, the protection bits for GROUP and OTHER can
no longer be changed with the dos.library/SetProtection() call. Of course
you can still change the protection bits for GROUP and OTHER with the
MProtect command (or with the library call muSetProtection()). It's very
useful because a lot of programs change the protection bits without knowing
about bits for GROUP and OTHER. Defaults to ON. See also the support
command LimitDOSSetProtection.
5.2. PROFILE
If this option is turned on and there exists a script file '.profile' in
the configuration directory, it will be executed after each login prompt by
the support command Logout. Defaults to ON.
The '.profile' example delivered with the package displays a
'Message_Of_The_Day' if it exists in the configuration directory (change
the directory in the '.profile' if you have a different configuration
directory than 'App:MultiUser') and executes a '.profile' if it exists in
the user's home-directory.
5.3. LASTLOGINREQ
If this option is turned on, there will appear a lastlogin requester
after each graphical login. Defaults to ON.
5.4. LOGSTARTUP
If this option is turned on, every startup or reinitialisation of the
MultiUser.server will be logged to the file 'MultiUser.log' in the
configuration directory. Defaults to OFF.
5.5. LOGLOGIN
If this option is turned on, every successful login will be logged to the
file 'MultiUser.log' in the configuration directory. Defaults to OFF.
5.6. LOGLOGINFAIL
If this option is turned on, every unsuccessful login will be logged to
the file 'MultiUser.log' in the configuration directory. Defaults to OFF.
5.7. LOGPASSWD
If this option is turned on, every successful password change will be
logged to the file 'MultiUser.log' in the configuration directory.
Defaults to OFF.
5.8. LOGPASSWDFAIL
If this option is turned on, every unsuccessful password change will be
logged to the file 'MultiUser.log' in the configuration directory.
Defaults to OFF.
5.9. LOGCHECKPASSWD
If this option is turned on, every successful password check (see the
library function muCheckPasswd()) will be logged to the file
'MultiUser.log' in the configuration directory. Defaults to OFF.
5.10. LOGCHECKPASSWDFAIL
If this option is turned on, every unsuccessful password check (see the
library function muCheckPasswd()) will be logged to the file
'MultiUser.log' in the configuration directory. Defaults to OFF.
5.11. PASSWDUIDLEVEL
Users with a user identifier greather or equal than the specified value
are allowed to change their passwords. Specify a value in the range
0..65535. E.g. if you specify a value of 2, a guest user with a user
identifier of 1 cannot change his password. See also the option
PASSWDGIDLEVEL. Defaults to 0.
5.12. PASSWDGIDLEVEL
Users with a group identifier greather or equal than the specified value
are allowed to change their passwords. Specify a value in the range
0..65535. E.g. if you specify a value of 1, all users in a guest group
with a group identifier of 0 cannot change their passwords. See also the
option PASSWDUIDLEVEL. Defaults to 0.
6. Support Commands
The support commands are used to login to/logout from the system, change
the protection bits of a file, change the owner of a file, change the
default protection bits for a group of tasks, ... The number of support
commands may grow in future releases. Here are the commands that are
currently supported. They can only be executed from the shell or with the
<Execute Command...> option of the Workbench.
6.1. Login
This command will put a new owner on top of the current owner of the
task. *IX users may think of this as the *IX su command. The effect of a
successful login can be reversed with the Logout command. The owner-list
of a task is sort of a stack: with Login you put a new owner on top of the
stack, with Logout, you take an owner of the stack (unless the stack is
empty).
Options ...
GUI Normally the login prompt appears in the shell-window that was
used to execute Login, but if this option is specified, a
requester is used.
TASK Login another task than the one we're currently working in. A
task name should be specified after the TASK keyword. You can
only login tasks which you own (unless you are root)!
OWN Login another task than the one we're currently working in by
changing it's owner to the owner of the current task. This works
only with tasks that are owner by nobody (unless you are root)!
This option must be used in conjunction with the TASK option.
GLOBAL Login all tasks connected to the current task. It's a bit
difficult to explain what connected means, but you could say that
a parent task and all its children are connected unless one of
them was logged in/out without the GLOBAL option.
PROCESS Login another process than the one you're currently working in.
A process number (as displayed by the Status command) should be
specified after the PROCESS keyword. You can only login
processes which you own (unless you are root)!
6.2. Logout
This command is the inverse of Login if the stack of owners of the
current task isn't empty. If the stack is empty or becomes empty after
executing the Logout command, a login prompt will appear. After login, the
current directory will be changed to the user's home-directory, and
depending on your configuration settings, the '.profile' script in the
configuration directory may be executed.
Options ...
GUI If a login request is generated by Logout, should it use a
requester?
TASK See Login
GLOBAL This option only works when the owner stack is or becomes empty
when executing the Logout command. If this option is specified
in such a case, not only this task will change its owner, but all
connected task as well. It's a bit difficult to explain what
connected means, but you could say that a parent task and all its
children are connected unless one of them was logged out without
the GLOBAL option. It's very useful to logout all your tasks
from your current session.
QUIET Tells logout never to generate a login request. If the owner
stack becomes empty, you will simply be logged in as nobody.
This may be removed in future releases, but since it isn't really
useful, this shouldn't be a problem.
PROCESS See Login
6.3. Passwd
The Passwd command is used to change your password. Simply type in the
command in the shell and you will be prompted to enter your old password
and type your new password twice. If you did this correctly, your password
will be changed!
Options ...
GUI If this option is specified, Passwd uses requesters to prompt for
your passwords instead of simple console I/O.
6.4. MList
This is a simple list replacement. It takes none, one or more path-names
as parameters and lists the files in those path(s) or in the current
directory if no path-name was specified, together with all their protection
bits and some other info. It recognizes the new 'U' protection bit.
Options ...
DIR The pathname(s) or the directory(s) you want information on. The
standard AmigaDOS wildcards may be used here.
6.5. SetOwner
This command is used to change the owner of a file. You can only change
the owner of files you own or of files that are owned by nobody, unless
you're root. If you don't have Kickstart 39.xx or higher, you should use
SetOwner37 instead of SetOwner!
Options ...
FILE The file or directory you want to change the owner of. The
standard AmigaDOS wildcards may be used here.
USER The UserID of the user that should become the owner of the file
or directory. If no user is specified, the current task owner
will be taken. You're not allowed to change the owner of a file
to someone else than yourself or nobody, unless you're root.
NOBODY Set the owner of the file or directory to nobody.
ALL Recursively scan all directories from within the specified
directory and process all found files and directories.
QUIET Process silently, but do report errors.
6.6. MProtect
This command changes the protection flags for files or directories.
Options ...
FILE The file or directory you want to change the protection flags of.
The standard AmigaDOS wildcards may be used here.
FLAGS The protection flags used for the owner of the file. Valid flags
are none or some out of:
U Set uid bit: during execution, change the owner of the
process to the owner of the file (cfr. *IX). This even
works if you make the program resident.
However, this only works after the multiuser.library has
been initialised. If you put programs with the 'U' bit on
in your S:User-Startup, make sure you do it after the
'Logout GLOBAL' command, or put 'UserInfo <>NIL:' before
the first of them to assure the library has been loaded!
If you set the 'U' bit together with 'GROUP W' or 'OTHER
W', you will get a warning because this is a very dangerous
situation :-)
S Script bit: file is a shell script.
P Pure bit: program is reentrant and reexecutable.
A Archive bit: file has been backed up or archived.
R Read bit: file is readable.
W Write bit: file is writable.
E Execute bit: file is executable.
D Delete bit: file is deletable.
GROUP The protection flags used for users in the same group as the
owner of the file. Specify them after the GROUP keyword. Valid
flags are none or some out of 'R', 'W', 'E' and 'D'.
OTHER The protection flags used for users outside the owner's group.
Specify them after the OTHER keyword. Valid flags are none or
some out of 'R', 'W', 'E' and 'D'.
ADD Add all specified protection flags to the flags that are already
set.
SUB Subtract all specified protection flags from the flags that are
already set.
ALL Recursively scan all directories from within the specified
directory and process all found files and directories.
QUIET Process silently, but do report errors.
6.7. SetDefProtect
This commands sets the default protection bits for the current task.
Options ...
FLAGS The protection flags used for the owner of the file. See
MProtect ('U' is not valid here).
GROUP The protection flags used for users in the same group as the
owner of the file. Specify them after the GROUP keyword. See
MProtect.
OTHER The protection flags used for users outside the owner's group.
Specify them after the OTHER keyword. See MProtect.
GLOBAL Change the default protection bits not only for the current task,
but for all tasks on the same level.
6.8. UserInfo
This command can be used to get some information on the users of this
system. It will display the UserID, uid, gid, home-directory, lastlogin
date and the contents of a '.plan' file if it exists in the home-directory
of the appropriate user.
Options ...
ALL Give information on all the users of this system. This means all
users listed in the inet:db/passwd file.
USERID Give information on the user with the specified UserID. The
UserID is the name you have to enter at a login prompt. The
standard AmigaDOS wildcards may be used here.
UID Same as USERID, but this time info on the user whose user ID is
specified is listed. The user ID is the number given as second
entry in the inet:db/passwd file. Specify the userid after the
UID keyword.
GID Same thing as UID, but this time for all users in the group with
the specified group ID. Specify the group ID after the GID
keyword.
NAME Gives info on the user with the specified real name. Specify the
name after the NAME keyword. The standard AmigaDOS wildcards may
be used here.
QUICK If you add this option, only the UserID(s) will be displayed.
This is very useful for scripts and aliases. E.g. after the
alias definition
Alias HCD CD SYS:Homes/`userinfo quick []`
the command 'HCD guest' will change the current directory to
guest's home directory, supposed all your users have a
home-directory in SYS:Homes.
6.9 Tasks
This command lists the active tasks of a user.
Options...
USERID List the active tasks of the specified user. Default is the
current user.
ALL List all active tasks.
6.10 LimitDOSSetProtection
This command defines whether the protection bits for GROUP and OTHER may
be changed via the dos.library/SetProtection() call. It's very useful
because a lot of programs change the protection bits without knowing about
bits for GROUP and OTHER. See also the option LIMITDOSSETPROTECTION in the
configuration file.
Options...
ON Turn the limitation on. This means the protection bits for GROUP
and OTHER no longer can be changed with the
dos.library/SetProtection() call. Of course you can still change
the protection bits for GROUP and OTHER with the MProtect command
(or with the library call muSetProtection()).
OFF Turn the limitation off.
[[4m6.11 MakeKeyfiles
This command creates the Keyfiles. Every partitions you want to use with
the MultiUserFileSystem must have a Keyfile. If one of them is missing or
inconsistent, all tasks will be owned by nobody to prevent unprivileged
accesses, and an alert will be posted.
Options...
PASSWDDIR The directory where you've put the password file. This directory
must be on one of the protected partitions.
CONFIGDIR The directory where you've put the configuration file. This
directory must be on one of the protected partitions.
VOLUME The list of partitions you want to protect.
7. The log file
Depending on your configuration file, some actions will be logged to the
file 'MultiUser.log' in your configuration directory. The following kind
of entries may appear therein (<user> stands for a user represented by his
hexadecimal user/group identifier, <userid> stands for a user represented
by his UserID):
o <date>, <time>: Startup
MultiUser startup on <date>, <time>.
o <date>, <time>: Login from <user> to <UserID>
<UserID> was logged in from a task owned by <user> on <date>, <time>.
<user> will be '00000000' if the Logout command was used instead of
Login.
o <date>, <time>: Login from <user> to <UserID> failed
<UserID> failed to login from a task owned by <user> on <date>, <time>.
<user> will be '00000000' if the Logout command was used instead of
Login. This may indicate an attempt of <user> to do an unauthorized
login on the account of <UserID>!
o <date>, <time>: Passwd for <user>
<user> changed his password on <date>, <time>.
o <date>, <time>: Passwd for <user> failed
<user> failed to change his password on <date>, <time>.
o <date>, <time>: CheckPasswd for <user>
The password check ((see the library function muCheckPasswd()) on
<date>, <time> for <user> was successful.
o <date>, <time>: CheckPasswd for <user> failed
The password check ((see the library function muCheckPasswd()) on
<date>, <time> for <user> was unsuccessful. This may indicate an
attempt of an unknown person to make unauthorizedly use of the account
of <user>!
8. Caveats
o Unlike the FastFileSystem, the MultiUserFileSystem returns an error on
illegal lock modes (i.e. anything else than ACCESS_READ/SHARED_LOCK or
ACCESS_WRITE/EXCLUSIVE_LOCK). This has been done for future
compatibility reasons. However, some programs do pass illegal lock
modes - which is an Amiga rule violation - and thus will fail to work.
o Programs using software interrupts instead of signals for their packet
I/O cannot access files which are not accessible for everybody. This
applies more specifically to programs using the ixemul.library (i.e.
programs compiled with gcc or g++).
o The .profile will not be executed under Csh because Csh is not a real
(Amiga) shell but rather an interactive program.
o Csh expands wild cards by itself, so quote them (e.g. "*") if you use
the support commands.
o Do not try to use the MultiUserFileSystem on floppy disks (or other
removables)! Although it is possible, you will almost always get in
trouble with the Keyfiles. Keeping your floppies in a safe place is
still the best protection!
o ARexx programs are always executed under the same ownership as the
RexxMaster task - which is started by RexxMast -, so make sure the
RexxMast command is executed by NOBODY (i.e. before the first
Login/Logout command) and do not set the set uid bit for RexxMast!
9. History
Release 1.0ß
(Library Version 39.134)
First public release of MultiUser. All the work on this one was done by
Geert Uytterhoeven.
Internal Release
(Library Version 39.135)
Update of the library and the support programs to allow global logging
out. (Kurt Haenen)
o The way the library manages the linking of tasks and owners was changed
to allow a kind of global control over all tasks of a single user. It
still isn't quite the way I'd like it, but it's getting closer ...
o The GLOBAL option was added to the Logout command to allow the user to
logout all tasks connected to the same tasknode (private structure).
This means that you can logout/login a task and all its children by
executing a LOGOUT GLOBAL command from one of them. Very useful 'cause
now you can logout the Workbench without having to quit it ...
o TASK option added to Login and Logout to allow you to Login/Logout
another task (of which you are the owner or that's owned by nobody or
whatever task if you are root).
o QUIET option added to Logout to force Logout so that nobody will become
owner of the task. We're still discussing this, so it may be removed
again in the future ...
Internal Release
(Library Version 39.136)
Update of the file system, library and support programs so that default
protection bits can be set and are used by the file system. (Geert
Uytterhoeven)
o The file system and library were updated to keep track of default
protection bits and to use them whenever a file is created.
o A new utility SetDefProtect (name may change in the future) was added
to allow the user to specify the default protection bits for a
tasknode.
Release 1.1
(Library Version 39.137)
Update of the library to support .profiles and allow hiding of the
password on any terminal (I hope)! Update to the file system to support
protection of files against locking. (Geert Uytterhoeven and Kurt Haenen)
o The Logout command now also executes a .profile script after login.
o An exclusive lock can only be taken on a file you have write-, or
delete-rights on. A shared lock can be obtained on a file you have
read-, write-, execute- or delete-rights on or that's owned by you.
o The UserInfo command can now display the .sig file located in the home
of the user on which info is demanded. To do this, you have to give
the SIG option. The .sig file should be readable for the one asking
information about the owner of the .sig!
Release 1.2
(Library Version 39.140)
Starting with this release, all the work was done by Geert Uytterhoeven.
o The password file should be compatible with the TCP/IP package from
Commdore (AS225) (I hope :-).
o Wildcards added in some support commands.
o If a user don't have a password he won't be asked for it no more during
Login/Logout.
o Finally: autodoc and includes added!!
o .sig renamed to .plan. SIG option renamed to PLAN.
o PURE bit set for the support commands. They were also pure in earlier
releases, but I forgot the magic bit.
o Some other minor changes I can't remember :-)
Release 1.2a
(Library Version 39.141)
Only some bug fixes :-(
o SetOwner37: opened wrong dos.library version.
o Setowner[37]: crashed when bad operating system version.
o Password encryption still wasn't compatible with AS225 because of an
ambiguity in the ACrypt() documentation (I passed the UserName instead
of the UserID).
Release 1.3 (11/05/93)
(Library Version 39.145)
WARNING: THIS IS A MAJOR UPDATE WITH SOME FUNDAMENTAL CHANGES!! YOU
SHOULD CHECK YOUR OWN MULTIUSER APPLICATION SOURCES AND
RECOMPILE THEM!!
o Using history after changing the password from the console doesn't
reveal the entered passwords anymore.
o Bug fixed: If you used Passwd before IPrefs installed localization or
in case of a pre-2.1 Workbench, a corrupt password file was written
(RawDoFmt() patched by locale.library treats %u different than the
original).
o New less kludgy, object oriented internal structure.
o Meaning of tag muT_Task changed. Now it needs a pointer to a task
structure rather than the task's name.
o Library function muSetDefProtection() renamed to muSetDefProtectionA():
its arguments are now passed via a taglist using the tag muT_Task and
the new tag muT_DefProtection.
o If you're already root you won't be asked for a password anymore during
Login.
o GLOBAL flag added to SetDefProtect.
o PROCESS keyword added for Login/Logout.
o New tags muT_UserID and muT_Password added for muLoginA().
o You aren't allowed anymore to change the owner of a file to someone
else than yourself or nobody, unless you're root.
o Owner change during execution (set uid bit, cfr. *IX) added.
o Source of support commands added as examples. They are full public
domain. If you develop your own support commands I'd appreciate it if
you would send me a copy (eventually a copy of the source too :-).
Maybe I could add them to the next release of the package.
o From now on the MultiUserFileSystem is distributed as a patch for the
original FastFileSystem.
o New support command Tasks.
o New library functions muSetProtection() and muLimitDOSSetProtection().
New support command LimitDOSSetProtection.
Release 1.4 (20/07/93)
(Library Version 39.151)
o Logout QUIET was broken: fixed!
o If the password file is corrupt, you will get a warning instead of an
inaccessible system. All invalid lines will be ignored.
o The ramlib task isn't owned by root anymore.
o UserInfo entered an endless loop if a .plan was read protected: fixed!
o SetOwner37 caused a (harmless) Enforcer hit (thanks Max): fixed!
o New keytypes muKeyType_WUserID, muKeyType_WUserName,
muKeyType_WUserIDNext and muKeyType_WUserNameNext for muGetUserInfo()
to handle wildcards in a UserID or UserName.
o UserInfo uses the new keytypes and thus allows wildcards for UserID and
UserName.
o New library function muCheckPasswd().
o The MultiUser.server doesn't spawn AmigaDOS-requesters anymore.
o The support commands MList, MProtect and SetOwner[37] now handle
non-matching wildcards correctly and give the right error message.
o Enhanced security using Keyfiles.
o The (private) library function muSetLibFlush() is obsolete now.
o Configuration file and log options added.
o The .profile in the configuration directory will be executed (depending
on your configuration settings), rather than the .profile in a user's
home-directory.
o New library functions muGetPasswdDirLock() and muGetConfigDirLock().
o Patch for the FastFileSystem of release 2.05 (V36.104) added.
o QUICK flag added for UserInfo.
o If the user doesn't respond to a warning requester, the requester will
disappear automatically after 10 seconds to allow unattended operation
in production environments.
o Bug fixed: If you specify a nonexistent task name, Login/Logout TASK
raises an error now instead of operating on the current task.
o Security hole fixed: now set uid only works on volumes using the
MultiUserFileSystem.
o The .lastlogin file is human readable now (i.e. <Day> <Date> <Time>).
o The PLAN flag for UserInfo is obsolete now, UserInfo always displays
the contents of the .plan file (unless you specify the QUICK flag).
Now UserInfo displays the lastlogin date too.
o Almost all of Kurt's code is gone now (I hope this won't start an
AT&T/USL <-> BSD alike war :-).
o Finally Passwd looks fine when used from a Shell on a serial terminal:
now it dumps carriage returns where it should. I still don't know why
muLogin()/Logout() always worked correctly and Passwd not (in both
cases I used almost the same code!), but who cares??
10. Plans for the future
o A GUI tool for managing the password and configuration files.
o Better compatibility with ixemul.library.
o Owner change during execution should work for shell scripts too.
o The multiuser.library should be a part of the MultiUserFileSystem.
o A brand new File System: maybe the Linux file system? Any help is
welcome!
11. Credits
o Library : Geert Uytterhoeven & Kurt Haenen
o Support Commands : Geert Uytterhoeven & Kurt Haenen
o Documentation : Geert Uytterhoeven & Kurt Haenen
o File System Patches : Geert Uytterhoeven
Starting with Release 1.2, all the work was done by Geert Uytterhoeven.
12. Contacts
How to contact the author ...
o E-mail
uytterho@cs.kuleuven.ac.be
This account is at least valid 'till end June '93; it may be valid
from July to September (but I won't be reading mail on a regular base
then) and it will probably be valid again in October.
o Fax
+32-16-535823
This is my preferred (fast-'n-easy :-) link to the world from July to
September '93.
o Snail mail
Geert Uytterhoeven
Huysmansstraat 12
B-3128 BAAL
BELGIUM
or from October '93 'till end June '94
Geert Uytterhoeven
Tervuursevest 119
B-3001 HEVERLEE
BELGIUM
How to contact the MultiUser mailing list ...
(thanks Kai)
Mail your comments to
mufs@hactar.hanse.de
If you want to subscribe to this mailing list, just send an E-mail to
listserv@hactar.hanse.de
containing a line like this:
ADD <address> mufs
where <address> stands for your E-mail address. From then on you will
receive a copy of all mails sent to the mailing list. For more help about
the mailing list, send an E-mail containing only the magic word 'HELP' to
the list server.
13. Special thanks go to ...
o Nico François for developing ReqTools.
o Jorrit Tyberghein for developing the magnificent PowerVisor (We're
waiting for release 1.43 :-)
o Kurt Haenen, Ives Aerts and Litrik De Roy for beta testing.
o Kai 'wusel' Siering, Markus Illenseer, Tako Schotanus, Ralph-Thomas
Aussem and Max Hantsch for their comments and tips.
o The Department of Computer Science at the Katholieke Universiteit
Leuven for allowing me to use the InterNet for this MultiUser project.
o Kai 'wusel' Siering for setting up a mailing list for MultiUser.
/ / / /
/ / / /
/ / / /
/ / / /
\ \ \ \/ / / /
\ \ \ \ / / /
\ \ \ \/ / /
\ \/\ \/ /
\ \ \ \ /
\
\
/\
\
/
Only Amiga makes it possible ...
But wouldn't Linux for Amiga be nice!
/\
/XX\
/XXXX\
/XXXXXX\
/XXXXXXXX\
/\ \XXXXXXXX/ /\
/XX\ \XXXXXX/ /XX\
/XXXX\ \XXXX/ /XXXX\
/XXXXXX\ \XX/ /XXXXXX\
/XXXXXXXX\ \/ /XXXXXXXX\
\XXXXXXXX/ /\ \XXXXXXXX/
\XXXXXX/ /XX\ \XXXXXX/
\XXXX/ /XXXX\ \XXXX/
\XX/ /XXXXXX\ \XX/
\/ /XXXXXXXX\ \/
\XXXXXXXX/
\XXXXXX/
\XXXX/
\XX/
\/