home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
rtsi.com
/
2014.01.www.rtsi.com.tar
/
www.rtsi.com
/
OS9
/
TOP
/
USR
/
MAN
/
logon.prf
< prev
next >
Wrap
Text File
|
2009-11-06
|
11KB
|
323 lines
.he //Logon//
.fo //- # -//
.po 5
.rm 70
.ps 72
.m1 1
.m2 2
.m3 2
.m4 7
.ec \
.cl 0 1. Introduction
.ul
1. Introduction
.in +2
Logon is a program that allows you to log into a multiuser
enviroment using different usernames (and therefor different userids
with different access permissions.) Every login try is checked against a
list of accounts, strored in the
.bold
password
file. This file exists on the bootdevice in the directory SYS. After a
successful login, the userid is set to this user, various enviroment
variables are set to values matching this line (see chapter enviroment)
and some other settings are made. Logon is normaly called by a
timesharing monitor (MMon, _init) or from the lowest shell level (with
ex logon.)
.in -2
.cl 0 2. Files
.ul
2. Files
.in +2
Logon uses several files to set up a useful enviroment for each
line and to make security checks. The security sensitive files are
located on the bootdevice in the directory SYS, all other files are in
/dd/SYS (often a RAM disk, so security sensitve files could be very easy
changed, so theses are kept on a physical device.) Now the files and
there format are explained in detail. If a file is security sensitive, a
S in brackets will be appended to the filename.
.cl 1 2.1. password (S)
2.1. password (S)
.in +2
This file is the most security sensitve file. In there the
usernames are stored and the matching userid/groupid for this user, also
the password in crypted form is there. This file is absolutly necassery
to allow logins. Each line of the file is a specification for one user
and it has seven fields (and an eighth optional field.) They are
sepereated with commas. Each field will be discussed in detail.
- username
.in +2
This is a unique name to identify oneself to the system. It should have
a maximum length of eight character. This name have to be typed to the
login prompt.
.in -2
- password
.in +2
The password exist in cryptic form. So everyone can read the password
file without getting the passwords for other users. If this filed is
empty, no password is expected by the user. To change a password you
need a utility called
.bold
passwd
which is part of this distribution.
.in -2
- gid.uid
.in +2
This is the userid and groupid of the user. Before starting the users
shell (or whatever the login program is) the uid/gid of the process is
set to the uid/gid of this field. For details on uids/gids see the OS-9
Users Manual.
.in -2
- priority
.in +2
With this priority the process will be started. So you can give every
user a default startup priority.
.in -2
- execution directory
.in +2
Logon will change the current execution directory to the path specified
here. This will then be the current execution directory of the started
program.
.in -2
- data directory
.in +2
Logon will use this path as the current data directory.
.in -2
- process
.in +2
After making all settings a program is started (chained) that allows the
user to work on the system after a successful login. This is in general
the shell but maybe every other program (e.g. a BBS user interface.)
.in -2
- Optionsfield (optional)
.in +2
All above fields can also be found in the original passwordfile, but
this is a extension to configure some special things for each user.
These are like commandline options seperated by a bar ('|') and starting
with a minus, the option character and (if allowd) a'=' sign and a value.
Currently supported (or defined) are the following. '-t=<time>' sets a
time based access to the system. If <time> is just a number, then the
user may stay for <time> minutes in the system before dropped. The
<time> may also have the form '<number>.<number>', e.g. '3.30' to allow
the user to stay three hours and 30 minutes. The other syntax is a range
of time, e.g. 18.00-23.30. This allows the user just to log in form 6pm
to 11.30pm. If the user logs in at 11pm, then a timeout of 30 minutes is
et (because he is only allowed to log in until 11.30pm.) '-d=<device>'
allowes to limit the login on sepcific devices. <devices> may be a list
of devices seperated by a comma, e.g.' -d=/t1,/t2.' If you want to deny
logins on a specif line, you can say, e.g. '-=!/t1' or '-d=!/t1,!/t2.'
'-f=<flags>' will insert the flags as a default in the /dd/SYS/utmp
file. The program
.bold
mesg
can change these flags; they are used by some programs (e.g. who), but
you can add user specific flags for your own programs. After a
successful login, logon will display the MOTD (Message Of The Day)
placed in /dd/SYS. To disable this use '-m' (useful for network logins,
like uucp), with '-m=<file>' <file> will be displayed as the MOTD
instead of the default file. To add more information about the user, the
'-g=<gecos>' field is designed for. The format is like the UNIX(tm)
gecos field. These are four entries seperated by a colon. These entries
are 'fullname', 'organization', 'office_phone' and 'home_phone'.
.in -2
.in -2
.cl 1 2.2. dialups (S)
2.2. dialups (S)
.in +2
This file contains a set of lines, each line is the name of a
device. If a successful login is made, then the device is checked
against this file. If an entry is available, the file d_password is
examined to look up if this loginshell has a password. If so, a dialup
password is asked. See next file d_password for its format.
.in -2
.cl 1 2.3. d_password (S)
2.3. d_password (S)
.in +2
This file has on each line an entry. This entry is seperated in
three fields, seperated with a colon. The first field is a loginshell
for which the password is needed. The second is the crypted password for
this line. The third is a list of names (may be mpty) who doen't need
the password to log in. Useful to protect a line for network logins
(e.g. uucp) from other users.
.in -2
.cl 1 2.4. nologins (S)
2.4. nologins (S)
.in +2
During short system work you may close your system for a short
time for some users. For this you can insert their names in this file
(one line for each name.) Don't forget to remove the file when finished
your work!
.in -2
.cl 1 2.5. termtypes
2.5. termtypes
.in +2
You may have several different terminals connected to your
system. And you need for every terminal another terminal entry (e.g. for
termcap.) If you put a line like 'setenv TERM foo' in your '.login '
file then on every terminal you have to reset this to the matching
terminal type. If you enter for each physiacl line an entry in this file
you can solve the problem. Every entry has two fields seperated by
space(s) or tab(s). The first field is the device and the seocnd the
matching terminal type. Be sure not to set the terminal type in your
'.login' file, this would overwrite the logon setting. A special
terminal type is 'ask' then the user will be prompted for the desired
terminal.
.in -2
.cl 1 2.6. entrytypes
2.6. entrytypes
.in +2
This files has several lines wich an entry per line. These
entries are seperated in five fields. Each field is seperated with a `#'
from the other. The five fields are:
.cl 2 2.6.1 Label
2.6.1 Label
.in +2
The label field is the id of the field and have to be unique in
the ehole file. Logon will be started with the option -e=<label> where
<label> has to match one entry in this file. Also the last field
referrences to the label field.
.in -2
.cl 2 2.6.2 Terminal Defaults
2.6.2 Terminal Defaults
.in +2
This sets the default values for the serial line (only if
supported by your driver.) The syntax of this field is a list of
xmode-like expressions, e.g. par=odd cs=8 nopause etc.
.in -2
.cl 2 2.6.3 Login Prompt
2.6.3 Login Prompt
.in +2
This prompt is displayed to ask the user for his account. Some
escape characters are supported, `\\r' and `\\n' is CR (0x0d), `\\l' is LF
(0x0a), `\\E' is ESC (0x1b), `\\b' is BS (0x08), `\\t' is TAB (0x09) and
`\\B' will be replaced by the current baudrate. The string will be
written raw to the terminal, so you need a `\\r\\l' to move the cursor to
the beginning of the next line.
.in -2
.cl 2 2.6.4 Password Prompt
2.6.4 Password Prompt
.in +2
This prompt is shown after the user has entered his account. You
have the same escape sequences as on the login prompt. This field may be
empty (then a default will be used.)
.in -2
.cl 2 2.6.5 Next Entry
2.6.5 Next Entry
.in +2
This has to match a label of another (or the same) entry. If the
user sends a BREAK after the login prompt, then the entry with this
label is used. Very useful zo switch between different parity settings.
.in -2
.in -2
.in -2
.cl 0 3. Command Line Options
.ul
3. Command Line Options
.in +2
In general the user doesn't need these option, the calling
process (mmon or _init) will start it with the right options. But the
system administrator has to configure mmon and _init. The optin
.bold
-b=<baud>
gives the current baudrate to logon on which the user logs into the
system as an ASCII string. This is used in the login prompt using the
`\\B' escape code.
.bold
-e=<entry>
is the most important option, this chooses the right entry in the file
entrytypes to configure this port in the right way.
.bold
-m
tells logon not to display any MOTD file and
.bold
-m=<file>
uses <file> instead of the default /dd/SYS/motd. With
.bold
-i
the user is shown the status of his mailbox, so if he has mail waiting a
text "You have mail." is displayed. Logon supports a kind of timeout. If
you want to use another program than `timeout' you can give with
.bold
-p=<path>
the full path of the program.
.bold
-s
tells logon not to "do as if the user exists" if it isn't in the
passwordfile as it would to to avoid hacking accounts. Useful for
trusted terminal lines. For direct terminals the
.bold
-t
option is useful. Normally logon terminates after a time nothing typed
in, mostly useful for lines with a modem connected to. This option
switches this feature off.
.bold
-c
is also used for system security. With this option user with a group-id
of zero (superuser) are allowed to login an the system console (/term.)
To make a history file of all files,
.bold
-l
is used to write these informations in the file SYS/wtmp on your
bootdevice. Another feature for security is
.bold
-r=<tries>
to limit the login tries to a maximum of <tries>. If this number is
zero, no limit is used. If you change the `entrytypes' file, you can
check it with
.bold
-v=<file>
it it is correct. Should be made after every change.
.in -2
.cl 0 4. Logon from Shell
.ul
4. Logon from Shell
.in +2
Logon can also invoked from your shell to relogin without
performing a logout. If you have a source of a shell, then logon should
be started as an overlay, otherwise the system can become confused. So
from the Microware shell use `ex logon'. When invoking it from a shell,
no options are required.
.in -2
.page
.ce
Contens
.pc