my questions and the answers i recieved:
I am running DU4.0e with C2 security, qpopper 2.53, and sendmail 8.9.3
> 1) is there a way to un-Retire an account? (the accounts get a Retired* for
> a password when you use userdel (or deluser - i can never remember which) to
> delete them)
John P Speno <speno_at_isc.upenn.edu>:
Sure. Just used vipw and edauth to work directly with the auth databases.
Anthony R. Gerbino <tgerbino_at_monmouth.edu>
To delete an account explicitly without retiring you have to use the
userdel command and then remove the authorization file file the tcb
database:
Here's an example:
/usr/sbin/userdel -r loginname
/usr/tcb/bin/edauth -r loginname
Lisa Kim <kim_at_zso.dec.com>
The 'userdel' command retires users by default instead of deleting them
when running under C2 Enhanced Security. To un-Retire an account, you
can do the following:
1. Issues the command, 'edauth <username>' and replace the 'u_retired'
field with the 'u_retired_at_' (see manpages for 'edauth' and 'prpasswd'
for further usage).
2. Edit the /etc/passwd file and delete the 'Retired' string for the
user.
This should un-Retire the account.
This looks like the best option for me.
the problem is this: I am an isp and this box is the users home machine with all
mail accounts on it. when a user quits or doesn't pay his bills we delete them.
then if they come back we re-enter them. when they are re-entered into the system
there mail file is created. But, what happens is that the mail file is recreated with
the userid of the original user. so they can't get there mail.
so i am looking for a solution to that happening. i thought that by un-retiring an
account they would get the same userid.
any other solutions for this problem?
> 2) we are using qualcomm's qpopper 2.50 (i think) and occasionally we get corrupted
> mail files. it is always the first line of the file. it is not formatted properly
> or missing all together. (the first line should be: From sender Thu Nov 4 09:28:30 1999)
John P Speno <speno_at_isc.upenn.edu>:
We use 2.53 and I'm not aware of any problems.
Paul Crittenden <crittend_at_storm.simpson.edu>
I can tell what I know about #2. We have noticed and Digital has confirmed
that when the root file system gets 100% full for some reason, that mail
files will get corrupted. Not all of them just the ones which are
recieving mail at that time. Unfortunately there is no way to know when
that will happen so you have to live with it. I have filled the root file
system by trying to edit a huge file. And other things will also fill it.
Keith Piepho <kap_at_uakron.edu>
Two comments on qpopper:
First, I think it is mail delivery (usually by binmail) that results in
corrupted mail files. Popper is just very sensitive to them, and will not
proceed if it gets confused. This impression is a result of various
comments I've read on this list over the years and could be
incorrect. Suggestions have frequently focused on using procmail (a
freeware package) for mail delivery.
Second, if you are indeed running 2.50, you should probably seriously
consider upgrading to 2.53, as previous versions had some pretty serious
security problems (buffer overflows).
this could be the problem. here is my hard drive info:
# df -k
Filesystem 1024-blocks Used Available Capacity Mounted on
/dev/rz0a 257503 75991 155761 33% /
/proc 0 0 0 100% /proc
/dev/rz0g 8269584 3493995 3948630 47% /usr
i don't know if the root partition is indeed getting filled up. i have never noticed
it full. but that is a possiblity.
any other ideas on this subject?
> 3) while using sudo to add users to the system the accounts are added but they are
> locked by the administrator. if using the same command as root they are not locked
> by the administrator. has anyone seen this and been able to fix it?
John P Speno <speno_at_isc.upenn.edu>:
Could be that each user has her own ~/.sysman directory. Check that. They
may need to get a copy of root's.
this was the problem. i went to all the staffs home dirs and made a symbolic link
with /.sysman and that solved the problem. now my staff can happily add users to
the system. thanks alot!
Anthony R. Gerbino <tgerbino_at_monmouth.edu>
After running sudo to add the user, call another command that unlocks
the account, or simply change the default behavior that accounts are
locked by default (usermod -D, shows if administrative lock=1 or 0)
I use the command after the accounts is created from sudo:
usermod -x administrative_lock_applied=0
This unlocks the account.
Lisa Kim <kim_at_zso.dec.com>
Check to see if they are using different default attributes. Issue the
'usermod -D' command to view the system default attributes. If it
displays 'Administrative Lock = 1' then it will create a locked account
if this field is not set explicitly upon creation. You can change the
default attributes by issueing the command 'usermod -D -x administrative_lock_applied=0|1'.
Donn Aiken <daiken_at_regents.edu>
Here's a script I wrote so our staff can unlock user accounts with sudo.
#!/usr/bin/csh
if ($1 != "") then
/usr/sbin/usermod -x administrative_lock_applied=0 $1
endif
I think you can essentially un-retire an account using edauth.
You may have to delete it first, then re-add it, though.
Donn thanks for the script. i will put this into use.
Thanks to everyone for your input. it helped a lot. i would like to see a concrete
solution to the corrupted mail file problem. if anyone comes across it please let
me know.
one of my staff has written a perl script that we use to fix the problem if anyone would
like a copy of it let me know.
Chris Myers
KiskiNet
Received on Thu Nov 04 1999 - 18:45:00 NZDT