GSPL-UCHANGE(1)
NAME
gspl-uchange - update or change user permissions
SYNOPSIS
gspl-uchange [ -options ] [ users ]
DESCRIPTION
gspl-uchange may be used to update the user permissions file giving the
user profiles of various users and the operations which they may be
permitted to perform within the GNUspool system, together with the
default permissions which are assigned by default to new GNUspool
users.
Further options allow for a "password dump" file to be maintained. This
is for the benefit of NIS-type environments where reading through most
of the password database can take an unacceptably long time, the user
name and userid hash table is maintained in a file and updated as
necessary.
The invoking user must have edit admin file permission.
OPTIONS
Note that the order of treatment, letters and keywords described below
may be modified by editing the file rest.help - see spsyntax(5). The
environment variable on which options are supplied is "GSPL-UCHANGE"
and the environment variable to specify the help file is "SPRESTCONF".
- -? or +explain
- causes a summary of the other options to be displayed without
taking further action. - -A or +copy-defaults
- copy the default profile to all users before setting other
permissions on the named users (with the -u option) or after
setting the defaults (with the -D option). - The privileges of the invoking user are not changed by this
operation. - -c classcode or +class classcode
- set the class code of the user(s) as specified by the argument.
- -D or +set-defaults
- indicate that the other options are to apply to the default profile for new users.
- -d num or +default-priority num
- set the default job priority to num, which must be between 1 and 255.
- -F pattern or +form-allowed pattern
- set the permitted form types to match pattern.
- -f formtype or +default-form formtype
- set the default form type to formtype.
- -l num or +min-priority num
- set the minimum job priority to num, which must be between 1 and 255.
- -m num or +max-priority num
- set the maximum job priority to num, which must be between 1 and 255.
- -N or +no-rebuild
- cancel the -R option.
- -n num or +max-copies num
- set the maximum number of copies to num, which must be between 1 and 255.
- -O pattern or +ptr-allowed pattern
- set the permitted printers to match pattern.
- -o printer or +default-ptr printer
- set the default printer to printer.
- -p privileges or +privileges privileges
- set the privileges of the user(s) as specified by the argument.
- -R or +rebuild-file
- rebuild the user permissions file spufile0 incorporating any changes in the password list.
- -s or +no-copy-defaults
- cancel the effect of the -A option
- -u or +set-users
- indicate that the other options are to apply to the users specified on the rest of the command line.
- -X or +dump-passwd
- dump out the hash table of the password file to avoid re-reading
the password file within the other programs. - -Y or +default-passwd
- default handling of password hash file dump - rebuild if it is
already present and -R specified, otherwise not. - -Z or +kill-dump-passwd
- delete any existing dumped password hash file.
- +freeze-current
- Save all the current options in a .gnuspool file in the current directory.
- +freeze-home
- Save all the current options in a .gnuspool file in the user's home directory.
Users or default
- In one operation gspl-uchange either adjusts the default permissions,
to be applied to new users, if -D is specified, or specified users, if
nothing or -u is specified. So first set the required defaults:
- gspl-uchange -D -n 20 -p Form,Prinq,Hgo,Cdef -A
- Then set named users
gspl-uchange -p ALL jmc root spooler
Rebuilding the user control file
- After adding new users to the system, you should rebuild the user
control file by running - gspl-uchange -R
- On a system with a large number of users, this can take a long time, so
the previous method of adding new users as they were encountered meant
that various hold-ups occurred in standard utilities or the scheduler,
whichever was the first to "notice" the changes, which might, in the
event, be half-complete. - We suggest that this command be added to the "add new user" procedure
for your installation.
Dumping the password file
When any of the GNUspool programs which may require to map numeric user
ids to names and vice versa start, one of the first operations is to
build the appropriate hash tables. This may take some time if there are
a large number of user names, especially if NIS (a.k.a. yellow pages)
is in use.
A short cut is to dump out the password file into a hash table file, by
default pwdump0, which may be quickly read in by the relevant programs
instead of rebuilding the hash table each time.
- You may opt to create the dumped password file by running
- gspl-uchange -X
- This should only be done when all GNUspool programs are stopped.
- Afterwards, each time the user control file is rebuilt using the -R option (or equivalents in other programs such as gspl-user(1)), this file will also be rebuilt. -X does not have to be specified again.
- If you ever decide you want to dispense with this file, run gspluchange with the -Z option.
- For completeness, the -Y option is provided to cancel -X or -Z in case they are provided in the environment or a .gnuspool file, an extremely bad idea.
- Privileges
- The following may be specified as the argument to -p, as one or more
(comma-separated) of the following codes, optionally preceded by a
minus to turn off the corresponding privilege. These codes are the same as those displayed by gspl-ulist(1). - Gspl-uchange disregards the case of the codes entered.
- Adm edit admin file
- Stp stop scheduler
- Form select forms other than restriction pattern
- Otherp select printers other than restriction pattern
- Cpri change priority once queued
- Otherj edit other users' jobs.
- Prinq select printer list
- Hgo stop and start printers
- Anyp select any priority once queued
- Cdef change own default priority within range
- Addp add and delete printers
- Cover override class
- Unq unqueue jobs
- Votj view (but not change) other users' jobs
- Remj access remote jobs
- Remp access remote printers
- Accessj access non-displayed job attributes
- Freeze freeze parameters from display
- "ALL" may be used to denote all of the permissions. For example:
-p Otherj,Otherp
-p ALL,-Adm - Notice how "ALL" is set first and then "Adm" taken away in the second
example. - A hexadecimal value is also accepted, but this is intended only for the benefit of the installation routines.
FILES
- ~/.gnuspool configuration file (home directory)
- .gnuspool configuration file (current directory)
- rest.help message file
- pwdump0 dumped password hash file
- spufile0 user permissions file
ENVIRONMENT
- GSPL_UCHANGE
- space-separated options to override defaults.
- SPRESTCONF
- location of alternative help file.
SEE ALSO
gspl-ulist(1), gspl-user(1), spsyntax(5), gnuspool.conf(5),
gnuspool.hosts(5).
DIAGNOSTICS
Various diagnostics are read and printed as required from the message
file, by default rest.help.
COPYRIGHT
Copyright (c) 2009 Free Software Foundation, Inc. This is free
software. You may redistribute copies of it under the terms of the GNU
General Public License <http://www.gnu.org/licenses/gpl.html>. There
is NO WARRANTY, to the extent permitted by law.
AUTHOR
- John M Collins, Xi Software Ltd.