PROFILE Abstract: --------- PROFILE is a FORTRAN utility which adds new accounts or modifies existing accounts by using a screen-oriented interface that allows changes to be made by moving the cursor to the desired field and entering the changes. Four different screens can be displayed: main user profile, login flags, primary and secondary days, access restrictions, and privileges. Cursor movement is accomplished by using the arrow keys or the Unix 'hjkl' keys. Fields can be changed in the main user profile screen by typing the "Insert Here" or "Enter" keys to toggle edit mode. After the text has been entered, Carriage Return or any of the arrow keys will terminate the input. Login flags, Primary days, and Privileges can be changed with the "Select" or keypad "Period" keys. Normal or full privileges can be enabled with the "N" or "A" keys. Access modes can be changed by: hitting "-" or "Remove" keys to deny total access to an access type; hitting "+" or "Insert Here" to allow total access to an access type; hitting "Select" or keypad "Period" keys to selectively allow or deny access on an hourly basis. The user's top level directory will be created, diskquota will be enabled, and a sample login procedure will be copied to the user's directory. Installation: ------------- Compile and link using the command @BUILD. Copy the image PROFILE.EXE to the desired location (SYS$SYSTEM:, for example), and define the following symbol: PROFILE:==$disk:[directory]PROFILE and add the above to the appropriate login procedure (LOGIN.COM). Operation: ---------- If you profile an existing user, the information about the user will be gathered using the system service $GETUAI and written to the screen using SMG$ routines. If you profile a new user, the information from the DEFAULT account template is gathered and displayed (with a few pertinent fields already changed). You have the option at this point of selecting another user to profile (by hitting Control_Z), or modifying any of the fields on the main screen (by using the cursor keys and entering edit mode), or selecting an alternate screen (using one of the four PF keys). A Control_Z from one of the alternate screens will return you to the main screen. A Control_Z from the main screen, once any changes have been made, will cause the program to add or modify the account. You will first be prompted for confirmation, however. If the account already exists the account will be modified by using the system service $SETUAI. If the account is new it will be added by spawning a quick DCL command procedure ($SETUAI cannot be used to add a new account) and using $SETUAI to modify the now existing new account. The DCL command is performed by creating a temporary command file and using LIB$SPAWN, without propogating symbol and logical name tables, with the temporary command file as input. The spawn is reasonably quick, but if you prefer to use a mailbox routine to execute the DCL command, you may wish to consider it. Disk quota is enabled for the user (defaulted at 1000, you may wish to change it with the /QUOTA qualifier) and top level directory is created by using LIB$CREATE_DIR. Lastly, a sample login command procedure is copied to the directory of the new user. The copy is performed by using the CONVERT utility. Qualifiers: ----------- By default, all of the above features are enabled. However, you can disable any of the above fields with certain qualifiers. Additionally, you can enable previously disabled qualifiers when adding or modifying multiple accounts during a PROFILE session. These qualifiers are: /QUOTA=amount - default value is 1000 and amount is not specifically required in this case. /NOQUOTA - diskquota will not be added when creating a new account. /OVERDRAFT=amount - default value is 100 and amount is not specifically required in this case. There is no negative for this qualifier. /NOMAIL - mail notification will not be sent to the new user. /MAIL - mail, in the form of a welcome message, will be sent to the new user. This is the default setting. /NODIRECTORY - directory will not be created for the new user. Can be abbreviated to /NODIR. /DIRECTORY - directory will be created. Can be abbreviated to /DIR. This is the default setting. /NOADD_IDENTIFIER - do not add account identifier when creating a new account. Can be abbreviated to /NOADD. /ADD_IDENTIFIER - add account identifier when creating a new account. This is the default setting. Can be abbreviated to /ADD. /NOECHO_PASSWORD - do not echo the password to the screen when entering a new value. Also, when this qualifier is given, the password field will always say "(secret)". Can be abbreviated to /NOECHO. /ECHO_PASSWORD - password will be displayed on the screen, if it's a new account, and will be echoed when entering a change to the password field. This is the default setting. Can be abbreviated to /ECHO. Examples: --------- $PROFILE DUMMY/QUOTA=5000/OVERDRAFT=200/NOECHO/NOMAIL Created an account called DUMMY with a quota of 5000 blocks, an overdraft of 200 blocks, no welcome message mailed to the user, and the password will not be displayed to the screen as you type (in case some snoop is looking over your shoulder!). PROFILE> NEWGUY/ECHO/MAIL/QUOTA=1500/OVERDRAFT=50 After adding the DUMMY account, this command at the PROFILE> prompt will add an account called NEWGUY and the /NOECHO and /NOMAIL features have been re-enabled and the quota values have been changed. $PROFILE OLDGUY/NOECHO The already existing account OLDGUY is to be modified, but the only qualifier of any real value for an existing account is the /NOECHO qualifier. The others all apply to brand new accounts. $PROFILE FAKEID/NOQUOTA/NODIR/NOMAIL/NOADD Creates an account called FAKEID. This account will have no directory, no disk quota, no mail notification (because, after all, there is no directory to hold the mail file), and the account identifier will not be added. Special behavior for some fields: --------------------------------- For the UIC field, if you enter the group number only, the next available member number will be supplied. You can also enter group and member numbers without the brackets and they will be supplied also. The directory field can be entered without brackets and they will be supplied. All string fields will be automatically converted to uppercase except for the owner field which will accept mixed case. Account expiration can be entered either as an absolute time (eg. 31-JAN-2001) or as a delta time (eg. 180 00:00:00 or simply 180). Bugs: ----- At the moment, there is a problem with modifying an additional account during a single session: the security alarm will accurately reflect the changes made to the first account, but will not be accurate with additional accounts. This behavior will be fixed in a future release (I hope!), but in the meantime, if you require a completely accurate account of which fields have been changed for a particular account, you should exit PROFILE after adding or modifying the first account and then run the program again for each additional account. If this inaccurate security audit behavior is not important to you, then you can freely add/modify multiple accounts during a single session of PROFILE. ================================================================================ John Howells howells@earth.arc.nasa.gov howells@pioneer.arc.nasa.gov