04/12/91 new_user Syntax as a command: new_user or new_user$nu or new_user$nua or new_user$change Person_id item newvalue or new_user$cg Person_id item newvalue or new_user$cga Person_id item newvalue Function: adds or modifies entries in the URF and PNT. It is called by master.ec to implement the accounting administrator commands that deal with user registration (e.g., register, change, chalias). Entry points in new_user: (List is generated by the help command) :Entry: new_user: 02/26/85 new_user$new_user Function: This entry point adds a new person. The dialogue exchanged between the command and the user of the command is detailed in the register command. :Entry: nu: 02/26/85 new_user$nu Function: This entry point adds a new person but is less verbose in its prompting. :Entry: nua: 02/26/85 new_user$nua Function: This entry is similar to the new_user$nu entry point but also allows the system administrator to specify an alias, password flags, and AIM attributes for the user. The dialogue for new_user, new_user$nu, and new_user$nua obtains and checks the following items for user registration. Full name (Last, First I.: title) Mailing address Programmer number Default project Password Card Input Password If new_user$nua is called: Alias Password flags AIM authorization Default AIM authorization Audit flags The commands attempt to generate a site-unique Person_id from the last name, or the administrator may specify the Person_id. The user is then registered in the URF and PNT and the administrator is asked if there are any more users to be added. Typing "stop" at any time aborts the registration of the current user. :Entry: change: 02/26/85 new_user$change Function: This entry point supports editing of user registration. :Entry: cg: 02/26/85 new_user$cg Function: This entry point is similar to new_user$change but is less verbose. :Entry: cga: 04/12/91 new_user$cga Function: This entry is similar to new_user$cg but also allows the changing of user aliases, password flags, and AIM attributes. Arguments: For new_user$change, new_user$cg, and new_user_$cga. Person_id is a Person_id of a registered user. If not specified, the command asks for one. item may be any one of the following keywords: The following items marked with an plus-sign (+) can only be changed with the new_user$cga entry point. addr User's mailing address + alias User's login alias. An alias can be deleted by using a period (.) as the new value. + audit AIM audit selectivity flags. This keyword is a character string of the form name1{,name2,...,namen} where namei is the name of an audit flag. The names and their meanings are listed below. =/ controls the auditing of specified operations on specified system objects. The values of can be one of the following: admin specifies that operations to administrative objects (e.g., the PNT) are to be audited. fsattr specifies that operations to file system attributes are to be audited. fsobj specifies that operations to file system objects are to be audited. other specifies that operations to objects (e.g., mailboxes) controlled by ring 1 security related subsystems are to be audited. rcp specifies that operations to objects controlled by the Resource Control Package are to be audited. special specifies that operations to special objects are to be audited. (Currently, the only special objects are processes.) The values that can be assigned to and are listed below. M specifies that "modify" operations are to be audited. Operations are audited that attempt to change the object or the attributes of the object. This level of auditing includes the "modify access" operations. MA specifies that"modify access" operations are to be audited. Operations are audited that attempt to change the access attributes of the object. N specifies that no auditing is to take place. R specifies that "read" operations are to be audited. Operations are audited that return information about the contents of the object or its attributes/properties. This level of auditing includes the "modify" and "modify access" operations. The / values are a matched pair. The value specifies auditing of successful operations. The value specifies auditing of unsuccessful operations. For example, the audit flag "fsobj=N/M" specifies that there is to be no monitoring of successful operations on file system objects; however, all unsuccessful modify operations on file system objects will be audited. Please note that modify access operations cannot be associated with file system objects (fsobj). Instead, modify access operations can be specified for file system attributes (fsattr). Additional information on auditing, including a more detailed description of the operations that are audited on each object type, can be found in the Multics System Administration Procedures manual (AK50). admin_op controls auditing of administrative operations performed by the process. This includes such operations as registration of new users or projects. It is recommended that sites interested in auditing should turn this flag on for all processes. fault controls auditing of illegal procedure and access violation faults that can indicate an attempt to access protected data. moderate_cc controls auditing of covert channel activity that takes place over channels with a potential bandwidth of 10-100 bps. priv_op controls auditing of privileged operations performed by the process. A privileged operation is one performed through use of a privileged gate or under previously set AIM privileges. It is recommended that sites interested in auditing turn this flag on for all processes except perhaps the system daemons. small_cc controls auditing of covert channel activity that takes place over channels with a potential bandwidth of 1-10 bps. + auth AIM authorization is the authorization to be assigned to Person_id. The value for auth can be a range of values in the format "min_auth:max_auth," in which case the new user is eligible to use any of the authorizations within the specified range. Alternatively, the value for auth can be specified as a single value. In this case, the system interprets the specified value as a maximum authorization value and the minimum authorization value is assumed to be system_low. Use the print_auth_names command for a list of valid authorization values. cpass card input password + dfauth default AIM authorization + flags The password flags are: password user has a login password card_pw user has a card input password trap attempts to log in will be logged lock attempts to log in will be refused change user can change passwords, default authorization, and default project must_change user must change login password before logging in generate user must use -generate_password to change password. time_lock=TIME password is locked until TIME. operator user can use the sign_on command to sign on as an operator. + revalidate the user's password is revalidated (after having expired following a period of non-use). name full name (Last First I.: title) proj default project pass login password progn programmer number newvalue is the new value as a single argument (i.e., enclosed in quotes if it contains blanks). This argument can only be given if item is given. If not specified, the command prompts with the old value and waits for a response. If the new value is an empty line, the old value remains unchanged. (The argument may not be specified at command level when changing a user's password.) Notes: Changes are made to both the URF and PNT. A password may consist of from one through eight ASCII printing characters including backspace, but excluding space and semicolon. "HELP", "help", "quit", and "?" are interpreted uniquely by the password processor and are therefore unacceptable as password specifications for an interactive login. Entering "quit" terminates the login attempt, while "HELP", "help", or "?" results in an explanatory message and repeat of the password prompt. ----------------------------------------------------------- Historical Background This edition of the Multics software materials and documentation is provided and donated to Massachusetts Institute of Technology by Group BULL including BULL HN Information Systems Inc. as a contribution to computer science knowledge. This donation is made also to give evidence of the common contributions of Massachusetts Institute of Technology, Bell Laboratories, General Electric, Honeywell Information Systems Inc., Honeywell BULL Inc., Groupe BULL and BULL HN Information Systems Inc. to the development of this operating system. Multics development was initiated by Massachusetts Institute of Technology Project MAC (1963-1970), renamed the MIT Laboratory for Computer Science and Artificial Intelligence in the mid 1970s, under the leadership of Professor Fernando Jose Corbato. Users consider that Multics provided the best software architecture for managing computer hardware properly and for executing programs. Many subsequent operating systems incorporated Multics principles. Multics was distributed in 1975 to 2000 by Group Bull in Europe , and in the U.S. by Bull HN Information Systems Inc., as successor in interest by change in name only to Honeywell Bull Inc. and Honeywell Information Systems Inc. . ----------------------------------------------------------- Permission to use, copy, modify, and distribute these programs and their documentation for any purpose and without fee is hereby granted,provided that the below copyright notice and historical background appear in all copies and that both the copyright notice and historical background and this permission notice appear in supporting documentation, and that the names of MIT, HIS, BULL or BULL HN not be used in advertising or publicity pertaining to distribution of the programs without specific prior written permission. Copyright 1972 by Massachusetts Institute of Technology and Honeywell Information Systems Inc. Copyright 2006 by BULL HN Information Systems Inc. Copyright 2006 by Bull SAS All Rights Reserved