gspl-uchange(1) update or change user permissions

SYNOPSIS

gspl-uchange [ -options ] [ users ]

DESCRIPTION

gspl-uchange may be used to update the user permissions file giving the user profiles of various users and the operations which they may be permitted to perform within the GNUspool system, together with the default permissions which are assigned by default to new GNUspool users.

Further options allow for a ``password dump'' file to be maintained. This is for the benefit of NIS-type environments where reading through most of the password database can take an unacceptably long time, the user name and userid hash table is maintained in a file and updated as necessary.

The invoking user must have edit admin file permission.

OPTIONS

Note that the order of treatment, letters and keywords described below may be modified by editing the file rest.help - see spsyntax(5). The environment variable on which options are supplied is "GSPL-UCHANGE" and the environment variable to specify the help file is "SPRESTCONF".
-? or +explain
causes a summary of the other options to be displayed without taking further action.
-A or +copy-defaults
copy the default profile to all users before setting other permissions on the named users (with the -u option) or after setting the defaults (with the -D option).

The privileges of the invoking user are not changed by this operation.

-c classcode or +class classcode
set the class code of the user(s) as specified by the argument.
-D or +set-defaults
indicate that the other options are to apply to the default profile for new users.
-d num or +default-priority num
set the default job priority to num, which must be between 1 and 255.
-F pattern or +form-allowed pattern
set the permitted form types to match pattern.
-f formtype or +default-form formtype
set the default form type to formtype.
-l num or +min-priority num
set the minimum job priority to num, which must be between 1 and 255.
-m num or +max-priority num
set the maximum job priority to num, which must be between 1 and 255.
-N or +no-rebuild
cancel the -R option.
-n num or +max-copies num
set the maximum number of copies to num, which must be between 1 and 255.
-O pattern or +ptr-allowed pattern
set the permitted printers to match pattern.
-o printer or +default-ptr printer
set the default printer to printer.
-p privileges or +privileges privileges
set the privileges of the user(s) as specified by the argument.
-R or +rebuild-file
rebuild the user permissions file spufile0 incorporating any changes in the password list.
-s or +no-copy-defaults
cancel the effect of the -A option
-u or +set-users
indicate that the other options are to apply to the users specified on the rest of the command line.
-X or +dump-passwd
dump out the hash table of the password file to avoid re-reading the password file within the other programs.
-Y or +default-passwd
default handling of password hash file dump - rebuild if it is already present and -R specified, otherwise not.
-Z or +kill-dump-passwd
delete any existing dumped password hash file.
+freeze-current
Save all the current options in a .gnuspool file in the current directory.
+freeze-home
Save all the current options in a .gnuspool file in the user's home directory.

Users or default

In one operation gspl-uchange either adjusts the default permissions, to be applied to new users, if -D is specified, or specified users, if nothing or -u is specified. So first set the required defaults:

        gspl-uchange -D -n 20 -p Form,Prinq,Hgo,Cdef -A

Then set named users

        gspl-uchange -p ALL jmc root spooler

Rebuilding the user control file

After adding new users to the system, you should rebuild the user control file by running

        gspl-uchange -R

On a system with a large number of users, this can take a long time, so the previous method of adding new users as they were encountered meant that various hold-ups occurred in standard utilities or the scheduler, whichever was the first to ``notice'' the changes, which might, in the event, be half-complete.

We suggest that this command be added to the ``add new user'' procedure for your installation.

Dumping the password file

When any of the GNUspool programs which may require to map numeric user ids to names and vice versa start, one of the first operations is to build the appropriate hash tables. This may take some time if there are a large number of user names, especially if NIS (a.k.a. yellow pages) is in use.

A short cut is to dump out the password file into a hash table file, by default pwdump0, which may be quickly read in by the relevant programs instead of rebuilding the hash table each time.

You may opt to create the dumped password file by running

        gspl-uchange -X

This should only be done when all GNUspool programs are stopped.

Afterwards, each time the user control file is rebuilt using the -R option (or equivalents in other programs such as gspl-user(1)), this file will also be rebuilt. -X does not have to be specified again.

If you ever decide you want to dispense with this file, run gspl-uchange with the -Z option.

For completeness, the -Y option is provided to cancel -X or -Z in case they are provided in the environment or a .gnuspool file, an extremely bad idea.

Privileges

The following may be specified as the argument to -p, as one or more (comma-separated) of the following codes, optionally preceded by a minus to turn off the corresponding privilege. These codes are the same as those displayed by gspl-ulist(1).

Gspl-uchange disregards the case of the codes entered.

Adm
edit admin file
Stp
stop scheduler
Form
select forms other than restriction pattern
Otherp
select printers other than restriction pattern
Cpri
change priority once queued
Otherj
edit other users' jobs.
Prinq
select printer list
Hgo
stop and start printers
Anyp
select any priority once queued
Cdef
change own default priority within range
Addp
add and delete printers
Cover
override class
Unq
unqueue jobs
Votj
view (but not change) other users' jobs
Remj
access remote jobs
Remp
access remote printers
Accessj
access non-displayed job attributes
Freeze
freeze parameters from display

"ALL" may be used to denote all of the permissions. For example:

        -p Otherj,Otherp
        -p ALL,-Adm

Notice how "ALL" is set first and then "Adm" taken away in the second example.

A hexadecimal value is also accepted, but this is intended only for the benefit of the installation routines.

FILES

~/.gnuspool configuration file (home directory)

.gnuspool configuration file (current directory)

rest.help message file

pwdump0 dumped password hash file

spufile0 user permissions file

ENVIRONMENT

GSPL_UCHANGE
space-separated options to override defaults.
SPRESTCONF
location of alternative help file.

DIAGNOSTICS

Various diagnostics are read and printed as required from the message file, by default rest.help.

COPYRIGHT

Copyright (c) 2009 Free Software Foundation, Inc. This is free software. You may redistribute copies of it under the terms of the GNU General Public License <http://www.gnu.org/licenses/gpl.html>. There is NO WARRANTY, to the extent permitted by law.

AUTHOR

John M Collins, Xi Software Ltd.