A Bunch of Questions

A Bunch of Questions

[John J. Boyer]

Hello,
Well, I threw in the towel and just created a new user for the director
e-mail address, so I hope this goes through to the list. I wonder why
logging in with an address other than your login name is considered a
security risk.
Here are some other questions.
How do I delete a user?
How do I stop a running daemon like fetchmail without rebooting?
How can I transfer the messages in the inbox of one use to the inbox of
another?
Thanks.
John

Re: A Bunch of Questions

[Dave Mielke]

[quoted lines by John J. Boyer on December 12, 2001, at 14:38]

>I wonder why
>logging in with an address other than your login name is considered a
>security risk.

Because you can lie about who you are. You're used to the Windows world where
anyone is free to do that all of the time. It's not really a good idea to allow
it though. For those companies and organizations who don't allow their users to
have root access, and who do care a lot about accountability, it's a good
constraint.

>How do I delete a user?

userdel old-user-name

>How do I stop a running daemon like fetchmail without rebooting?

killall fetchmail

>How can I transfer the messages in the inbox of one use to the inbox of
>another?

cd /var/spool/mail
cat old-user-name >>new-user-name
rm old-user-name

Note the two right angle brackets before new-user-name in the cat command. This
is important. It means append. If you only put one of them there then existing
messages for new-user-name will be deleted as the whole file will be replaced.

-- 
Dave Mielke           | 2213 Fox Crescent | I believe that the Bible is the
Phone: 1-613-726-0014 | Ottawa, Ontario   | Word of God. Please contact me
EMail: dave@mielke.cc | Canada  K2A 1H7   | if you're concerned about Hell.

Re: A Bunch of Questions

[Rafael]

On Wed, Dec 12, 2001 at 03:44:15PM -0500, Dave Mielke wrote:
> [quoted lines by John J. Boyer on December 12, 2001, at 14:38]
> 
..... deleted

> 
> >How do I delete a user?
> 
> userdel old-user-name
> 
> >How do I stop a running daemon like fetchmail without rebooting?
> 
> killall fetchmail
> 
> >How can I transfer the messages in the inbox of one use to the inbox of
> >another?
> 
> cd /var/spool/mail
> cat old-user-name >>new-user-name
> rm old-user-name

A safer way to move email is to stop mail daemon,

mv old-user-name new-user-name
chown new-user-name.new-user-name new-user-name

that is, change the ownership to new user otherwise you won't be able to
read it and restart the mail server. If you do it otherwise your cat
command could mess the email box if MTA was writing into it at the same
time.

> 
> Note the two right angle brackets before new-user-name in the cat command. This
> is important. It means append. If you only put one of them there then existing
> messages for new-user-name will be deleted as the whole file will be replaced.
> 
> -- 
> Dave Mielke           | 2213 Fox Crescent | I believe that the Bible is the
> Phone: 1-613-726-0014 | Ottawa, Ontario   | Word of God. Please contact me
> EMail: dave@mielke.cc | Canada  K2A 1H7   | if you're concerned about Hell.

-- 
Rafael

Re: A Bunch of Questions

[Rafael]

On Wed, Dec 12, 2001 at 03:34:33PM -0600, John J. Boyer wrote:
> Dave,
> Thanks for your information. However, my Redhat 7.1 sustem doesn't seem to
> have a userdel command.

Have you tried
/usr/sbin/userdel

It must be there. Mine has it.

> Thanks.
> John

-- 
Rafael

Re: A Bunch of Questions

[John J. Boyer]

Dave,
Thanks for your information. However, my Redhat 7.1 sustem doesn't seem to
have a userdel command.
Thanks.
John

Re: A Bunch of Questions

[Dave Mielke]

[quoted lines by John J. Boyer on December 12, 2001, at 15:34]

>my Redhat 7.1 sustem doesn't seem to
>have a userdel command.

It should be in /usr/sbin, which might not be in your search path. In addition,
check that you have the shadow-utils rpm.

-- 
Dave Mielke           | 2213 Fox Crescent | I believe that the Bible is the
Phone: 1-613-726-0014 | Ottawa, Ontario   | Word of God. Please contact me
EMail: dave@mielke.cc | Canada  K2A 1H7   | if you're concerned about Hell.

Re: A Bunch of Questions

[L. C. Robinson]

It seems to me that it would be much easier to just change the
username on such an account.  Do:
man usermod
for details.

LCR

On Wed, 12 Dec 2001, Rafael wrote:

> On Wed, Dec 12, 2001 at 03:44:15PM -0500, Dave Mielke wrote:
> > [quoted lines by John J. Boyer on December 12, 2001, at 14:38]
> > 
> ..... deleted
> 
> > 
> > >How do I delete a user?
> > 
> > userdel old-user-name
> > 
> > >How do I stop a running daemon like fetchmail without rebooting?
> > 
> > killall fetchmail
> > 
> > >How can I transfer the messages in the inbox of one use to the inbox of
> > >another?
> > 
> > cd /var/spool/mail
> > cat old-user-name >>new-user-name
> > rm old-user-name
> 
> A safer way to move email is to stop mail daemon,
> 
> mv old-user-name new-user-name
> chown new-user-name.new-user-name new-user-name
> 
> that is, change the ownership to new user otherwise you won't be able to
> read it and restart the mail server. If you do it otherwise your cat
> command could mess the email box if MTA was writing into it at the same
> time.
> 
> > 
> > Note the two right angle brackets before new-user-name in the cat command. This
> > is important. It means append. If you only put one of them there then existing
> > messages for new-user-name will be deleted as the whole file will be replaced.
> > 

-- 
L. C. Robinson
reply to no_spam+munged_lcr@onewest.net.invalid

People buy MicroShaft for compatibility, but get incompatibility and
instability instead.  This is award winning "innovation".  Find
out how MS holds your data hostage with "The *Lens*"; see
"CyberSnare" at http://www.netaction.org/msoft/cybersnare.html

Re: A Bunch of Questions

[John J. Boyer]

Dave,
Oops! My fingers must have had a systematic error. the userdel command
works fine.
John

On Wed, 12 Dec 2001, John J. Boyer wrote:

> Dave,
> Thanks for your information. However, my Redhat 7.1 sustem doesn't seem to
> have a userdel command.
> Thanks.
> John
>
>
>
>
> _______________________________________________
> Blinux-list mailing list
> Blinux-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/blinux-list
>

Re: A Bunch of Questions

[Rafael]

On Wed, Dec 12, 2001 at 03:42:38PM -0700, L. C. Robinson wrote:
> It seems to me that it would be much easier to just change the
> username on such an account.  Do:
> man usermod
> for details.

That won't take care of user's mailbox name and it's permissions nor it
will change the ownership of files in user's home dir as far as I know. At
least it won't work that way in all versions of Unix.

> 
> LCR
> 
> On Wed, 12 Dec 2001, Rafael wrote:
> 
> > On Wed, Dec 12, 2001 at 03:44:15PM -0500, Dave Mielke wrote:
> > > [quoted lines by John J. Boyer on December 12, 2001, at 14:38]
> > > 
> > ..... deleted
> > 
> > > 
> > > >How do I delete a user?
> > > 
> > > userdel old-user-name
> > > 
> > > >How do I stop a running daemon like fetchmail without rebooting?
> > > 
> > > killall fetchmail
> > > 
> > > >How can I transfer the messages in the inbox of one use to the inbox of
> > > >another?
> > > 
> > > cd /var/spool/mail
> > > cat old-user-name >>new-user-name
> > > rm old-user-name
> > 
> > A safer way to move email is to stop mail daemon,
> > 
> > mv old-user-name new-user-name
> > chown new-user-name.new-user-name new-user-name
> > 
> > that is, change the ownership to new user otherwise you won't be able to
> > read it and restart the mail server. If you do it otherwise your cat
> > command could mess the email box if MTA was writing into it at the same
> > time.
> > 
> > > 
> > > Note the two right angle brackets before new-user-name in the cat command. This
> > > is important. It means append. If you only put one of them there then existing
> > > messages for new-user-name will be deleted as the whole file will be replaced.
> > > 
> 
> -- 
> L. C. Robinson
> reply to no_spam+munged_lcr@onewest.net.invalid
> 
> People buy MicroShaft for compatibility, but get incompatibility and
> instability instead.  This is award winning "innovation".  Find
> out how MS holds your data hostage with "The *Lens*"; see
> "CyberSnare" at http://www.netaction.org/msoft/cybersnare.html

-- 
Rafael

Re: A Bunch of Questions

[Brent Harding]

You could install linuxconf, and add/delete/modify users there too, easier
than knowing a bunch of switches and options.
At 01:34 PM 12/12/01 -0800, you wrote:
>On Wed, Dec 12, 2001 at 03:34:33PM -0600, John J. Boyer wrote:
>> Dave,
>> Thanks for your information. However, my Redhat 7.1 sustem doesn't seem to
>> have a userdel command.
>
>Have you tried
>/usr/sbin/userdel
>
>It must be there. Mine has it.
>
>> Thanks.
>> John
>
>-- 
>Rafael
>
>
>
>_______________________________________________
>Blinux-list mailing list
>Blinux-list@redhat.com
>https://listman.redhat.com/mailman/listinfo/blinux-list
>
>

Re: A Bunch of Questions

[Brent Harding]

Linuxconf does the trick nicely, figure it's an old habit to use from the
gui days, nice and easy until I learn proper ways of doing it. 
At 03:38 PM 12/12/01 -0800, you wrote:
>On Wed, Dec 12, 2001 at 03:42:38PM -0700, L. C. Robinson wrote:
>> It seems to me that it would be much easier to just change the
>> username on such an account.  Do:
>> man usermod
>> for details.
>
>That won't take care of user's mailbox name and it's permissions nor it
>will change the ownership of files in user's home dir as far as I know. At
>least it won't work that way in all versions of Unix.
>
>> 
>> LCR
>> 
>> On Wed, 12 Dec 2001, Rafael wrote:
>> 
>> > On Wed, Dec 12, 2001 at 03:44:15PM -0500, Dave Mielke wrote:
>> > > [quoted lines by John J. Boyer on December 12, 2001, at 14:38]
>> > > 
>> > ..... deleted
>> > 
>> > > 
>> > > >How do I delete a user?
>> > > 
>> > > userdel old-user-name
>> > > 
>> > > >How do I stop a running daemon like fetchmail without rebooting?
>> > > 
>> > > killall fetchmail
>> > > 
>> > > >How can I transfer the messages in the inbox of one use to the
inbox of
>> > > >another?
>> > > 
>> > > cd /var/spool/mail
>> > > cat old-user-name >>new-user-name
>> > > rm old-user-name
>> > 
>> > A safer way to move email is to stop mail daemon,
>> > 
>> > mv old-user-name new-user-name
>> > chown new-user-name.new-user-name new-user-name
>> > 
>> > that is, change the ownership to new user otherwise you won't be able to
>> > read it and restart the mail server. If you do it otherwise your cat
>> > command could mess the email box if MTA was writing into it at the same
>> > time.
>> > 
>> > > 
>> > > Note the two right angle brackets before new-user-name in the cat
command. This
>> > > is important. It means append. If you only put one of them there
then existing
>> > > messages for new-user-name will be deleted as the whole file will be
replaced.
>> > > 
>> 
>> -- 
>> L. C. Robinson
>> reply to no_spam+munged_lcr@onewest.net.invalid
>> 
>> People buy MicroShaft for compatibility, but get incompatibility and
>> instability instead.  This is award winning "innovation".  Find
>> out how MS holds your data hostage with "The *Lens*"; see
>> "CyberSnare" at http://www.netaction.org/msoft/cybersnare.html
>
>-- 
>Rafael
>
>
>
>_______________________________________________
>Blinux-list mailing list
>Blinux-list@redhat.com
>https://listman.redhat.com/mailman/listinfo/blinux-list
>
>

Re: A Bunch of Questions

[L. C. Robinson]

On Wed, 12 Dec 2001, Rafael wrote:

> On Wed, Dec 12, 2001 at 03:42:38PM -0700, L. C. Robinson wrote:
> > It seems to me that it would be much easier to just change
> > the username on such an account.  Do: man usermod for
> > details.
> 
> That won't take care of user's mailbox name and it's
> permissions nor it will change the ownership of files in user's
> home dir as far as I know. At least it won't work that way in
> all versions of Unix.

On the contrary.  The filesystem does not store user names in the
directory structure.  Do "ls -ln" on your home dir, to see what
there really is.  Now do "id", to see what your id numbers are.
So when you change a username, it just changes the appropriate
mapping table (/etc/passwd), which file utilities like "ls" use.
Now, if you want to change user id numbers -- that can get hairy;
but there are automated ways to do that too.  And take my word
for it, that IS standard Unixen behavior.

BTW, I was reading the new Red Hat manuals about the new sysadmin
utilities last night, and I was impressed.  They have some very
readable tutorials, much of which would apply to any
distribution, particularly the text mode utilities, and it is all
available online at their website for free.  In particular, you
would want to look at the new Red Hat Customization Guide, which
includes the Kickstart chapters I was originally interested in,
for the recent enhancements (you saw some quotes from it in my
recent posts about kickstart).  I've been using Unix and then
linux for nearly 20 years, and I'm still learning new stuff from
well written guides like that.

LCR

-- 
L. C. Robinson
reply to no_spam+munged_lcr@onewest.net.invalid

Re: A Bunch of Questions

[Brent Harding]

Cool, what sysadmin utils, where do I get them? All that's around now is
linuxconf, powerful, but not everything common by far, although it'll do
virtual pop automatically, and manage sendmail, a bear to do by hand.
At 08:32 PM 12/12/01 -0700, you wrote:
>On Wed, 12 Dec 2001, Rafael wrote:
>
>> On Wed, Dec 12, 2001 at 03:42:38PM -0700, L. C. Robinson wrote:
>> > It seems to me that it would be much easier to just change
>> > the username on such an account.  Do: man usermod for
>> > details.
>> 
>> That won't take care of user's mailbox name and it's
>> permissions nor it will change the ownership of files in user's
>> home dir as far as I know. At least it won't work that way in
>> all versions of Unix.
>
>On the contrary.  The filesystem does not store user names in the
>directory structure.  Do "ls -ln" on your home dir, to see what
>there really is.  Now do "id", to see what your id numbers are.
>So when you change a username, it just changes the appropriate
>mapping table (/etc/passwd), which file utilities like "ls" use.
>Now, if you want to change user id numbers -- that can get hairy;
>but there are automated ways to do that too.  And take my word
>for it, that IS standard Unixen behavior.
>
>BTW, I was reading the new Red Hat manuals about the new sysadmin
>utilities last night, and I was impressed.  They have some very
>readable tutorials, much of which would apply to any
>distribution, particularly the text mode utilities, and it is all
>available online at their website for free.  In particular, you
>would want to look at the new Red Hat Customization Guide, which
>includes the Kickstart chapters I was originally interested in,
>for the recent enhancements (you saw some quotes from it in my
>recent posts about kickstart).  I've been using Unix and then
>linux for nearly 20 years, and I'm still learning new stuff from
>well written guides like that.
>
>LCR
>
>-- 
>L. C. Robinson
>reply to no_spam+munged_lcr@onewest.net.invalid
>
>
>
>_______________________________________________
>Blinux-list mailing list
>Blinux-list@redhat.com
>https://listman.redhat.com/mailman/listinfo/blinux-list
>
>

Re: A Bunch of Questions

[Mike Gorse]

On Wed, 12 Dec 2001, L. C. Robinson wrote:

> On the contrary.  The filesystem does not store user names in the
> directory structure.  Do "ls -ln" on your home dir, to see what
> there really is.  Now do "id", to see what your id numbers are.

Mailboxes are stored as files with the same name as the userid, at least
when using sendmail, so it may still be necessary to ensure that old mail
is preserved.

Re: A Bunch of Questions

[Rafael]

On Wed, Dec 12, 2001 at 08:32:36PM -0700, L. C. Robinson wrote:
> On Wed, 12 Dec 2001, Rafael wrote:
> 
> > On Wed, Dec 12, 2001 at 03:42:38PM -0700, L. C. Robinson wrote:
> > > It seems to me that it would be much easier to just change
> > > the username on such an account.  Do: man usermod for
> > > details.
> > 
> > That won't take care of user's mailbox name and it's
> > permissions nor it will change the ownership of files in user's
> > home dir as far as I know. At least it won't work that way in
> > all versions of Unix.
> 
> On the contrary.  The filesystem does not store user names in the
> directory structure.  Do "ls -ln" on your home dir, to see what
> there really is.  Now do "id", to see what your id numbers are.
> So when you change a username, it just changes the appropriate
> mapping table (/etc/passwd), which file utilities like "ls" use.
> Now, if you want to change user id numbers -- that can get hairy;
> but there are automated ways to do that too.  And take my word
> for it, that IS standard Unixen behavior.

File names are stored in the directory structure. One file keeps names of
files in a directory. Where else do you think they reside? Hard drive
brackets? ;-)  In Unix everything is treated as "files"  including
hardware devices. Changing user ID numbers is trivial, one command 
line.

You need to rename the mailbox file manualy otherwise it won't belong to
the right owner as far as MTA is concerned. As far as I know, tools that
change the login name won't touch other things like mailboxes which is 
good.

If you change name only in the passwd file then yes, you do not need to
change the ownership of the home directory. However, you were 
talking about adduser command before usermod which would create a 
new user with different UID.

In any case you'll run into some issues if files in home diretory have
been customized for a particular user based on the login name and you
change the name so some handwork will be needed. X windows managers setup
is one of them.

As always, in Unix there is more than one way to do things.

> 
> BTW, I was reading the new Red Hat manuals about the new sysadmin
> utilities last night, and I was impressed.  They have some very
> readable tutorials, much of which would apply to any
> distribution, particularly the text mode utilities, and it is all
> available online at their website for free.  In particular, you
> would want to look at the new Red Hat Customization Guide, which
> includes the Kickstart chapters I was originally interested in,
> for the recent enhancements (you saw some quotes from it in my
> recent posts about kickstart).  I've been using Unix and then
> linux for nearly 20 years, and I'm still learning new stuff from
> well written guides like that.

My first Unix experience was on HP workstations in 1982.

> 
> LCR
> 
> -- 
> L. C. Robinson
> reply to no_spam+munged_lcr@onewest.net.invalid


-- 
Rafael

Re: A Bunch of Questions

[Brent Harding]

The one thing rh does do is offer to fix up the permissions when you name
change, move the home directory, I believe.
At 12:37 PM 12/13/01 -0800, you wrote:
>On Wed, Dec 12, 2001 at 08:32:36PM -0700, L. C. Robinson wrote:
>> On Wed, 12 Dec 2001, Rafael wrote:
>> 
>> > On Wed, Dec 12, 2001 at 03:42:38PM -0700, L. C. Robinson wrote:
>> > > It seems to me that it would be much easier to just change
>> > > the username on such an account.  Do: man usermod for
>> > > details.
>> > 
>> > That won't take care of user's mailbox name and it's
>> > permissions nor it will change the ownership of files in user's
>> > home dir as far as I know. At least it won't work that way in
>> > all versions of Unix.
>> 
>> On the contrary.  The filesystem does not store user names in the
>> directory structure.  Do "ls -ln" on your home dir, to see what
>> there really is.  Now do "id", to see what your id numbers are.
>> So when you change a username, it just changes the appropriate
>> mapping table (/etc/passwd), which file utilities like "ls" use.
>> Now, if you want to change user id numbers -- that can get hairy;
>> but there are automated ways to do that too.  And take my word
>> for it, that IS standard Unixen behavior.
>
>File names are stored in the directory structure. One file keeps names of
>files in a directory. Where else do you think they reside? Hard drive
>brackets? ;-)  In Unix everything is treated as "files"  including
>hardware devices. Changing user ID numbers is trivial, one command 
>line.
>
>You need to rename the mailbox file manualy otherwise it won't belong to
>the right owner as far as MTA is concerned. As far as I know, tools that
>change the login name won't touch other things like mailboxes which is 
>good.
>
>If you change name only in the passwd file then yes, you do not need to
>change the ownership of the home directory. However, you were 
>talking about adduser command before usermod which would create a 
>new user with different UID.
>
>In any case you'll run into some issues if files in home diretory have
>been customized for a particular user based on the login name and you
>change the name so some handwork will be needed. X windows managers setup
>is one of them.
>
>As always, in Unix there is more than one way to do things.
>
>> 
>> BTW, I was reading the new Red Hat manuals about the new sysadmin
>> utilities last night, and I was impressed.  They have some very
>> readable tutorials, much of which would apply to any
>> distribution, particularly the text mode utilities, and it is all
>> available online at their website for free.  In particular, you
>> would want to look at the new Red Hat Customization Guide, which
>> includes the Kickstart chapters I was originally interested in,
>> for the recent enhancements (you saw some quotes from it in my
>> recent posts about kickstart).  I've been using Unix and then
>> linux for nearly 20 years, and I'm still learning new stuff from
>> well written guides like that.
>
>My first Unix experience was on HP workstations in 1982.
>
>> 
>> LCR
>> 
>> -- 
>> L. C. Robinson
>> reply to no_spam+munged_lcr@onewest.net.invalid
>
>
>-- 
>Rafael
>
>
>
>_______________________________________________
>Blinux-list mailing list
>Blinux-list@redhat.com
>https://listman.redhat.com/mailman/listinfo/blinux-list
>
>

admin utils, fetchmail, upgrades, and security (was: Re: A Bunch of Questions)

[L. C. Robinson]

First of all, if you reply to this thread, please fork the 
subject line... <grin>

On Thu, 13 Dec 2001, Brent Harding wrote:

> The one thing rh does do is offer to fix up the permissions
> when you name change, move the home directory, I believe.

If you are talking about using usermod only to change a user
name, then no, it does not offer to fix up permissions or
ownership, for the simple reason that it is not necessary, nor is
it necessary to move (ie, rename) the home directory (but with
the right options it can do that last, and a bunch of other
things).  Also, usermod is not Red Hat specific.

There seems to be some confusion about how these things work,
which has led to some unnecessarily complicated instructions
about how to do it.  The adduser command should not be necessary
at all when merely changing a username: usermod will suffice, all
by itself, with NO other commands.  In particular, usermod is
smart enough to change the name of the users mailbox when using
the -l option, though this behavior is not documented in the man
page.  The permissions and ownership (UID,GID _numbers_) can and
should remain the same.

Perhaps a quote from the shadow password HOWTO, included in the
same utility package, will clarify things:

   The /etc/passwd file also contains information like user ID's
   and group ID's that are used by many system programs.
   Therefore, the /etc/passwd file must remain world readable.
   If you were to change the /etc/passwd file so that nobody can
   read it, the first thing that you would notice is that the ls -l 
   command now displays user ID's instead of names!

Lest there be some misunderstanding, due to ambiguity, as there
was before, let me point out that the author is refering to
ownership names, not the filenames.

More clarification in the longish next section.  Users who
understand how this stuff works, and haven't been confused by the
misinformation or misunderstanding in the previous posts, can
skip to the word "shifting", (in pine, start the search entry
with the "w" key), where I answer other related posts about new
admin utilities, upgrades, fetchmail, and security, that have
been spawned by this thread.

> At 12:37 PM 12/13/01 -0800, you wrote:
> >On Wed, Dec 12, 2001 at 08:32:36PM -0700, L. C. Robinson wrote:
> >> On Wed, 12 Dec 2001, Rafael wrote:
> >> 
> >> > On Wed, Dec 12, 2001 at 03:42:38PM -0700, L. C. Robinson wrote:
> >> > > It seems to me that it would be much easier to just change
> >> > > the username on such an account.  Do: man usermod for
> >> > > details.
> >> > 
> >> > That won't take care of user's mailbox name and it's
> >> > permissions nor it will change the ownership of files in user's
> >> > home dir as far as I know. At least it won't work that way in
> >> > all versions of Unix.
> >> 
> >> On the contrary.  The filesystem does not store user names in the
> >> directory structure.  Do "ls -ln" on your home dir, to see what
> >> there really is.  Now do "id", to see what your id numbers are.
> >> So when you change a username, it just changes the appropriate
> >> mapping table (/etc/passwd), which file utilities like "ls" use.
> >> Now, if you want to change user id numbers -- that can get hairy;
> >> but there are automated ways to do that too.  And take my word
> >> for it, that IS standard Unixen behavior.

> >File names are stored in the directory structure. One file
> >keeps names of files in a directory. Where else do you think
> >they reside? Hard drive brackets? ;-)  In Unix everything is
> >treated as "files"  including hardware devices.

Perhaps I overlooked some ambiguity in my explanation (maybe I
was more tired than I thought).  My apologies. The reference I
made to user names was to ownership, not filenames, which should
have been obvious by the context (what do you think the -n option
to ls does)?  Excessively rude replies can be embarrassing!
You are, of course, quite right about filenames: I never said
otherwise.

> >Changing user ID numbers is trivial, one command line.

Maybe to a power user, who knows how to pick just the right
command or utility, in just the right situation.  But that
command might have to change the ownership id numbers on perhaps
hundreds of files scattered all over the filesystem.  Remember,
we are trying to tutor some relatively new users.

> >You need to rename the mailbox file manualy otherwise it won't
> >belong to the right owner as far as MTA is concerned. As far
> >as I know, tools that change the login name won't touch other
> >things like mailboxes which is good.  

But, as we have seen, usermod is smart enough to rename it for
you.  Make a dummy user account and try it.

For newbies:

Remember to remove or disable the dummy account afterward, for
security, -- don't be afraid to experiment, it's a great way to
learn.  Try removing only the passwd entry at first, (use vipw,
not a raw editor, and make a backup copy of the passwd file
first), then list the now orphaned user directory with "ls -l",
and see what happens to the owner and group fields: you'll
understand things a lot better if you actually see it.  Now list
the mail spool directory (/usr/spool/mail), and observe the same
thing (you should be able to spot a difference, too).

> >If you change name only in the passwd file then yes, you do
> >not need to change the ownership of the home directory.

So apparently, you do understand the filesystem structure,
relative to permissions and ownership.  Do you see how your
previous posts could have been confusing to newbies?

> >However, you were talking about adduser command before usermod
> >which would create a new user with different UID.

I see now that you must have been thinking I was advocating using
usermod after things were messed up by an unnecessary adduser
command.  I was, in fact, trying to point out a utility that
could simplify the whole problem, not fix the previous "error"
with adduser.  The easiest way to fix a bogus new account that is
in the way of a rename is to just rename it (with usermod), or
use userdel.  Good practice to do both, for a new admin.  Anyway,
the original poster got some good experience doing things
manually, and can appreciate the better tools.

*** shifting subject focus:

> >In any case you'll run into some issues if files in home
> >diretory have been customized for a particular user based on
> >the login name and you change the name so some handwork will
> >be needed. X windows managers setup is one of them.

Do you mean, for instance, if you have in .fetchmailrc:

server mailhost.myisp.com proto pop3 username director there is jondo here password passxxxxx

that you might need to change your local user name in there, too?
A good reminder.

<snip>

> >> BTW, I was reading the new Red Hat manuals about the new
> >> sysadmin utilities last night, and I was impressed.  They
> >> have some very readable tutorials, much of which would apply
> >> to any distribution, particularly the text mode utilities...

And to reply to a different post, asking about these: the best
way to find out about them is to download the new RH7.2 manuals
and look over the table of contents, then read the sections that
interest you.  Or read them on the web, if you prefer.  If you've
already upgraded to RH7.2, you may have already installed them on
your hard disk, or have them on the documentation CD.  And you
can probably download and upgrade or add just the packages you
want.  If the binary versions won't install because of different
library versions, you can probably just do:
rpm --rebuild package.src.rpm
on corresponding source rpm packages, to make a usable binary rpm.

If you are new to Linux, you may not know that it is not
necessary to keep up with the latest releases of your
distribution, on a constant upgrade treadmill, like in the
proprietary OS world.  In fact, it can be rather
counterproductive to do so, depending on your needs.  In the
proprietary M$ world, this forced upgrade cycle has pretty much
destroyed the productivity gains on corporate investment in new
computers and software, according to studies and experience.

But it is critical that you keep up with security patches for the
version that you do use.  Failure to do so is, by far, the most
serious security problem on the internet, regardless of what OS
you use.  For instance, security researchers in the Honeynet
project have found that a pristine install (no security patches
or anything) of Red Hat 6.2 lasts, on average, only 72 hours,
before being cracked into.  M$ stuff, less than a day.  This
issue is often overlooked: it was mentioned in the recent security
thread on this list, but only in passing.  You will need an
automated tool to keep up with this: most of the professionals
can't (and usually don't) keep up without such tools.

<snip>

LCR

-- 
L. C. Robinson
reply to no_spam+munged_lcr@onewest.net.invalid

People buy MicroShaft for compatibility, but get incompatibility and
instability instead.  This is award winning "innovation".  Find
out how MS holds your data hostage with "The *Lens*"; see
"CyberSnare" at http://www.netaction.org/msoft/cybersnare.html

Re: admin utils, fetchmail, upgrades, and security (was: Re: A Bunch of Questions)

[Rafael]

On Fri, Dec 14, 2001 at 06:24:42AM -0700, L. C. Robinson wrote:
> First of all, if you reply to this thread, please fork the 
> subject line... <grin>
> 
> On Thu, 13 Dec 2001, Brent Harding wrote:
> 
> > The one thing rh does do is offer to fix up the permissions
> > when you name change, move the home directory, I believe.
> 
> If you are talking about using usermod only to change a user
> name, then no, it does not offer to fix up permissions or
> ownership, for the simple reason that it is not necessary, nor is
> it necessary to move (ie, rename) the home directory (but with
> the right options it can do that last, and a bunch of other
> things).  Also, usermod is not Red Hat specific.

Nowhere do I see usermod command change the mailbox name. At least man 
pages for RedHat7.2, Solaris 5.7, Solaris 8 do not mention that in any 
way. I have not used usermod for some time since my environment requires 
changes to NIS and many servers across the net which usermod won't take 
care of.

> 
> There seems to be some confusion about how these things work,
> which has led to some unnecessarily complicated instructions
> about how to do it.  The adduser command should not be necessary
> at all when merely changing a username: usermod will suffice, all

usermod is not a necessary command at all. VI is all I need to take care 
of that issue and is much faster than trying to figure out what to 
pass to usermod command to get the expected result. usermod command 
however is useful in scripts to automate things in case you need that 
functionality.

I used to be in team of "movers" at Sun some time back where we moved
people's data and email between the servers across the network. As far as
I remember the procedure we used was simple, vi, rsync, and tar were the
most common tools used in most cases. Renaming a user was sometimes
necessary if the same username existed in another subdomain but that 
required to change the UID as well not to mention changing file ownership 
for their home.

> by itself, with NO other commands.  In particular, usermod is
> smart enough to change the name of the users mailbox when using
> the -l option, though this behavior is not documented in the man
> page.  The permissions and ownership (UID,GID _numbers_) can and
> should remain the same.

Correct. The man page doesn't say that.

........ deleted

> > >File names are stored in the directory structure. One file
> > >keeps names of files in a directory. Where else do you think
> > >they reside? Hard drive brackets? ;-)  In Unix everything is
> > >treated as "files"  including hardware devices.
> 
> Perhaps I overlooked some ambiguity in my explanation (maybe I
> was more tired than I thought).  My apologies. The reference I
> made to user names was to ownership, not filenames, which should
> have been obvious by the context (what do you think the -n option
> to ls does)?  Excessively rude replies can be embarrassing!
> You are, of course, quite right about filenames: I never said
> otherwise.
> 
> > >Changing user ID numbers is trivial, one command line.
> 
> Maybe to a power user, who knows how to pick just the right
> command or utility, in just the right situation.  But that
> command might have to change the ownership id numbers on perhaps
> hundreds of files scattered all over the filesystem.  Remember,
> we are trying to tutor some relatively new users.
> 
> > >You need to rename the mailbox file manualy otherwise it won't
> > >belong to the right owner as far as MTA is concerned. As far
> > >as I know, tools that change the login name won't touch other
> > >things like mailboxes which is good.  
> 
> But, as we have seen, usermod is smart enough to rename it for
> you.  Make a dummy user account and try it.

Will try, as far as I can remember some versions of that command did not
do that in the past so that's an improvement. Unfortunately it's not 
docummented at all.

.....
> > >If you change name only in the passwd file then yes, you do
> > >not need to change the ownership of the home directory.
> 
> So apparently, you do understand the filesystem structure,
> relative to permissions and ownership.  Do you see how your
> previous posts could have been confusing to newbies?

It all started from the wrong foot IMO, solving some kind of email 
related problem with renaming the login and we ended up wandering around.

... snip

> *** shifting subject focus:
> 
> > >In any case you'll run into some issues if files in home
> > >diretory have been customized for a particular user based on
> > >the login name and you change the name so some handwork will
> > >be needed. X windows managers setup is one of them.
> 
> Do you mean, for instance, if you have in .fetchmailrc:
> 

> server mailhost.myisp.com proto pop3 username director there is jondo
> here password passxxxxx

I believe there are other things that will cause problems. KDE and 
perhaps Gnome for example are very picky about where they reside and who's 
using them. I know there is a problem if you manualy change the IP from 
inside KDE because some of the authentication depends on it. It's like 
pulling the rug under somebody's feet.

Another issue is SSH. That too depends on login name. So changing user's 
login name is not that simple anymore. It's better to be familiar with vi 
than usermod.

> that you might need to change your local user name in there, too?
> A good reminder.
> 
> <snip>
> 
> 
> LCR
> 
> -- 
> L. C. Robinson
> reply to no_spam+munged_lcr@onewest.net.invalid
> 
> People buy MicroShaft for compatibility, but get incompatibility and
> instability instead.  This is award winning "innovation".  Find
> out how MS holds your data hostage with "The *Lens*"; see
> "CyberSnare" at http://www.netaction.org/msoft/cybersnare.html

Thanks for clarifying things.

-- 
Rafael

Re: admin utils, Security Updates -- was: Re: A Bunch of Questions)

[Janina Sajka]

On Fri, 14 Dec 2001, L. C. Robinson wrote:

About security, you wrote ...
> This issue is often overlooked: it was mentioned in the recent security
> thread on this list, but only in passing.  You will need an
> automated tool to keep up with this: most of the professionals
> can't (and usually don't) keep up without such tools.

The Redhat up2date script can do a nice job of this. It can be used for 
only certain, selected packages, or for any and all installed packages. It 
can be automated, or run by hand.

I could wish that the web pages you must use to sign up for up2date were a 
bit easier to understand and follow, but they're quite usable with lynx 
and other char based browsers. Once registered, you can run up2date from 
the command line. I usually do it with the -nox --nosig switches to keep 
things accessible.

PS: I agree whole-heartedly about the new Redhat manuals. I have looked at 
both the Installation manual and the Getting Started manual. There's good, 
clear writing there, and it includes keyboard as well as mouse based 
instructions. Very nice.

				Janina

Re: A Bunch of Questions

[Brent Harding]

Well, I don't know how to get rid of it without changing stuff in sendmail
to rewrite, but if I look up in the headers towards the top this is what it
says.
X-X-Sender:  <director@mawimain7-224.dsl.tds.net>

At 05:06 PM 12/12/01 -0600, you wrote:
>Brent,
>Please explain what the long x-sender string is and how I can get rid of
>it. I don't see it on the messages that are returned to me.
>Thanks.
>John
>On Wed, 12 Dec
>2001, Brent Harding wrote:
>
>> The only issue is you have the x-sender thing as your long isp address. I
>> really kind of hate that about not running your own server on the domain,
>> as maybe I don't want everyone to know who my isp is off the email message.
>> At 02:38 PM 12/12/01 -0600, you wrote:
>> >Hello,
>> >Well, I threw in the towel and just created a new user for the director
>> >e-mail address, so I hope this goes through to the list. I wonder why
>> >logging in with an address other than your login name is considered a
>> >security risk.
>> >Here are some other questions.
>> >How do I delete a user?
>> >How do I stop a running daemon like fetchmail without rebooting?
>> >How can I transfer the messages in the inbox of one use to the inbox of
>> >another?
>> >Thanks.
>> >John
>> >
>> >
>> >
>> >
>> >_______________________________________________
>> >Blinux-list mailing list
>> >Blinux-list@redhat.com
>> >https://listman.redhat.com/mailman/listinfo/blinux-list
>> >
>> >
>>
>>
>>
>> _______________________________________________
>> Blinux-list mailing list
>> Blinux-list@redhat.com
>> https://listman.redhat.com/mailman/listinfo/blinux-list
>>
>
>
>
>_______________________________________________
>Blinux-list mailing list
>Blinux-list@redhat.com
>https://listman.redhat.com/mailman/listinfo/blinux-list
>
>

Re: A Bunch of Questions

[John J. Boyer]

Brent,
Please explain what the long x-sender string is and how I can get rid of
it. I don't see it on the messages that are returned to me.
Thanks.
John
On Wed, 12 Dec
2001, Brent Harding wrote:

> The only issue is you have the x-sender thing as your long isp address. I
> really kind of hate that about not running your own server on the domain,
> as maybe I don't want everyone to know who my isp is off the email message.
> At 02:38 PM 12/12/01 -0600, you wrote:
> >Hello,
> >Well, I threw in the towel and just created a new user for the director
> >e-mail address, so I hope this goes through to the list. I wonder why
> >logging in with an address other than your login name is considered a
> >security risk.
> >Here are some other questions.
> >How do I delete a user?
> >How do I stop a running daemon like fetchmail without rebooting?
> >How can I transfer the messages in the inbox of one use to the inbox of
> >another?
> >Thanks.
> >John
> >
> >
> >
> >
> >_______________________________________________
> >Blinux-list mailing list
> >Blinux-list@redhat.com
> >https://listman.redhat.com/mailman/listinfo/blinux-list
> >
> >
>
>
>
> _______________________________________________
> Blinux-list mailing list
> Blinux-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/blinux-list
>

Re: A Bunch of Questions

[Brent Harding]

The only issue is you have the x-sender thing as your long isp address. I
really kind of hate that about not running your own server on the domain,
as maybe I don't want everyone to know who my isp is off the email message.
At 02:38 PM 12/12/01 -0600, you wrote:
>Hello,
>Well, I threw in the towel and just created a new user for the director
>e-mail address, so I hope this goes through to the list. I wonder why
>logging in with an address other than your login name is considered a
>security risk.
>Here are some other questions.
>How do I delete a user?
>How do I stop a running daemon like fetchmail without rebooting?
>How can I transfer the messages in the inbox of one use to the inbox of
>another?
>Thanks.
>John
>
>
>
>
>_______________________________________________
>Blinux-list mailing list
>Blinux-list@redhat.com
>https://listman.redhat.com/mailman/listinfo/blinux-list
>
>