Chapter 5

Setting up users


5.1 Overview

Your system will have a number of different users to whom you will want tobe able to give factilites to create files for themselves, to read certaincommunal files (for example library programs) and to have selective accessto other users' files.

The list of authorised users in a SJ Research File Server is kept in afile called the password file. This file can be read and saved onlyby someone with system privilege - normally only the system managerhimself and only when the front panel key-switch is turned to the SYSTposition. The password file contains information about each user: theirpassword, any accounts they have access to, and administrative informationconcerning start-up (boot) options, library directories and user rootdirectories.

If someone logs on to the system, and their name does not appear in thepassword file, then they will be logged on as the default user, ifone has been set up by the system manager using EDITPASS (see Section5.3). If no default user has been set by the system manager, the user willreceive the error User not known .

When a user listed in the password file logs on, any password they quotewill be checked against the one in the password file before the log-on isallowed to proceed. They will then be given any rights and privilegeslisted against their name in the password file. The system will thensearch the disk on which the user's password file entry was found for theUser Root Directory specified for that user in the password file,which by default has that user's name, and will set this to be thecurrently selected directory (see Section 3.3 under *I AM for details). Ifno appropriately named directory is found, the disk root directory will beselected.

As described more fully in Section 3.3 (under *ACCESS and *ACCOUNT), theaccount(s) to which a user is given access control two things:

First, every file (or directory) has an account number, and if a userhas access to this account, then they are an owner of that file (ordirectory). Only an owner may create files in a directory, and only anowner may delete a file or change its access letters (see Section 3.3under the *ACCESS command). Note that there can be more than oneowner of a file (or directory), simply by allocating access to itsaccount to more than one user - this can be useful for communal files in aproject.

Second, each account has a credit balance of storage space, and anattempt to create a file which would cause that balance to become lessthan zero will be prevented, and cause the error Account bankrupt.

5.1.1 Keeping a List of Users

It is wise to plan your list of users, and the accounts for them, on paperand keep it up to date. There is no security required for account numbersand users' names, and even a moderately sized system can have more usersand accounts than can be displayed on a screen.

User names may have up to ten characters, which may include letters,numers and dashes, and must start with a letter. Normally the user's namewould be their own surname or initials. However, user names must be uniquein the system, so you may wish to add figures to the end of a name.

Account numbers range between 0 and 7FF (hexadecimal), but you may ofcourse ignore the hexidecimal part and just use numbers up to 799.Allocating account number 0 gives ownership of the system root directory,so account 0 should be allocated only to system privileged users.

5.1.2 Entering Users on to the System