help-gnubatch
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[help-gnubatch] User control enhancements

From: Deiss, Mark
Subject: [help-gnubatch] User control enhancements
Date: Wed, 14 Mar 2012 09:06:42 -0500

New user to GNUbatch so maybe these capabilities are already covered.  Two enhancements requested:

 

1)     For user access control, would like to see the following syntax supported to revoke all access privileges on a particular username.

 

gbch-uchange –p –ALL <username>

 

Right now with GNUBatch vs 1.4, getting back an error of: “Invalid privilege flag …”. To revoke all access, have to run gbch-ulist, pick out the particular account and run the gbch-uchange with each of the listed enabled privileges, with the minus symbol, to revoke access.

 

2)     Would also like ability to remove a user account all together from the btufile. Do not want system accounts represented or other user accounts that are not to have access.  Sites may elect to maintain an external list of prohibited accounts that would be used as a second step to reduce the btufile content after a system account refresh. Something like:

 

gbch-uchange –R                    # update the btufiles against any new additions/deletions in the system password file

gbch-uchange –remove <username>             # remove a particular user entry

gbch-uchange –remove –f <file_list>              # where file_list would contain entries of multiple users to be removed from btufile

 

I realize this will be a mess for sites with large NIS/AD user lists that are used as a basis for the btufiles population. Possibly some additional modification flags for the AD sites may help control the btufile population.

 

gbch-uchange –R –exclude <AD-tag1,AD-subdomain,something> -include <AD-tag2, something2>

 

   Would also be nice if the gbch-xuser/gbch-xmuser would support account removals. I take it using gbch-xuser/gbch-xmuser would not be able to add a particular new user as gbch-uchange is necessary to get the new account entry into the btufiles to start with.

 

 

Mark Deiss

System Analyst

Education Solutions

 

ACS Education Solutions, LLC, A Xerox Company

12410 Milestone Center Drive

Germantown, MD USA 20876

 

p  240.686.2666

f   240.686.2857

 

www.xerox.com/businessservices

 

reply via email to
[Prev in Thread] Current Thread [Next in Thread]