|
#1
July 31st, 2002, 01:55 AM
| |||
| |||
| Mail-only accounts With the proliferation of mail server installation instructions here and elsewhere (postfix, sendmail, or otherwise) for Mac OS X/Darwin, tools for the server admin seem to be more and more necessary. This post aims to make administration of mail users just a little bit easier. The attached file contains two shell scripts (substantially derived from testuser's FTP-only account scripts*): addmailuser delmailuser These scripts intend to create and delete mail-only accounts. While not strictly "mail-only", they are called 'mail-only' users because these accounts are highly restricted, effectively limiting what these users can do on your Mac OS X/Darwin system. User accounts added with these scripts: * do not appear in the login window * cannot access your Mac via ssh * cannot access your Mac via ftp * cannot login to the Terminal * are only granted write access to other user's drop boxes via AppleTalk * will not have a home directory in the /Users directory tree As testuser pointed out in his thread, such scripts provide a rapid way to add new mail user accounts via the command line. For example: To add two new mail accounts stevewoz and sjobs addmailuser stevewoz sjobs to add 100 user names that are contained in the text file "users.txt" addmailuser `cat users.txt` Note: backquotes (`), not apostrophes (') As is, the scripts do the following: * creates a new user account * sets their shell to /dev/null to eliminate the ability to login via the Terminal * adds an entry to the /etc/ftpusers file to disallow ftp access * sets their home directory to /dev/null to constrain them to the UNIX blackhole Due to their lengthy nature, I will not include the entire text of the scripts in this post. Instead, they are attached as a downloadable file. The following are instruction on how to install these scripts: 1). Rename the downloaded file from "attachment.php" back to "mailaccounts.zip" (This is necessary due to a bug in the forum software.) 2). Decompress it with StuffIt Expander. 3). If you don't already have a binary executable directory, create one: mkdir ~/bin chmod 700 ~/bin 4). Move the addmailuser and delmailuser files into your "bin" directory (/Users/username/bin). 5). Make these files executable: chmod 760 ~/bin/*mailuser 6) Optional: edit the addmailuser and/or delmailuser scripts to customize them to meet your particular requirements, especially in regards to ssh: pico ~/bin/addmailuser Step 6 is optional, but may be necessary for this important reason: the scripts were authored with a particular SSH configuration in mind. If your setup is different, you should edit the scripts and uncomment the sections pertaining to sshd. Briefly, I prefer to stricly enumerate SSH access to my server in my sshd_config file under the 'AllowUsers' section. For my server, I only have two users listed: myself and a trusted UNIX guru friend of mine who is unfamiliar yet curious about Mac OS X/Darwin. I don't want to allow any other user on the system to login via SSH. The 'AllowUsers' entry in the config file will supercede a 'DenyUsers' section, making it unnecessary to strictly enumerate denial entries for the users added by this script. In other words: only those users named after 'AllowUsers' have ssh access, so it is unnecessary to add anything to 'DenyUsers'. Your choice will depend on your server paradigm: a permissive server that has more ssh users than not should make use of 'DenyUsers' (and therefore a change would be in order to the scripts); a restrictive server that has few ssh users should make use of 'AllowUsers' (and therefore can use the scripts as provided, without modification). *A great debt is owed to testuser in the creation of these scripts. They borrow heavily from his FTP-only accounts scripts; as such I make no claim about their originality. My only goal is that it would benefit the community. Enjoy. Last edited by gatorparrots; July 31st, 2002 at 10:02 AM.  |
|
#2
January 1st, 2003, 05:29 PM
| |||
| |||
| I downloaded the scripts and used them and everything worked great...the only problem is that my 'mail only users' can't login with qpopper. It just says password rejected. I looked in NetInfo and it appears that the passwords are all encrypted...except the new users. Is there any way to encrypt the passwords using this script so my users can login? |
|
#3
January 1st, 2003, 09:24 PM
| |||
| |||
| You can set the user's passwords arbitrarily with this command: niutil -createprop . /users/username passwd "`openssl passwd 'thePassword' `" (Creating a property in NetInfo will overwrite an existing property, so you can replace their unhashed passwords with hashed versions.) |
 |
| Thread Tools | |
|
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Poll: What's the best E-Mail client? | fryke | Apple News, Rumors & Discussion | 30 | May 14th, 2005 09:26 AM |
| Thank God the Witch Is Dead | Veljo | Mac OS X System & Mac Software | 2 | June 27th, 2003 06:51 PM |
| Aargh! : Can't create a new user | cabbage | Mac OS X System & Mac Software | 2 | August 19th, 2002 12:54 PM |
| Mail accounts lost after 10.0.4 upgrade | realcork | Mac OS X System & Mac Software | 5 | July 7th, 2001 01:57 AM |
All times are GMT -5. The time now is 11:14 AM.
