- [#users]: Users (user accounts)
The phrase “user account” refers to something which is often referred to simply as a “user”, but the longer phrase is meant to help distinguish a “user account” from the person, a.k.a. the “end user”, who is anticipated to be likely to use the user account. (Although those concepts are typically easy to keep separate in one's own mind, sometimes communication about an account may sound like a reference to the end user. Comments about “removing the unnecessary user” may be viewed as impersonal and unintentionally rude.)
- [#usrbasop]: Basic Operations on User Accounts
- [#useradd]: Adding a user account
- [#userdel]: Removing a user account
- [#userauth]: Authenticating User accounts (Passwords, affecting whether enabled/disabled)
Authentication can be quite basic, or it can be a bit more
complex. However, as each user needs a password, it is
listed here in the basic operations sections.
One method of disabling a user's ability to log in is to change the credentials, such as the hash of whatever passphrase the user is using. The change can be systemic, such as prepending a sequence (such as a string consisting of a single character) which the end user won't possibly be able to enter, either due to being impossible to the hash algorithm or, a bit less secure but known to effectively work in some scenarios, simply being a string prepended to the password which the end user won't know (and won't likely crack). However, some environments have another setting/property for each user account that indicates whether it is disabled, and so knowing how to make sure the account is enabled can be important.
- Simple logins: Username and basic passphrase
- Key files
- These are typically more secure than basic typed passphrases due to a substantially longer “secret”. They can also be automated, so once implemented, can even be easier to use than simple logins.
- One time passwords
A mixture of a neat/new technology (one time credentials) and an archaic technology that is best replaced (passwords).
- Biometric reading technology
- Some laptops have a fingerprint scanner.
- Handling groups
- Adjusting other user properties (e.g. home directory, etc.)
- Home directory
- Modifying a user's name, location, etc. Note that location and contact info may commonly be implemented in a way that allows such info to be commonly shared. Some properties, such as an end user's first name, might not be something that a typical end user has any way to change without going through an authorized staff member of the network administration. Others, such as a preferred E-Mail address or what shell is run with remote command lines, may be something more commonly allowing a user to edit. There may still be some default values, such as an E-Mail address defaulting to the user's username followed by an at sign and a specific machine's name.
- Some of these settings may have defaults based on various factors such as: end user's typical physical location (such as which printers show up and which one is used by default), or other characteristics such as the person's position within an organization (such as setting the default printer for a graphics designer to a slower printer that prints with higher quality or more expensive paper, but having a financial user default to a printer that prints with lower quality but lower cost and higher speed.) Policies, including permissions, can certainly have an effect on what preferences make sense as defaults. Another example: Default outgoing E-Mail address.
- Backing up/importing/exporting users
- Policies (Enforcing policies)
- User policies
- ToS/EULA/etc. (Legal/documetnation/etc.)
- Authentication Policies
- e.g. password rotation (age, non-use of history), testing password strength
- Other policies
- File systems typically support permissions, which is a type of policy which is certainly important. Windows XP (and other systems) can force certain settings using a feature called "Local Policy". (Confirm: what operating systems have that? Win XP Home?) There is also “Group Policy”, which basically involves applying policies, similar to local policies, based on what group(s) an end user may be in.
- [#remtaccs]: Remote Access Remote Access
- Remote command-line
- SSH and other options
- Remote graphics connection: sharing screens (visual displays)
- Sharing applications (window commands)
- xpra, RDC/RDP
- Sharing screens (or screen area)
- [#rfbvnc]: Remote framebuffer (“rfb”), and VNC (which uses RFB)
- There's quite a few clients, including TightVNC, FreeNX, UltraVNC, and more.
- Sharing other things
- There are various subsections describing sharing and/or interacting with other items such as clipboards, files, printer objects, and details like what is running on a system.
- [#usenetdb]: Using Databases
- After a network-capable database server is set up, there may be various steps to use the desired database software to create a database, make sure the file is online, send standard queries to look up information on the database, or perform maintenance functions such as backing up the database (or, as another example, removing old and unneeded entries to reduce database size).
- [#filexfer]: File transfering
- File transfering
- Basic overview of multiple methods of file transferring
- [#fxfrfsys]: Remote filesystems
- See the section about Remote filesystems.
- File sharing sites
- Sharing with the public
- Securing some data
e.g., password-protected web content
(This section is not currently elaborated upon. Details have been explored, and so further details will be getting added in the relatively short future.)
- Network Sites
- [#websites]: Websites
For web servers, choose some of the web serving software. As such servers can also perform a simpler role of simply serving files, the basic setup of such software is covered by the section on web transfers.
This section is more about setting up more elaborate sites: those that provide server-side dynamically-generated content, and those that accept input from a user (e.g. by supporting forms/POST data, and/or uploaded files).
This section is about some of the more technical aspects of technologies often used to help power websites. For details about website content, see providing professional services: making a website.
- Analyzing Logs
- Inconsistent numbers
Even when the same logs are used, software may have different designs on how it defines a single “visit”. Webalizer's default threshold of 30 minutes differs from AWStats having a default threshold of 60 minutes, which affects whether a person's activities might count as one visit or two visits.
- Related topics
Web-based analyzing often leads to a desire to want to increase traffic, or is a tool used to help pursue such a goal. See also: job paths: making a website.
In OpenBSD, the documentation may be at /usr/local/share/doc/analog/Readme.html
- Making images accessible
Locate the images used by analog. For instance, the following would work on an OpenBSD system (which tends to place packages in /usr/local/share/), although other platforms may store the data in a different location.
Those images could work fine, but they may be in an area of the filesystem that, for security reasons, is not as easily accessible as the location where the web report is going to be placed. The recommended course of action is to make a copy of those files. (We're talking about 274KB, so this is not going to be a huge amount of disk space. Although, if we were talking about thousands of users, there might be a negligible benefit to having these either be in a cental location, or be hard links on a Unix filesystem. Then again, if there are that many users, 2.74MB per thousand users is likely a relatively negligible amount of disk space.)
- Creating a configuration file
- Example configuration file if using Apache
The following line might also be pre-pended, if using Apache:
APACHELOGFORMAT (%v %h %l %u %t "%r" %>s %b
- Example Configuration file if using nginx
If using nginx, try prepending this instead:
LOGFORMAT (%S - %u [%d/%M/%Y:%h:%n:%j %j] %j %r %j
That configuration seems to work well. (Certainly much better than the old configuration that had been documented at this site, which was the following.)
LOGFORMAT LOGFORMAT (%S - %u [%d/%M/%Y:%h:%n:%j %j] %j %r %j %c %b
Note that the specified
OUTFILEis just the HTML file that will be created. The
program will also make additional files in the same directory as the specified output HTML file.
- Running the program
The following syntax puts multiple files in the current directory.
A quick search on the web indicates that
may like things in Apache log format, so
users might not be able to use this unless
is configured to create its web logs using Apache's format. (Likely conversion may also be an option.)
- Wikipedia: List of web analystics software lists several options, including several options using GPL.
- Technical platforms
- [#cmmngwif]: Common Gateway Interface (“CGI”)
- RFC 3875: The Common Gateway Interface (CGI) Version 1.1
- Server-side includes
- ... see ssi (part of thttpd)
- Supporting popular scripting languages
These may be implemented using CGI, or perhaps some other method (such as using an add-on built into a web server). Such alternate methods may be less portable to other web serving platforms (e.g. using other web server software) but may have some other advantages (speed, low memory footprint).
- PERL for Windows
- IndigoPERL by IndigoStar Indigo PERL
The license for this program allows for free use and distribution within an organization, although re-distribution may require permission.
In addition, there is IndigoAMPP (by IndigoStar software).
- ActiveState's ActivePerl
- Strawberry Perl
- PHP (“PHP: Hypertext Processor” recursive acronym, previously meaning “Personal Home Page”)
For information on using this with Win32, perhaps see IndigoAMPP (by IndigoStar software).
- Ruby (on Rails)
- Active Server Page (“ASP”)
- Shopping Site
- Multi-user editing: Wiki
- Electronic Messages
This is for any sort of methods to send messages in a very quick manner, such as how E-Mail is usually sent, including “chat” messages.
- Generally considered to be the second most commonly used functionality of the Internet, only behind the information sharing of the world wide web.
- Instant Messaging
This may allow for a message to be sent to a server, which will then be relayed to a user once the user is online again. Fundamentally this isn't significantly different in nature than E-Mail, but popular IM software is sometimes used by people who may not receive E-Mail as quickly. Communications may be direct peer-to-peer, which is architectually different than having one or multiple E-Mail servers in the middle of the communication. IM clients also tend to share information about a person's availiability/status with friends.
Currently some information is at: TOOGAM's Software Archive: Chat software.
- e.g. iCalendar (RFC 5545: Internet Calendaring and Scheduling Core Object Specification (iCalendar), and RFC 5546: iCalendar Transport-Independent Interoperability Protocol (iTIP))
- Certificate Communications
- Certificate Communications describes obtaining(/creating) a certificate.
- See: ID.
This functinality is described in the “Behind the Scenes” section. See: “Intrusion Detection System” (“IDS”)/“Intrusion Prevention System” (ldquo;IPS”).