[#users]: Users (user accounts)

The phrase “user account” refers to something which is often referred to simply as a “user”, but the longer phrase is meant to help distinguish a “user account” from the person, a.k.a. the “end user”, who is anticipated to be likely to use the user account. (Although those concepts are typically easy to keep separate in one's own mind, sometimes communication about an account may sound like a reference to the end user. Comments about “removing the unnecessary user” may be viewed as impersonal and unintentionally rude.)

[#usrbasop]: Basic Operations on User Accounts
[#useradd]: Adding a user account
[#userdel]: Removing a user account
[#userauth]: Authenticating User accounts (Passwords, affecting whether enabled/disabled)
Authentication can be quite basic, or it can be a bit more complex. However, as each user needs a password, it is listed here in the basic operations sections.

One method of disabling a user's ability to log in is to change the credentials, such as the hash of whatever passphrase the user is using. The change can be systemic, such as prepending a sequence (such as a string consisting of a single character) which the end user won't possibly be able to enter, either due to being impossible to the hash algorithm or, a bit less secure but known to effectively work in some scenarios, simply being a string prepended to the password which the end user won't know (and won't likely crack). However, some environments have another setting/property for each user account that indicates whether it is disabled, and so knowing how to make sure the account is enabled can be important.

Simple logins: Username and basic passphrase
Key files
These are typically more secure than basic typed passphrases due to a substantially longer “secret”. They can also be automated, so once implemented, can even be easier to use than simple logins.
One time passwords

A mixture of a neat/new technology (one time credentials) and an archaic technology that is best replaced (passwords).

Biometric reading technology
Some laptops have a fingerprint scanner.
Handling groups
Adjusting other user properties (e.g. home directory, etc.)
Home directory
Modifying a user's name, location, etc. Note that location and contact info may commonly be implemented in a way that allows such info to be commonly shared. Some properties, such as an end user's first name, might not be something that a typical end user has any way to change without going through an authorized staff member of the network administration. Others, such as a preferred E-Mail address or what shell is run with remote command lines, may be something more commonly allowing a user to edit. There may still be some default values, such as an E-Mail address defaulting to the user's username followed by an at sign and a specific machine's name.
Some of these settings may have defaults based on various factors such as: end user's typical physical location (such as which printers show up and which one is used by default), or other characteristics such as the person's position within an organization (such as setting the default printer for a graphics designer to a slower printer that prints with higher quality or more expensive paper, but having a financial user default to a printer that prints with lower quality but lower cost and higher speed.) Policies, including permissions, can certainly have an effect on what preferences make sense as defaults. Another example: Default outgoing E-Mail address.
Backing up/importing/exporting users
Policies (Enforcing policies)
User policies
ToS/EULA/etc. (Legal/documetnation/etc.)
Authentication Policies
e.g. password rotation (age, non-use of history), testing password strength
Other policies
File systems typically support permissions, which is a type of policy which is certainly important. Windows XP (and other systems) can force certain settings using a feature called "Local Policy". (Confirm: what operating systems have that? Win XP Home?) There is also “Group Policy”, which basically involves applying policies, similar to local policies, based on what group(s) an end user may be in.
[#remtaccs]: Remote Access Remote Access
Remote command-line
SSH and other options
Remote graphics connection: sharing screens (visual displays)
Sharing applications (window commands)
xpra, RDC/RDP
Sharing screens (or screen area)
[#rfbvnc]: Remote framebuffer (“rfb”), and VNC (which uses RFB)
There's quite a few clients, including TightVNC, FreeNX, UltraVNC, and more.
Sharing other things
There are various subsections describing sharing and/or interacting with other items such as clipboards, files, printer objects, and details like what is running on a system.
[#usenetdb]: Using Databases
After a network-capable database server is set up, there may be various steps to use the desired database software to create a database, make sure the file is online, send standard queries to look up information on the database, or perform maintenance functions such as backing up the database (or, as another example, removing old and unneeded entries to reduce database size).
[#filexfer]: File transfering
File transfering
Basic overview of multiple methods of file transferring
[#fxfrfsys]: Remote filesystems
See the section about Remote filesystems.
File sharing sites
Sharing with the public
[#webxfer]: Web transfers

The section about Web-based file/data sharing covers the basic technology of providing static files over the web.

For more elaborate websites that support other types of content, see websites.

Securing some data

e.g., password-protected web content

(This section is not currently elaborated upon. Details have been explored, and so further details will be getting added in the relatively short future.)

Network Sites
[#websites]: Websites

For web servers, choose some of the web serving software. As such servers can also perform a simpler role of simply serving files, the basic setup of such software is covered by the section on web transfers.

This section is more about setting up more elaborate sites: those that provide server-side dynamically-generated content, and those that accept input from a user (e.g. by supporting forms/POST data, and/or uploaded files).

This section is about some of the more technical aspects of technologies often used to help power websites. For details about website content, see providing professional services: making a website.

Analyzing Logs
Inconsistent numbers
AWStats vs. Webalizer vs. Google Analytics provides some specific details. In a nutshell: remotely-provided services like Google Analytics are less likely to provide details except for visits by actual people who allow tracking-type technologies (fully running JavaScript and allowing cookies). People who tinker with such technologies, such as clearing cookies, may effectively tinker with those types of status. So the server-side code is likely to be more accurate for that. The big corporations may have some superior insight in identifying certain known non-humans (such as the web spider software used by search engines so that the search engines can learn a site). Also, the tracking cookies can help to identify unique visitors, being less likely to be fooled by different routing. A realistic example is if a laptop flipped to wired network, after having used Wi-Fi to connect to a tethering mobile phone that was using a wireless phone provider's towers). The laptop would come from a new IP address (possibly even changing the address type, from IPv4 to IPv6), or vice-versa).

Even when the same logs are used, software may have different designs on how it defines a single “visit”. Webalizer's default threshold of 30 minutes differs from AWStats having a default threshold of 60 minutes, which affects whether a person's activities might count as one visit or two visits.

Related topics

Web-based analyzing often leads to a desire to want to increase traffic, or is a tool used to help pursue such a goal. See also: job paths: making a website.


In OpenBSD, the documentation may be at /usr/local/share/doc/analog/Readme.html

Making images accessible

Locate the images used by analog. For instance, the following would work on an OpenBSD system (which tends to place packages in /usr/local/share/), although other platforms may store the data in a different location.

ls -l /usr/local/share/analog/images

Those images could work fine, but they may be in an area of the filesystem that, for security reasons, is not as easily accessible as the location where the web report is going to be placed. The recommended course of action is to make a copy of those files. (We're talking about 274KB, so this is not going to be a huge amount of disk space. Although, if we were talking about thousands of users, there might be a negligible benefit to having these either be in a cental location, or be hard links on a Unix filesystem. Then again, if there are that many users, 2.74MB per thousand users is likely a relatively negligible amount of disk space.)

mkdir /output/anaimgs
cp -Rp /usr/local/share/analog/images/. /output/anaimgs/.
Creating a configuration file
Example configuration file if using Apache


LOGFILE /var/www/logs/*
OUTFILE /tmp/anarep.htm
IMAGEDIR /output/anaimgs/

The following line might also be pre-pended, if using Apache:

APACHELOGFORMAT (%v %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i")
Example Configuration file if using nginx

If using nginx, try prepending this instead:

LOGFILE /var/nginx/logs/*
OUTFILE /tmp/anarep.htm
IMAGEDIR /output/anaimgs/


LOGFORMAT (%S - %u [%d/%M/%Y:%h:%n:%j %j] %j %r %j "%c" %b "%f" "%B" %j)

That configuration seems to work well. (Certainly much better than the old configuration that had been documented at this site, which was the following.)

LOGFORMAT LOGFORMAT (%S - %u [%d/%M/%Y:%h:%n:%j %j] %j %r %j %c %b "%f" "%B")

Note that the specified OUTFILE is just the HTML file that will be created. The analog program will also make additional files in the same directory as the specified output HTML file.

Running the program
analog +g/somespot/analog.cfg +f

The following syntax puts multiple files in the current directory.

cat /var/www/logs/* | webalizer
ls -l index.html

A quick search on the web indicates that webalizer may like things in Apache log format, so nginx users might not be able to use this unless nginx is configured to create its web logs using Apache's format. (Likely conversion may also be an option.)



Wikipedia: List of web analystics software lists several options, including several options using GPL.
Technical platforms
[#cmmngwif]: Common Gateway Interface (“CGI”)
RFC 3875: The Common Gateway Interface (CGI) Version 1.1
Server-side includes
... see ssi (part of thttpd)
Supporting popular scripting languages

These may be implemented using CGI, or perhaps some other method (such as using an add-on built into a web server). Such alternate methods may be less portable to other web serving platforms (e.g. using other web server software) but may have some other advantages (speed, low memory footprint).

PERL for Windows
IndigoPERL by IndigoStar Indigo PERL

The license for this program allows for free use and distribution within an organization, although re-distribution may require permission.

In addition, there is IndigoAMPP (by IndigoStar software).

ActiveState's ActivePerl
Strawberry Perl
PHP (“PHP: Hypertext Processor” recursive acronym, previously meaning “Personal Home Page”)

For information on using this with Win32, perhaps see IndigoAMPP (by IndigoStar software).

Ruby (on Rails)
Active Server Page (“ASP”)
Shopping Site
Multi-user editing: Wiki
Electronic Messages

This is for any sort of methods to send messages in a very quick manner, such as how E-Mail is usually sent, including “chat” messages.

Generally considered to be the second most commonly used functionality of the Internet, only behind the information sharing of the world wide web.
One on one correspondence
[#talk]: Talk (and similar)
For information on talk/ytalk/WinTalk/etc., see relevant information at: TOOGAM's Software Archive: Chat software.
Chat Rooms
IRC, etc.
Instant Messaging

This may allow for a message to be sent to a server, which will then be relayed to a user once the user is online again. Fundamentally this isn't significantly different in nature than E-Mail, but popular IM software is sometimes used by people who may not receive E-Mail as quickly. Communications may be direct peer-to-peer, which is architectually different than having one or multiple E-Mail servers in the middle of the communication. IM clients also tend to share information about a person's availiability/status with friends.

Currently some information is at: TOOGAM's Software Archive: Chat software.

e.g. iCalendar (RFC 5545: Internet Calendaring and Scheduling Core Object Specification (iCalendar), and RFC 5546: iCalendar Transport-Independent Interoperability Protocol (iTIP))
Certificate Communications
Certificate Communications describes obtaining(/creating) a certificate.
See: ID.

This functinality is described in the “Behind the Scenes” section. See: “Intrusion Detection System” (“IDS”)/“Intrusion Prevention System” (ldquo;IPS”).