Oracle Internet File System Setup and Administration Guide Release 1.1 Part Number A81197-05 |
|
The second task involved in setting up Oracle iFS is to add users and define groups of users for ease of administration. This chapter steps you through determining which Oracle iFS administration tool to use and the basic steps to follow with each tool. The following topics are included:
Out-of-the-box, most people will use Oracle iFS as an enhanced file system. To customize Oracle iFS for your organization, some of these users should have administrative permissions. To manage users, you need to manage information in both the Oracle iFS server and the Credential Manager.
Oracle iFS maintains Oracle iFS-specific user information in user profiles. Each active Oracle iFS user has a Primary User Profile, an e-mail user profile, and, optionally, extended user profiles:
Oracle iFS uses a credential manager to authenticate users. A credential manager is an extensible authentication mechanism that determines the validity of a credential, such as a user name and password.
Each Oracle iFS user specifies the name of the credential manager used to authenticate that user, as well as the distinguished name that identifies that user to the credential manager.
A single default credential manager is created when Oracle iFS is installed. For each Oracle iFS user created, a corresponding entry, consisting of the user's distinguished name and password, is stored in this default credential manager.
The default credential manager optionally requires users to be RDBMS users. If this feature is enabled, the Oracle iFS user named "jsmith" could only log into Oracle iFS if there was an RDBMS user named "jsmith." The credential manager only checks the user name. The RDBMS password does not have to match the Oracle iFS password.
To enable this feature, set the CredentialManagerIfsRdbmsUserMustExist property to true in the secondary properties file. This property is located in the following directory:
Platform | Directory |
---|---|
UNIX |
|
Windows NT |
|
HTTP authentication is a common mechanism for adding security to static Web pages. Oracle iFS uses its own security features as the basis for HTTP authentication. Files and folders need to have the PUBLISHED ACL applied for users to use a browser to access these objects without being forced to log in. If they are forced to log in, they must supply their Oracle iFS username and password.
Users can be created with all the Oracle iFS administration tools. Oracle recommends that you use Oracle iFS Manager, XML, or the Web interface. These tools create all objects associated with a new users with standardized settings. Creating users involves two steps:
Note: In the sections that follow, the Oracle iFS Manager is used to illustrate the procedures for setting up Oracle iFS. |
Before creating a user, you can set the default user definitions which will be applied to all users you create. Using the user definitions provide a uniform way of creating users that is consistent with the various clients. If you do not set the user definitions, the defaults apply.
To set the default user definitions:
/home
.
Enabling quota control limits storage content. The default allocated quota storage is 25 megabytes per user. If a user's quota is reached, they will be unable to save documents in Oracle iFS.
The Email Address field is automatically populated when the users' name is entered and consists of the <username>@<domain>
. By default, the suffix for the users' e-mail address is what you specify when setting the user definitions.
The Email Folder field is a specified value that is the parent folder for all mailboxes, such as Inbox.
Quota checking is only completed when the Quota Agent is running and quota is enabled. Enabling a user's quota without a running agent will allow users to go over their quota.
See AlsoFor more information on the Quota Agent, see Chapter 8, "Using Server Manager to Start and Stop Servers".
To create an Oracle iFS user:
The Create User dialog displays:
Each user has a Primary User Profile. This profile points to the user's home folder location and the user's default ACLs. The default ACLs determine which ACLs should be associated when the user creates different objects, such as folders and documents. By default, Oracle iFS sets the non-administrator user's default ACL to PUBLISHED (except for e-mail-related objects, such as messages. These have the PRIVATE ACL as the default), and sets the administrator's default ACL to PRIVATE (except ACL, PropertyBundle, DirectoryObject, VersionSeries, and VerionsDescription, which are PUBLISHED).
A user's home folder is the default directory where a user starts when logging into Oracle iFS. Users can use their home folder as their personal workspace and to store their private files. A user's home folder can reside anywhere, so Oracle iFS Manager provides a dialog to change the default home folder location. The Web interface creates a user's home folder as the user's login name, under the /home
directory. For example, /home/jsmith
. The user's Primary User Profile points to the user's home folder location.
If a user's quota is enabled, content storage is limited, by default, to 25 megabytes. Users cannot store content in Oracle iFS when this limitation is reached.
The user's e-mail profile points to the user's e-mail folder location and specifies the user's e-mail address. Oracle iFS Manager and the Web interface create the user's e-mail folders under the home folder. For example, /home/jsmith/mail/inbox
.
Creating users can be complicated since many other user-related objects, such as home folders, user profiles, and mail boxes are created at the same time. Using the <SimpleUser>
tag within the XML file applies all the default definitions found in Table 5-1, "Additional User Definitions". You can change the user default settings in Oracle iFS Manager to suit your requirements. You do not need to specify every single value unless you want to override any of the default values. You override the defaults by explicitly setting them in the XML file. The values are case-sensitive.
Creating a single user and all its user-related objects are created in a single transaction. This includes a Directory User, Primary User Profile, Email Profile, Inbox, and a Home Folder are created in one step. Therefore, do not include creating any other objects besides users in your XML file. Also if you are creating 10 users in a single file, and an error occurs on the 7th user, the previous 6 users and their user related objects are not rolled back.
The following XML file lists the definitions used to create users with an XML file. When using XML, you really only need to include the username and password, but this example displays other definitions you can include to override the defaults you set using Oracle iFS Manager. This example also shows you how to create users by parsing the XML file and checking that the users were created using the Command Line Utilities.
<SimpleUser> <UserName>gking</UserName> <Password>ifs</Password> <DistinguishedNameSuffix>.yourcompany.com</DistinguishedNameSuffix> <AdminEnabled>true</AdminEnabled> <HomeFolderRoot>/home</HomeFolderRoot> <EmailAddressSuffix>@yourcompany.com</EmailAddressSuffix> </SimpleUser>
$ORACLE_HOME/ifs<version>/bin/ifslogin system/<password>
$ORACLE_HOME/ifs<version>/bin/ifsput users.xml
$ORACLE_HOME/ifs<version>/bin/ifsls -class DirectoryUser
You can also drag and drop the user file into Oracle iFS through the Windows or Web interface and FTP. Oracle iFS invokes the XML parser and the users are created.
The following table lists the complete set of user definitions you can set and a brief description. The definitions in this table can be set using an XML configuration file for creating users.
Using Oracle iFS Manager, you can view the properties of existing Oracle iFS users.
To display all existing users:
To display user properties:
It may be necessary to change a user's password as you administer Oracle iFS. For example, if a user forgets his or her password, this is how to reset it.
For information on changing the ifssys
password, or if you have lost the password, see Chapter 13, "Oracle iFS Log Files and Troubleshooting Information".
It may be necessary from time to time to change a user's home folder. For example, if the home directory is changed or moved, you must change their home folder directory.
It may be necessary to change a user's default ACL. To do this:
It may be necessary to change a user's e-mail address, for example, if their name changes.
It may be necessary to change a user's quota control. For example, some users need more space than others.
If a user's quota is enabled, content storage is limited, by default, to 25 megabytes. Users cannot store content in Oracle iFS when this limitation is reached.
You can delete users using Oracle iFS Manager. When you delete a user, you can change the ownership of the objects owned by that user and specify if the user's home folder is to be deleted.
To delete a user:
The Delete User Selection dialog displays:
By assigning users to groups, you make administration and maintenance easier. Instead of adding each user to an Access Control List for a file or folder--a time consuming task--you can add a group of users all at the same time. Oracle iFS is shipped with world, a default group. When users are created, they are automatically added to this group. To create a group, you define the group itself, then populate it.
To create a group:
The default ACL of the user that created this group is assigned to any new group you create. Therefore, a group with the PUBLISHED ACL cannot be edited by any user. When creating groups, it is important to discuss with department managers and other users if they want all Oracle iFS users to have read-only access to the groups you are creating for their respective departments. If you need to change the default ACL, you can do so by modifying the ACL for a specific group.
Using Oracle iFS Manager, you can view existing Oracle iFS groups and their properties.
To display all existing groups:
To display group properties:
The group you want to add users and groups to is called the target group.
To rename an existing group:
You can delete groups using Oracle iFS Manager. Any user with the correct permissions can delete groups as long as they have the correct permissions.
To delete a group:
This example XML file creates groups. You can use this file, although you must modify the name of the group to match the name of the group you are creating. When adding users to the group, the user names must exist. If you use FTP or CUP to load the XML file into Oracle iFS, it is parsed and not saved anywhere in Oracle iFS.
<DIRECTORYGROUP> <Name>DemonstrationUsers</Name> <Members> <REF reftype='name'>msmith</REF> <REF reftype='name'>mallen</REF> <REF reftype='name'>sward</REF> <REF reftype='name'>rjones</REF> <REF reftype='name'>tmartin</REF> <REF reftype='name'>dblake</REF> <REF reftype='name'>eclark</REF> <REF reftype='name'>sscott</REF> <REF reftype='name'>gking</REF> <REF reftype='name'>tturner</REF> <REF reftype='name'>jadams</REF> <REF reftype='name'>pjames</REF> <REF reftype='name'>gford</REF> <REF reftype='name'>amiller</REF> </Members> </DIRECTORYGROUP>
|
Copyright © 1996-2001, Oracle Corporation. All Rights Reserved. |
|