System configuration

On system startup, the first process created is directed to run UCL, using the startup.ucl command file. Upon a new install, this file is a copy of the sysconfig.ucl file. After configuration, the startup.ucl file is overwritten with the necessary startup commands. If the user aborts with control-Y, the file isn't updated and the user can run it manually or just restart the system to run the configuration file again.

In the future, we will have additional items in the sysconfig file, but for now, here is what it looks like:

$ !
$ ! UOS System configuration script. V1.0
$ !
$ValidateName:
$ subroutine
$     i=0
$Validate1:
$     if i.lt.f$length(p1)
$     then
$         c=f$extract(p1,i,1)
$         i=i+1
$         if f$locate(c,"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz").eq.f$length(p1) then p1=""
$         goto Validate1
$     endif
$ endsubroutine
$ !

This routine is used to validate node and user account names to ensure they have only alphanumeric characters. The value to check is placed in the symbol P1. If, during the check, an invalid character is found, the symbol is set to null, which indicates to the calling code that there was a problem.

$ !
$ write sys$output "Starting system configuration at ", F$CVTIME("absolute",,)
$ !
$ write sys$output "If this computer will be accessed from a network or will be part of a cluster,"
$ write sys$output "you must provide a node name for it.  This name must consist of only alphanumeric"
$ write sys$output "characters. If you do not wish to give this system a node name, press the ENTER key."
$QueryNodeName:
$ inquire NodeName "Node name for this computer "
$ NodeName=f$edit(NodeName, "TRIM")
$ if NodeName.nes.""
$ then
$    p1=NodeName
$    call ValidateName
$    if p1.eq.""
$    then
$        write sys$output "Node name is invalid"
$        goto QueryNodeName
$    endif
$ endif
$ !

First we need to ask the user for a node name for this computer. We provide a bit of descriptive text to help guide a non-expert. We use the validation routine and loop back if the name was invalid and non-null. Note that we trim the name, just in case a stray space made it into the name.

$ write sys$output "We must create a system administrator account for this computer.  This account will"
$ write sys$output "have the privileges necessary to perform certain operations that should not normally"
$ write sys$output "be done by users.  It should only be used in special circumstances so that"
$ write sys$output "inadvertant use of malware won't compromise security.  You will have a chance to"
$ write sys$output "create a standard user account after we create the administrator account.  The"
$ write sys$output "name should be alphanumeric characters only."
$QueryAdminName:
$ inquire NodeName "Administrator account name"
$ AdminName=f$edit(AdminName, "TRIM")
$ if f$length(AdminName).eq.0
$ then
$    write sys$output "You must create an administrator account"
$    goto AdminUserName
$ endif
$ p1=AdminName
$ call ValidateName
$ if p1.eq.""
$ then
$    write sys$output "Administrator account name is invalid"
$    goto QueryAdminName
$ endif

Next we prompt for the name of the administrator account, which cannot be null, and we use the validation routine to verify that it is alphanumeric.

$ !
$ write sys$output "Enter the password to use for the administrator account.  This password should be easy"
$ write sys$output "for you to remember, but not easy for someone else to guess.  Iit must be at least 8"
$ write sys$output "characters long and for best results it should not be an actual word, and should"
$ write sys$output "contain both letters and numerals."
$QueryAdminPassword:
$ set terminal/local_echo
$ inquire AdminPassword "Password for administrator account"
$ set terminal/nolocal_echo
$ AdminPassword=f$edit(AdminPassword,"TRIM")
$ if f$length(AdminPassword).lt.8
$ then
$    write sys$system "The password must be at least eight characters in length."
$    goto QueryAdminPassword
$ endif
$ set terminal/local_echo
$ inquire AdminPassword2 "Verify the password for the administrator account by re-entering it"
$ set terminal/nolocal_echo
$ if AdminPassword.nes.AdminPassword2
$ then
$    write syste$output "The passwords don't match.  Please try again."
$    goto QueryAdminPassword
$ endif

Now we prompt for a password for the admin account and verify that it is at least 8 characters in length. We also prompt the user to validate it by entering it a second time. This is because we disable echo before prompting via the SET TERM command, which we will cover in the future.

$ !
$ write sys$output "Now we will create an account for normal use of this computer.  The name for this"
$ write sys$output "account should be alphanumeric characters only."
$QueryUserName:
$ inquire UserName "Name of user account"
$ UserName=f$edit(UserName,"TRIM")
$ if f$length(UserName).eq.0
$ then
$    write sys$output "You must create a user account"
$    goto QueryUserName
$ endif
$ p1=UserName
$ call ValidateName
$ if p1.eq.""
$ then
$    write sys$output "User account name is invalid"
$    goto QueryUserName
$ endif
$ if f$edit(AdminName,"COLLAPSE,LOWERCASE").eqs.f$edit(UserName,"COLLAPSE,LOWERCASE")
$ then
$    write sys$output "User account name must be different than the adminstrator account name."
$    goto QueryUserName
$ endif
$ !
$ write sys$output "Enter the password to use for the ",  UserName, " account.  This password should be"
$ write sys$output "easy for you to remember, but not easy for someone else to guess.  It must be at"
$ write sys$output "least 8 characters long, and for best results it should not be an actual word,"
$ write sys$output " and should contain both letters and numerals."
$QueryUserPassword:
$ set terminal/local_echo
$ inquire UserPassword "Password for the ", UserName, " account"
$ set terminal/nolocal_echo
$ UserPassword=f$edit(UserPassword,"TRIM")
$ if f$length(UserPassword).lt.8
$ then
$    write sys$system "The password must be at least eight characters in length."
$    goto QueryUserPassword
$ endif
$ set terminal/local_echo
$ inquire UserPassword2 "Verify the password for the ", UserName, " account by re-entering it"
$ set terminal/nolocal_echo
$ if UserPassword.nes.UserPassword2
$ then
$    write sys$output "The passwords don't match.  Please try again."
$    goto QueryUserPassword
$ endif

Next we prompt for a non-admin user, and password. This is almost exactly the same code used for the admin account above. One additional feature is that we verify that the user name is not the same as the admin name.

$ !
$ ! Handle node name
$ !
$ open file "sys$system:startup.ucl"
$ write file "$! UOS System Startup"
$ if f$length(NodeName).gt.0
$ then
$    set node 'NodeName
$    write file "$ set node 'NodeName"
$ endif
$ write file "$ eoj"
$ close file
$ !
$ ! Create accounts
$ !
$ authorize add 'AdminName/password='AdminPassword/privileges=(ALL)
$ authorize add 'UserName/password='UserPassword/privileges=(TMPMBX,NETMBX)
$ exit

Once we have collected the information from the user, we use it to configure the system. First, we overwrite the startup.ucl file. If a node name was provided, we use the SET NODE command to update the node name, and we write that command to the new startup.ucl file. Note that if no node was specified, the only effect is to create an empty startup.ucl file - which is what we want (the next startup will do nothing since we've already been set up). We will discuss the SET NODE command in an article to follow. I say it is an empty file, but there is always an EOJ command at the end so that the startup process logs out when it is finished - regardless of how much other stuff is in the file.

Finally, we create the system administration and user accounts. Node that the administrator account is given all privileges, while the user account is given TMPMBX and NETMBX, which are the two privileges necessary for basic UOS usage. Those two privileges would not be given to a captive account used in a public kiosk, but pretty much any other user will need them.

It should be noted that this is a bare minimal set up, and we will be adding more in the future, as mentioned above. But even a full-blown configuration wouldn't set up every last account that might be needed, nor would it set custom options even for the users it does set up. These customizations (such as additional authentication methods, for instance) can be done by the system administrator after the initial configuration. The intention here is for a basic UOS installation that provides a secure, usuable set-up that doesn't require extensive technical knowledge on the behalf of the user (consider a home user setting up UOS on his family computer). Obviously someone setting up a super-secure government computer would have to have a level of technical expertise to take advantage of all the security features of UOS.

It should also be obvious that a user can compromise a system quite easily, despite how secure it is at the start. For instance, they could use the administrator account while downloading content from unsafe web sutes. Or they could choose obvious passwords, or give them out to others. Or they could grant all users all privileges. The list could go on and on, but you get the point. It will be our challenge to design the rest of the UOS utilities such that users don't often feel the need to use the admin account or give other accounts full privileges in order to do their day-to-day tasks on UOS.

Of final note, I was tempted to have the script log the user out when it finished, but as they may well be addtional set up that requires privileges we will leave the user logged-in. He can log into his normal account manually or upon the next system reboot.

In the next article, we will look at the SET TERM CUSP.