GASH 1.0 INTRODUCTION
18 September 1994
ARL:UT Computer Science Division
Dean Kennedy & Jonathan Abbey
---------------------------------

Hi.  Welcome to the wonderful world of GASH, the Group Administration
SHell.  GASH is a sophisticated editing shell and management shell for
NIS and DNS.  Through NIS and DNS, GASH manages 

     ------------------------------------------------------------

	UNIX user accounts,
	UNIX user account groups,

	SMTP e-mail delivery and aliasing (including the definition of
	e-mail groups),

	NIS netgroups (which are used in NIS-compatible UNIX system
	files to control what users and/or systems have access to what
	network	resources),

	Automounter configuration maps (auto.vol and one or more
	auto.home maps),

	TCP/IP system management (including automatic generation of DNS
	tables and NIS ethers map)

     ------------------------------------------------------------
	
GASH is designed to work with a set of conventions and administrative
procedures which will enable you to securely share administrative
privileges among a large group of administrators.  GASH provides
(ideally) bullet-proof editing features.  GASH strives very hard
to prevent your administrators from doing anything that will corrupt
any GASH database.  GASH checks and cross-checks all administrative
actions that your administrators attempt, and will prevent them from
making any changes which would cause changes to databases outside of
their permission set.

GASH works in two modes.  The first is an interactive editing and
browsing mode, the second is an automated nightly processing mode.

At ARL:UT, we have GASH set up on our master NIS and DNS server.  GASH
is installed as a SETUID root program which is automatically run when
a user who has been granted administrative privileges telnets to our
master server.  In interactive mode, an administrator telnets to
server, enters his login name and password, then enters his
(different) GASH password.  GASH then allows the administrator to use
a set of editing and browsing commands to manipulate the master GASH
databases.  GASH closely enforces permissions according to uid range,
gid range, group name (if USE_GROUP_MASK was defined at compile time),
netgroup name, and by a list of system managers associated with each
system registered in the GASH hosts_info database.

When an administrator exits GASH after making any changes, GASH runs a
makefile which will convert the GASH databases to the appropriate
master files for NIS and DNS, which will then be propagated to
whatever machines you have designated as slave servers.

Only one user at a time may use the GASH program.  We run GASH in an
automated mode (by running GASH through the autogash symbolic link)
once a night from a CRON entry.  The autogash mode performs thorough
cross-database consistency checks, and performs any delayed actions.
Delayed actions are basically notes that GASH writes to itself in the
pending_actions file which will be performed at a specified time.
Whenever GASH inactivates a user, group, or netgroup, it renders the
user, group, or netgroup inoperative, (e.g., by changing the user
password to '*' and the user shell to '/bin/false'), and writes a user
removal note to itself in the pending_actions file.  Later on, when
the action fires, GASH will completely clean the user out of all GASH
databases.  GASH will also write notes to itself to send out mail on a
weekly basis reminding the responsible administrator of the pending
removal.

Anyway.

To use GASH, you will need to be reasonably knowledgeable about NIS,
DNS, and SMTP (sendmail) administration.  Neither this introduction,
nor any other informative files that we manage to put together in this
initial release will be sufficient to teach you everything you will
need to use this system.

We do have a world wide web server, on which we will attempt to keep
decent documentation on.  The URL is:

http://www.arlut.utexas.edu/csd/gash_docs/gash.html

from there, you will be able to find whatever documentation exists.

----------------------------------------------------------------------


