/*------------------------------------------------------------------------*/
/*                                                                        *
 *  $Id: Security 1.1 1994/11/29 13:36:31 heinz Exp $
 *                                                                        */
/*------------------------------------------------------------------------*/

Envoy Security
--------------

Security in Envoy is similar to that of Unix, where you have users and
groups.  Just like in Unix, each user has a name, password, numeric
user id, and a primary group id.  Each user also has specific flags
that specify whether or not a user may create groups, change his name,
change his password, etc.  A group in Envoy is also similar to the
concept in Unix, where each group has a numeric group id and contains
an arbitrary number of users.

Unlike Unix, every machine using Envoy does not need to have it's own
private list of users and groups.  Only machines that are exporting
services need to have a user and group database.

The core of Envoy security is the Accounts Manager, which runs on each
machine that is exporting services, such as a printer or file system.
The Accounts Manager is a process that keeps track of all user and
group information on a particular machine.  The Accounts Manager is
accessed from Envoy services by using the accounts.library, which is
described below.


User and Group Administration
-----------------------------

User and Group administration is accomplished by using the two
configuration tools, named Users and Groups.

The Users tool allows you to add, remove, or change users on a
particular machine.  When it is started, it will ask you to log in.
If this is the first time you've run the Users tool, you should log in
with a user name of "Admin" with a password of "Admin".  At this point
you should probably change the password for the Admin account.  You
may also change then name of the Admin account if you wish.

If you want to add a user to your machine, click on the Create gadget
below the ListView gadget.  A new account named "NewUser" will be
created.  You can then change then change "NewUser" to anything that
you like, as well as the password.  You can also change what the user
can and can't do by using the checkbox gadgets on the right.

To add or remove groups, you must run the Groups tool.  Once you have
logged in, you will see two listview gadgets.  The one on the left
lists the groups that have been created on your machine.  The list on
the right is for displaying what users are members of the currently
selected group.

To add a group, click on the Create button below the left listview.  A
new group named "NewGroup" will be created.  You may change the name
of this group by clicking in the string gadget below the lefthand
listview.

To add a user to the currently selected group, click on the Add...
button below the righthand listview.  A requester will open that will
allow you to click on a user to add.

You may remove a group member by clicking on a user's name in the
righthand listview and clicking on the Remove button.

Each group also may have a Group Administrator that is allowed to add
or remove users to a particular group.  The default for the Group
Administrator is the Admin account.  You may change this by clicking
on the Select... gadget above the righthand listview.  A requester
will open that will allow you to select the new Group Administrator.

