How to create Multiple Uses in Perforce - perforce

Is there a way we (superAdmin) can create multiple users with their email addresses in Perforce, either using the command line or using scipt (python or shell)?
Shell script would be preferred.

Use the p4 user -o command to output a user spec, and p4 user -i (with the -f flag if your server is configured to require superuser permission to create new users) to save it.
The email address defaults to user#client so an easy way to set the email address without actually editing the form is to just specify the email domain as the client name (you don't need to create an actual client spec) via the -c global flag, e.g.:
C:\Perforce\test>p4 -c gmail.com user -o fred
# A Perforce User Specification.
#
# User: The user's user name.
# Type: Either 'service', 'operator', or 'standard'.
# Default: 'standard'. Read only.
# Email: The user's email address; for email review.
# Update: The date this specification was last modified.
# Access: The date this user was last active. Read only.
# FullName: The user's real name.
# JobView: Selects jobs for inclusion during changelist creation.
# Password: If set, user must have matching $P4PASSWD on client.
# AuthMethod: 'perforce' if using standard authentication or 'ldap' if
# this user should use native LDAP authentication.
# Reviews: Listing of depot files to be reviewed by user.
User: fred
Email: fred#gmail.com
FullName: fred
Piping this output to p4 user -i -f saves the user spec:
C:\Perforce\test>p4 -c gmail.com user -o fred | p4 user -i -f
User fred saved.
C:\Perforce\test>p4 users fred
fred <fred#gmail.com> (fred) accessed 2022/09/21
If you need to edit the actual form (e.g. to set the FullName), you can always use text editing tools like sed, but an easier option is to use the built-in --field global flag, which lets you set individual spec fields in command output:
C:\Perforce\test>p4 --field Email=fred#bedrock.gov --field "FullName=Fred Flintstone" user -o fred
User: fred
Type: standard
Email: fred#bedrock.gov
Update: 2022/09/21 08:50:34
Access: 2022/09/21 08:50:34
FullName: Fred Flintstone
AuthMethod: perforce
Again, to actually save the user spec you just need to pipe this to p4 user -i:
C:\Perforce\test>p4 --field Email=fred#bedrock.gov --field "FullName=Fred Flintstone" user -o fred | p4 user -if
User fred saved.
C:\Perforce\test>p4 users fred
fred <fred#bedrock.gov> (Fred Flintstone) accessed 2022/09/21

Related

How to configure yocto so that no one should be able to login as root in yocto image

I am building a yocto image and I do not want anyone being able to login as root in it. I do not wish to remove the account but here is what I want to accomplish.
I want to disable root account access from terminal as well as ssh or create a password that will never validate.
I want to make all files root owner and set them to 700 permissions.
Add these lines to your image recipe.
inherit extrausers
EXTRA_USERS_PARAMS = "usermod -L -e 1 root; "
This locks the password and expires the account. Make sure you don't have debug-tweaks or empty-root-password in your IMAGE_FEATURES.
$ man usermod
...
-e, --expiredate EXPIRE_DATE
The date on which the user account will be disabled. The date is
specified in the format YYYY-MM-DD.
An empty EXPIRE_DATE argument will disable the expiration of the
account.
This option requires a /etc/shadow file. A /etc/shadow entry will
be created if there were none.
...
-L, --lock
Lock a user's password. This puts a '!' in front of the encrypted
password, effectively disabling the password. You can't use this
option with -p or -U.
Note: if you wish to lock the account (not only access with a
password), you should also set the EXPIRE_DATE to 1.
Checked:
Login with ssh is not possible, even though PermitRootLogin yes is set in /etc/ssh/sshd_config
$ su - root is not possible, even though the login shell in /etc/passwd still points to /bin/bash instead of /sbin/nologin
Login to ftp server via root is not possible
Not Checked:
I did not check what happens if we add systemd.unit=rescue.target or systemd.unit=emergency.target to the kernel commandline.
... ?

Perforce log in as someone else

In the doc's I'm reading: To log in to Perforce automatically, you can save your password in a text file, and redirect p4 login to read from that file. For example, if you saved your password to a file called password.txt, the command would be:
Command:
p4 login < password.txt
However I've created a new local account using the following commands:
p4 user -f test
p4 passwd perforce-bot
When I now wan't to login with p4 login test < password.txt it complains about "Perforce password (P4PASSWD) invalid or unset".
How should I understand that? This operation works fine if I first do a p4 login (I'm an admin) and then run that snippet, it basically feels like sudo'ing as someone else, but I would want to use it without the need to login as my user first so I can run it as a cronjob on any machine.
These are two different commands:
p4 login: authenticates the current user ($P4USER) by prompting for a password
p4 login USER: authenticates an arbitrary other user IF already authenticated as a super user
Note also that if you run p4 passwd perforce-bot, you're setting the password for a user called perforce-bot (again, this is an admin command).
To temporarily switch the current user without resetting $P4USER, use the -u global flag:
p4 -u test user # creates a new user called "test"
p4 -u test passwd # sets the password for "test"
p4 -u test login # login "test" via stdin password prompt
p4 -u test <any command> # run any other command as "test"

how to tell with perforce if you are logged in with -a or just a host login?

I'd like a method to detect if the current login is limited to a host, or is valid across all hosts. This is needed for error detection when using things like LSF.
I'm aware of p4 login -s, but I haven't figured out how to tell the difference between -a and per host
If you have the user's password (or are a superuser) you can run login again with different flags to see what the ticket values are with different host limits -- running login when you already have a valid ticket does not generate a new ticket, it just returns the existing (server-side) ticket with the appropriate hashing. (p4 logout -a invalidates the server-side ticket.)
So for example, if I have this ticket and want to figure out whether it's host-bound:
C:\Perforce\test>p4 tickets
localhost:unknown (Samwise) 18D5A046F46601FD67827A39D6449A7E
as a superuser I can do:
C:\Perforce\test>p4 login -h 1.2.3.4 -p Samwise
22B95BDC5DE0571C2BF92A1E688C97E3
C:\Perforce\test>p4 login -h 127.0.0.1 -p Samwise
2ECEA5DDFFEB53E4DAFA29F70DD321A4
C:\Perforce\test>p4 login -a -p Samwise
18D5A046F46601FD67827A39D6449A7E
Note that the ticket I got with login -a matches the one in my ticket file, so I know that my current ticket is a global ticket. (The ticket values I got from login -h are the same ticket value hashed with the provided host.)
If I'm not a superuser, I can't use the p4 login USERNAME shortcut and will have to re-enter my password for each login command.

stopping user to access the system for few days

One of our user is on leave for few days
and I want to stop him accessing the systems for these days ..
should I
Add * to his encrypted password
or delete the user from etc /password file
or Remove the user encrypted password
or rename username to root
or set his userID to -1
Which option should i go for out of the above
It's for an access to a Linux system (Ubuntu). Not sure where you found those listed options, but in general try to use the system's tools to manage the system.
Simply lock the account:
sudo passwd -l [user_name]
Alternatively you can put an expire date on the account:
sudo passwd -e YYYY-MM-DD [user_name]
To unlock a locked account:
sudo passwd -u [username]

Perforce: run script as particular user and workspace

I have a powershell script that does various things, including running p4 commands such as syncing, creating a changelist and checking files into it, create a label etc. My script works fine when I run it on my development environment as my user.
Now I would like to run the script on another machine, against a specific workspace, and a specific Perforce user. Is there some set of commands I can add to the beginning of my script so that I can set the perforce user and use a specific workspace for the remainder of the script? If yes, I'd like to know 2 ways of doing this, one with the password in plain text (for testing and verifying), and one without it (for production use).
Releated: I think part of my problem is that I don't fully understand how the session user is determined. On the other machine, if I try to run any p4 command, I get the message: "Perforce password (P4PASSWD) is invalid or unset." I got that message even if I try:
p4 login abc
"abc" can be anything and I get the same message. I must be wrong in thinking that the "login" command can be used to login as a particular user. I was expecting it to prompt me for abc's password, rather than telling me I need to set a password before I can login as someone else.
But if I type in this:
p4 login
I am prompted to enter in a password. But for what user would that be? My Windows account user? What if I don't have a perforce user with the same name as my windows account user?
This is the doc page you need:
http://www.perforce.com/perforce/doc.current/manuals/cmdref/envars.html
In general, this should do the trick (with the current version of the command line client that supports "p4 set" on all platforms):
p4 set P4USER=username
p4 set P4CLIENT=clientname
p4 login
The "p4 login USERNAME" syntax is used when you've already logged in as a super user to get a login ticket for a different user (with no password prompt). Like all other commands, "p4 login" uses your P4USER to determine who you're running the command as.
To Auto login via powershell, login -a means allow login from any ip...
$USER = "My.User"
$PASS = "P455w0rd"
Out-File -FilePath C:\p4pass.txt -InputObject $PASS -Encoding ASCII -Width 50
cmd /c "p4 -u $USER login -a < `"C:\p4pass.txt`" " 2>&1
To specify the user, workspace and server:port append the below before the perforce command... e.g:
p4 -u ${USER} -c ${WORKSPACE} -p ${perforce:1666} login -a
p4 -u ${USER} -c ${WORKSPACE} -p ${perforce:1666} sync -f -q //...#head
To specify a ticket, get the ticket from the command:
p4 tickets
and specify it with an upper case -P, e.g:
p4 -u username -P 5E8ED75FB5086BE82D9BCD5561D32AEE sync...

Resources