1. Field of the Invention
The present invention relates to computer system administration, and more specifically to creating accounts on a computer system.
2. Description of the Related Art
Typical implementations of computer networks comprise multiple computers and devices connected together via various connection methods. For example, FIG. 1A is a diagram illustrating a computer network 100 with two computers and a storage device 106 connected together via a network connector 110. In the computer network 100, the storage device 106 provides a physical location for data accessible from any point on the computer network 100. The computers can be categorized as a client 104 or a file server 105. The client 104 and the file server 105 can be the same type of computer, but they can also differ. For example, the client 104 can be a computer with limited storage capacity, such as 100 GB, with one processor and 512 MB of random access memory (RAM). In contrast, the file server 105 can be a computer with 20 TB of storage, multiple processors, and 20 GB of RAM. Generally, the file server 105 is capable of storing more data and processing data faster than the client 104.
Data stored on the storage device 106 can be accessed via the network connector 110. Examples of the network connector 110 can include category5 (CAT5) cabling, fiber optic cables, and wireless connection methods such as WiFi® and Bluetooth®. When a user 102 accesses data stored on the storage device 106, the user 102 can log onto a user account previously created on the file server 105. Typically, an administrator 103 creates the user account before the user 102 stores data anywhere on the computer network 100. As the user 102 logs onto the user account using the client 104, the client 104 communicates with the file server 105, authenticating access to the user account. If the file server 105 authenticates the user account, then the user 102 can access data located in the computer network 100. Alternatively, if the file server 105 cannot authenticate the user account, then the user 104 cannot access the data.
FIG. 1B is a diagram illustrating traditional operations for account creation. For example, the administrator 103 can perform an administrator action in operation 120 while the user can perform a user action 170. In the user action of operation 170, the user 102 can request and wait for the user account. While the user 102 waits, the administrator 103, during operation 120, receives the request and logs onto an administrator account on the file server 105. Subsequently, the administrator 103 creates a user account in operation 130 by entering a username and initial password for the user 102. Then, the administrator 103 creates a mount point location on a directory structure for the user 102 in operation 140. For example, the mount point location can be a directory for the user 102 among other user directories in the storage device 106. The directory can be assigned a set storage limit such as 20 MB of storage. The administrator 103 then performs an operation 150 of assigning privileges to the user account. For example, the user 102 can have permission to read and write data to the 20 MB of storage, but cannot access any amount of storage outside the 20 MB. Finally, in operation 160, the administrator 103 provides notification of the account to the user 102. The user 102 then accesses the account in operation 180.
Using this traditional paradigm of establishing a user account using conventional security protocols, information technology (IT) administration costs have increased. Particularly, in a technical support group of the computer network 100, the administrator 103 must create user accounts. Consequently, while the administrator 103 creates user accounts, the administrator 103 cannot perform other tasks required to maintain the computer network 100. Further, if the computer network 100 increases in complexity, then repeated user account creation operations on multiple file servers 105 can require the additional hire of another administrator 103 to create user accounts. The added staff and the diversion of the administrator 103 from tasks that ensure minimal computer network 100 downtime increases the overall cost of maintaining the computer network 100.
In an attempt to remove administrator interaction, the client 104 can access a guest account on the file server 105. However, guests are given the same privileges as all other guests accessing the guest account on the file server 105. Thus, data is available to all guests using the account. Consequently, because all guests can access the data of all other guests, conventional security protocols that would protect one account from another account do not exist. Without the conventional security protocols, any guest can read, delete, or modify the data of another guest.
Accordingly, what is needed is a method and apparatus to create accounts in a computer network without an administrator action, thus reducing IT administration costs, while maintaining conventional security protocols that provide different privileges between the accounts.