Difference between revisions of "Sysadm:User Management"

From CHG-Wiki
Jump to navigationJump to search
(Added Standard Directories)
(Added notes to basic directories.)
 
(5 intermediate revisions by the same user not shown)
Line 17: Line 17:
 
On rain:
 
On rain:
  
  mkdir /raid/chg-users/chg
+
  mkdir /raid/chg-users/[user]
  chown 31111:31111 !$
+
  chown [uid]:[gid] !$
  
 
Login to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:
 
Login to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:
  
 
  #add an entry for the new user in /etc/auto.home:
 
  #add an entry for the new user in /etc/auto.home:
  chg     -rw,soft        rain:/raid/chg-users/chg
+
  [user]     -vers=3,rw,nolock,soft        rain:/raid/chg-users/[user]
  
 
Save, then:
 
Save, then:
  
 
  service autofs reload
 
  service autofs reload
  useradd -d /home/chg -u 31111 chg
+
  useradd -d /home/[user] -u [uid] [user]
  
 
<code>useradd</code> will likely complain about skel files.
 
<code>useradd</code> will likely complain about skel files.
 
+
<!--
 
On chg-smb:
 
On chg-smb:
  
Line 38: Line 38:
  
 
<code>rsync</code> the files/skel stuff from local account to home directory on rain and edit the <code>/etc/passwd</code> file to pull out the "local" part from the <code>/localhome/[user]</code> so you'd be back to having them at <code>/home/[user]</code>.
 
<code>rsync</code> the files/skel stuff from local account to home directory on rain and edit the <code>/etc/passwd</code> file to pull out the "local" part from the <code>/localhome/[user]</code> so you'd be back to having them at <code>/home/[user]</code>.
 
+
-->
  passwd chg #or edit the shadow file to copy an existing passwd
+
  passwd [user] #or edit the shadow file to copy an existing passwd
 
  /home/sysadm/bin/push-configs 1
 
  /home/sysadm/bin/push-configs 1
  
Line 48: Line 48:
 
==Standard Directories==
 
==Standard Directories==
 
As a general rule, the following directories should be created and owned by [user]:chg
 
As a general rule, the following directories should be created and owned by [user]:chg
  /home/[user]
+
  /home/ftp_out/people/[user] #your ftp directory for outside access
  /home/ftp_out/people/[user]
+
  /home/sandbox/people/[user] #never backed up
  /home/sandbox/people/[user]
+
  /home/source/[user]   #put source code here (backed up every day)
  /home/source/[user]
+
  /raid/chg-[user]       #data directory
  /raid/chg-[user]
+
  /raid/chg-users/[user] #home directory
 +
 
 +
==Changing Passwords==
 +
To change a password for you CHG unix environment account, you will need to log in to [[chg-smb]]. Any changes you make outside of chg-smb will eventually be overwritten by the cron job that keeps our accounts uniform across servers.
 +
 
 +
Log in to [[chg-smb]] using your regular username and password.
 +
ssh chg-smb   
 +
*Note: If you are off campus you may need the full chg-smb.geog.ucsb.edu address.
 +
 
 +
Then use the passwd command as usual:
 +
[user@chg-smb ~]# passwd
 +
Enter old password:
 +
Enter new password:
 +
Re-enter new password:
 +
Password updated successfully.
 +
 
 +
After roughly an hour, your new password should propogate to the other CHG servers (e.g., [[rain]], [[chg-cscd]], [[chg-dub]], [[chg-ftp_out]], [[zippy]], etc.).
  
 
==Deleting a Samba Account==
 
==Deleting a Samba Account==

Latest revision as of 14:46, 6 February 2014

CHG uses a custom NIS-like script referred to colloquially as G-NIS.

Summary

The two main scripts (push-configs and pull-configs.C6) synchronize certain user account management files, all in /etc/:

  • passwd
  • shadow
  • group
  • gshadow
  • auto.home

The master files of those mentioned above are located on chg-smb and copy themselves into /home/sysadm/configs/etc/. Client systems monitor those files and overwrite their own /etc/ versions of the files if the /home/sysadm/configs/etc/ files are newer. When a client system overwrites its files with the chg-smb files, the first line (root) is preserved to retain root access in case of a catastrophic propagation failure (etc), as well as the second line (ladmin, the local root-access account).

  • (The third line may also be preserved, need to verify).

Creating a Samba Account

On rain:

mkdir /raid/chg-users/[user]
chown [uid]:[gid] !$

Login to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:

#add an entry for the new user in /etc/auto.home:
[user]     -vers=3,rw,nolock,soft        rain:/raid/chg-users/[user]

Save, then:

service autofs reload
useradd -d /home/[user] -u [uid] [user]

useradd will likely complain about skel files.

passwd [user]  #or edit the shadow file to copy an existing passwd
/home/sysadm/bin/push-configs 1

Then, back on rain:

/home/sysadm/bin/pull-conf.C6 1

Standard Directories

As a general rule, the following directories should be created and owned by [user]:chg

/home/ftp_out/people/[user] #your ftp directory for outside access
/home/sandbox/people/[user] #never backed up
/home/source/[user]    #put source code here (backed up every day)
/raid/chg-[user]       #data directory
/raid/chg-users/[user] #home directory

Changing Passwords

To change a password for you CHG unix environment account, you will need to log in to chg-smb. Any changes you make outside of chg-smb will eventually be overwritten by the cron job that keeps our accounts uniform across servers.

Log in to chg-smb using your regular username and password.

ssh chg-smb     
  • Note: If you are off campus you may need the full chg-smb.geog.ucsb.edu address.

Then use the passwd command as usual:

[user@chg-smb ~]# passwd
Enter old password:
Enter new password:
Re-enter new password:
Password updated successfully.

After roughly an hour, your new password should propogate to the other CHG servers (e.g., rain, chg-cscd, chg-dub, chg-ftp_out, zippy, etc.).

Deleting a Samba Account

Log in to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:

smbpasswd -d [user] #Takes the user 
smbpasswd -x [user] 
smbpasswd -e [user] 

If you get "Failed to find entry for user [user].", set it to "nologin" by:

usermod -s /sbin/nologin [user] 
userdel -r [user] 

Delete the user's entry in /etc/auto.home, save, then:

service autofs reload
/home/sysadm/bin/push-configs 1

Then, back on rain:

/home/sysadm/bin/pull-conf.C6 1