Difference between revisions of "Sysadm:User Management"
(Added Standard Directories) |
(Added notes to basic directories.) |
||
(5 intermediate revisions by the same user not shown) | |||
Line 17: | Line 17: | ||
On rain: | On rain: | ||
− | mkdir /raid/chg-users/ | + | mkdir /raid/chg-users/[user] |
− | chown | + | chown [uid]:[gid] !$ |
Login to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following: | Login to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following: | ||
#add an entry for the new user in /etc/auto.home: | #add an entry for the new user in /etc/auto.home: | ||
− | + | [user] -vers=3,rw,nolock,soft rain:/raid/chg-users/[user] | |
Save, then: | Save, then: | ||
service autofs reload | service autofs reload | ||
− | useradd -d /home/ | + | useradd -d /home/[user] -u [uid] [user] |
<code>useradd</code> will likely complain about skel files. | <code>useradd</code> will likely complain about skel files. | ||
− | + | <!-- | |
On chg-smb: | On chg-smb: | ||
Line 38: | Line 38: | ||
<code>rsync</code> the files/skel stuff from local account to home directory on rain and edit the <code>/etc/passwd</code> file to pull out the "local" part from the <code>/localhome/[user]</code> so you'd be back to having them at <code>/home/[user]</code>. | <code>rsync</code> the files/skel stuff from local account to home directory on rain and edit the <code>/etc/passwd</code> file to pull out the "local" part from the <code>/localhome/[user]</code> so you'd be back to having them at <code>/home/[user]</code>. | ||
− | + | --> | |
− | passwd | + | passwd [user] #or edit the shadow file to copy an existing passwd |
/home/sysadm/bin/push-configs 1 | /home/sysadm/bin/push-configs 1 | ||
Line 48: | Line 48: | ||
==Standard Directories== | ==Standard Directories== | ||
As a general rule, the following directories should be created and owned by [user]:chg | As a general rule, the following directories should be created and owned by [user]:chg | ||
− | /home/[user] | + | /home/ftp_out/people/[user] #your ftp directory for outside access |
− | /home/ | + | /home/sandbox/people/[user] #never backed up |
− | /home/ | + | /home/source/[user] #put source code here (backed up every day) |
− | / | + | /raid/chg-[user] #data directory |
− | /raid/chg-[user] | + | /raid/chg-users/[user] #home directory |
+ | |||
+ | ==Changing Passwords== | ||
+ | To change a password for you CHG unix environment account, you will need to log in to [[chg-smb]]. Any changes you make outside of chg-smb will eventually be overwritten by the cron job that keeps our accounts uniform across servers. | ||
+ | |||
+ | Log in to [[chg-smb]] using your regular username and password. | ||
+ | ssh chg-smb | ||
+ | *Note: If you are off campus you may need the full chg-smb.geog.ucsb.edu address. | ||
+ | |||
+ | Then use the passwd command as usual: | ||
+ | [user@chg-smb ~]# passwd | ||
+ | Enter old password: | ||
+ | Enter new password: | ||
+ | Re-enter new password: | ||
+ | Password updated successfully. | ||
+ | |||
+ | After roughly an hour, your new password should propogate to the other CHG servers (e.g., [[rain]], [[chg-cscd]], [[chg-dub]], [[chg-ftp_out]], [[zippy]], etc.). | ||
==Deleting a Samba Account== | ==Deleting a Samba Account== |
Latest revision as of 14:46, 6 February 2014
CHG uses a custom NIS-like script referred to colloquially as G-NIS.
Contents
Summary
The two main scripts (push-configs and pull-configs.C6) synchronize certain user account management files, all in /etc/:
- passwd
- shadow
- group
- gshadow
- auto.home
The master files of those mentioned above are located on chg-smb and copy themselves into /home/sysadm/configs/etc/. Client systems monitor those files and overwrite their own /etc/ versions of the files if the /home/sysadm/configs/etc/ files are newer. When a client system overwrites its files with the chg-smb files, the first line (root) is preserved to retain root access in case of a catastrophic propagation failure (etc), as well as the second line (ladmin, the local root-access account).
- (The third line may also be preserved, need to verify).
Creating a Samba Account
On rain:
mkdir /raid/chg-users/[user] chown [uid]:[gid] !$
Login to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:
#add an entry for the new user in /etc/auto.home: [user] -vers=3,rw,nolock,soft rain:/raid/chg-users/[user]
Save, then:
service autofs reload useradd -d /home/[user] -u [uid] [user]
useradd
will likely complain about skel files.
passwd [user] #or edit the shadow file to copy an existing passwd /home/sysadm/bin/push-configs 1
Then, back on rain:
/home/sysadm/bin/pull-conf.C6 1
Standard Directories
As a general rule, the following directories should be created and owned by [user]:chg
/home/ftp_out/people/[user] #your ftp directory for outside access /home/sandbox/people/[user] #never backed up /home/source/[user] #put source code here (backed up every day) /raid/chg-[user] #data directory /raid/chg-users/[user] #home directory
Changing Passwords
To change a password for you CHG unix environment account, you will need to log in to chg-smb. Any changes you make outside of chg-smb will eventually be overwritten by the cron job that keeps our accounts uniform across servers.
Log in to chg-smb using your regular username and password.
ssh chg-smb
- Note: If you are off campus you may need the full chg-smb.geog.ucsb.edu address.
Then use the passwd command as usual:
[user@chg-smb ~]# passwd Enter old password: Enter new password: Re-enter new password: Password updated successfully.
After roughly an hour, your new password should propogate to the other CHG servers (e.g., rain, chg-cscd, chg-dub, chg-ftp_out, zippy, etc.).
Deleting a Samba Account
Log in to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:
smbpasswd -d [user] #Takes the user smbpasswd -x [user] smbpasswd -e [user]
If you get "Failed to find entry for user [user].", set it to "nologin" by:
usermod -s /sbin/nologin [user] userdel -r [user]
Delete the user's entry in /etc/auto.home, save, then:
service autofs reload /home/sysadm/bin/push-configs 1
Then, back on rain:
/home/sysadm/bin/pull-conf.C6 1