Difference between revisions of "Sysadm:User Management"

From CHG-Wiki
Jump to navigationJump to search
m
m
Line 17: Line 17:
 
On rain:
 
On rain:
  
  mkdir /raid/chg-users/chg
+
  mkdir /raid/chg-users/[user]
  chown 31111:31111 !$
+
  chown [uid]:[gid] !$
  
 
Login to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:
 
Login to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:
  
 
  #add an entry for the new user in /etc/auto.home:
 
  #add an entry for the new user in /etc/auto.home:
  chg     -rw,soft        rain:/raid/chg-users/chg
+
  [user]     -rw,soft        rain:/raid/chg-users/[user]
  
 
Save, then:
 
Save, then:
  
 
  service autofs reload
 
  service autofs reload
  useradd -d /home/chg -u 31111 chg
+
  useradd -d /home/[user] -u [uid] [user]
  
 
<code>useradd</code> will likely complain about skel files.
 
<code>useradd</code> will likely complain about skel files.
Line 39: Line 39:
 
<code>rsync</code> the files/skel stuff from local account to home directory on rain and edit the <code>/etc/passwd</code> file to pull out the "local" part from the <code>/localhome/[user]</code> so you'd be back to having them at <code>/home/[user]</code>.
 
<code>rsync</code> the files/skel stuff from local account to home directory on rain and edit the <code>/etc/passwd</code> file to pull out the "local" part from the <code>/localhome/[user]</code> so you'd be back to having them at <code>/home/[user]</code>.
  
  passwd chg #or edit the shadow file to copy an existing passwd
+
  passwd [user] #or edit the shadow file to copy an existing passwd
 
  /home/sysadm/bin/push-configs 1
 
  /home/sysadm/bin/push-configs 1
  

Revision as of 13:36, 15 October 2013

CHG uses a custom NIS-like script referred to colloquially as G-NIS.

Summary

The two main scripts (push-configs and pull-configs.C6) synchronize certain user account management files, all in /etc/:

  • passwd
  • shadow
  • group
  • gshadow
  • auto.home

The master files of those mentioned above are located on chg-smb and copy themselves into /home/sysadm/configs/etc/. Client systems monitor those files and overwrite their own /etc/ versions of the files if the /home/sysadm/configs/etc/ files are newer. When a client system overwrites its files with the chg-smb files, the first line (root) is preserved to retain root access in case of a catastrophic propagation failure (etc), as well as the second line (ladmin, the local root-access account).

  • (The third line may also be preserved, need to verify).

Creating a Samba Account

On rain:

mkdir /raid/chg-users/[user]
chown [uid]:[gid] !$

Login to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:

#add an entry for the new user in /etc/auto.home:
[user]     -rw,soft        rain:/raid/chg-users/[user]

Save, then:

service autofs reload
useradd -d /home/[user] -u [uid] [user]

useradd will likely complain about skel files.

On chg-smb:

mkdir /localhome
useradd -d /localhome/[user] -u [uid] [user]

rsync the files/skel stuff from local account to home directory on rain and edit the /etc/passwd file to pull out the "local" part from the /localhome/[user] so you'd be back to having them at /home/[user].

passwd [user]  #or edit the shadow file to copy an existing passwd
/home/sysadm/bin/push-configs 1

Then, back on rain:

/home/sysadm/bin/pull-conf.C6 1

Standard Directories

As a general rule, the following directories should be created and owned by [user]:chg

/home/ftp_out/people/[user]
/home/sandbox/people/[user]
/home/source/[user]
/raid/chg-[user] 
/raid/chg-users/[user]

Changing Passwords

To change a password for you CHG unix environment account, you will need to log in to chg-smb. Any changes you make outside of chg-smb will eventually be overwritten by the cron job that keeps our accounts uniform across servers.

Log in to chg-smb using your regular username and password.

ssh chg-smb     
  • Note: If you are off campus you may need the full chg-smb.geog.ucsb.edu address.

Then use the passwd command as usual:

[user@chg-smb ~]# passwd
Enter old password:
Enter new password:
Re-enter new password:
Password updated successfully.

After roughly an hour, your new password should propogate to the other CHG servers (e.g., rain, chg-cscd, chg-dub, chg-ftp_out, zippy, etc.).

Deleting a Samba Account

Log in to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:

smbpasswd -d [user] #Takes the user 
smbpasswd -x [user] 
smbpasswd -e [user] 

If you get "Failed to find entry for user [user].", set it to "nologin" by:

usermod -s /sbin/nologin [user] 
userdel -r [user] 

Delete the user's entry in /etc/auto.home, save, then:

service autofs reload
/home/sysadm/bin/push-configs 1

Then, back on rain:

/home/sysadm/bin/pull-conf.C6 1