Difference between revisions of "Sysadm:User Management"
m |
m |
||
Line 17: | Line 17: | ||
On rain: | On rain: | ||
− | mkdir /raid/chg-users/ | + | mkdir /raid/chg-users/[user] |
− | chown | + | chown [uid]:[gid] !$ |
Login to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following: | Login to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following: | ||
#add an entry for the new user in /etc/auto.home: | #add an entry for the new user in /etc/auto.home: | ||
− | + | [user] -rw,soft rain:/raid/chg-users/[user] | |
Save, then: | Save, then: | ||
service autofs reload | service autofs reload | ||
− | useradd -d /home/ | + | useradd -d /home/[user] -u [uid] [user] |
<code>useradd</code> will likely complain about skel files. | <code>useradd</code> will likely complain about skel files. | ||
Line 39: | Line 39: | ||
<code>rsync</code> the files/skel stuff from local account to home directory on rain and edit the <code>/etc/passwd</code> file to pull out the "local" part from the <code>/localhome/[user]</code> so you'd be back to having them at <code>/home/[user]</code>. | <code>rsync</code> the files/skel stuff from local account to home directory on rain and edit the <code>/etc/passwd</code> file to pull out the "local" part from the <code>/localhome/[user]</code> so you'd be back to having them at <code>/home/[user]</code>. | ||
− | passwd | + | passwd [user] #or edit the shadow file to copy an existing passwd |
/home/sysadm/bin/push-configs 1 | /home/sysadm/bin/push-configs 1 | ||
Revision as of 13:36, 15 October 2013
CHG uses a custom NIS-like script referred to colloquially as G-NIS.
Contents
Summary
The two main scripts (push-configs and pull-configs.C6) synchronize certain user account management files, all in /etc/:
- passwd
- shadow
- group
- gshadow
- auto.home
The master files of those mentioned above are located on chg-smb and copy themselves into /home/sysadm/configs/etc/. Client systems monitor those files and overwrite their own /etc/ versions of the files if the /home/sysadm/configs/etc/ files are newer. When a client system overwrites its files with the chg-smb files, the first line (root) is preserved to retain root access in case of a catastrophic propagation failure (etc), as well as the second line (ladmin, the local root-access account).
- (The third line may also be preserved, need to verify).
Creating a Samba Account
On rain:
mkdir /raid/chg-users/[user] chown [uid]:[gid] !$
Login to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:
#add an entry for the new user in /etc/auto.home: [user] -rw,soft rain:/raid/chg-users/[user]
Save, then:
service autofs reload useradd -d /home/[user] -u [uid] [user]
useradd
will likely complain about skel files.
On chg-smb:
mkdir /localhome useradd -d /localhome/[user] -u [uid] [user]
rsync
the files/skel stuff from local account to home directory on rain and edit the /etc/passwd
file to pull out the "local" part from the /localhome/[user]
so you'd be back to having them at /home/[user]
.
passwd [user] #or edit the shadow file to copy an existing passwd /home/sysadm/bin/push-configs 1
Then, back on rain:
/home/sysadm/bin/pull-conf.C6 1
Standard Directories
As a general rule, the following directories should be created and owned by [user]:chg
/home/ftp_out/people/[user] /home/sandbox/people/[user] /home/source/[user] /raid/chg-[user] /raid/chg-users/[user]
Changing Passwords
To change a password for you CHG unix environment account, you will need to log in to chg-smb. Any changes you make outside of chg-smb will eventually be overwritten by the cron job that keeps our accounts uniform across servers.
Log in to chg-smb using your regular username and password.
ssh chg-smb
- Note: If you are off campus you may need the full chg-smb.geog.ucsb.edu address.
Then use the passwd command as usual:
[user@chg-smb ~]# passwd Enter old password: Enter new password: Re-enter new password: Password updated successfully.
After roughly an hour, your new password should propogate to the other CHG servers (e.g., rain, chg-cscd, chg-dub, chg-ftp_out, zippy, etc.).
Deleting a Samba Account
Log in to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:
smbpasswd -d [user] #Takes the user smbpasswd -x [user] smbpasswd -e [user]
If you get "Failed to find entry for user [user].", set it to "nologin" by:
usermod -s /sbin/nologin [user] userdel -r [user]
Delete the user's entry in /etc/auto.home, save, then:
service autofs reload /home/sysadm/bin/push-configs 1
Then, back on rain:
/home/sysadm/bin/pull-conf.C6 1