Sysadm:User Management

From CHG-Wiki
Revision as of 13:16, 14 October 2013 by Libby (talk | contribs) (Created page with "CHG uses a custom NIS-like script referred to colloquially as G-NIS. ==Summary== The two main scripts (push-configs and pull-configs.C6) synchronize certain user account man...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

CHG uses a custom NIS-like script referred to colloquially as G-NIS.

Summary

The two main scripts (push-configs and pull-configs.C6) synchronize certain user account management files, all in /etc/:

  • passwd
  • shadow
  • group
  • gshadow
  • auto.home

The master files of those mentioned above are located on chg-smb and copy themselves into /home/sysadm/configs/etc/. Client systems monitor those files and overwrite their own /etc/ versions of the files if the /home/sysadm/configs/etc/ files are newer. When a client system overwrites its files with the chg-smb files, the first line (root) is preserved to retain root access in case of a catastrophic propagation failure (etc), as well as the second line (ladmin, the local root-access account).

  • (The third line may also be preserved, need to verify).

Creating a Samba Account

On rain:

mkdir /raid/chg-users/chg
chown 31111:31111 !$

Login to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:

#add an entry for the new user in /etc/auto.home:
chg     -rw,soft        rain:/raid/chg-users/chg

Save, then:

service autofs reload
useradd -d /home/chg -u 31111 chg

useradd will likely complain about skel files.

On chg-smb:

mkdir /localhome
useradd -d /localhome/[user] -u [uid] [user]

rsync the files/skel stuff from local account to home directory on rain and edit the /etc/passwd file to pull out the "local" part from the /localhome/[user] so you'd be back to having them at /home/[user].

passwd chg  #or edit the shadow file to copy an existing passwd
/home/sysadm/bin/push-configs 1

Then, back on rain:

/home/sysadm/bin/pull-conf.C6 1

Deleting a Samba Account

Log in to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:

smbpasswd -d [user] #Takes the user 
smbpasswd -x [user] 
smbpasswd -e [user] 

If you get "Failed to find entry for user [user].", set it to "nologin" by:

usermod -s /sbin/nologin [user] 
userdel -r [user] 

Delete the user's entry in /etc/auto.home, save, then:

service autofs reload
/home/sysadm/bin/push-configs 1

Then, back on rain:

/home/sysadm/bin/pull-conf.C6 1