Sysadm:User Management
CHG uses a custom NIS-like script referred to colloquially as G-NIS.
Summary
The two main scripts (push-configs and pull-configs.C6) synchronize certain user account management files, all in /etc/:
- passwd
- shadow
- group
- gshadow
- auto.home
The master files of those mentioned above are located on chg-smb and copy themselves into /home/sysadm/configs/etc/. Client systems monitor those files and overwrite their own /etc/ versions of the files if the /home/sysadm/configs/etc/ files are newer. When a client system overwrites its files with the chg-smb files, the first line (root) is preserved to retain root access in case of a catastrophic propagation failure (etc), as well as the second line (ladmin, the local root-access account).
- (The third line may also be preserved, need to verify).
Creating a Samba Account
On rain:
mkdir /raid/chg-users/chg chown 31111:31111 !$
Login to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:
#add an entry for the new user in /etc/auto.home: chg -rw,soft rain:/raid/chg-users/chg
Save, then:
service autofs reload useradd -d /home/chg -u 31111 chg
useradd
will likely complain about skel files.
On chg-smb:
mkdir /localhome useradd -d /localhome/[user] -u [uid] [user]
rsync
the files/skel stuff from local account to home directory on rain and edit the /etc/passwd
file to pull out the "local" part from the /localhome/[user]
so you'd be back to having them at /home/[user]
.
passwd chg #or edit the shadow file to copy an existing passwd /home/sysadm/bin/push-configs 1
Then, back on rain:
/home/sysadm/bin/pull-conf.C6 1
Standard Directories
As a general rule, the following directories should be created and owned by [user]:chg
/home/[user] /home/ftp_out/people/[user] /home/sandbox/people/[user] /home/source/[user] /raid/chg-[user]
Deleting a Samba Account
Log in to chg-smb.geog.ucsb.edu as chgadmin and use "su" for the following:
smbpasswd -d [user] #Takes the user smbpasswd -x [user] smbpasswd -e [user]
If you get "Failed to find entry for user [user].", set it to "nologin" by:
usermod -s /sbin/nologin [user] userdel -r [user]
Delete the user's entry in /etc/auto.home, save, then:
service autofs reload /home/sysadm/bin/push-configs 1
Then, back on rain:
/home/sysadm/bin/pull-conf.C6 1