1,843 bytes added
, 20:18, 5 July 2010
Users normally do follow the [[Sysadmin/Shell account request]].
The account requests arrive to a support queue on [[Machine/rt]].
== Guidelines ==
Users should briefly motivate their request. "I'd like to distribute some
Sugar-related files on people.sugarlabs.org" would suffice.
Shell accounts shouldn't be granted to untrusted individuals without
referrals. Shell accounts that are known to be unused should be disabled.
== Account creation ==
To create an account, become root on sunjammer and type:
system-useradd <username> <first_name> <last_name> <email>
At some point, the script will prompt you to paste the user's ssh key.
You can skip this part and edit ~user/.ssh/authorized_keys manually.
The procedure automatically sends a welcome email to the user.
The email is also copied to ~user/welcome, in case they loose the
original message.
== Passwords ==
The users are supposed to update their password by going to
https://ldap.sugarlabs.org/passwd
Password logins are not permitted on any of our machines. The password
is used by other authentication protocols: HTTP, IMAP, SMTP...
We currently don't have single-sign-on on most of our web applications,
but users can use our OpenID provider (id.sugarlabs.org).
== Removing shell accounts ==
Use:
system-userdel <user>
== Groups ==
To add groups:
system-groupadd
To remove groups, there's no script. Simply use "ldapvi" with no arguments.
== User information changes ==
Use ldapvi directly
== Password reset ==
If the users have forgotten their password, you can hack the password
information manually with ldapvi. Alternatively, go to the password
web form and type sunjammer's root password in place of the user's
old password.
If the user knows how to use GPG, send them the new password
encrypted. In any case, ask them to change it immediately.