Difference between revisions of "Sysadmin/User management"
| Line 1: | Line 1: | ||
To carry on these procedures, you need root access on [[Machine/sunjammer]]. | To carry on these procedures, you need root access on [[Machine/sunjammer]]. | ||
| − | == Adding a new user on [[Machine/sunjammer]] == | + | == Adding a new user on [[Machine/sunjammer]] (aka shell.sugarlabs.org) == |
| − | + | See [[Sysadmin/Add shell account]]. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== Editing users and groups == | == Editing users and groups == | ||
| Line 18: | Line 10: | ||
* Edit with your favourite $EDITOR, save and exit | * Edit with your favourite $EDITOR, save and exit | ||
* Type "y" to accept changes. | * Type "y" to accept changes. | ||
| + | |||
| + | == Passwords == | ||
| + | |||
| + | The users are supposed to update their password by going to | ||
| + | |||
| + | https://ldap.sugarlabs.org/passwd | ||
| + | |||
| + | Password logins are not permitted on any of our machines. The password | ||
| + | is used by other authentication protocols: HTTP, IMAP, SMTP... | ||
| + | |||
| + | We currently don't have single-sign-on on most of our web applications, | ||
| + | but users can use our OpenID provider (id.sugarlabs.org). | ||
| + | |||
| + | |||
| + | == Removing shell accounts == | ||
| + | |||
| + | Use: | ||
| + | |||
| + | system-userdel <user> | ||
| + | |||
| + | == Groups == | ||
| + | |||
| + | To add groups: | ||
| + | |||
| + | system-groupadd | ||
| + | |||
| + | To remove groups, there's no script. Simply use "ldapvi" with no arguments. | ||
| + | |||
| + | |||
| + | == Password reset == | ||
| + | |||
| + | If the users have forgotten their password, you can hack the password | ||
| + | information manually with ldapvi. Alternatively, go to the password | ||
| + | web form and type sunjammer's root password in place of the user's | ||
| + | old password. | ||
| + | |||
| + | If the user knows how to use GPG, send them the new password | ||
| + | encrypted. In any case, ask them to change it immediately. | ||
| + | |||
| + | == Accounts on other hosts == | ||
| + | |||
| + | '''NOTE:''' accounts on [[Machine/lightwave]], [[Machine/jita]] and other high-security machines shouldn't be given out lightly.''' | ||
| + | |||
| + | === Account creation === | ||
| + | |||
| + | With <code>remote-useradd</code>, you can automate account creation and provisioning on any Sugar Labs host. | ||
| + | Log into sunjammer, become root and type: | ||
| + | |||
| + | remote-useradd <remote host> <username> [<group>...] | ||
| + | |||
| + | Of course, you'll need sudo access on the remote host. There's no need to invoke <code>remote-auth</code> afterwards. | ||
| + | |||
| + | === Account removal === | ||
| + | |||
| + | remote-userdel <remote host> <username> | ||
| + | |||
| + | === Installing user keys to the remote host === | ||
| + | |||
| + | remote-auth <remote host> <username> [<remote user>] | ||
| + | |||
| + | |||
| + | == See also == | ||
| + | * [[Sysadmin/Add_shell_account]] -- how to add shell accounts on sunjammer | ||
Revision as of 16:13, 17 September 2011
To carry on these procedures, you need root access on Machine/sunjammer.
Adding a new user on Machine/sunjammer (aka shell.sugarlabs.org)
See Sysadmin/Add shell account.
Editing users and groups
- Run "ldapvi"
- Edit with your favourite $EDITOR, save and exit
- Type "y" to accept changes.
Passwords
The users are supposed to update their password by going to
https://ldap.sugarlabs.org/passwd
Password logins are not permitted on any of our machines. The password is used by other authentication protocols: HTTP, IMAP, SMTP...
We currently don't have single-sign-on on most of our web applications, but users can use our OpenID provider (id.sugarlabs.org).
Removing shell accounts
Use:
system-userdel <user>
Groups
To add groups:
system-groupadd
To remove groups, there's no script. Simply use "ldapvi" with no arguments.
Password reset
If the users have forgotten their password, you can hack the password information manually with ldapvi. Alternatively, go to the password web form and type sunjammer's root password in place of the user's old password.
If the user knows how to use GPG, send them the new password encrypted. In any case, ask them to change it immediately.
Accounts on other hosts
NOTE: accounts on Machine/lightwave, Machine/jita and other high-security machines shouldn't be given out lightly.
Account creation
With remote-useradd, you can automate account creation and provisioning on any Sugar Labs host.
Log into sunjammer, become root and type:
remote-useradd <remote host> <username> [<group>...]
Of course, you'll need sudo access on the remote host. There's no need to invoke remote-auth afterwards.
Account removal
remote-userdel <remote host> <username>
Installing user keys to the remote host
remote-auth <remote host> <username> [<remote user>]
See also
- Sysadmin/Add_shell_account -- how to add shell accounts on sunjammer