Sugar Labs

Changes

Sysadmin/User management (view source)

Revision as of 16:13, 17 September 2011

1,479 bytes added ,  16:13, 17 September 2011
no edit summary
Line 1: Line 1:  
To carry on these procedures, you need root access on [[Machine/sunjammer]].
 
To carry on these procedures, you need root access on [[Machine/sunjammer]].
   −
== Adding a new user on [[Machine/sunjammer]] ==
+
== Adding a new user on [[Machine/sunjammer]] (aka shell.sugarlabs.org) ==
   −
Ask users to follow diligently the [[Sysadmin/Shell_account_request]] procedure.
+
See [[Sysadmin/Add shell account]].
 
  −
The user creation procedure is fully automated with a script:
  −
 
  −
* As root, use <code>system-useradd</code>
  −
* See synopsis
  −
* Follow prompts and instructions
  −
 
  −
A welcome message will be sent to the user automatically.
      
== Editing users and groups ==
 
== Editing users and groups ==
Line 18: Line 10:  
* Edit with your favourite $EDITOR, save and exit
 
* Edit with your favourite $EDITOR, save and exit
 
* Type "y" to accept changes.
 
* Type "y" to accept changes.
 +
 +
== Passwords ==
 +
 +
The users are supposed to update their password by going to
 +
 +
https://ldap.sugarlabs.org/passwd
 +
 +
Password logins are not permitted on any of our machines. The password
 +
is used by other authentication protocols: HTTP, IMAP, SMTP...
 +
 +
We currently don't have single-sign-on on most of our web applications,
 +
but users can use our OpenID provider (id.sugarlabs.org).
 +
 +
 +
== Removing shell accounts ==
 +
 +
Use:
 +
 +
system-userdel <user>
 +
 +
== Groups ==
 +
 +
To add groups:
 +
 +
system-groupadd
 +
 +
To remove groups, there's no script. Simply use "ldapvi" with no arguments.
 +
 +
 +
== Password reset ==
 +
 +
If the users have forgotten their password, you can hack the password
 +
information manually with ldapvi. Alternatively, go to the password
 +
web form and type sunjammer's root password in place of the user's
 +
old password.
 +
 +
If the user knows how to use GPG, send them the new password
 +
encrypted. In any case, ask them to change it immediately.
 +
 +
== Accounts on other hosts ==
 +
 +
'''NOTE:''' accounts on [[Machine/lightwave]], [[Machine/jita]] and other high-security machines shouldn't be given out lightly.'''
 +
 +
=== Account creation ===
 +
 +
With <code>remote-useradd</code>, you can automate account creation and provisioning on any Sugar Labs host.
 +
Log into sunjammer, become root and type:
 +
 +
  remote-useradd <remote host> <username> [<group>...]
 +
 +
Of course, you'll need sudo access on the remote host. There's no need to invoke <code>remote-auth</code> afterwards.
 +
 +
=== Account removal ===
 +
 +
  remote-userdel <remote host> <username>
 +
 +
=== Installing user keys to the remote host ===
 +
 +
  remote-auth <remote host> <username> [<remote user>]
 +
 +
 +
== See also ==
 +
* [[Sysadmin/Add_shell_account]] -- how to add shell accounts on sunjammer
Retrieved from "https://wiki.sugarlabs.org/go/Special:MobileDiff/69316"