Line 1: |
Line 1: |
| + | == Sunjammer (aka shell.sugarlabs.org) == |
| + | |
| To carry on these procedures, you need root access on [[Machine/sunjammer]]. | | To carry on these procedures, you need root access on [[Machine/sunjammer]]. |
| | | |
− | == Adding a new user on [[Machine/sunjammer]] ==
| + | '''NOTE: You have to become root with 'sudo -i' before using the following commands. Prefixing the command with sudo won't work because it doesn't switch $HOME to /root, which is necessary to make the ldap commands source <code>/root/.ldaprc</code>.''' |
| | | |
− | Ask users to follow diligently the [[Sysadmin/Shell_account_request]] procedure.
| + | === Account creation === |
| | | |
− | The user creation procedure is fully automated with a script:
| + | See [[Sysadmin/Add shell account]]. |
| | | |
− | * As root, use <code>system-useradd</code>
| + | === Editing users and groups === |
− | * See synopsis
| |
− | * Follow prompts and instructions
| |
− | | |
− | A welcome message will be sent to the user automatically.
| |
− | | |
− | == Editing users and groups == | |
| | | |
| * Run "ldapvi" | | * Run "ldapvi" |
| * Edit with your favourite $EDITOR, save and exit | | * Edit with your favourite $EDITOR, save and exit |
| * Type "y" to accept changes. | | * Type "y" to accept changes. |
| + | |
| + | === Passwords === |
| + | |
| + | The users are supposed to update their password by going to |
| + | |
| + | https://ldap.sugarlabs.org/passwd |
| + | |
| + | Password logins are not permitted on any of our machines. The password |
| + | is used by other authentication protocols: HTTP, IMAP, SMTP... |
| + | |
| + | We currently don't have single-sign-on on most of our web applications, |
| + | but users can use our OpenID provider (id.sugarlabs.org). |
| + | |
| + | |
| + | === Removing shell accounts === |
| + | |
| + | Use: |
| + | |
| + | system-userdel <user> |
| + | |
| + | === Manipulating groups === |
| + | |
| + | To add groups: |
| + | |
| + | system-groupadd |
| + | |
| + | To remove groups, there's no script. Simply use "ldapvi" with no arguments. |
| + | |
| + | |
| + | === Password reset === |
| + | |
| + | When users have forgotten their password, you can hack the password |
| + | information manually with <code>ldapvi</code>. Alternatively, go to the |
| + | [https://ldap.sugarlabs.org/passwd password web form] and type sunjammer's |
| + | root password where of the user's old password would normally go. |
| + | |
| + | If the user knows how to use GPG, send them the new password encrypted. |
| + | ''In any case, ask them to change their password immediately.''' |
| + | |
| + | |
| + | == Accounts on other hosts == |
| + | |
| + | '''NOTE:''' accounts on [[Machine/lightwave]], [[Machine/jita]] and other high-security machines shouldn't be given out lightly.''' |
| + | |
| + | === Account creation === |
| + | |
| + | With <code>remote-useradd</code>, you can automate account creation and provisioning on any Sugar Labs host. |
| + | Log into sunjammer, become root and type: |
| + | |
| + | remote-useradd <remote host> <username> [<group>...] |
| + | |
| + | Of course, you'll need sudo access on the remote host. There's no need to invoke <code>remote-auth</code> afterwards. |
| + | |
| + | === Account removal === |
| + | |
| + | remote-userdel <remote host> <username> |
| + | |
| + | === Installing user keys to the remote host === |
| + | |
| + | remote-auth <remote host> <username> [<remote user>] |
| + | |
| + | |
| + | == See also == |
| + | * [[Sysadmin/Add_shell_account]] -- how to add shell accounts on sunjammer |
| + | * [[Service/Account]] -- Account request procedure (for users) |
| + | * [[Service/shell]] -- Shell account rules and details (for users) |
| + | |
| + | [[Category:Sysadmin|Sysadmin procedures]] |