1,764
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: + + − == Adding a new user on [[Machine/sunjammer]] ==+ − Ask users to follow diligently the [[Sysadmin/Shell_account_request]] procedure.+ − The user creation procedure is fully automated with a script:+ − * As root, use <code>system-useradd</code>+ − * See synopsis − * Follow prompts and instructions − − A welcome message will be sent to the user automatically. − − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Sysadmin/User management (view source)
Revision as of 15:01, 9 December 2011
, 15:01, 9 December 2011no edit summary
== Sunjammer (aka shell.sugarlabs.org) ==
To carry on these procedures, you need root access on [[Machine/sunjammer]].
To carry on these procedures, you need root access on [[Machine/sunjammer]].
'''NOTE: You have to become root with 'sudo -i' before using the following commands. Prefixing the command with sudo won't work because it doesn't switch $HOME to /root, which is necessary to make the ldap commands source <code>/root/.ldaprc</code>.'''
=== Account creation ===
See [[Sysadmin/Add shell account]].
=== Editing users and groups ===
== Editing users and groups ==
* Run "ldapvi"
* Run "ldapvi"
* Edit with your favourite $EDITOR, save and exit
* Edit with your favourite $EDITOR, save and exit
* Type "y" to accept changes.
* Type "y" to accept changes.
=== Passwords ===
The users are supposed to update their password by going to
https://ldap.sugarlabs.org/passwd
Password logins are not permitted on any of our machines. The password
is used by other authentication protocols: HTTP, IMAP, SMTP...
We currently don't have single-sign-on on most of our web applications,
but users can use our OpenID provider (id.sugarlabs.org).
=== Removing shell accounts ===
Use:
system-userdel <user>
=== Manipulating groups ===
To add groups:
system-groupadd
To remove groups, there's no script. Simply use "ldapvi" with no arguments.
=== Password reset ===
When users have forgotten their password, you can hack the password
information manually with <code>ldapvi</code>. Alternatively, go to the
[https://ldap.sugarlabs.org/passwd password web form] and type sunjammer's
root password where of the user's old password would normally go.
If the user knows how to use GPG, send them the new password encrypted.
''In any case, ask them to change their password immediately.'''
== Accounts on other hosts ==
'''NOTE:''' accounts on [[Machine/lightwave]], [[Machine/jita]] and other high-security machines shouldn't be given out lightly.'''
=== Account creation ===
With <code>remote-useradd</code>, you can automate account creation and provisioning on any Sugar Labs host.
Log into sunjammer, become root and type:
remote-useradd <remote host> <username> [<group>...]
Of course, you'll need sudo access on the remote host. There's no need to invoke <code>remote-auth</code> afterwards.
=== Account removal ===
remote-userdel <remote host> <username>
=== Installing user keys to the remote host ===
remote-auth <remote host> <username> [<remote user>]
== See also ==
* [[Sysadmin/Add_shell_account]] -- how to add shell accounts on sunjammer
* [[Service/Account]] -- Account request procedure (for users)
* [[Service/shell]] -- Shell account rules and details (for users)
[[Category:Sysadmin|Sysadmin procedures]]