Difference between revisions of "Users and Groups"

From wiki
Jump to: navigation, search
(Groups)
(Usage: How to add a new user)
 
(5 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
The tool of choice is smbldap.
 
The tool of choice is smbldap.
  
= Usage =
+
= Usage: How to add a new user =
 
==Users==
 
==Users==
 +
 +
it may be required now to discable the firewall when creating new accouts. Make sure you turn it back on:
 +
https://www.cyberciti.biz/faq/turn-on-turn-off-firewall-in-linux/
 +
 +
/etc/init.d/iptables save
 +
/etc/init.d/iptables stop
 +
 
* To create a new user(s)
 
* To create a new user(s)
 
Root has a script in bin/creasu.sh, so as root:
 
Root has a script in bin/creasu.sh, so as root:
 
  sh bin/creasu.sh <user> <user1> <user2>
 
  sh bin/creasu.sh <user> <user1> <user2>
 +
 +
if this line fails go to the admin page which talk about ldap.
 +
Manually doing the command from the script worked for me when this failed
 +
 +
# (only if needed - perl errors) service restart slapd
 +
 +
NU=test06
 +
smbldap-groupadd -a $NU
 +
smbldap-useradd -g $NU -a $NU
 +
smbldap-passwd $NU
 +
bash_files=/etc/skel
 +
basepath=/storage/home/users
 +
path=$basepath/$NU
 +
echo $path
 +
cd $basepath
 +
cp -r $bash_files/.{m,n,b,g}* $NU
 +
chown -R $NU:$NU $path
 +
smbldap-groupadd -a $NU
 +
chown -R $NU:$NU $path
 +
chmod 0701 $NU
 +
chcon 'unconfined_u:object_r:user_home_dir_t:s0' $path
 +
 
will create groups, accounts, home folder and all relevant files into the new home folder.  
 
will create groups, accounts, home folder and all relevant files into the new home folder.  
 
Then you need to setup passwords with (password promt will appear):
 
Then you need to setup passwords with (password promt will appear):
Line 23: Line 52:
 
  ssh-keygen
 
  ssh-keygen
  
and just accept all the suggestions.
+
and just accept all the suggestions, keep accepting then as they are ...
.ssh/id_rsa and .ssh/id_rsa.pub, then get created.
+
.ssh/id_rsa and .ssh/id_rsa.pub, then get created.
  
 
then
 
then
Line 33: Line 62:
  
 
then ssh node1 should log in to node1 without password (no need to test other nodes).
 
then ssh node1 should log in to node1 without password (no need to test other nodes).
 +
 +
Then tell the user to change their password by doing:
 +
passwd
  
 
==Groups==
 
==Groups==
Line 40: Line 72:
 
* To add users to a certain group (note that this seems to take some time to propagate, as well as only working on fresh logins)
 
* To add users to a certain group (note that this seems to take some time to propagate, as well as only working on fresh logins)
 
  smbldap-groupmod -m <list,of,users> <targetgroup>
 
  smbldap-groupmod -m <list,of,users> <targetgroup>
 +
 +
as root turn firewall back on
 +
 +
/etc/init.d/iptables start
 +
 +
= change a password =
 +
 +
when a user forgets their password and asks for a new one:
 +
as root
 +
smbldap-passwd <user>

Latest revision as of 09:32, 22 July 2020

Introduction

Some, though not all, of the tips here are for setting up users and groups.

The tool of choice is smbldap.

Usage: How to add a new user

Users

it may be required now to discable the firewall when creating new accouts. Make sure you turn it back on: https://www.cyberciti.biz/faq/turn-on-turn-off-firewall-in-linux/

/etc/init.d/iptables save
/etc/init.d/iptables stop
  • To create a new user(s)

Root has a script in bin/creasu.sh, so as root:

sh bin/creasu.sh <user> <user1> <user2>

if this line fails go to the admin page which talk about ldap. Manually doing the command from the script worked for me when this failed

# (only if needed - perl errors) service restart slapd
NU=test06
smbldap-groupadd -a $NU
smbldap-useradd -g $NU -a $NU
smbldap-passwd $NU
bash_files=/etc/skel
basepath=/storage/home/users
path=$basepath/$NU
echo $path
cd $basepath
cp -r $bash_files/.{m,n,b,g}* $NU
chown -R $NU:$NU $path
smbldap-groupadd -a $NU
chown -R $NU:$NU $path
chmod 0701 $NU
chcon 'unconfined_u:object_r:user_home_dir_t:s0' $path

will create groups, accounts, home folder and all relevant files into the new home folder. Then you need to setup passwords with (password promt will appear):

smbldap-passwd <user>

for each of the users.

Then setup an ssh key for logging into the nodes by doing the following:

as root user, login a user via

su - <newuserid>

and execute

ssh-keygen

and just accept all the suggestions, keep accepting then as they are ... .ssh/id_rsa and .ssh/id_rsa.pub, then get created.

then

cp .ssh/id_rsa.pub .ssh/authorized_keys

and

chmod 600 .ssh/authorized_keys

then ssh node1 should log in to node1 without password (no need to test other nodes).

Then tell the user to change their password by doing:

passwd

Groups

  • To create a new group (we dont have groups YET!)
smbldap-groupadd -a <newgrpname>
  • To add users to a certain group (note that this seems to take some time to propagate, as well as only working on fresh logins)
smbldap-groupmod -m <list,of,users> <targetgroup>

as root turn firewall back on

/etc/init.d/iptables start

change a password

when a user forgets their password and asks for a new one: as root

smbldap-passwd <user>