Difference between revisions of "Users and Groups"
PeterThorpe (talk | contribs) (→Usage: How to add a new user) |
PeterThorpe (talk | contribs) (→Usage: How to add a new user) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 7: | Line 7: | ||
= Usage: How to add a new user = | = Usage: How to add a new user = | ||
==Users== | ==Users== | ||
+ | |||
+ | it may be required now to discable the firewall when creating new accouts. Make sure you turn it back on: | ||
+ | https://www.cyberciti.biz/faq/turn-on-turn-off-firewall-in-linux/ | ||
+ | |||
+ | /etc/init.d/iptables save | ||
+ | /etc/init.d/iptables stop | ||
+ | |||
* To create a new user(s) | * To create a new user(s) | ||
Root has a script in bin/creasu.sh, so as root: | Root has a script in bin/creasu.sh, so as root: | ||
sh bin/creasu.sh <user> <user1> <user2> | sh bin/creasu.sh <user> <user1> <user2> | ||
+ | |||
+ | if this line fails go to the admin page which talk about ldap. | ||
+ | Manually doing the command from the script worked for me when this failed | ||
+ | |||
+ | # (only if needed - perl errors) service restart slapd | ||
+ | |||
+ | NU=test06 | ||
+ | smbldap-groupadd -a $NU | ||
+ | smbldap-useradd -g $NU -a $NU | ||
+ | smbldap-passwd $NU | ||
+ | bash_files=/etc/skel | ||
+ | basepath=/storage/home/users | ||
+ | path=$basepath/$NU | ||
+ | echo $path | ||
+ | cd $basepath | ||
+ | cp -r $bash_files/.{m,n,b,g}* $NU | ||
+ | chown -R $NU:$NU $path | ||
+ | smbldap-groupadd -a $NU | ||
+ | chown -R $NU:$NU $path | ||
+ | chmod 0701 $NU | ||
+ | chcon 'unconfined_u:object_r:user_home_dir_t:s0' $path | ||
+ | |||
will create groups, accounts, home folder and all relevant files into the new home folder. | will create groups, accounts, home folder and all relevant files into the new home folder. | ||
Then you need to setup passwords with (password promt will appear): | Then you need to setup passwords with (password promt will appear): | ||
Line 43: | Line 72: | ||
* To add users to a certain group (note that this seems to take some time to propagate, as well as only working on fresh logins) | * To add users to a certain group (note that this seems to take some time to propagate, as well as only working on fresh logins) | ||
smbldap-groupmod -m <list,of,users> <targetgroup> | smbldap-groupmod -m <list,of,users> <targetgroup> | ||
+ | |||
+ | as root turn firewall back on | ||
+ | |||
+ | /etc/init.d/iptables start | ||
+ | |||
+ | = change a password = | ||
+ | |||
+ | when a user forgets their password and asks for a new one: | ||
+ | as root | ||
+ | smbldap-passwd <user> |
Latest revision as of 09:32, 22 July 2020
Introduction
Some, though not all, of the tips here are for setting up users and groups.
The tool of choice is smbldap.
Usage: How to add a new user
Users
it may be required now to discable the firewall when creating new accouts. Make sure you turn it back on: https://www.cyberciti.biz/faq/turn-on-turn-off-firewall-in-linux/
/etc/init.d/iptables save /etc/init.d/iptables stop
- To create a new user(s)
Root has a script in bin/creasu.sh, so as root:
sh bin/creasu.sh <user> <user1> <user2>
if this line fails go to the admin page which talk about ldap. Manually doing the command from the script worked for me when this failed
# (only if needed - perl errors) service restart slapd
NU=test06 smbldap-groupadd -a $NU smbldap-useradd -g $NU -a $NU smbldap-passwd $NU bash_files=/etc/skel basepath=/storage/home/users path=$basepath/$NU echo $path cd $basepath cp -r $bash_files/.{m,n,b,g}* $NU chown -R $NU:$NU $path smbldap-groupadd -a $NU chown -R $NU:$NU $path chmod 0701 $NU chcon 'unconfined_u:object_r:user_home_dir_t:s0' $path
will create groups, accounts, home folder and all relevant files into the new home folder. Then you need to setup passwords with (password promt will appear):
smbldap-passwd <user>
for each of the users.
Then setup an ssh key for logging into the nodes by doing the following:
as root user, login a user via
su - <newuserid>
and execute
ssh-keygen
and just accept all the suggestions, keep accepting then as they are ... .ssh/id_rsa and .ssh/id_rsa.pub, then get created.
then
cp .ssh/id_rsa.pub .ssh/authorized_keys
and
chmod 600 .ssh/authorized_keys
then ssh node1 should log in to node1 without password (no need to test other nodes).
Then tell the user to change their password by doing:
passwd
Groups
- To create a new group (we dont have groups YET!)
smbldap-groupadd -a <newgrpname>
- To add users to a certain group (note that this seems to take some time to propagate, as well as only working on fresh logins)
smbldap-groupmod -m <list,of,users> <targetgroup>
as root turn firewall back on
/etc/init.d/iptables start
change a password
when a user forgets their password and asks for a new one: as root
smbldap-passwd <user>