Difference between revisions of "Users and Groups"
PeterThorpe (talk | contribs) (→Usage: How to add a new user) |
|||
| (11 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
= Introduction= | = Introduction= | ||
| − | Some, though not all, of the tips for setting up users and groups. | + | Some, though not all, of the tips here are for setting up users and groups. |
| + | |||
| + | The tool of choice is smbldap. | ||
| + | |||
| + | = Usage: How to add a new user = | ||
| + | ==Users== | ||
| + | |||
| + | it may be required now to discable the firewall when creating new accouts. Make sure you turn it back on: | ||
| + | https://www.cyberciti.biz/faq/turn-on-turn-off-firewall-in-linux/ | ||
| + | |||
| + | /etc/init.d/iptables save | ||
| + | /etc/init.d/iptables stop | ||
| + | |||
| + | * To create a new user(s) | ||
| + | Root has a script in bin/creasu.sh, so as root: | ||
| + | sh bin/creasu.sh <user> <user1> <user2> | ||
| + | |||
| + | if this line fails go to the admin page which talk about ldap. | ||
| + | Manually doing the command from the script worked for me when this failed | ||
| + | |||
| + | # (only if needed - perl errors) service restart slapd | ||
| + | |||
| + | NU=test06 | ||
| + | smbldap-groupadd -a $NU | ||
| + | smbldap-useradd -g $NU -a $NU | ||
| + | smbldap-passwd $NU | ||
| + | bash_files=/etc/skel | ||
| + | basepath=/storage/home/users | ||
| + | path=$basepath/$NU | ||
| + | echo $path | ||
| + | cd $basepath | ||
| + | cp -r $bash_files/.{m,n,b,g}* $NU | ||
| + | chown -R $NU:$NU $path | ||
| + | smbldap-groupadd -a $NU | ||
| + | chown -R $NU:$NU $path | ||
| + | chmod 0701 $NU | ||
| + | chcon 'unconfined_u:object_r:user_home_dir_t:s0' $path | ||
| + | |||
| + | will create groups, accounts, home folder and all relevant files into the new home folder. | ||
| + | Then you need to setup passwords with (password promt will appear): | ||
| + | smbldap-passwd <user> | ||
| + | for each of the users. | ||
| + | |||
| + | Then setup an ssh key for logging into the nodes by doing the following: | ||
| + | |||
| + | as root user, login a user via | ||
| + | su - <newuserid> | ||
| + | |||
| + | and execute | ||
| + | ssh-keygen | ||
| + | |||
| + | and just accept all the suggestions, keep accepting then as they are ... | ||
| + | .ssh/id_rsa and .ssh/id_rsa.pub, then get created. | ||
| + | |||
| + | then | ||
| + | cp .ssh/id_rsa.pub .ssh/authorized_keys | ||
| + | |||
| + | and | ||
| + | chmod 600 .ssh/authorized_keys | ||
| + | |||
| + | then ssh node1 should log in to node1 without password (no need to test other nodes). | ||
| + | |||
| + | Then tell the user to change their password by doing: | ||
| + | passwd | ||
| + | |||
| + | ==Groups== | ||
| + | * To create a new group (we dont have groups YET!) | ||
| + | smbldap-groupadd -a <newgrpname> | ||
* To add users to a certain group (note that this seems to take some time to propagate, as well as only working on fresh logins) | * To add users to a certain group (note that this seems to take some time to propagate, as well as only working on fresh logins) | ||
smbldap-groupmod -m <list,of,users> <targetgroup> | smbldap-groupmod -m <list,of,users> <targetgroup> | ||
| + | |||
| + | as root turn firewall back on | ||
| + | |||
| + | /etc/init.d/iptables start | ||
| + | |||
| + | = change a password = | ||
| + | |||
| + | when a user forgets their password and asks for a new one: | ||
| + | as root | ||
| + | smbldap-passwd <user> | ||
Latest revision as of 09:32, 22 July 2020
Introduction
Some, though not all, of the tips here are for setting up users and groups.
The tool of choice is smbldap.
Usage: How to add a new user
Users
it may be required now to discable the firewall when creating new accouts. Make sure you turn it back on: https://www.cyberciti.biz/faq/turn-on-turn-off-firewall-in-linux/
/etc/init.d/iptables save /etc/init.d/iptables stop
- To create a new user(s)
Root has a script in bin/creasu.sh, so as root:
sh bin/creasu.sh <user> <user1> <user2>
if this line fails go to the admin page which talk about ldap. Manually doing the command from the script worked for me when this failed
# (only if needed - perl errors) service restart slapd
NU=test06
smbldap-groupadd -a $NU
smbldap-useradd -g $NU -a $NU
smbldap-passwd $NU
bash_files=/etc/skel
basepath=/storage/home/users
path=$basepath/$NU
echo $path
cd $basepath
cp -r $bash_files/.{m,n,b,g}* $NU
chown -R $NU:$NU $path
smbldap-groupadd -a $NU
chown -R $NU:$NU $path
chmod 0701 $NU
chcon 'unconfined_u:object_r:user_home_dir_t:s0' $path
will create groups, accounts, home folder and all relevant files into the new home folder. Then you need to setup passwords with (password promt will appear):
smbldap-passwd <user>
for each of the users.
Then setup an ssh key for logging into the nodes by doing the following:
as root user, login a user via
su - <newuserid>
and execute
ssh-keygen
and just accept all the suggestions, keep accepting then as they are ... .ssh/id_rsa and .ssh/id_rsa.pub, then get created.
then
cp .ssh/id_rsa.pub .ssh/authorized_keys
and
chmod 600 .ssh/authorized_keys
then ssh node1 should log in to node1 without password (no need to test other nodes).
Then tell the user to change their password by doing:
passwd
Groups
- To create a new group (we dont have groups YET!)
smbldap-groupadd -a <newgrpname>
- To add users to a certain group (note that this seems to take some time to propagate, as well as only working on fresh logins)
smbldap-groupmod -m <list,of,users> <targetgroup>
as root turn firewall back on
/etc/init.d/iptables start
change a password
when a user forgets their password and asks for a new one: as root
smbldap-passwd <user>
