Difference between revisions of "Users and Groups"

From wiki
Jump to: navigation, search
(Usage: How to add a new user)
 
(11 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
= Introduction=
 
= Introduction=
  
Some, though not all, of the tips for setting up users and groups.
+
Some, though not all, of the tips here are for setting up users and groups.
 +
 
 +
The tool of choice is smbldap.
 +
 
 +
= Usage: How to add a new user =
 +
==Users==
 +
 
 +
it may be required now to discable the firewall when creating new accouts. Make sure you turn it back on:
 +
https://www.cyberciti.biz/faq/turn-on-turn-off-firewall-in-linux/
 +
 
 +
/etc/init.d/iptables save
 +
/etc/init.d/iptables stop
 +
 
 +
* To create a new user(s)
 +
Root has a script in bin/creasu.sh, so as root:
 +
sh bin/creasu.sh <user> <user1> <user2>
 +
 
 +
if this line fails go to the admin page which talk about ldap.
 +
Manually doing the command from the script worked for me when this failed
 +
 
 +
# (only if needed - perl errors) service restart slapd
 +
 
 +
NU=test06
 +
smbldap-groupadd -a $NU
 +
smbldap-useradd -g $NU -a $NU
 +
smbldap-passwd $NU
 +
bash_files=/etc/skel
 +
basepath=/storage/home/users
 +
path=$basepath/$NU
 +
echo $path
 +
cd $basepath
 +
cp -r $bash_files/.{m,n,b,g}* $NU
 +
chown -R $NU:$NU $path
 +
smbldap-groupadd -a $NU
 +
chown -R $NU:$NU $path
 +
chmod 0701 $NU
 +
chcon 'unconfined_u:object_r:user_home_dir_t:s0' $path
 +
 
 +
will create groups, accounts, home folder and all relevant files into the new home folder.
 +
Then you need to setup passwords with (password promt will appear):
 +
smbldap-passwd <user>
 +
for each of the users.
 +
 
 +
Then setup an ssh key for logging into the nodes by doing the following:
 +
 
 +
as root user, login a user via
 +
su - <newuserid>
 +
 
 +
and execute
 +
ssh-keygen
 +
 
 +
and just accept all the suggestions, keep accepting then as they are ...
 +
.ssh/id_rsa and .ssh/id_rsa.pub, then get created.
 +
 
 +
then
 +
cp .ssh/id_rsa.pub .ssh/authorized_keys
 +
 
 +
and
 +
chmod 600 .ssh/authorized_keys
 +
 
 +
then ssh node1 should log in to node1 without password (no need to test other nodes).
 +
 
 +
Then tell the user to change their password by doing:
 +
passwd
 +
 
 +
==Groups==
 +
* To create a new group  (we dont have groups YET!)
 +
smbldap-groupadd -a <newgrpname>
  
 
* To add users to a certain group (note that this seems to take some time to propagate, as well as only working on fresh logins)
 
* To add users to a certain group (note that this seems to take some time to propagate, as well as only working on fresh logins)
 
  smbldap-groupmod -m <list,of,users> <targetgroup>
 
  smbldap-groupmod -m <list,of,users> <targetgroup>
 +
 +
as root turn firewall back on
 +
 +
/etc/init.d/iptables start
 +
 +
= change a password =
 +
 +
when a user forgets their password and asks for a new one:
 +
as root
 +
smbldap-passwd <user>

Latest revision as of 09:32, 22 July 2020

Introduction

Some, though not all, of the tips here are for setting up users and groups.

The tool of choice is smbldap.

Usage: How to add a new user

Users

it may be required now to discable the firewall when creating new accouts. Make sure you turn it back on: https://www.cyberciti.biz/faq/turn-on-turn-off-firewall-in-linux/

/etc/init.d/iptables save
/etc/init.d/iptables stop
  • To create a new user(s)

Root has a script in bin/creasu.sh, so as root:

sh bin/creasu.sh <user> <user1> <user2>

if this line fails go to the admin page which talk about ldap. Manually doing the command from the script worked for me when this failed

# (only if needed - perl errors) service restart slapd
NU=test06
smbldap-groupadd -a $NU
smbldap-useradd -g $NU -a $NU
smbldap-passwd $NU
bash_files=/etc/skel
basepath=/storage/home/users
path=$basepath/$NU
echo $path
cd $basepath
cp -r $bash_files/.{m,n,b,g}* $NU
chown -R $NU:$NU $path
smbldap-groupadd -a $NU
chown -R $NU:$NU $path
chmod 0701 $NU
chcon 'unconfined_u:object_r:user_home_dir_t:s0' $path

will create groups, accounts, home folder and all relevant files into the new home folder. Then you need to setup passwords with (password promt will appear):

smbldap-passwd <user>

for each of the users.

Then setup an ssh key for logging into the nodes by doing the following:

as root user, login a user via

su - <newuserid>

and execute

ssh-keygen

and just accept all the suggestions, keep accepting then as they are ... .ssh/id_rsa and .ssh/id_rsa.pub, then get created.

then

cp .ssh/id_rsa.pub .ssh/authorized_keys

and

chmod 600 .ssh/authorized_keys

then ssh node1 should log in to node1 without password (no need to test other nodes).

Then tell the user to change their password by doing:

passwd

Groups

  • To create a new group (we dont have groups YET!)
smbldap-groupadd -a <newgrpname>
  • To add users to a certain group (note that this seems to take some time to propagate, as well as only working on fresh logins)
smbldap-groupmod -m <list,of,users> <targetgroup>

as root turn firewall back on

/etc/init.d/iptables start

change a password

when a user forgets their password and asks for a new one: as root

smbldap-passwd <user>