This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
account [2011/10/04 09:37] alex created |
account [2016/10/30 09:01] (current) alex [Creating an Account] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== User Account Handling ====== | ====== User Account Handling ====== | ||
- | As there is more than one server that will make up the Wormnet universe, in addition to a few xDSL joined NASes and systems, we need to roll out some kind of central user management database. Naturally we opted for LDAP. | ||
- | The packages required to be installed to do this are: | + | ===== Creating an Account ===== |
- | * [[http://packages.debian.org/slapd|slapd]] | + | |
- | * [[http://packages.debian.org/nslcd|nslcd]] | + | root@marmot:~# lvcreate -L 256M -n home-$NEW_USER lvm-marmot |
- | * [[http://packages.debian.org/libnss-ldapd|libnss-ldapd]] | + | root@marmot:~# mkfs.ext4 -L home-$NEW_USER /dev/lvm-marmot/home-$NEW_USER |
- | * [[http://packages.debian.org/libpam-ldapd|libpam-ldapd]] | + | root@marmot:~# mkdir /home/$NEW_USER |
- | * [[http://packages.debian.org/unscd|unscd]] - | + | root@marmot:~# [edit /etc/fstab to mount new user space] |
+ | root@marmot:~# mount /home/$NEW_USER | ||
+ | root@marmot:~# useradd -G users,wormnet-shell -s /bin/bash $NEW_USER | ||
+ | root@marmot:~# passwd $NEW_USER | ||
+ | root@marmot:~# mkdir /home/$NEW_USER/.ssh | ||
+ | root@marmot:~# echo "ssh-rsa AAAB3...KD0pw== fred@foobar" > /home/$NEW_USER/.ssh/authorized_keys | ||
+ | root@marmot:~# tar cC /etc/skel . | tar xC /home/$NEW_USER | ||
+ | root@marmot:~# chown -R $NEW_USER:$NEW_USER /home/$NEW_USER | ||
+ | root@marmot:~# chmod -R og-r-w-x /home/$NEW_USER | ||
+ | ==== Restricting to Just sftp/scp ==== | ||
+ | If you make the users account use the shell ''/usr/bin/rssh'' and edit ''/etc/rssh.conf'' then you can create accounts that can only upload/download files rather than have a full shell - although you will still need to add them to the 'wormnet-shell' group. |