User Tools

Site Tools


account

This is an old revision of the document!


User Account Handling

As there is more than one server that will make up the Wormnet universe, in addition to a few xDSL joined NASes and systems, we need to roll out some kind of central user management database. Naturally we opted for LDAP.

The packages required to be installed to do this are:

User Management

Modifying an Account

Adding SSH keys, etc. can be done without root access. Do:-

# Set $EDITOR if vi isn't your thing
$ ldapvi --discover -D uid=${USER},ou=Users,dc=wormnet,dc=eu -h ldapi:/// uid=${USER}

… and add/remove sshPublicKey lines to your heart's delight.

Creating an Account

root@marmot:~# NEW_USER=fred
root@marmot:~# ldapaddgroup $NEW_USER
root@marmot:~# ldapadduser $NEW_USER $NEW_USER
Successfully added user $NEW_USER to LDAP
Successfully set password for user $NEW_USER

root@marmot:~# # LDAP admin password for cn=Manager,dc=wormnet,dc=eu lurks in /etc/ldap.secret
root@marmot:~# passwd $NEW_USER
LDAP administrator password:
New password:
Retype new password:
passwd: password updated successfully

root@marmot:~# ldapvi --discover -D cn=Manager,dc=wormnet,dc=eu -h ldapi:/// uid=$NEW_USER
objectClass: ldapPublicKey
sshPublicKey: ssh-rsa AAAB3...aLOOw== wibble
sshPublicKey: ssh-rsa AAAB3...KD0pw== fred@foobar

root@marmot:~# lvcreate -L 256M -n home-$NEW_USER lvm-marmot
root@marmot:~# mkfs.ext4 -L home-$NEW_USER /dev/lvm-marmot/home-$NEW_USER
root@marmot:~# vi /etc/fstab
LABEL=home-fred         /home/fred      auto    relatime,nodev,nosuid,noexec             0  2
root@marmot:~# mkdir /home/$NEW_USER
root@marmot:~# mount /home/$NEW_USER
root@marmot:~# chown $NEW_USER:$NEW_USER /home/$NEW_USER
root@marmot:~# tar cC /etc/skel --owner=$NEW_USER --group=$NEW_USER . | tar xC /home/$NEW_USER
root@marmot:~# chmod -R og-r-w-x /home/$NEW_USER

# so the user gets sensible resource limits and other permissions, add to 'users' (and optionally additionally 'staff' and 'adm')
root@marmot:~# usermod -G users $NEW_USER
# to enable to user to actually SSH in and get a shell
root@marmot:~# ldapvi --discover -D cn=Manager,dc=wormnet,dc=eu -h ldapi:/// cn=wormnet-shell
memberUid: $NEW_USER
account.1339318730.txt.gz · Last modified: 2012/06/10 08:58 by alex