Ccg-admin

From Earlham Cluster Department

(Difference between revisions)
Jump to: navigation, search
(Current To Do)
(Users and Groups)
Line 85: Line 85:
= Users and Groups =
= Users and Groups =
-
Users are authenticated based on an LDAP server running on Hopper. <tt>cpu</tt> is installed on Hopper as an LDAP-user management tool. You should use it to view/edit/create users unless you're super comfortable with ldapmodify and LDIF. Passwords can be changed easily with the <tt>ldpasswd</tt> command on Hopper. It can be used both by users to change their own password and root to change another user's password.
+
Users are authenticated based on an LDAP server running on Hopper. <tt>cpu</tt> is installed on Hopper as an LDAP-user management tool. You should use it to view/edit/create users unless you're super comfortable with ldapmodify and LDIF. Passwords can be changed easily with the <tt>ldpasswd.pl</tt> command on Hopper. It can be used both by users to change their own password and root to change another user's password.
Groups are also in LDAP. Check the tail end of the result of <tt>cpu cat</tt> for group info.
Groups are also in LDAP. Check the tail end of the result of <tt>cpu cat</tt> for group info.

Revision as of 00:15, 2 September 2014

Contents

Current To Do

This list should be annotated with the initials of who is working on each item.

Cluster Pages

Installing Software

Enabling a package within Modules

If you think your new package is important enough to be loaded by default, then add it to the list in /mounts/al-salam/software/Modules/3.2.7/init/al-salam.{sh,csh}

DNS/DCHP for a single host

Users and Groups

Users are authenticated based on an LDAP server running on Hopper. cpu is installed on Hopper as an LDAP-user management tool. You should use it to view/edit/create users unless you're super comfortable with ldapmodify and LDIF. Passwords can be changed easily with the ldpasswd.pl command on Hopper. It can be used both by users to change their own password and root to change another user's password.

Groups are also in LDAP. Check the tail end of the result of cpu cat for group info.

man cpu-ldap will tell you all about using cpu for user/group management. For the most part, its format is pretty similar to pw, but there are some minor differences. Read the man page.

Monitoring

Creating new users

Users are created with a perl script called newusers.pl and with a data file that includes the new user information called batch-current.dat.

First figure out whether the users you are creating need shell access or not. Make sure the perl script reflects this characteristics. The line below is what you'll need to modify, and you'll need to be root to do any of the following.

$cpu_out = system("cpu useradd -c '$gecos' -m -k/etc/skel -m -p$password -g users -d /cluster/home/$name -s /bin/bash $name");

If the users need shell access then what is there is fine. If they don't need shell access then change the /bin/bash to /sbin/nologin . Next modify and save the batch-current.dat file with the new users you want to add. The pattern is: full name:username:email address. If you wanting to add more than one, each one should go on a separate line.

Now, to add the users: perl newusers.pl -f batch-current.dat

Some stuff should pass on the screen saying that the new users are created (hopefully). Now we're going to set up those new user's ssh keys. To do that (as yourself):

- ssh as0

- sudo su - root

For every new user:

- su - <newuser>


New Hopper

Personal tools
Namespaces
Variants
Actions
websites
wiki
this semester
Toolbox