WormNet Wiki

User Tools

Site Tools

Trace:
account

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
account [2011/10/04 15:12] alexaccount [2016/10/30 09:01] (current) – [Creating an Account] alex
Line 1: Line 1:
 ====== User Account Handling ====== ====== User Account Handling ======
-As there is more than one server that will make up the Wormnet universe, in addition to a few xDSL joined NASes and systems, we need to roll out some kind of central user management database.  Naturally we opted for LDAP. 
  
-The packages required to be installed to do this are: +===== Creating an Account =====
-  * [[http://packages.debian.org/slapd|slapd]] +
-  * [[http://packages.debian.org/nslcd|nslcd]] +
-    * [[http://packages.debian.org/libnss-ldapd|libnss-ldapd]] +
-    * [[http://packages.debian.org/libpam-ldapd|libpam-ldapd]] +
-  * [[http://packages.debian.org/unscd|unscd]]+
  
-===== User Management ===== +  root@marmot:~# lvcreate -L 256M -n home-$NEW_USER lvm-marmot 
-==== Creating an Account ==== +  root@marmot:~# mkfs.ext4 -L home-$NEW_USER /dev/lvm-marmot/home-$NEW_USER 
-  root@marmot:~# ldapaddgroup fred +  root@marmot:~# mkdir /home/$NEW_USER 
-  root@marmot:~# ldapadduser fred fred +  root@marmot:~# [edit /etc/fstab to mount new user space] 
-  Successfully added user fred to LDAP +  root@marmot:~# mount /home/$NEW_USER 
-  Successfully set password for user fred +  root@marmot:~# useradd -G users,wormnet-shell -s /bin/bash $NEW_USER 
-     +  root@marmot:~# passwd $NEW_USER 
-  root@marmot:~# ldapvi --discover -D cn=admin,dc=wormnet,dc=eu -h ldapi:/// uid=fred +  root@marmot:~# mkdir /home/$NEW_USER/.ssh 
-  objectClass: ldapPublicKey +  root@marmot:~# echo "ssh-rsa AAAB3...KD0pw== fred@foobar"/home/$NEW_USER/.ssh/authorized_keys 
-  sshPublicKey: ssh-rsa AAAB3...aLOOw== wibble +  root@marmot:~# tar cC /etc/skel . | tar xC /home/$NEW_USER 
-  sshPublicKey: ssh-rsa AAAB3...KD0pw== fred@foobar +  root@marmot:~# chown -R $NEW_USER:$NEW_USER /home/$NEW_USER 
-   +  root@marmot:~# chmod -R og-r-w-x /home/$NEW_USER 
-  root@marmot:~# ldapvi --discover -D cn=admin,dc=wormnet,dc=eu -h ldapi:/// cn=shell +==== Restricting to Just sftp/scp ==== 
-  memberUid: fred +If you make the users account use the shell ''/usr/bin/rssh'' and edit ''/etc/rssh.conf'' then you can create accounts that can only upload/download files rather than have a full shell - although you will still need to add them to the 'wormnet-shell' group.
-   +
-  root@marmot:~# passwd fred +
-  LDAP administrator password: +
-  New password: +
-  Retype new password: +
-  passwd: password updated successfully +
-   +
-  root@marmot:~# lvcreate -L 256M -n home-fred lvm-marmot +
-  root@marmot:~# mkfs.ext4 -L home-fred /dev/lvm-marmot/home-fred +
-  root@marmot:~# vi /etc/fstab +
-  LABEL=home-fred         /home/fred      auto    relatime,nodev,nosuid,noexec              2 +
-  root@marmot:~# mkdir /home/fred +
-  root@marmot:~# mount /home/fred +
-  root@marmot:~# tar cC /etc/skel --owner=fred --group=fred . | tar xC /home/fred +
-  root@marmot:~# chmod -R og-r-w-x /home/fred+
account.1317741126.txt.gz · Last modified: 2011/10/04 15:12 by alex