WormNet Wiki

User Tools

Site Tools

Trace:
account

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
account [2012/01/11 17:51] lentinjaccount [2016/10/30 09:01] (current) – [Creating an Account] alex
Line 1: Line 1:
 ====== User Account Handling ====== ====== User Account Handling ======
-As there is more than one server that will make up the Wormnet universe, in addition to a few xDSL joined NASes and systems, we need to roll out some kind of central user management database.  Naturally we opted for LDAP. 
  
-The packages required to be installed to do this are: +===== Creating an Account =====
-  * [[http://packages.debian.org/slapd|slapd]] +
-  * [[http://packages.debian.org/nslcd|nslcd]] +
-    * [[http://packages.debian.org/libnss-ldapd|libnss-ldapd]] +
-    * [[http://packages.debian.org/libpam-ldapd|libpam-ldapd]] +
-  * [[http://packages.debian.org/unscd|unscd]]+
  
-===== User Management ===== 
-==== Modifying an Account ==== 
-Adding SSH keys, etc. can be done without root access. Do:- 
- 
-  # Set $EDITOR if vi isn't your thing 
-  $ ldapvi --discover -D uid=${USER},ou=Users,dc=wormnet,dc=eu -h ldapi:/// uid=${USER} 
- 
-... and add/remove sshPublicKey lines to your heart's delight. 
- 
-==== Creating an Account ==== 
-  root@marmot:~# NEW_USER=fred 
-  root@marmot:~# ldapaddgroup $NEW_USER 
-  root@marmot:~# ldapadduser $NEW_USER $NEW_USER 
-  Successfully added user $NEW_USER to LDAP 
-  Successfully set password for user $NEW_USER 
-   
-  root@marmot:~# # LDAP admin password for cn=Manager,dc=wormnet,dc=eu lurks in /etc/ldap.secret 
-  root@marmot:~# passwd $NEW_USER 
-  LDAP administrator password: 
-  New password: 
-  Retype new password: 
-  passwd: password updated successfully 
-   
-  root@marmot:~# ldapvi --discover -D cn=admin,dc=wormnet,dc=eu -h ldapi:/// uid=$NEW_USER 
-  objectClass: ldapPublicKey 
-  sshPublicKey: ssh-rsa AAAB3...aLOOw== wibble 
-  sshPublicKey: ssh-rsa AAAB3...KD0pw== fred@foobar 
-   
   root@marmot:~# lvcreate -L 256M -n home-$NEW_USER lvm-marmot   root@marmot:~# lvcreate -L 256M -n home-$NEW_USER lvm-marmot
   root@marmot:~# mkfs.ext4 -L home-$NEW_USER /dev/lvm-marmot/home-$NEW_USER   root@marmot:~# mkfs.ext4 -L home-$NEW_USER /dev/lvm-marmot/home-$NEW_USER
-  root@marmot:~# vi /etc/fstab 
-  LABEL=home-fred         /home/fred      auto    relatime,nodev,nosuid,noexec              2 
   root@marmot:~# mkdir /home/$NEW_USER   root@marmot:~# mkdir /home/$NEW_USER
 +  root@marmot:~# [edit /etc/fstab to mount new user space]
   root@marmot:~# mount /home/$NEW_USER   root@marmot:~# mount /home/$NEW_USER
-  root@marmot:~# chown $NEW_USER:$NEW_USER /home/$NEW_USER +  root@marmot:~# useradd -G users,wormnet-shell -s /bin/bash $NEW_USER 
-  root@marmot:~# tar cC /etc/skel --owner=$NEW_USER --group=$NEW_USER . | tar xC /home/$NEW_USER+  root@marmot:~# passwd $NEW_USER 
 +  root@marmot:~# mkdir /home/$NEW_USER/.ssh 
 +  root@marmot:~# echo "ssh-rsa AAAB3...KD0pw== fred@foobar" > /home/$NEW_USER/.ssh/authorized_keys 
 +  root@marmot:~# tar cC /etc/skel . | tar xC /home/$NEW_USER 
 +  root@marmot:~# chown -R $NEW_USER:$NEW_USER /home/$NEW_USER
   root@marmot:~# chmod -R og-r-w-x /home/$NEW_USER   root@marmot:~# chmod -R og-r-w-x /home/$NEW_USER
-   +==== Restricting to Just sftp/scp ==== 
-  root@marmot:~# ldapvi --discover -D cn=admin,dc=wormnet,dc=eu -h ldapi:/// cn=wormnet-shell +If you make the users account use the shell ''/usr/bin/rssh'' and edit ''/etc/rssh.conf'' then you can create accounts that can only upload/download files rather than have a full shell - although you will still need to add them to the 'wormnet-shell' group.
-  memberUid: $NEW_USER+
account.1326304303.txt.gz · Last modified: 2012/01/11 17:51 by lentinj