Difference between revisions of "Adding new users"

From Applied Optics Wiki
Jump to: navigation, search
(useradd/groupadd method.)
 
(12 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
Back to [[Linux How-tos]]
 
Back to [[Linux How-tos]]
  
= Adding new users to the Applied Optics Linux/Unix system =
+
= Adding new users to the Applied Optics Linux/Unix system (scripted way) =
  
This is a reminder for Steve/Roger/Matt. It's the way I (Steve) do it, it seems to work for me.
+
As root on armchair run;
  
* Log onto armchair as root
+
<code>opg_new_user</code> then <code>make -C /var/yp</code>
* Edit ''/etc/passwd''
+
 
** Find the next available UID:
+
 
{| border="1"
+
To add user to a group after creation run;
! Range !! Type
+
 
|-
+
<code> adduser <username> <group>; make -C /var/yp </code>
! 17000-18000
 
|align="center" | People with existing UIDs on the EEE (James') UNIX system
 
|-
 
! 24000-24099
 
|align="center" | Special local "system users" (scan, share, etc)
 
|-
 
! 24100-24899
 
|align="center" | '''Regular users'''
 
|-
 
! 24900-24999
 
|align="center" | Undergrads / MSc / external to EEE (can be temporary)
 
|}
 
** Add a line for the new user, in UID order.
 
** The second number is their default group. This can either be the same as their UID (more secure for them), or it may be more useful to set it to the ''scan'' UID (24001) if they're going to be creating a lot of files/directories that others may need to access.
 
* Edit ''/etc/group''
 
** Add a group under their name with the GID the same as the UID
 
** Add their username to (at the very least) the ''share'' group, and (if appropriate) the ''scan'' group.
 
* Edit ''/etc/shadow''
 
** Add a line for the new user. In the password hash field (after the first ":") just put a "!"
 
* Edit ''/etc/auto.home''
 
** Add a line for the new user. This will determine where their home directory is to be stored (armchair, bed or optik, and if on bed, which hard disk)
 
* As root on armchair:
 
cd /var/yp
 
/etc/init.d/SuSEfirewall2_setup stop
 
make
 
/etc/init.d/SuSEfirewall2_setup start
 
passwd <username>
 
(get them to type their password)
 
* Log onto the machine where their home directory is going to go
 
* Go to the appropriate directory
 
mkdir <username>
 
chown <username>: <username>
 
exit
 
(so you're no longer root) - you're done.
 
  
== Example ==
+
= Adding new users to the Applied Optics Linux/Unix system (manual way) =
  
* A new member of Applied Optics wants a log-in. Their name is Hoang Zhu. They will be working over in the SiOS lab
+
This is a reminder for Steve/Roger/Matt. It's the way Roger does it, using useradd/groupadd and some manual editing where necessary.
* You have searched /etc/passwd on armchair and found that there is already someone else in the group with a surname ''Zhu'', but there is no-one else with initials ''hz.''
 
* You decide to give them the username '''hz'''.
 
* They will be doing a lot of work on a shared experiment, and are likely to be saving data a lot in /home/scan/ which will be used by others. You decide to give them the default group of ''scan''.
 
* You find the next available UID in the range 24100-24899: '''24127'''.
 
* You add the following line to armchair:/etc/passwd (in UID order):
 
hz:x:24127:24001:Hoang Zhu:/home/hz:/bin/bash
 
* You add the following line to armchair:/etc/group (in GID order):
 
hz:!:24127:
 
* You add ''hz'' to the end of the list of users in the ''scan'' and ''share'' groups
 
* You add the following line to armchair:/etc/shadow:
 
hz:!:14130:0:99999:7:::
 
* You add the following line to armchair:/etc/auto.home (in alphabetical order):
 
hz  bed:/optics/heavy:&
 
* As root on armchair
 
cd /var/yp
 
/etc/init.d/SuSEfirewall2_setup stop
 
make
 
/etc/init.d/SuSEfirewall2_setup start
 
passwd hz
 
(you get them to type their password)
 
* You log onto bed and become root.
 
cd /optics/heavy
 
mkdir hz
 
chown hz: hz
 
exit
 
(so you're no longer root) - you're done.
 
  
 
== useradd/groupadd Method ==
 
== useradd/groupadd Method ==
Line 101: Line 41:
 
* Edit ''/etc/auto.home''
 
* Edit ''/etc/auto.home''
 
** Add a line for the new user. This will determine where their home directory is to be stored (armchair, bed or optik, and if on bed, which hard disk)
 
** Add a line for the new user. This will determine where their home directory is to be stored (armchair, bed or optik, and if on bed, which hard disk)
 +
* Edit ''/etc/uonuser''
 +
** Add a line for the new user which is ''<apg_username>:<uonusername>''. This makes printing work.
 +
 
* As root on armchair:
 
* As root on armchair:
  cd /var/yp
+
  make -C /var/yp
/etc/init.d/SuSEfirewall2_setup stop
+
(to get ypserv to register the new user and group)
make
 
/etc/init.d/SuSEfirewall2_setup start
 
 
  passwd <username>
 
  passwd <username>
 
(get them to type their password)
 
(get them to type their password)
 +
make -C /var/yp
 +
(to update the password according to ypserv)
 
* Log onto the machine where their home directory is going to go
 
* Log onto the machine where their home directory is going to go
 
* Go to the appropriate directory
 
* Go to the appropriate directory
Line 114: Line 57:
 
  exit
 
  exit
 
(so you're no longer root) - you're done.
 
(so you're no longer root) - you're done.
 +
 +
If you change a password for a user that already exists (HINT: Do this on a '''client''' PC, not on a server), then it's possible that
 +
the old password (or no password at all) will be cached on the '''client''' PC, by the
 +
Name Service Cache daemon ''nscd''. Restarting ''nscd'' has no effect. You need to type:
 +
sudo nscd -i passwd
 +
on the client PC (not the server) to "invalidate" the passwd cache.
  
 
== Example ==
 
== Example ==
Line 125: Line 74:
 
  groupadd -g 24127 hz
 
  groupadd -g 24127 hz
 
* You add a user, adding the default group of ''scan'' and additional groups of ''share'' and ''hz'':
 
* You add a user, adding the default group of ''scan'' and additional groups of ''share'' and ''hz'':
  useradd -u 24127 -g 24001 -G share,hz -c "Hoang Zhu" hz
+
  useradd -u 24127 -g 24001 -G share,hz -c "Hoang Zhu" -s /bin/bash hz
 
* You edit /etc/passwd to put the new user in the correct numerical order of UIDs.
 
* You edit /etc/passwd to put the new user in the correct numerical order of UIDs.
 
* You add the following line to armchair:/etc/auto.home (in alphabetical order):
 
* You add the following line to armchair:/etc/auto.home (in alphabetical order):
  hz  bed:/optics/heavy:&
+
  hz  bed:/optics/bed_4tb:&
 
* As root on armchair
 
* As root on armchair
  cd /var/yp
+
  make -C /var/yp
/etc/init.d/SuSEfirewall2_setup stop
 
make
 
/etc/init.d/SuSEfirewall2_setup start
 
 
  passwd hz
 
  passwd hz
 
(you get them to type their password)
 
(you get them to type their password)
 +
make -C /var/yp
 
* You log onto bed and become root.
 
* You log onto bed and become root.
  cd /optics/heavy
+
  cd /optics/bed_4tb
 
  mkdir hz
 
  mkdir hz
 
  chown hz: hz
 
  chown hz: hz
 
  exit
 
  exit
(so you're no longer root) - you're done.
+
(so you're no longer root)
 +
* If the username has existed previously then in order to clear the password cache on the '''client''' PC:
 +
sudo nscd -i passwd
 +
You're done.

Latest revision as of 16:02, 11 April 2019

Back to Linux How-tos

Adding new users to the Applied Optics Linux/Unix system (scripted way)

As root on armchair run;

opg_new_user then make -C /var/yp


To add user to a group after creation run;

adduser <username> <group>; make -C /var/yp

Adding new users to the Applied Optics Linux/Unix system (manual way)

This is a reminder for Steve/Roger/Matt. It's the way Roger does it, using useradd/groupadd and some manual editing where necessary.

useradd/groupadd Method

  • Log onto armchair as root
  • Look at /etc/passwd to find the next available UID:
Range Type
17000-18000 People with existing UIDs on the EEE (James') UNIX system
24000-24099 Special local "system users" (scan, share, etc)
24100-24899 Regular users
24900-24999 Undergrads / MSc / external to EEE (can be temporary)
  • Add a group with the same GID as their UID. This may not be necessary if they are going to be creating a lot of files/directories that others may need to access and are going to have the scan group as their default group (GID 24001). The group name should be the same as their user name.
groupadd -g <GID> <group name>
  • Add a new user with the UID, GID, additional groups and comment (real name) set. Additional groups should be (at the very least) the share group, and (if appropriate) the scan group.
useradd -u <UID> -g <GID> -G <additional,groups> -c "Real Name" <username>
  • Edit /etc/auto.home
    • Add a line for the new user. This will determine where their home directory is to be stored (armchair, bed or optik, and if on bed, which hard disk)
  • Edit /etc/uonuser
    • Add a line for the new user which is <apg_username>:<uonusername>. This makes printing work.
  • As root on armchair:
make -C /var/yp

(to get ypserv to register the new user and group)

passwd <username>

(get them to type their password)

make -C /var/yp

(to update the password according to ypserv)

  • Log onto the machine where their home directory is going to go
  • Go to the appropriate directory
mkdir <username>
chown <username>: <username>
exit

(so you're no longer root) - you're done.

If you change a password for a user that already exists (HINT: Do this on a client PC, not on a server), then it's possible that the old password (or no password at all) will be cached on the client PC, by the Name Service Cache daemon nscd. Restarting nscd has no effect. You need to type:

sudo nscd -i passwd

on the client PC (not the server) to "invalidate" the passwd cache.

Example

  • A new member of Applied Optics wants a log-in. Their name is Hoang Zhu. They will be working over in the SiOS lab
  • You have searched /etc/passwd on armchair and found that there is already someone else in the group with a surname Zhu, but there is no-one else with initials hz.
  • You decide to give them the username hz.
  • They will be doing a lot of work on a shared experiment, and are likely to be saving data a lot in /home/scan/ which will be used by others. You decide to give them the default group of scan.
  • You find the next available UID in the range 24100-24899: 24127.
  • You add a group for them:
groupadd -g 24127 hz
  • You add a user, adding the default group of scan and additional groups of share and hz:
useradd -u 24127 -g 24001 -G share,hz -c "Hoang Zhu" -s /bin/bash hz
  • You edit /etc/passwd to put the new user in the correct numerical order of UIDs.
  • You add the following line to armchair:/etc/auto.home (in alphabetical order):
hz  bed:/optics/bed_4tb:&
  • As root on armchair
make -C /var/yp
passwd hz

(you get them to type their password)

make -C /var/yp
  • You log onto bed and become root.
cd /optics/bed_4tb
mkdir hz
chown hz: hz
exit

(so you're no longer root)

  • If the username has existed previously then in order to clear the password cache on the client PC:
sudo nscd -i passwd

You're done.