Difference between revisions of "Adding new users"
(Added information about clearing the passwd cache (nscd -i passwd)) |
m (More nscd workarounds...) |
||
Line 50: | Line 50: | ||
the old password (or no password at all) will be cached on the '''client''' PC, by the | the old password (or no password at all) will be cached on the '''client''' PC, by the | ||
Name Service Cache daemon ''nscd''. Restarting ''nscd'' has no effect. You need to type: | Name Service Cache daemon ''nscd''. Restarting ''nscd'' has no effect. You need to type: | ||
− | sudo nscd -i passwd | + | sudo /usr/sbin/nscd -i passwd |
− | on the client PC (not the server) to "invalidate" the passwd cache. | + | on the client PC (not the server) to "invalidate" the passwd cache. If this doesn't work, try stopping the nscd service, then logging on, then starting it again: |
+ | sudo /etc/init.d/nscd stop | ||
+ | su <username> | ||
+ | sudo /etc/init.d/nscd start | ||
+ | If ''that'' doesn't work, it's possible that although the password has been updated on the server, ypserv is unaware of this. You can tell if this is the case, by comparing the password hash on the client that is returned by: | ||
+ | ypcat passwd |grep <username> | ||
+ | ...with the password hash for that user in /etc/shadow on the server. If they differ, then: | ||
+ | /etc/init.d/SuSEfirewall2_setup stop | ||
+ | cd /var/yp | ||
+ | make | ||
+ | /etc/init.d/SuSEfirewall2_setup start | ||
+ | ...on the server should fix it. | ||
== Example == | == Example == | ||
Line 82: | Line 93: | ||
(so you're no longer root) | (so you're no longer root) | ||
* If the username has existed previously then in order to clear the password cache on the '''client''' PC: | * If the username has existed previously then in order to clear the password cache on the '''client''' PC: | ||
− | sudo nscd -i passwd | + | sudo /usr/sbin/nscd -i passwd |
You're done. | You're done. |
Revision as of 13:56, 15 November 2011
Back to Linux How-tos
Adding new users to the Applied Optics Linux/Unix system
This is a reminder for Steve/Roger/Matt. It's the way Roger does it, using useradd/groupadd and some manual editing where necessary.
useradd/groupadd Method
- Log onto armchair as root
- Look at /etc/passwd to find the next available UID:
Range | Type |
---|---|
17000-18000 | People with existing UIDs on the EEE (James') UNIX system |
24000-24099 | Special local "system users" (scan, share, etc) |
24100-24899 | Regular users |
24900-24999 | Undergrads / MSc / external to EEE (can be temporary) |
- Add a group with the same GID as their UID. This may not be necessary if they are going to be creating a lot of files/directories that others may need to access and are going to have the scan group as their default group (GID 24001). The group name should be the same as their user name.
groupadd -g <GID> <group name>
- Add a new user with the UID, GID, additional groups and comment (real name) set. Additional groups should be (at the very least) the share group, and (if appropriate) the scan group.
useradd -u <UID> -g <GID> -G <additional,groups> -c "Real Name" <username>
- Edit /etc/auto.home
- Add a line for the new user. This will determine where their home directory is to be stored (armchair, bed or optik, and if on bed, which hard disk)
- As root on armchair:
/etc/init.d/SuSEfirewall2_setup stop cd /var/yp make
(to get ypserv to register the new user and group)
passwd <username>
(get them to type their password)
make
(to update the password according to ypserv)
/etc/init.d/SuSEfirewall2_setup start
- Log onto the machine where their home directory is going to go
- Go to the appropriate directory
mkdir <username> chown <username>: <username> exit
(so you're no longer root) - you're done.
If you change a password for a user that already exists, then it's possible that the old password (or no password at all) will be cached on the client PC, by the Name Service Cache daemon nscd. Restarting nscd has no effect. You need to type:
sudo /usr/sbin/nscd -i passwd
on the client PC (not the server) to "invalidate" the passwd cache. If this doesn't work, try stopping the nscd service, then logging on, then starting it again:
sudo /etc/init.d/nscd stop su <username> sudo /etc/init.d/nscd start
If that doesn't work, it's possible that although the password has been updated on the server, ypserv is unaware of this. You can tell if this is the case, by comparing the password hash on the client that is returned by:
ypcat passwd |grep <username>
...with the password hash for that user in /etc/shadow on the server. If they differ, then:
/etc/init.d/SuSEfirewall2_setup stop cd /var/yp make /etc/init.d/SuSEfirewall2_setup start
...on the server should fix it.
Example
- A new member of Applied Optics wants a log-in. Their name is Hoang Zhu. They will be working over in the SiOS lab
- You have searched /etc/passwd on armchair and found that there is already someone else in the group with a surname Zhu, but there is no-one else with initials hz.
- You decide to give them the username hz.
- They will be doing a lot of work on a shared experiment, and are likely to be saving data a lot in /home/scan/ which will be used by others. You decide to give them the default group of scan.
- You find the next available UID in the range 24100-24899: 24127.
- You add a group for them:
groupadd -g 24127 hz
- You add a user, adding the default group of scan and additional groups of share and hz:
useradd -u 24127 -g 24001 -G share,hz -c "Hoang Zhu" hz
- You edit /etc/passwd to put the new user in the correct numerical order of UIDs.
- You add the following line to armchair:/etc/auto.home (in alphabetical order):
hz bed:/optics/heavy:&
- As root on armchair
/etc/init.d/SuSEfirewall2_setup stop cd /var/yp make passwd hz
(you get them to type their password)
make /etc/init.d/SuSEfirewall2_setup start
- You log onto bed and become root.
cd /optics/heavy mkdir hz chown hz: hz exit
(so you're no longer root)
- If the username has existed previously then in order to clear the password cache on the client PC:
sudo /usr/sbin/nscd -i passwd
You're done.