welcome: please sign in

The following 93 words could not be found in the dictionary of 7 words (including 7 LocalSpellingWords) and are highlighted below:
access   accounts   Adding   admin   Administration   Admins   afs   all   also   and   are   besides   bos   Category   Changing   chmod   choose   clear   cpw   daemon   Disable   Disabling   etc   file   from   fs   get   hcoop   home   homedir   hosts   in   is   kadmin   Kerberos   kvm   list   local   login   machines   make   md5hash   member   Merge   mire   Needs   net   New   new   no   non   On   on   or   password   passwords   permissions   present   pw   randkey   Randomize   reboot   reload   Remove   removeuser   restrict   root   run   sa   setup   sp   ssh   sudo   sudoers   superuser   sure   System   system   that   there   tip   to   twice   type   update   user   usermod   users   visudo   wiki   will   with   Work  

Clear message
Edit

AdminUserSetup

Merge with AddingNewAdmins

1. Adding admin users

2. Disabling admin users

  1. Disable local password on all hosts (sudo usermod -L USER_admin)
  2. Disable local homedir on all hosts (sudo chmod 000 /home/USER_admin)
  3. Remove from /etc/login.restrict on all hosts (that file is present on non-member-login machines)
  4. Remove from /etc/sudoers on all hosts (sudo visudo)
  5. Randomize Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin")
  6. Randomize user.daemon Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon")
  7. Remove all permissions on USER_admin homedir in AFS (fs sa /afs/hcoop.net/user/U/US/USER_ADMIN -clear)
  8. Remove from BOS superuser list ON ALL AFS SERVERS (bos removeuser SERVER USER_admin)

3. Changing system passwords

  1. On all hosts: sudo usermod -p '$1$...md5hash' root

  2. ssh root@ or admin@kvm.hcoop.net, run 'setup', choose S, type in new password twice, choose W. (KVM will reboot to reload pw)

  3. ssh admin@mire-sp.hcoop.net, run 'access update password -u admin', and also 'access get users' to make sure there are no accounts besides 'admin'

CategorySystemAdministration CategoryNeedsWork

AdminUserSetup (last edited 2012-09-06 07:12:15 by ClintonEbadi)