welcome: please sign in

Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment
Last name of the author of the GNU Manifesto

Page Locked

AdminUserSetup

Merge with AddingNewAdmins

1. Adding admin users

2. Disabling admin users

  1. Disable local password on all hosts (sudo usermod -L USER_admin)
  2. Disable local homedir on all hosts (sudo chmod 000 /home/USER_admin)
  3. Remove from /etc/login.restrict on all hosts (that file is present on non-member-login machines)
  4. Remove from /etc/sudoers on all hosts (sudo visudo)
  5. Randomize Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin")
  6. Randomize user.daemon Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon")
  7. Remove all permissions on USER_admin homedir in AFS (fs sa /afs/hcoop.net/user/U/US/USER_ADMIN -clear)
  8. Remove from BOS superuser list ON ALL AFS SERVERS (bos removeuser SERVER USER_admin)

3. Changing system passwords

  1. On all hosts: sudo usermod -p '$1$...md5hash' root
  2. ssh root@ or admin@kvm.hcoop.net, run 'setup', choose S, type in new password twice, choose W. (KVM will reboot to reload pw)

  3. ssh admin@mire-sp.hcoop.net, run 'access update password -u admin', and also 'access get users' to make sure there are no accounts besides 'admin'


CategorySystemAdministration CategoryNeedsWork