welcome: please sign in

You can't save spelling words.

Clear message
Page Locked

AdminUserSetup

Merge with AddingNewAdmins

1. Adding admin users

2. Disabling admin users

  1. Disable local password on all hosts (sudo usermod -L USER_admin)
  2. Disable local homedir on all hosts (sudo chmod 000 /home/USER_admin)
  3. Remove from /etc/login.restrict on all hosts (that file is present on non-member-login machines)
  4. Remove from /etc/sudoers on all hosts (sudo visudo)
  5. Randomize Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin")
  6. Randomize user.daemon Kerberos password ON ALL KRB SERVERS (kadmin.local -p YOU_admin -q "cpw -randkey USER_admin/daemon")
  7. Remove all permissions on USER_admin homedir in AFS (fs sa /afs/hcoop.net/user/U/US/USER_ADMIN -clear)
  8. Remove from BOS superuser list ON ALL AFS SERVERS (bos removeuser SERVER USER_admin)

3. Changing system passwords

  1. On all hosts: sudo usermod -p '$1$...md5hash' root
  2. ssh root@ or admin@kvm.hcoop.net, run 'setup', choose S, type in new password twice, choose W. (KVM will reboot to reload pw)

  3. ssh admin@mire-sp.hcoop.net, run 'access update password -u admin', and also 'access get users' to make sure there are no accounts besides 'admin'


CategorySystemAdministration CategoryNeedsWork

AdminUserSetup (last edited 2012-09-06 07:12:15 by ClintonEbadi)