Arusha Project
Sidai (policy)
Sidai how-to, etc.
 
How to..., etc.
User environment
Disk configuration
OS installs
HPUX11 install
Solaris install
Red Hat Linux install
post OS-install
Pre OS-reinstall
ARK boot
user accounts
Compiling/Linking
Distributing password files
Package proto-hosts
Logfile management
Log analysis
Scripting
Version wrapper
Version wrapper
Backups/archiving
Backups/tapeless: rationale
Backups/tapeless: design
Hostname change
Magic keystrokes
Booting tricks
Dead machine!
Root passwords
Removable media
ClearCase install
ClearCase admin
Logical Volume tricks
HP Mirror/UX
Mailman
VNC
 
Hosted by
SourceForge.net Logo

Sidai team: managing user accounts

Creating, deleting, and otherwise managing user accounts in a ``site-at-a-time'' way tends to have many site-specific aspects.

Also, you would hope that many of these tasks are automated; e.g. you could type: ark user create jimmy, and be done with it.

The purpose of this document is two-fold:

  1. To use as a general guide at small-enough sites, where it may be cost-effective to manipulate user-accounts by hand; probably supplemented by something site-specific.

  2. To give ideas/reminders about what needs doing to those creating the automation for same.

Creating user accounts

  1. Create a $ARK_SRC/<team>/user/<person>.xml for the person (if you manage users under ARK).

  2. If you do this sort of thing: edit a host file $ARK_SRC/<team>/host/<machine>.xml to indicate that this person will be its primary user.

  3. Add them to your ``source code'' for your password and group files.

    We follow the practice of giving each person their own group, with the group ID the same as their user ID.

    Be sure the person gets put in any necessary groups.

  4. Add the person to your ``source code'' for your /etc/sudoers file (if you use `sudo').

  5. Specify their home-directory info. If you use dchunks, create a dchunk for their home dir. Otherwise, edit the ``source code'' for whatever turns into your /etc/auto_home automount map...

  6. If ClearCase views should spring to life because of a person's existence (e.g. you have an ``every user has their own view'' setup) and if this requires automount-mappery to take place -- this sometimes happens... -- then set that stuff up now.

  7. If you do the passwd-group, and/or sudo-config, and/or automount-maps packages, this is probably a good time to re-do them...

  8. Does this person need to be in a Samba smbpasswd file?

  9. Are there any Web permissions (e.g. access to particular sets of Web pages) that need to be set up?

  10. Is this person coming in from somewhere that needs to be added to `tcp wrappers' config files, or to firewall config files, or...

  11. Does this person need to be added to any sendmail configuration files (for generics or virtual user tables)?

  12. Does this person need to be put on any mail aliases and/or mailing lists? E.g. sys-* mailing lists, for everyone who has an account?

  13. Does this person need their startup files (.profile, .cshrc, etc.) created?

  14. Does this person need licenses assigned to them? e.g. FrameMaker.

  15. Do you need to do something about e-mail for the person? Possibilities include:
    1. Set them up with e-mail in some normal way.
    2. They shouldn't get e-mail on this system; bounce with impunity.
    3. Ditto, but bounced nicely (``You can reach so-and-so at the address...'')
    4. Mail sent to this system should be forwarded somewhere else.

Zombifying user accounts

ToDo

Deleting user accounts

ToDO

© The Arusha Project, 2000-2003; team: sidai; c/o partain@users.sourceforge.net; revision 1.8, 2004-05-26.