Recent Changes - Search:

Disclaimer

edit SideBar

User Accounts

How to add a user account on the UJ Cluster.

The UJ Cluster uses NIS/YP for sharing user information across its nodes. The NIS server is located on the head node, gridvm. The user information for NIS is not taken from the main /etc/passwd, but from files in a separated directory, /etc/yp. For more of the rationale and of how this is done, see Configure User Authentication.

Create a Local User account

Local users get interactive logins on the UIs (osg-ui.grid.uj.ac.za and glite-ui.grid.uj.ac.za) from where they can submit Grid jobs and local jobs.

To create a local users, you must edit the /etc/yp/passwd_local file and add a user entry like

luke:x:513:100:Luke Skywalker (UJPhysics-Astrophysics):/nfs/home/luke:/bin/bash

For the username, there is no strict policy. The surname is the preferred choice, but first name or nickname are fine too. Just make sure that the full name and department/group are specified in the info field, as above.
Use a UID in the range 500 to 2000, and a GID 100.
The home directory of the user must be /nfs/home/username.

Then add a corresponding line in /etc/yp/shadow, using !! instead of the password hash:

luke:!!::0:99999:7:::

Add the user to the appropriate group, for example

ujphysics:x:1000:user1,user2,...,luke

Now run make. The Makefile will merge passwd_local with other password files, make some check, and finally update the NIS databases.

Once the user has been added to the NIS database, you can use apg (from the DAG repository) to generate a random password, and yppasswd to set the user's password:

# apg -m12 -MCSN
Tor`odlubEv5
okWigs7Gluk:
onRi(Kofyik5
Novoig?Greb4
sir7Fravket^
Fantibim:ow0
# sudo yppasswd luke
Password:
Changing NIS account information for luke on gridvm.grid.uj.ac.za.
Please enter root password:
Changing NIS password for luke on gridvm.grid.uj.ac.za.
Please enter new password:
Please retype new password:

(As an alternative, you can use openssl passwd -1 <password> to generate a hash which you can copy in the shadow file.)

Now you can use the mkuser.sh script to create the home directory and the SSH keys:

# sudo ./mkuser.sh luke
Password:
Sorry, try again.
Password:
uid=599(luke) gid=100(users) groups=100(users),1000(ujphysics)
luke:$1$afldkfaewedvokasfasdfwer:513:100::/nfs/home/luke:/bin/bash
## /nfs/home/luke exists; skipping creation and skel
drwxr-x---  14 luke users 20480 Mar 16 20:20 /nfs/home/luke
## setup SSH keys
drwx------   2 luke users  4096 Feb 23 13:38 .
drwxr-x---  14 luke users 20480 Mar 16 20:20 ..
-rw-r--r--   1 luke users  2400 Feb 23 12:57 authorized_keys
-rw-------   1 luke users   668 Feb 23 12:57 id_dsa
-rw-r--r--   1 luke users   611 Feb 23 12:57 id_dsa.pub
-rw-------   1 luke users   537 Feb 23 12:57 identity
-rw-r--r--   1 luke users   341 Feb 23 12:57 identity.pub
-rw-------   1 luke users   883 Feb 23 12:57 id_rsa
-rw-r--r--   1 luke users   231 Feb 23 12:57 id_rsa.pub
## setup mail alias:
luke:		luke@physics.uj.ac.za

At this point the new user account is ready. Remind the user to change his password at the first login.

Edit - History - Print - Recent Changes - Search
Page last modified on April 11, 2009, at 01:52 PM