[OpenAFS] "manually" adding AFS accounts
Noel Burton-Krahn
noel@bkbox.com
Tue, 23 Sep 2003 11:56:08 -0700
Hi Ron,
"chown" won't give you afs permissions, use "fs setacl" instead:
find /afs/cell.depauw.edu/home/dutch -type d | xargs fs setacl -acl dutch
all -dir
Also, you have to be careful to keep yourt UNIX uids and AFS uids in sync.
My own add user scripts go like this:
(I keep UNIX accounts in OpenLDAP, passwords in MIT Kerberos V, and files in
OpenAFS)
1. add kerberos principal
2. chose a random uid and gid unique in LDAP
3. add a posix account to LDAP
4. add AFS principal with uid and gid
5. make home directory in OpenAFS
6 fs setacl on home dircetory
7. set up Maildir, public_html, dotfiles, etc.
I've put together an appliance which combines OpenAFS, LDAP, Krb5, and a
bunch of other servers for small-to-mid organizations. If you'd like to
save yourself some time and hassle setting all this up, please check out
www.bkbox.com.
--Noel
----- Original Message -----
From: "Ron Croonenberg" <ronc@DEPAUW.EDU>
To: <OpenAFS-info@openafs.org>
Sent: Tuesday, September 23, 2003 6:21 AM
Subject: [OpenAFS] "manually" adding AFS accounts
> Hello all,
>
> below is how I try to create an account on AFS
>
> *** start ***
> uss add -user dutch -realname "Ron Croonenberg" -server sunny -uid 1218 \
> -partition a -template new_uss.staff -admin admin
>
> pts adduser dutch faculty
>
> vos release root.cell
> vos release root.afs
>
> fs setacl /afs/cell.depauw.edu/home/dutch admin all
> fs setacl /afs/cell.depauw.edu/home/dutch -acl system:anyuser l
>
> cp /etc/skel/.bash* /afs/cell.depauw.edu/home/dutch
> cp -r /etc/skel/* /afs/cell.depauw.edu/home/dutch
>
> chown -R dutch.dutch /afs/csc.depauw.edu/home/dutch
> ** end **
>
> then when I login, i get the following
>
> -bash: /home/dutch/.bash_logout: Permission denied
> /usr/X11R6/bin/xauth: timeout in locking authority file
/home/dutch/.Xauthority
> -bash: /home/dutch/.bash_profile: Permission denied
>
> and when I log out :
>
> -bash: /home/dutch/.bash_logout: Permission denied
>
>
> these are the permissions I can see under Unix :
> drwxrwxrwx 3 dutch root 2048 Sep 23 13:05 .
> drwxr-xr-x 2 bin root 8192 Sep 23 12:45 ..
> -rw-r--r-- 1 dutch root 24 Sep 23 13:05 .bash_logout
> -rw-r--r-- 1 dutch root 191 Sep 23 13:05 .bash_profile
> -rw-r--r-- 1 dutch root 124 Sep 23 13:05 .bashrc
> drwxr-xr-x 2 dutch root 2048 Sep 23 12:49 classes
> -rw-r--r-- 1 dutch root 854 Sep 23 13:05 .emacs
> -rw-r--r-- 1 dutch root 118 Sep 23 13:05 .gtkrc
>
>
> needless to say, the group dutch is missing
> (and how do I create one)
> I don't see why things like :
> -bash-2.05b$ ls -al
> ls: .bash_logout: Permission denied
> ls: .bash_profile: Permission denied
> ls: .bashrc: Permission denied
> ls: .emacs: Permission denied
> ls: .gtkrc: Permission denied
> total 12
> drwxrwxrwx 3 dutch root 2048 Sep 23 13:05 .
> drwxr-xr-x 2 bin root 8192 Sep 23 12:45 ..
>
> happen.
>
>
> abviously I am a rookie,
>
> can anyone shed some light on it for me ?
>
> tia,
>
> Ron
>
>
>
>
============================================================================
> Ron Croonenberg | Phone: 1 765 658 4761
> Technology Coordinator | Fax: 1 765 658 4732
> |
> Department of ComputerScience | e-mail : ronc@depauw.edu
> DePauw University |
> Julian Science & Math Center |
> 602 South College Ave. |
> Greencastle, IN 46135 |
>
============================================================================
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>