[OpenAFS] "manually" adding AFS accounts

Noel Burton-Krahn noel@bkbox.com
Tue, 23 Sep 2003 11:56:08 -0700


Hi Ron,

"chown" won't give you afs permissions, use "fs setacl" instead:

find /afs/cell.depauw.edu/home/dutch -type d | xargs fs setacl  -acl dutch
all -dir

Also, you have to be careful to keep yourt UNIX uids and AFS uids in sync.
My own add user scripts go like this:
(I keep UNIX accounts in OpenLDAP, passwords in MIT Kerberos V, and files in
OpenAFS)

1. add kerberos principal
2. chose a random uid and gid unique in LDAP
3. add a posix account to LDAP
4. add AFS principal with uid and gid
5. make home directory in OpenAFS
6 fs setacl on home dircetory
7. set up Maildir, public_html, dotfiles, etc.

I've put together an appliance which combines OpenAFS, LDAP, Krb5, and a
bunch of other servers for small-to-mid organizations.  If you'd like to
save yourself some time and hassle setting all this up, please check out
www.bkbox.com.

--Noel


----- Original Message -----
From: "Ron Croonenberg" <ronc@DEPAUW.EDU>
To: <OpenAFS-info@openafs.org>
Sent: Tuesday, September 23, 2003 6:21 AM
Subject: [OpenAFS] "manually" adding AFS accounts


> Hello all,
>
> below is how I try to create an account on AFS
>
> *** start ***
> uss add -user dutch -realname "Ron Croonenberg" -server sunny -uid 1218 \
>     -partition a -template new_uss.staff -admin admin
>
> pts adduser dutch faculty
>
> vos release root.cell
> vos release root.afs
>
> fs setacl /afs/cell.depauw.edu/home/dutch admin all
> fs setacl /afs/cell.depauw.edu/home/dutch -acl system:anyuser l
>
> cp /etc/skel/.bash* /afs/cell.depauw.edu/home/dutch
> cp -r /etc/skel/* /afs/cell.depauw.edu/home/dutch
>
> chown -R dutch.dutch /afs/csc.depauw.edu/home/dutch
> ** end **
>
> then when I login, i get the following
>
> -bash: /home/dutch/.bash_logout: Permission denied
> /usr/X11R6/bin/xauth:  timeout in locking authority file
/home/dutch/.Xauthority
> -bash: /home/dutch/.bash_profile: Permission denied
>
> and when I log out :
>
> -bash: /home/dutch/.bash_logout: Permission denied
>
>
> these are the permissions I can see under Unix :
> drwxrwxrwx    3 dutch    root         2048 Sep 23 13:05 .
> drwxr-xr-x    2 bin      root         8192 Sep 23 12:45 ..
> -rw-r--r--    1 dutch    root           24 Sep 23 13:05 .bash_logout
> -rw-r--r--    1 dutch    root          191 Sep 23 13:05 .bash_profile
> -rw-r--r--    1 dutch    root          124 Sep 23 13:05 .bashrc
> drwxr-xr-x    2 dutch    root         2048 Sep 23 12:49 classes
> -rw-r--r--    1 dutch    root          854 Sep 23 13:05 .emacs
> -rw-r--r--    1 dutch    root          118 Sep 23 13:05 .gtkrc
>
>
> needless to say,   the group dutch is missing
> (and how do I create one)
> I don't see why things like :
> -bash-2.05b$ ls -al
> ls: .bash_logout: Permission denied
> ls: .bash_profile: Permission denied
> ls: .bashrc: Permission denied
> ls: .emacs: Permission denied
> ls: .gtkrc: Permission denied
> total 12
> drwxrwxrwx    3 dutch    root         2048 Sep 23 13:05 .
> drwxr-xr-x    2 bin      root         8192 Sep 23 12:45 ..
>
> happen.
>
>
> abviously I am a rookie,
>
> can anyone shed some light on it for me ?
>
> tia,
>
> Ron
>
>
>
>
============================================================================
>  Ron Croonenberg                     |  Phone: 1 765 658 4761
>  Technology Coordinator              |  Fax:   1 765 658 4732
>                                      |
>  Department of ComputerScience       |  e-mail : ronc@depauw.edu
>  DePauw University                   |
>  Julian Science & Math Center        |
>  602 South College Ave.              |
>  Greencastle, IN  46135              |
>
============================================================================
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>