[OpenAFS] creating and deleting user accounts
Lewis, Dave
LEWIS@NKI.RFMH.ORG
Tue, 28 Feb 2012 20:22:31 -0500
Hi,
I got some errors while creating a new account for a user whose account
I had deleted. (The reason I deleted it was that I needed to re-create
the account with a different UID.)
I used 'uss add' and a template file for account creation and 'uss
delete' for account removal. I know that uss is deprecated, but 'uss
add' always works for me (with -skipauth), and I got 'uss delete' to run
without errors. I don't know if the errors I got had to do with uss.=20
The account was created, but it's empty. (Normally there are other
files, e.g. skel files and a Backup directory.) I can see the home
directory on some computers but not others ("No such device"). I'm not
sure what to do next.
I redid everything with a test account to make sure, and I have details
(sorry for the length of this email, but I don't know what to leave
out):
CentOS release 5.6 (Final)
2.6.18-238.12.1.el5
openafs-1.4.14.1-el5.1
-> These are for the servers and the workstations
The first time I created the account, everything went fine:
------------------------------------
lister # /usr/sbin/uss add moe "Moe Howard Test" -admin admin -skipauth
-uid 990 -verbose
No cell specified; assuming 'cabi.rfmh.org'.
[Skip Kaserver option - Checking of user name in Authentication DB not
done]
Using template '/afs/cabi.rfmh.org/common/uss/uss.template'
Adding user 'moe' to the Protection DB
[Presetting uid to 990]
The uid for user 'moe' is 990
[Skip Kaserver option - Adding of user moe in Authentication DB not
done]
Picking dir w/minimum number of entries: '/afs/.cabi.rfmh.org/usr'
debug: $AUTO =3D /afs/.cabi.rfmh.org/usr
Creating volume 'user.moe' on server 'gozer.rfmh.org', partition
'/vicepc'
Setting disk quota on volume mounted at '/afs/.cabi.rfmh.org/usr/moe' to
2000000 blocks
Setting ACL: '/afs/.cabi.rfmh.org/usr/moe admin all'
Building directory '/afs/.cabi.rfmh.org/usr/moe/temp'; owner: '990',
ACL:
'system:administrators all moe all system:authuser write '
Setting ACL: '/afs/.cabi.rfmh.org/usr/moe/temp admin all'
Building directory '/afs/.cabi.rfmh.org/usr/moe/public_html'; owner:
'990',
ACL: 'system:administrators all moe all system:anyuser read '
Setting ACL: '/afs/.cabi.rfmh.org/usr/moe/public_html admin all'
Installing '/afs/.cabi.rfmh.org/usr/moe/.bash_profile'
Installing '/afs/.cabi.rfmh.org/usr/moe/.bashrc'
Installing '/afs/.cabi.rfmh.org/usr/moe/.bash_logout'
Echoing to '/afs/.cabi.rfmh.org/temp/passwd_moe'
[Skip Kaserver option - Checking of user name in Authentication DB not
done]
[Skipping Kaserver as requested]
Running '/usr/sbin/vos release user'
Released volume user successfully
Running '/usr/sbin/vos backup user.moe'
Created backup volume for user.moe
Running '/usr/bin/fs mkmount /afs/.cabi.rfmh.org/usr/moe/Backup
user.moe.backup'
Setting link '/afs/cabi.rfmh.org/common/idl' to
'/afs/.cabi.rfmh.org/usr/moe/idl'
Setting ACL: '/afs/.cabi.rfmh.org/usr/moe/public_html
system:administrators
all moe all system:anyuser read '
Setting ACL: '/afs/.cabi.rfmh.org/usr/moe/temp system:administrators all
moe
all system:authuser write '
Setting ACL: '/afs/.cabi.rfmh.org/usr/moe system:administrators all moe
all
system:authuser rl '
lister # pts listentries |grep moe
moe 990 -204 1
lister # vos listvldb | grep moe
user.moe
lister # cd /afs/cabi/usr
lister # ls -dl moe
drwxrwxrwx 4 990 root 2048 Feb 28 11:44 moe
lister # ls -la moe
total 18
drwxrwxrwx 4 990 root 2048 Feb 28 11:44 .
drwxrwxrwx 2 root root 6144 Feb 28 11:44 ..
drwxrwxrwx 4 990 root 2048 Feb 28 11:44 Backup
-rwxr-xr-x 1 990 root 367 Feb 28 11:44 .bash_logout
-rwxr-xr-x 1 990 root 359 Feb 28 11:44 .bash_profile
-rwxr-xr-x 1 990 root 304 Feb 28 11:44 .bashrc
lrwxr-xr-x 1 bin root 29 Feb 28 11:44 idl ->
/afs/cabi.rfmh.org/common/idl
drwxr-xr-x 2 990 root 2048 Feb 28 11:44 public_html
drwxrwxrwx 2 990 root 2048 Feb 28 11:44 temp
lister # fs lsmount moe
'moe' is a mount point for volume '#user.moe'
lister # fs lsmount moe/Backup
'moe/Backup' is a mount point for volume '#user.moe.backup'
(I also created a Kerberos V account.)
Then I said oops, I also need to give the user an account on another
(non-AFS) system with the same UID, and the UID I had chosen had been
taken on that other system when I wasn't looking.
So I decided to delete the user's account in AFS and then re-create it
with another UID. The deletion went OK, and I double-checked that the
account and everything associated with it that I knew about was gone. =20
Also for some unknown reason I started running commands on a different
computer.
Deletion of user account
------------------------
gozer # fs rmmount /afs/.cabi.rfmh.org/usr/moe/Backup
When I specify the mount point in 'uss delete' it always gives an error:
gozer # uss delete moe -mountpoint /afs/.cabi.rfmh.org/usr/moe -admin
admin -skipauth -dryrun
s: Volume 'uss' (ID 7033504) exists on multiple servers!!
-- so I decided to remove the mount point beforehand:
gozer # fs rmmount /afs/.cabi.rfmh.org/usr/moe
gozer # vos listvldb | grep moe
user.moe
gozer # pts listentries | grep moe
moe 990 -204 1
gozer # uss delete moe -admin admin -skipauth
gozer # pts listentries | grep moe
gozer # vos remove gozer c user.moe -verbose
user.moe
RWrite: 536875419 Backup: 536875421
number of sites -> 1
server gozer.rfmh.org partition /vicepc RW Site
Trying to delete the volume 536875419 ... done
Trying to delete the backup volume 536875421 ... done
Marking the readwrite volume 536875419, and its backup volume, deleted
in the
VLDB
Last reference to the VLDB entry for 536875419 - deleting entry
Volume 536875419 on partition /vicepc server gozer.rfmh.org deleted
gozer # vos listvldb | grep moe
gozer # vos listvol gozer |grep moe
gozer #
gozer # vos release user
Released volume user successfully
gozer # ls -dl /afs/cabi/usr/moe
ls: /afs/cabi/usr/moe: No such file or directory
So it looked like the user was removed completely.
Creation of the user account with another UID
---------------------------------------------
First, I ran a dry run -- everything looked fine.=20
But I got errors when I really ran it:
gozer # /usr/sbin/uss add moe "Moe Howard Test" -admin admin -skipauth
-uid 991 -verbose
No cell specified; assuming 'cabi.rfmh.org'.
[Skip Kaserver option - Checking of user name in Authentication DB not
done]
Using template '/afs/cabi.rfmh.org/common/uss/uss.template'
Adding user 'moe' to the Protection DB
[Presetting uid to 991]
The uid for user 'moe' is 991
[Skip Kaserver option - Adding of user moe in Authentication DB not
done]
Picking dir w/minimum number of entries: '/afs/.cabi.rfmh.org/usr'
debug: $AUTO =3D /afs/.cabi.rfmh.org/usr
Creating volume 'user.moe' on server 'gozer.rfmh.org', partition
'/vicepc'
Setting disk quota on volume mounted at '/afs/.cabi.rfmh.org/usr/moe' to
2000000 blocks
/usr/sbin/uss: No such device while setting disk quota
Building directory '/temp'; owner: '991', ACL: 'system:administrators
all moe all system:authuser write '
Setting ACL: '/temp admin all'
/usr/sbin/uss: server or network not responding while getting access
list for /temp
Building directory '/public_html'; owner: '991', ACL:
'system:administrators all moe all system:anyuser read '
Setting ACL: '/public_html admin all'
/usr/sbin/uss: server or network not responding while getting access
list for /public_html
Installing '/.bash_profile'
Installing '/.bashrc'
Installing '/.bash_logout'
Echoing to '/afs/.cabi.rfmh.org/temp/passwd_moe'
[Skip Kaserver option - Checking of user name in Authentication DB not
done]
[Skipping Kaserver as requested]
Running '/usr/sbin/vos release user'
Released volume user successfully
Running '/usr/sbin/vos backup user.moe'
Created backup volume for user.moe
Running '/usr/bin/fs mkmount /afs/.cabi.rfmh.org/usr/moe/Backup
user.moe.backup'
fs: mount points must be created within the AFS file system
/usr/sbin/uss: Template file, line 33: Failed to run the '/usr/bin/fs
mkmount /afs/.cabi.rfmh.org/usr/moe/Backup user.moe.backup' command:
Success
Setting link '/afs/cabi.rfmh.org/common/idl' to '/idl'
[Entry exists, NOT overwriting it]
The errors I see are:
/usr/sbin/uss: No such device while setting disk quota
/usr/sbin/uss: server or network not responding while getting access
list for /temp
/usr/sbin/uss: server or network not responding while getting access
list for /public_html
Setting link '/afs/cabi.rfmh.org/common/idl' to '/idl'
[Entry exists, NOT overwriting it]
The account was created, but I can't see the home directory on computer
gozer:
gozer # pts listentries | grep moe
moe 991 -204 1
gozer # vos listvldb | grep moe
user.moe
gozer # vos listvol gozer | grep moe
user.moe 536875422 RW 2 K On-line
user.moe.backup 536875424 BK 2 K On-line
gozer # fs lsmount /afs/.cabi.rfmh.org/usr/moe
'/afs/.cabi.rfmh.org/usr/moe' is a mount point for volume '#user.moe'
gozer # ls -la /afs/.cabi.rfmh.org/usr/moe
ls: /afs/.cabi.rfmh.org/usr/moe: No such device
gozer # fs la /afs/.cabi.rfmh.org/usr/moe
fs: File '/afs/.cabi.rfmh.org/usr/moe' doesn't exist
gozer # vos syncvldb gozer
VLDB synchronized with state of server gozer
gozer # vos syncvldb inara
VLDB synchronized with state of server inara
gozer # vos syncvldb hathor
VLDB synchronized with state of server hathor
gozer # vos syncserv gozer
Server gozer synchronized with VLDB
gozer # vos syncserv inara
Server inara synchronized with VLDB
gozer # vos syncserv hathor
Server hathor synchronized with VLDB
gozer # ls -la /afs/.cabi.rfmh.org/usr/moe
ls: /afs/.cabi.rfmh.org/usr/moe: No such device
But I can see the home directory on some other computers, and it's
empty:
rimmer $ ls -a /afs/.cabi.rfmh.org/usr/moe
=2E/ ../
rimmer $ ls -a /afs/cabi.rfmh.org/usr/moe
=2E/ ../
rimmer $ fs la /afs/.cabi.rfmh.org/usr/moe
Access list for /afs/.cabi.rfmh.org/usr/moe is
Normal rights:
system:administrators rlidwka
rimmer $ fs lq /afs/.cabi.rfmh.org/usr/moe
Volume Name Quota Used %Used Partition
user.moe 5000 2 0% 32%
Last night when I created the user account, I got "No such device"
errors when trying to access the home directory on some computers. The
errors remained after I did syncvldb and syncserv and after I ran fs
flush commands. But when I checked this morning, there were no errors
accessing the home directory. Hopefully that will be true of this test
account.
In case anyone wants to see the uss template file, here it is:
--------------------------------------------------------------
# the available grouping directories (there can be more G lines)
G /afs/.cabi.rfmh.org/usr
# home volume/directory
V user.$USER gozer.rfmh.org /vicepc 2000000 $AUTO/$USER $UID
system:administrators all $USER all system:authuser rl
# temp subdirectory in home directory for simple file sharing
D $MTPT/temp 0777 $UID system:administrators all $USER all
system:authuser write
# public_html for the personal web page
D $MTPT/public_html 0755 $UID system:administrators all $USER all
system:anyuser read
# files copied from prototypes
F $MTPT/.bash_profile 0755 $UID /afs/cabi.rfmh.org/common/uss
F $MTPT/.bashrc 0755 $UID /afs/cabi.rfmh.org/common/uss
F $MTPT/.bash_logout 0755 $UID /afs/cabi.rfmh.org/common/uss
# create a one-line password entry in /tmp/passwd_<user> file
E /afs/.cabi.rfmh.org/temp/passwd_$USER 0644 root
"$USER:X:$UID:5000:$NAME:/afs/cabi.rfmh.org/usr/$USER:/bin/bash
# password/authentication checks for the user
A $USER 250 reuse 100 00:00:30
# release user volume
X "/usr/sbin/vos release user"
# create user backup volume and mount it
X "/usr/sbin/vos backup user.$USER"
X "/usr/bin/fs mkmount /afs/.cabi.rfmh.org/usr/$USER/Backup
user.$USER.backup"
# no hard links
# L
# symbolic links
S /afs/cabi.rfmh.org/common/idl $MTPT/idl
--------------------------------------------------------------
I'm curious to know what went wrong and how I can avoid it in the
future. But I'd most like to know what to do next.
Can I just set up the user's home directory by hand, i.e. add skel
files, mount the Backup directory, set permissions and quota, etc.?
Or do I need to delete the account again and re-create it in a better
way? (how?)
Thanks very much,
Dave
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
David P. Lewis=20
Center for Advanced Brain Imaging, Division of Medical Physics=20
The Nathan S. Kline Institute for Psychiatric Research=20
140 Old Orangeburg Road, Orangeburg, NY 10962=20
Conserve Resources. Print only when necessary.
IMPORTANT NOTICE: This e-mail is meant only for the use of the intended r=
ecipient. It may contain confidential information which is legally privil=
egedor otherwise protected by law. If you received this e-mail in error o=
r from someone who is not authorized to send it to you, you are strictly =
prohibited from reviewing, using, disseminating, distributing or copying =
the e-mail. PLEASE NOTIFY US IMMEDIATELY OF THE ERROR BY RETURN E-MAIL AN=
D DELETE THIS MESSAGE FROM YOUR SYSTEM. Thank you for your cooperation.