MKACCT-TODO 3.06 KB
Newer Older
Kristin Wright's avatar
Kristin Wright committed
1
$Id: MKACCT-TODO,v 1.3 2000-12-05 01:05:20 kwright Exp $
2
3
4
5
6
7
8
9

(We can move this to attic when all the account/user setup stuff is
finished.)

-----------------------------------------------------------------------
STUFF TO SET UP USER ACCOUNTS, DIRECTORIES ON CONTROL AND TESTBED NODES
-----------------------------------------------------------------------

Kristin Wright's avatar
Kristin Wright committed
10
x add installation stuff to makefiles (similar to mkprojdir)
11
12
  for mkacct stuff. all must be setuid root.

Kristin Wright's avatar
Kristin Wright committed
13
14
15
16
17
18
19
x fix UID EUID problem in mkacct

x fix UID EUID problem in mkacct-ctrl

- test rmacct (tested as tu1 and i couldn't ssh uname to testbed nodes;
  i do have to be root for testbed ssh's since there will be
  no ssh keys for other than root - think i just have to change this) 
Kristin Wright's avatar
Kristin Wright committed
20
21
22
23
24
25
26
27
28
29
30
31

- add hooks for mkacct/rmacct into tbrun/end

x rewrite mkacct because it sucks. it uses chpass and a gazillion
  piped shell commands, some of which can be eliminated by using pw
  or built-in shell functions (like chmod(), for example)

x to finish mkacct-ctrl, version 1: 
	x finish pw call in mkacct-ctrl
	x move user dir creation from mkacct to mkacct-ctrl
        x take out su1 calls; its setuid now (tried this but commands
	  executed not as root but as real uid
32

Kristin Wright's avatar
Kristin Wright committed
33
34
35
36
37
x remove user dir tar & removal from rmacct to rmacct-ctrl (see
  note about rmacct-ctrl below); this entails changing call from
  rmuser to pw userdel.

x fix privs in mkacct and rmacct to check that:
38
39
40
41
42
	- the $UID (real user ID)  has group_root in the project OR    
	- $UID = 0
	- the $UID has admin privs
  (currently, only check is that user is root (tbroot works))

Kristin Wright's avatar
Kristin Wright committed
43
44
- bootstrap current users on plastic so they have accounts. 

45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
- add quota call (2-5MB) to /users in mkacct-ctrl

- create a script to modify plastic's exports file on each expt
  creation/deletion to export/unexport /proj/$pid to those nodes
  and HUP mountd. 

- do the same for /user/<users> dirs; called from mkacct.

- create a script to rebuild the tb-user email list. call when a 
	user is added. build from scratch using database fields
     	(general principle for db).

- do rmacct-ctrl: remove accounts from control node; called when
	user removed from database. because there is no 
	form to kill a project now, this can probably wait. 

- check to see where we need to use "lockfile" in mkacct/rmacct stuff. 
	From email:

	> What locking protocol are you folks using?
	> You've got to establish one for each file.
	> Leigh, if one isn't established yet, would you figure one
	> out that can be used consistently?  It probably better use
	> hard links instead of flock(), because paper will be
	> modifying plastic files thru NFS.

	We have no locking protocol right now, except for the node allocation
	stuff in tbprerun.

	I agree about hardlinks. Actually, I use "lockfile" from the procmail
	distribution. Do "man lockfile" on moab. It does the simple hardlink
	trick, and you specify the filename to use as the lock. It has some nice
	options for retries and timeouts. We can just use a copy of that that is
	not setgid mail.

	Lbs

Kristin Wright's avatar
Kristin Wright committed
82
83
- make regexps in mkacct-ctrl use //i convention and allow dashes 
  for projects and experiments. 
84