Commit a6314dd5 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Obsolete file.

parent a021b9d9
$Id: MKACCT-TODO,v 1.4 2000-12-14 13:33:07 kwright Exp $
(We can move this to attic when all the account/user setup stuff is
finished.)
-----------------------------------------------------------------------
STUFF TO SET UP USER ACCOUNTS, DIRECTORIES ON CONTROL AND TESTBED NODES
-----------------------------------------------------------------------
- write rmacct-ctrl: remove accounts from control node; called when
user removed from database. because there is no
form to kill a project now, this can probably wait.
- test rmacct (tested as tu1 and i couldn't ssh uname to testbed nodes;
i do have to be root for testbed ssh's since there will be
no ssh keys for other than root - think i just have to change this)
- add hook for rmacct to tbend
- bootstrap current users on plastic so they have accounts.
- add quota call (2-5MB) to /users in mkacct-ctrl
- create a script to modify plastic's exports file on each expt
creation/deletion to export/unexport /proj/$pid to those nodes
and HUP mountd.
- do the same for /user/<users> dirs; called from mkacct.
- create a script to rebuild the tb-user email list. call when a
user is added. build from scratch using database fields
(general principle for db).
- check to see where we need to use "lockfile" in mkacct/rmacct stuff.
From email:
> What locking protocol are you folks using?
> You've got to establish one for each file.
> Leigh, if one isn't established yet, would you figure one
> out that can be used consistently? It probably better use
> hard links instead of flock(), because paper will be
> modifying plastic files thru NFS.
We have no locking protocol right now, except for the node allocation
stuff in tbprerun.
I agree about hardlinks. Actually, I use "lockfile" from the procmail
distribution. Do "man lockfile" on moab. It does the simple hardlink
trick, and you specify the filename to use as the lock. It has some nice
options for retries and timeouts. We can just use a copy of that that is
not setgid mail.
Lbs
x make regexps in mkacct-ctrl use //i convention and allow dashes
for projects and experiments.
x add hooks for mkacct into end
x add installation stuff to makefiles (similar to mkprojdir)
for mkacct stuff. all must be setuid root.
x fix UID EUID problem in mkacct
x fix UID EUID problem in mkacct-ctrl
x rewrite mkacct because it sucks. it uses chpass and a gazillion
piped shell commands, some of which can be eliminated by using pw
or built-in shell functions (like chmod(), for example)
x to finish mkacct-ctrl, version 1:
x finish pw call in mkacct-ctrl
x move user dir creation from mkacct to mkacct-ctrl
x take out su1 calls; its setuid now (tried this but commands
executed not as root but as real uid
x remove user dir tar & removal from rmacct to rmacct-ctrl (see
note about rmacct-ctrl below); this entails changing call from
rmuser to pw userdel.
x fix privs in mkacct and rmacct to check that:
- the $UID (real user ID) has group_root in the project OR
- $UID = 0
- the $UID has admin privs
(currently, only check is that user is root (tbroot works))
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment