Service Desk Knowledgebase: User Accounts and Groups: Difference between revisions

This is the User Accounts and Groups content page of the CL Wiki Service Desk Knowledgebase. Its purpose is to provide information to the Service Desk team on how to handle problems and requests about this CL service. If you are involved with the provision of this CL service please feel free to add to the knowledge about that it.

If CL staff need to tell the Service Desk team about problems with this service please email
sys-admin-aside@cl.cam.ac.uk.

Return to the Service Desk Knowledgebase SERVICE PORTFOLIO

Key Service Description & URLs

• An Introduction to the Computing Facilities at the Computer Laboratory
• Computer Laboratory News (Twitter use @UC_CL_SysAdm)

CL Customer Documentation

• Password Complexity & Linux "Authentication token manipulation error"
• The New Person Details Form (for PI or host of all new staff and long-term visitors) is at https://dbwebserver.ad.cl.cam.ac.uk/Administration/Visitors/ArrivalDetails.aspx

CL SysInfo Documentation

• http://www.wiki.cl.cam.ac.uk/clwiki/SysInfo/HelpDesk/Users - User management tasks

People

• Lookup CL Staff & Students

There's also:

• http://www.lookup.cam.ac.uk/
• http://www.cl.cam.ac.uk/~CRSid
• Staff and Fellows
• Students and Assistants
• Recent Alumni (3 years)
• Visitors (Admin Database Notes)
• Staff List (Admin Database Notes)
• Jackdaw

Underpinning Services

• ??? - Any supporting or underpinning services

Customer-base for this Service

• All students and staff of the Computer Laboratory

Costs

• Free to all current students and staff of the Computer Laboratory

SLA

• N/A

Service Desk Call Handling Procedure

• RT tickets can be escalated to a Sys-Admin expert by having the Queue to Sys-Admin with the Owner set to Nobody the Status to New. Tell the requestor:
  I am passing this request over to a Sys-Admin expert who, I'm sure, will be in contact shortly.

Accounts

CL Account creations are carried out via the SCG website, they normally are added automatically via the arrivals process.

Note that Reception can do UIS account requests.

Part 1: Email: "Outstanding accounts to create for people arriving" or
"Account creation request for <CRSid> arriving <date>"

Sent into RT from <gt19@cl.cam.ac.uk> from https://dbwebserver.ad.cl.cam.ac.uk/Administration/Visitors/ArrivalDetails.aspx

If this is the first time you have carried out this procedure, then first set the printer to lime and click Save in the configuration settings.

Either:

• Copy CRSid and go to https://dbwebserver.ad.cl.cam.ac.uk/scg/UserAdmin/UserAdministration.aspx and use Find User: CRSid [Lookup].
• If no matching record click [Add New User], paste CRSid

or in the email:

• Click https://dbwebserver.ad.cl.cam.ac.uk/SCG/UserAdmin/UserAdminNewUser.aspx?crsid=CRSid to create new account

and then:

1. With the CRSid in Enter CRSID for new User, click [Validate] to pull in details
2. Check Full Name entered
3. Anyone in an Outstanding accounts to create for people arriving email will be an incoming person and should be on the office list at the point in time the discretionary status comes up for review so set Discretionary Use Status: to Account for new user who should be on office list by review date and click [Create Account] (with Print form? ticked)
4. Update RT ticket with comment "Account creation started." and save with the status of "Open" - it is then clear that it is being worked on and awaiting a "Part 2"
5. The process then updates the AD, email forwarding, LDAP entries and ends with another email coming in to RT in about 30 minutes (see Part 2)

Part 2: Email: "Create home directories for new users"

Sent into RT from <gt19@cl.cam.ac.uk>

[NOTE: See http://www.wiki.cl.cam.ac.uk/clwiki/SysInfo/HelpDesk/Users/Adduser and the actual contents of the individual email]

When a new RT ticket comes in with the subject Create home directories for new users it should be merged with the earlier associated Outstanding accounts to create for people arriving RT ticket for the user.

First access the privileged machine laira with PuTTY using:

1. Make sure Pageant.EXE is running and has your private key - by double clicking on CL.ppk or similar.

2. Use PuTTY and go to the CL's slogin-serv.cl.cam.ac.uk

3. Make the PuTTY window longer.

4. Type kinit & press [Enter]

5. Enter your CL Password for CRSid@AD.CL.CAM.AC.UK & press [Enter]

6. Type ssh -K laira & press [Enter] to go to the privileged machine laira

then...

8. At the laira:~$ prompt use the actual commands included in the Create home directories for new users email which look similar to: sudo ssh elmer wcc -s CRSid

9. If requested,give your CL [sudo] password for CRSid: & press [Enter]

10. Check that the string "cifsuser" is NOT shown for the user(s) listed in the email the ouput like this:

 (NT - UNIX) account name(s):  (CL.CAM.AC.UK\vv274 - vv274)
       ***************
       UNIX uid = 3472
       user is a member of group vv274 (3472)
       user is a member of group vv274 (3472)
 
       NT membership
               CL.CAM.AC.UK\vv274
               CL.CAM.AC.UK\Domain Users
               BUILTIN\Users
       User is also a member of Everyone, Network Users,
       Authenticated Users
       ***************

If (CL.CAM.AC.UK\CRSid - cifsuser) is shown then wait...

11. Then use the two commands from the email that look like:
cd /usr/groups/admin/users
./makehomedir CRSid UID $PARTITION
to make their home directory.

12. Then copy and paste the two commands:
cd /usr/groups/admin/netapp/conf-elmer
co -l quotas
and [Enter] and you should see

 RCS/quotas,v  -->  quotas
 revision 1.2182 (locked)
 done

which is fine.

13. Edit the quotas file to add a default entry, checking that the number for the partition in user@/vol/vol1/homes-$PARTITION matches with the ./makehomedir CRSid UID $PARTITION partition number used above. To do that use vi quotas and [Enter] to edit the file and:

• /Actual user quotas and [Enter] to search for the right area
• Use Ctrl+F and the arrow keys move down to the CRSid user@/vol/vol1/homes-$PARTITION line for CRSid alphabetically before the new user
• Use Shift+A to enter --INSERT-- mode at the end of that line
• Press [Enter] then insert the new line
• Using spaces put in

 CRSid                 user@/vol/vol1/homes-$PARTITION    50G      1M

• [Esc] out of --INSERT-- mode
• :wq and [Enter] to write the file and quit vi

GENERAL NOTES on vi
Note: Best to press <escape> before using these to put you back in "command" mode rather than editing

• /string and [Enter] (search for the string)
• /^<char> and [Enter] (search for character char at the start of a line)
• : for command prompt
• :1 to go to line 1
• :wq and [Enter] is write & quit
• :q! and [Enter] is quit without writing (if you mess up!)
• :help and [Enter] for help
• Arrow-keys scroll around text
• Ctrl+F to page-Forward through text
• Ctrl+B to page-Back through text
• Shift+A to go into -- INSERT -- mode at end of line
• i to go into -- INSERT -- mode at the cursor
• Shift+R to enter -- REPLACE -- or "Overtype" mode
• [Esc] escape out of -- INSERT -- & -- REPLACE -- mode
• u undo last change
• dd deletion (if pressed twice the object is the current line)
• U undelete (to undelete the last deletion)
• P paste (to paste the last delete)
• w move forward by a word (a word is any string - this includes white space)

14. rcsdiff quotas and [Enter] to check what changes have actually been made

15. ci -u quotas and [Enter] to check-in and add a comment of the RT ticket number e.g. RT #94171 then [Enter] and exit with .[Enter]

16. Then copy & paste the two commands:
cd /usr/groups/admin/netapp
make maintain

and press [Enter] - It takes couple of minutes and you will then see things like:

 elmer: quota resize vol9 done
 elmer: quota resize vol10 done

17. Then copy & paste the two commands:
cd /global/src/etc/amd.conf
make inst
and press [Enter] then give your CL [sudo] password for CRSid: & press [Enter] if requested. You will see:

 localhost: updating host localhost
 localhost: maps: updating
 localhost: updating of localhost finished
 -r--r--r--. 1 root root 206 Feb 17  2004 /anfs/master/dist/all/etc/amd.conf/maps

18. Use exit and [Enter] to close down PuTTY

19. Copy the output from PuTTY and paste it into an RT comment as a record of what was done.

20. In RT put in a second comment of Print out of password now at reception on "lime" and set the status to resolved and the owner as nobody.

Quota Increases

For individuals

Approval: "Bigdisk" quotas can be increased on request up to 250Gb. Home quotas up to 100Gb. Anything else needs to be escalated as above for approval.

1. Make sure Pageant.EXE is running and has your private key - by double clicking on CL.ppk or similar.

2. Use PuTTY and go to the CL's slogin-serv.cl.cam.ac.uk

3. Make the PuTTY window longer.

4. Type kinit & press [Enter]

5. Enter your CL Password for CRSid@AD.CL.CAM.AC.UK & press [Enter] - Note: upper case AD.CL.CAM.AC.UK

6. Type ssh -K laira & press [Enter] to go to the privileged machine laira

7. If requested give your CL [sudo] password for CRSid: & press [Enter]

8. At the laira:~$ prompt copy and paste the two commands:
cd /usr/groups/admin/netapp/conf-elmer
co -l quotas
and [Enter] and you should see

 RCS/quotas,v  -->  quotas
 revision 1.2182 (locked)
 done

which is fine.

9. Edit the quotas file to update the existing entry using vi quotas and [Enter] and:

• /CRSid and [Enter] (to search for a CRSid) with user@/vol/vol5/scr-1 area for Bigdisk quotas or user@/vol/vol1/homes-$PARTITION area for Home quotas (the number for $PARTITION will vary)
• Arrow-key to be directly over the top of the quota numbers you want to change.
• Use Shift+R to enter -- REPLACE -- or "Overtype" mode
• Edit the quota figures on the end of the line like

 vrw10 user@/vol/vol5/scr-1 100G  100K

or

 vrw10 user@/vol/vol1/homes-$PARTITION 50G  500K

[NOTE: Text is separated by spaces not tabs]

• [Esc] out of -- REPLACE -- mode
• :wq and [Enter] to write the file and quit vi

Click here for GENERAL NOTES on vi

10. rcsdiff quotas and [Enter] to check what changes have actually been made

11. ci -u quotas and [Enter] to check-in and add a comment of the RT ticket number e.g. RT #94171 then [Enter] and exit with .[Enter]

12. Then copy & paste the two commands:
cd /usr/groups/admin/netapp
make maintain

and press [Enter] - It takes couple of minutes and you will then see things like:

 elmer: quota resize vol9 done
 elmer: quota resize vol10 done

For groups

Based on the guidelines on Computer Lab RT#95305 from Graham Titmus (16/04/15)

Click here for GENERAL NOTES on vi

The quotas are in the same file as the User quotas, but earlier on in the file.
Providing the requester is an SRA, it is reasonable to accept a request for a larger group quota.

1. Attach to Laira as outlined in the instructions for an individual's quotas ("For individuals" following steps 1-8).
2. Go to the Filer configuration directory (cd /usr/groups/admin/netapp/conf-elmer)
   and unlock the quotas file (co -l quotas).
3. To find which group to increase, run the command df (to see the disk mount-path). Alternatively use the command "grep group exports".
   e.g. looking for group 'fluphone' reveals the shared folder as 'grp-sr11'
   grep fluphone exports
   /vol/vol3/grp-sr11 -sec=sys,rw=@cl_hosts:www-fluphone:www-cambridgeplus:www-duckplus,root=HOSTLIST(priv_elmer_nosquash),sec=krb5:krb5i:krb5p,rw=128.232.0.0/17
4. Once you have identified the volume to increase (in this example it is grp-sr11), edit the quotas file
   vi quotas
5. Locate the folder configuration line
   e.g. (Note that each "/" in the example search-string - /vol/vol3/grp-sr11 - is prefixed with the "\")
   /\/vol\/vol3\/grp-sr11
6. Once on the line move to the size value (you can use "w" to move a 'word' at a time)
7. When sitting on the current size press "x" to delete the character under the cursor to remove the current number then
   press "i" then enter the new value
8. Once edited to the new value, exit and save the file using ":wq"
9. Check the changes made with "rcsdiff quotas" and [Enter]
10. Check-in the file with "ci -u quotas" and [Enter], then when prompted for a comment with ">>" type the RT ticket number (e.g. RT#94171) then [Enter] and exit with .[Enter]
11. Then copy & paste the two commands:
    cd /usr/groups/admin/netapp
    make maintain
    and press [Enter]
    - this can take a couple of minutes

Copy the resultant screen contents from step 2 to the end, and paste it into the RT ticket as a comment and [Save Changes].

After an increase of this size it is best to escalate to check that the filer has enough spare capacity to provide the space.
Add another comment saying "Please can someone check the space availability for this increase"
Set the Status to "New" and the Owner to "Nobody" then click on [Save Changes]

Add user to a group

Note that: "A request to add a user to a group should be supported by a member of staff in the group."
Follow the procedure at http://www.wiki.cl.cam.ac.uk/clwiki/SysInfo/HelpDesk/Users/AddGroup or select the group in the list at https://dbwebserver.ad.cl.cam.ac.uk/SCG/UnixGroups/UnixGroups.aspx and Enter new member: and [Add User]. Tell the requester:
This has been done but it will take a while before it becomes visible.

Contacts

Primary

• gt19@cl.cam.ac.uk (Goes to Graham Titmus)
• Tel: 34620

Other

• Chris Hadley

Availability

• Monday:
• Tuesday:
• Wednesday:
• Thursday:
• Friday:
• Saturday: Closed
• Sunday: Closed

Additional CL Staff Resources

Hints, Tips & Know Issues

Notes on the Staff List

Vince Woodley (28/01/15)

Some Staff List Positions

• blank = no longer have Computer Laboratory status
• ACS = Advanced Computer Science (MPhil)
• Intern = Working in lab as a summer student.
• RA = Research Assistant
• RARS = Research Assistant registered for a degree
• SRA = Senior Research Associate

---

Categorising Keywords

• User Accounts Groups creation recreation locked out quota conference snapshots