Managing users in our AFS test cluster

Now updated for the Pilot system

Adding a new user

We're arranging all users into sub directories according to either their initial (for staff userids) or initial plus first two digits (for student userids). This reduces the amount of work the AFS client has to do when changing into a directory. So, a user with a username of the form 'ascobie' would go into the directory /afs/inf.ed.ac.uk/user/a/ascobie. Student usernames will be done by initial letter and first two digits, so s00123456 would go into /afs/inf.ed.ac.uk/user/s00/s00123456.

At the moment, not all of these top level user directories have been created. See below for notes on how to create one. Once the top level directory exists, you can create a user by doing the following:

/usr/sbin/vos create <server> <partition> user.<username>
fs mkmount -rw /afs/.inf.ed.ac.uk/user/<initial>/<username> user.<username>
/usr/sbin/vos release udir.<initial>
fs checkvolumes
pts createuser <username> -id <uid>
fs sa /afs/inf.ed.ac.uk/user/<initial>/<username> <username> all
fs setquota /afs/inf.ed.ac.uk/user/<initial>/<username> -max 500000
chown <username>.<group> /afs/inf.ed.ac.uk/user/<initial>/<username>
vos backup user.<username>
fs mkmount /afs/inf.ed.ac.uk/user/<initial>/<username>/Yesterday user.<username>.backup
fs mkmount /afs/inf.ed.ac.uk/.backup/user/<initial>/<username> user.<username>.backup

If you're not sure of the server and partition you should be creating the volume on, mail the fileservers-team.

If you want the user to have replicated, on line, mirroring, you need to also do the following:

/usr/sbin/vos addsite <server> <partition> user.<username>
/usr/sbin/vos addsite <mirror-server> <mirror-partition> user.<username>
In order for this to work, the user's home volume must have had its mount point created with the -rw flag. If the mount point isn't rw, then the user's homedirectory will end up being read-only!

Creating a top level user directory

Pick the initial, or initial plus two digits, of the top level directory you require. This will be <dirname> in the following

/usr/sbin/vos create <server> <partition> udir.<dirname>
/usr/sbin/vos addsite <server> <partition> udir.<dirname>
/usr/sbin/vos addsite <roserver> <ropartition> udir.<dirname>
fs mkmount /afs/.inf.ed.ac.uk/user/<dirname> udir.<dirname>
fs sa /afs/.inf.ed.ac.uk/user/<dirname> system:anyuser rl
/usr/sbin/vos release udir
/usr/sbin/vos release udir.<dirname>
fs checkvolumes

You will also need to create the top level directory in the .backup tree. You just need to use mkdir to do this i.e.

mkdir /afs/inf.ed.ac.uk/.backup/user/e

Note that in the above the server hosts both the read write volume, and a read only copy. We've yet to adopt a convention on which fileservers will host these in the long term. Currently, all udir volumes have their r/w copy on phoenix:/vicepa with a r/o replica on sphinx:/vicepa. Give afs-project an email if you want to change this for a volume you're creating.

Adding a user to a group

pts adduser <username> <groupname>

Making a user a systems administrator

Systems administrator privileges are necessary for tasks such as volume management.

You should never add a 'normal' username to any of the systems administration groups. Instead, use the /admin (.admin) instance which all COs should have. If the "<username>.admin" user doesn't exist, select an unused ID from the AFSAdminUids page, update that page to mark the ID as used, and then run:

    pts createuser -name <username>.admin -id <id selected above>

Once this is done (or if it already exists), add the user to the system:administrators group with:

    pts adduser <username>.admin system:administrators

Note that "<username>.admin" also needs to be added to the various UserList files, which can be done via the live/include/openafs-admin-users.h header file (which sets the openafs resource). This use of the openafs resource supersedes the manual editing (with "bos adduser") of the fileserver administration lists (usually the text file /usr/afs/etc/UserList) on every AFS fileserver.

Topic revision: r12 - 09 Jun 2010 - 11:15:56 - RogerBurroughes
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies