Note: this blogpost contains notes on several scripts, and is for reference for current or future student sysadmins so that Prof. Anderson won’t have to reexplain these scripts.
“useradd fbaggins” will add files to /etc/passwd and /etc/group, which are “flat” files, but will not update LDAP. The issue we have is that build-in tools for account management, such as useradd, passwd, chsh, etc. will update flat files, but not LDAP files. We want to update LDAP files, too!
A while ago, if an ordinary user changed their password with passwd, their password would have been changed on LDAP. But this is no longer the case.
Here are our scripts:
- password-change
- useradd-students
- ldapaddpasswordentries
For CS classes, after a user fills out the form, a line is added to /tmp/cs110-fall-2012. For example, if Sam Smith fills out the CS form, the following line may be added to /tmp/…:
domain_name passwd full name usage agreement
sam 123ok Sam Smith yes scponly
*If “sam” is not the user’s domain name, there will be problems later in the script.
** Backups of student passwords are located in /root/acctmp/all.
Next, an admin runs the useradd-students script. This creates an account in /etc/accounts/[coursename]. The script chooses a GID and UID for the new account, creates a home directory fo the user and populates it with files (a recursive copy of /etc/skul). The flat files are also updated. (Note that a “snapshot” is taken before updating the flat files so that the program knows which new user entries to add to the database, etc.)
Old users are also processed through useradd-students, which is useful for cases such as when former CS110 students take CS111, etc.
The useradd-students script sets quotas for new users, checks what course a user is in and creates the appropriate drop folders, and eventually emails the user that her account is ready. After looping through all users, the program compares “snapshots” and migrates the new users over to LDAP, putting skipped entries in a skipped file.
We used to only move things to LDAP; flat files used to be removed. Now, however, files are kept in both places.
Now let’s talk about the script (create-course-drop-folders-1) to create drop folders for one user, for instance a user who didn’t sign up and get processed with everyone else (create-coursename-drop-folders is the script for that, and the one that should be used in general). The ownership of the folder is changed to the owner and the course; set-gid ensures that files added to this folder are put in the course group too. This script should not be used much since normally drop folders are created in batches for a class of students.
Next week we’ll be talking about renaming accounts, which is easy to do in flat files but hard in LDAP. We’re talking about this in the first place because of recent problems with passwd-change. Flat and LDAP files are changing on tempest, but not on puma.