[hcoop/scripts.git] / create-service-user

#!/bin/bash -ex

# create a shared service user, that is not able to use mod_waklog.

# MUST be executed:
#  - on fritz
#  - as a user with an /etc/sudoers line
#  - member of "wheel" unix group on deleuze (FIXME: TRUE?)
#  - while holding tickets for a user who can 'ssh -K' to mire
#     - and is a member of "wheel" on mire
#  - while holding tokens for a user who is:
#     - a member of system:administrator
#     - listed in 'bos listusers fritz'
#  - and who has been set up with Domtool admin privileges by:
#     - running 'domtool-adduser $USER' while holding AFS admin tokens as
#       someone who is already a Domtool admin
#     - running 'domtool-admin grant $USER priv all' as someone who is already a
#       Domtool admin
#       (To bootstrap yourself into admindom:
#         1. Run '/etc/init.d/domtool-server stop' on deleuze.
#         2. Run '/etc/init.d/domtool-slave stop' on all Domtool slave machines
#            (e.g., mire).
#         3. Edit ~domtool/acl, following the example of adamc_admin to grant
#             yourself 'priv all'.
#         4. Run '/etc/init.d/domtool-server start' on deleuze.
#         5. Run '/etc/init.d/domtool-slave start' on all Domtool slave
#            machines.
#         6. Run 'domtool-adduser' as above.)

NEWUSER=$1

if test -z "$NEWUSER"; then
	echo "Invoke as create-user <USERNAME>"
	exit 1
fi

source /afs/hcoop.net/common/etc/scripts/lib/create-user-lib.sh

create_pts_user

create_home_volume

ensure_afs_servers_synced
Commit	Line	Data
abfe84ca CE	1	#!/bin/bash -ex
	2
	3	# create a shared service user, that is not able to use mod_waklog.
	4
	5	# MUST be executed:
	6	# - on fritz
	7	# - as a user with an /etc/sudoers line
	8	# - member of "wheel" unix group on deleuze (FIXME: TRUE?)
	9	# - while holding tickets for a user who can 'ssh -K' to mire
	10	# - and is a member of "wheel" on mire
	11	# - while holding tokens for a user who is:
	12	# - a member of system:administrator
	13	# - listed in 'bos listusers fritz'
	14	# - and who has been set up with Domtool admin privileges by:
	15	# - running 'domtool-adduser $USER' while holding AFS admin tokens as
	16	# someone who is already a Domtool admin
	17	# - running 'domtool-admin grant $USER priv all' as someone who is already a
	18	# Domtool admin
	19	# (To bootstrap yourself into admindom:
	20	# 1. Run '/etc/init.d/domtool-server stop' on deleuze.
	21	# 2. Run '/etc/init.d/domtool-slave stop' on all Domtool slave machines
	22	# (e.g., mire).
	23	# 3. Edit ~domtool/acl, following the example of adamc_admin to grant
	24	# yourself 'priv all'.
	25	# 4. Run '/etc/init.d/domtool-server start' on deleuze.
	26	# 5. Run '/etc/init.d/domtool-slave start' on all Domtool slave
	27	# machines.
	28	# 6. Run 'domtool-adduser' as above.)
	29
	30	NEWUSER=$1
	31
	32	if test -z "$NEWUSER"; then
	33	echo "Invoke as create-user <USERNAME>"
	34	exit 1
	35	fi
	36
	37	source /afs/hcoop.net/common/etc/scripts/lib/create-user-lib.sh
	38
	39	create_pts_user
	40
	41	create_home_volume
	42
	43	ensure_afs_servers_synced