Commit | Line | Data |
---|---|---|
abfe84ca CE |
1 | #!/bin/bash -ex |
2 | ||
3 | # create a shared service user, that is not able to use mod_waklog. | |
4 | ||
5 | # MUST be executed: | |
6 | # - on fritz | |
7 | # - as a user with an /etc/sudoers line | |
8 | # - member of "wheel" unix group on deleuze (FIXME: TRUE?) | |
9 | # - while holding tickets for a user who can 'ssh -K' to mire | |
10 | # - and is a member of "wheel" on mire | |
11 | # - while holding tokens for a user who is: | |
12 | # - a member of system:administrator | |
13 | # - listed in 'bos listusers fritz' | |
14 | # - and who has been set up with Domtool admin privileges by: | |
15 | # - running 'domtool-adduser $USER' while holding AFS admin tokens as | |
16 | # someone who is already a Domtool admin | |
17 | # - running 'domtool-admin grant $USER priv all' as someone who is already a | |
18 | # Domtool admin | |
19 | # (To bootstrap yourself into admindom: | |
20 | # 1. Run '/etc/init.d/domtool-server stop' on deleuze. | |
21 | # 2. Run '/etc/init.d/domtool-slave stop' on all Domtool slave machines | |
22 | # (e.g., mire). | |
23 | # 3. Edit ~domtool/acl, following the example of adamc_admin to grant | |
24 | # yourself 'priv all'. | |
25 | # 4. Run '/etc/init.d/domtool-server start' on deleuze. | |
26 | # 5. Run '/etc/init.d/domtool-slave start' on all Domtool slave | |
27 | # machines. | |
28 | # 6. Run 'domtool-adduser' as above.) | |
29 | ||
30 | NEWUSER=$1 | |
31 | ||
32 | if test -z "$NEWUSER"; then | |
33 | echo "Invoke as create-user <USERNAME>" | |
34 | exit 1 | |
35 | fi | |
36 | ||
37 | source /afs/hcoop.net/common/etc/scripts/lib/create-user-lib.sh | |
38 | ||
39 | create_pts_user | |
40 | ||
41 | create_home_volume | |
42 | ||
43 | ensure_afs_servers_synced |