Creating and installing new user RPMs
Added by
Labels:
Add Labels Done
Enter labels to add to this page:
Wait Image
Looking for a label? Just start typing.
Introduction
The following article will describe how to create a new user RPM for deployment on FIM servers. All user accounts should be added using the following methods. We do n
ot directly add accounts to our servers without user RPMs. Our user RPMs are separated into two groups. The user-newusername RPM package will set up the user itself. T
he user-newusername-sudo RPM package will add an existing user to the wheel group for full sudo (root level) access. Typically, the wheel group is reserved for members
of the System Engineering team. If in doubt, consult Rich Horace before adding users to the wheel group.
Where appropriate, replace 'newusername' below with the username for the new user. The standard that we use is first initial, last name; John Smith would be jsmith.
Create initial user account.
1. Log into server as root.
2. useradd -m newusername
3. passwd newusername # (set a temporary password)
4. Contact the new user and ask them to log into server with their temporary password and set a new password. Ask them to run the following commands:
Unable to find source-code formatter for language: shell. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml
# grep 3048 user-*
8. If it's unused, you will use this as your new UID and GID. We are using the same number for UID and GID on our users. If it's already used, continue incrementing by
one until you find an unused UID.
9. vi user-newusername.spec
10. Replace the following underlined values:
Unable to find source-code formatter for language: spec. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml
%define username __USERNAME__
%define uid __UID__
%define gid __GID__
%define md5 __MD5__
11. Write your changes. You've created your spec file.
Build the RPM
1. rpmbuild -ba user-newuser.spec
2. Review the information presented for any errors while creating the RPM.
3. userdel -r newusername
Add the RPM to the FIM repository
1. cp /usr/src/redhat/RPMS/noarch/user-newusername-* /distro/FIM/x86_64/
2. cd /distro/FIM/x86_64/
3. createrepo .
Installing the user RPM on servers
1. Log into the desired server as root.
2. yum clean all
3. yum install user-newusername
4. If full sudo access (root level) is required, you can also install user-newusername-sudo.
Upgrading existing user RPMs on servers to version 1.2
Many of the older RPMs were not separated into user and user-sudo packages, and simply added all users to the wheel group. This is obviously a big security problem, an
d so whenever possible we should upgrade the existing user RPMs on a system to at least version 1.2. The following steps will do that:
Unable to find source-code formatter for language: shell. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml
rpm -qa|grep ^user- > rpmlist
cat rpmlist|awk -F"-" '{print $2}'|sort|uniq > userlist
for x in `cat rpmlist `;do yum -y remove $x;done
for x in `rpm -qa|grep ^user-`;do rpm -e --justdb --nodeps $x;done
for x in `cat userlist `;do groupdel $x;done
for x in `cat userlist `;do yum -y install user-$x;done
rm -f userlist rpmlist
This is a little bit overly complicated, due to bugs in the post install scripts for older RPMs, but it works. The end result of running the above commands is:
1. The user RPM packages are updated to the latest version.
2. Users who were given wheel group access by default from earlier RPMs no longer have this access.
3. It does not install any -sudo packages, leaving only root in the wheel group.
4. Home directories are not touched, and should remain the same before and after this process.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment