Versions Compared

Old Version 12

changes.mady.by.user Les Cottrell

Saved on

compared with

New Version Current

changes.mady.by.user Les Cottrell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Include Page
Getting an Account for NIIT Collaborators
Getting an Account for NIIT Collaborators
Include Page
Hosts to Use
Hosts to Use
Include Page
IEPM Wiki Access
IEPM Wiki Access
Include Page
NFS and AFS Access
NFS and AFS Access
Include Page
Escrow access
Escrow access

VPN access

See How to Connect to SLAC VPN

Note you will need to request VPN Usage access.

Include Page
IEPM Network Test Hosts
IEPM Network Test Hosts
Include Page
Logging onto IEPM Hosts
Logging onto IEPM Hosts
Include Page
Sudo Access
Sudo Access
Include Page
IEPM Mailing Lists
IEPM Mailing Lists

Unix/NFS group iepm 

File used to keep track of network group privs. It use the ypgroup Unix databases

To see who is in a group use the command*

Code Block

netgroup <group_name>, e.g.
36cottrell@pinger:~>netgroup u-network-management
u-network-management
   (-,antony,)
   (-,cal,)
   (-,cottrell,)
   (-,cxg,)
   (-,jerrodw,)
   (-,kmartell,)

or

Code Block

ypmatch <group_name> group
ypmatch <group_name> netgroup, e.g.
35cottrell@pinger:~>ypmatch u-network-management netgroup
(-,antony,)     (-,cal,)        (-,cottrell,)   (-,cxg,)        (-,jerrodw,)    (-,kmartell,)

or

Code Block

ypgroup exam -group iepm
Group 'iepm':
GID:     2087
Comment:
Last modified at Aug  2 15:20:42 2006 by jonl
Owners:  cal
Members: akbar, cal, cottrell, cxg, fawad, hasan, iepm,
jerrodw, jiri, maheshkc, rich, ytl

To add someone to a group use (Jerrod and Les can execute this command):

Code Block

ypgroup adduser -group iepm -user pinger

# Please keep unix-admin & security notified when changes are needed, e.g. people changing function or moving etc.

#Note that people with privileges need to change their passwords at least every 9 months.

 To see which hosts use a netgroup

grep the files at /afs/slac.stanford.edu/g/scs/systems/system.info/<machine>/taylor.opts.expanded looking for the group, e.g.

Code Block

6cottrell@pinger:/afs/slac/g/scs/systems/system.info>grep u-iepm /afs/slac/g/scs/systems/system.info/i*/taylor.opts.expanded
/afs/slac/g/scs/systems/system.info/iepm-bw/taylor.opts.expanded:limit_login=u-iepm
/afs/slac/g/scs/systems/system.info/iepm-resp/taylor.opts.expanded:limit_login=u-iepm

N.b. replacing i* with * will probably result in /bin/grep: Argument list too long. Also note that as of 12/31/06 the hosts whose access is controlled by u-iepm are: iepm-bw, iepm-resp, monalisa, nettest5, and pinger

Unix/AFS groups

Purpose 

 afs path

contact(s) 

 SVN access

 /afs/slac/g/scs/net/netmon/repo/svn

 Cottrell

 

 

 

 

 

 

To see the names of groups and privileges on a particular directory, issue the command

Code Block

fs la <directory>, e.g.
fs la .

or

Code Block

fs la /afs/slac/g/scs/net/pinger

jerrodw@pinger $ fs la /afs/slac/g/scs/net/pinger/
Access list for /afs/slac/g/scs/net/pinger/ is
Normal rights:
&nbsp; maint-pkg-netmon rlidwk
&nbsp; g-scs rlidwka
&nbsp; system:slac rl
&nbsp; system:administrators rlidwka
&nbsp; system:authuser rl

To view members of a particular group listed from 'fs la', issue the command:

Code Block

pts mem <group_name>, e.g.

jerrodw@pinger $ pts mem maint-pkg-netmon
Members of maint-pkg-netmon (id: \-4786) are:
&nbsp; <list of user_id's belonging to this group>

To add users to a particular group (only if you have privileges of course), issue the command

Code Block

pts adduser \-group <group_name> \-user <user_id>

Network Test hosts

Please note that we would like to see network testing, especially WAN testing, done primarily and by convention from machines set aside for that purpose
(e.g. iepm-bw, iepm-resp, pinger), the list of network machines is kept at http://www-iepm.slac.stanford.edu/about/nodes.html

To find out who can logon to a specified host look at the /etc/passwd file on that host, look towards the end for things like
+@u-iepm
and use the netgroup u-iepm command to see who is in the group.
To find out what hosts u-iepm can logon to use:

Code Block

#65cottrell@pinger:/afs/slac/g/scs/systems/system.info>grep u-iepm \*/passwd
#bping/passwd:+@u-iepm
#iepm-bw/passwd:+@u-iepm
#iepm-resp/passwd:+@u-iepm
#iepm-sol/passwd:+@u-iepm
#monalisa/passwd:+@u-iepm
#...

Sudo

The sudoers file can be found at:

Code Block

/afs/slac/package/taylor/prod/base/sudoers

The following lines are in the sudoers file:

Code Block

# NB: The following two aliases define collections of commands for use
# by members of the IEPM group on all machines and on the network
# trouble-shooting machine, pharlap, respectively.  In this context,
# "IEPM group" is not necessarily the same as the NIS group named
# "iepm"; changes to the commands in the two aliases, or to the users
# who should be authorized to use the commands, still need the usual
# approvals.

# Commands authorized for members of the IEPM group on all machines:
Cmnd_Alias IEPM_ALL     = NIKHEF_PING,PATHCHAR,PCHAR,PIPECHAR

# Commands authorized for members of the IEPM group on pharlap:
# The addition of PIPECHAR to this list of commands is granted for
# six months only and should be revisted May 28, 2002.
Cmnd_Alias IEPM_PHARLAP = SNOOP,TCPDUMP,NDD,PIPECHAR,KILL

The people in the sudoers file with privileges assigned by these two Cmnd_Alias-es are: cal, cottrell, cxg.

Code Block

iepm group: cottrell, warrenm, cal, dougc, cxg, grosso
Pathchar	All	sudo /afs/slac/g/scs/bin/pathchar
Pchar		All	sudo /afs/slac/package/netperf/bin/@sys/pchar
Pipechar	All	sudo /afs/slac.stanford.edu/package/netperf/bin/@sys/pipechar
NIKHEF ping	All	sudo /afs/slac/package/nikhef/@sys/ping
#Snoop and tcpdump are big security exposures, so please be careful with their use.
#Probably a good idea to notify security (email just before you start) if you are
#going to use snoop and/or tcpdump
Snoop           Pharlap	sudo snoop
Tcpdump		Pharlap	sudo /afs/slac/package/netperf/bin/@sys/tcpdump

u-network-management: warrenm, cottrell, kmartell, cal, cxg, grosso, janewei, gtb
ssh		All

maint-pkg-nikhef: cxg, warrenm, dougc

The following have /usr/sbin/ndd -set privs and sudo kill (via cmd macro IEPM_PHARLAP) on pharlap (7/19/01):

cal, cottrell, cxg

Account iepm has sudo kill with no password on pharlap (12/14/01)

cottrell also has ndd -set for evagore (11/21/01)

iepm has pipechar with no password on pharlap and antonia (11/28/01)

Mailing lists 

The main mailing list is iepm-group. To get added to this list contact Les Cottrell. To see who is in the group etc. go to majordomo