Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Include Page
Getting an Account for NIIT Collaborators
Getting an Account for NIIT Collaborators
Include Page
Hosts to Use
Hosts to Use
Include Page
IEPM Wiki Access
IEPM Wiki Access
Include Page
NFS and AFS Access
NFS and AFS Access
Include Page
Escrow access
Escrow access

VPN access

See How to Connect to SLAC VPN

Note you will need to request VPN Usage access.

Include Page
IEPM Network Test Hosts
IEPM Network Test Hosts
Include Page
Logging onto IEPM Hosts
Logging onto IEPM Hosts
Include Page
Sudo Access
Sudo Access
Include Page
IEPM Mailing Lists
IEPM Mailing Lists

Unix/NFS group iepm 

File used to keep track of network group privs.
To see who is in a group use the command
netgroup <group_name>, e.g.
netgroup u-network-management
or
ypmatch <group_name> group
or
ypgroup exam -group iepm
Group 'iepm':
GID: 2087
Comment:
Last modified at Aug 2 15:20:42 2006 by jonl
Owners: cal
Members: akbar, cal, cottrell, cxg, fawad, hasan, iepm,
jerrodw, jiri, maheshkc, rich, ytl

#To add someone to a group use (Jerrod and Les can execute this command):
ypgroup adduser -group iepm -user pinger

# Please keep unix-admin & security notified when changes are needed, e.g. people changing function or moving etc.

#Note that people with privileges need to change their passwords at least every 9 months.

 Unix/AFS group iepm

To see the names of groups and priviledges on a particular directory, issue the command:

fs la <directory>, e.g.

fs la .

or

fs la /afs/slac/g/scs/net/pinger

jerrodw@pinger $ fs la /afs/slac/g/scs/net/pinger/
Access list for /afs/slac/g/scs/net/pinger/ is
Normal rights:
  maint-pkg-netmon rlidwk
  g-scs rlidwka
  system:slac rl
  system:administrators rlidwka
  system:authuser rl
jerrodw@pinger $

To view members of a particular group listed from 'fs la', issue the command:

pts mem <group_name>, e.g.

jerrodw@pinger $ pts mem maint-pkg-netmon
Members of maint-pkg-netmon (id: -4786) are:
  <list of user_id's belonging to this group>
jerrodw@pinger $

To add users to a particular group (only if you have priviledges of course), issue the command:

pts adduser -group <group_name> -user <user_id>

Network Test hosts

Please note that we would like to see network testing, especially WAN testing, done primarily and by convention from machines set aside for that purpose
(e.g. iepm-bw, iepm-resp, pinger), the list of network machines is kept at http://www-iepm.slac.stanford.edu/about/nodes.html

To find out who can logon to a specified host look at the /etc/passwd file on that host, look towards the end for things like
+@u-iepm
and use the netgroup u-iepm command to see who is in the group.
To find out what hosts u-iepm can logon to use:
#65cottrell@pinger:/afs/slac/g/scs/systems/system.info>grep u-iepm */passwd
#bping/passwd:+@u-iepm
#iepm-bw/passwd:+@u-iepm
#iepm-resp/passwd:+@u-iepm
#iepm-sol/passwd:+@u-iepm
#monalisa/passwd:+@u-iepm
#...

Sudo

The sudoers file can be found at:
/afs/slac/package/taylor/prod/base/sudoers
The following lines are in the sudoers file:
# NB: The following two aliases define collections of commands for use
# by members of the IEPM group on all machines and on the network
# trouble-shooting machine, pharlap, respectively. In this context,
# "IEPM group" is not necessarily the same as the NIS group named
# "iepm"; changes to the commands in the two aliases, or to the users
# who should be authorized to use the commands, still need the usual
# approvals.

# Commands authorized for members of the IEPM group on all machines:
Cmnd_Alias IEPM_ALL = NIKHEF_PING,PATHCHAR,PCHAR,PIPECHAR

# Commands authorized for members of the IEPM group on pharlap:
# The addition of PIPECHAR to this list of commands is granted for
# six months only and should be revisted May 28, 2002.
Cmnd_Alias IEPM_PHARLAP = SNOOP,TCPDUMP,NDD,PIPECHAR,KILL

The people in the sudoers file with privileges assigned by these two Cmnd_Alias-es are:
cal, cottrell, cxg.

iepm group: cottrell, warrenm, cal, dougc, cxg, grosso
Pathchar All sudo /afs/slac/g/scs/bin/pathchar
Pchar All sudo /afs/slac/package/netperf/bin/@sys/pchar
Pipechar All sudo /afs/slac.stanford.edu/package/netperf/bin/@sys/pipechar
NIKHEF ping All sudo /afs/slac/package/nikhef/@sys/ping
#Snoop and tcpdump are big security exposures, so please be careful with their use.
#Probably a good idea to notify security (email just before you start) if you are
#going to use snoop and/or tcpdump
Snoop Pharlap sudo snoop
Tcpdump Pharlap sudo /afs/slac/package/netperf/bin/@sys/tcpdump

u-network-management: warrenm, cottrell, kmartell, cal, cxg, grosso, janewei, gtb
ssh All

maint-pkg-nikhef: cxg, warrenm, dougc

The following have /usr/sbin/ndd -set privs and sudo kill (via
cmd macro IEPM_PHARLAP) on pharlap (7/19/01):

cal, cottrell, cxg

Account iepm has sudo kill with no password on pharlap (12/14/01)

cottrell also has ndd -set for evagore (11/21/01)

iepm has pipechar with no password on pharlap and antonia (11/28/01)