Versions Compared

Old Version 1

changes.mady.by.user Les Cottrell

Saved on

compared with

New Version 2

changes.mady.by.user Les Cottrell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Unix/NFS group iepm 

#File File used to keep track of network group privs.
To see who is in a group use the command
netgroup <group_name>, e.g.
netgroup u-network-management
or
ypmatch <group_name> group
or
ypgroup exam -group iepm
Group 'iepm':
GID: 2087
Comment:
Last modified at Aug 2 15:20:42 2006 by jonl
Owners: cal
Members: akbar, cal, cottrell, cxg, fawad, hasan, iepm,
jerrodw, jiri, maheshkc, rich, ytl

#To add someone to a group use (Jerrod and Les can execute this command):
ypgroup adduser -group iepm -user pinger

# Please keep unix-admin & security notified when changes are needed, e.g.

...

people changing function or moving etc.

#Note that people with privileges need to change their passwords
#at at least every 9 months.

Network Test hosts

#Please Please note that we would like to see network testing, especially WAN testing,
#done done primarily and by convention from machines set aside for that purpose
# (e.g. iepm-bw, iepm-resp, pinger), the list of network machines is kept at
#http://www-iepm.slac.stanford.edu/about/nodes.htmlImage Removed

#To To find out who can logon to a specified host look at the /etc/passwd file
#on on that host, look towards the end for things like
# +@u-iepm
#and and use the netgroup u-iepm command to see who is in the group.
#To To find out what hosts u-iepm can logon to use:
#65cottrell@pinger:/afs/slac/g/scs/systems/system.info>grep u-iepm */passwd
#bping/passwd:+@u-iepm
#iepm-bw/passwd:+@u-iepm
#iepm-resp/passwd:+@u-iepm
#iepm-sol/passwd:+@u-iepm
#monalisa/passwd:+@u-iepm
#...

Sudo

 The The sudoers file can be found at:
/afs/slac/package/taylor/prod/base/sudoers
The following lines are in the sudoers file:
# NB: The following two aliases define collections of commands for use
# by members of the IEPM group on all machines and on the network
# trouble-shooting machine, pharlap, respectively. In this context,
# "IEPM group" is not necessarily the same as the NIS group named
# "iepm"; changes to the commands in the two aliases, or to the users
# who should be authorized to use the commands, still need the usual
# approvals.

# Commands authorized for members of the IEPM group on all machines:
Cmnd_Alias IEPM_ALL = NIKHEF_PING,PATHCHAR,PCHAR,PIPECHAR

# Commands authorized for members of the IEPM group on pharlap:
# The addition of PIPECHAR to this list of commands is granted for
# six months only and should be revisted May 28, 2002.
Cmnd_Alias

...

IEPM_PHARLAP = SNOOP,TCPDUMP,NDD,PIPECHAR,KILL

The people in the sudoers file with privileges assigned by these two Cmnd_Alias-es are:
cal, cottrell, cxg.

...