...
Access to hosts is controlled by netgroup. Only unix-admin can add users to a netgroup (e.g. u-iepm) or change what hosts that the netgroup can access.
grep the files at /afs/slac.stanford.edu/g/scs/systems/system.info/<machine>/taylor.opts.expanded looking for the group, e.g.
| Code Block |
|---|
136cottrell@pinger:~$grep u-iepm /afs/slac/g/scs/systems/system.info/*i*/taylor.opts.expanded
/afs/slac/g/scs/systems/system.info/pinger/taylor.opts.expanded:limit_login=u-iepm
/afs/slac/g/scs/systems/system.info/zpinger/taylor.opts.expanded:limit_login=u-iepm
|
N.b. replacing *i* with * will probably result in /bin/grep: Argument list too long. Also note that as of 9/19/2013 the hosts whose access is controlled by u-iepm are: pinger
...
| Code Block |
|---|
netgroup <group_name>, e.g.
36cottrell@pinger:~>netgroup u-network-management
u-network-management
(-,antony,)
(-,cottrell,)
(-,gcx,)
(-,reuber,)
(-,ytl,)
or
136cottrell@pinger:~$/usr/local/bin/netgroup_adm examine -group u-iepm
notes
# Users authorized to login to all the restricted-login machines
# involved in the IEPM project. Note that cottrell is in
# u-network-management, which is part of u-scs-staff.
hosts
[]
users
["arash", "iepm", "pinger", "ytl", "saqibali", "cottrell"]
owners
["kalim"]
netgroups
[]
exit
.
pid 19732 exit 0 |
The u-iepm group is the one to enable users to logon to the special iepm hosts (in particular pinger.slac.stanford.edu). It can only be updated by unix-admin.u-scs-staff that includes u-bsd-admin, u-network-management, u-security-team, u-tech-coordinators, u-unix-role-accts, u-unix-staff. The command to add someone is netgroup_adm adduser -user cottrell -group u-iepm
NFS file access
NFS file systems such as /nfs/slac/g/net/pinger are exported to netgroup from netfs02, so it is available on all machines in that group. To see the full list of machines that can access these files, you can type:
...