To Add a User (mortal) to AFS...
Our hypothetical user's username is 'janeuser'
Janeuser's userid is 601, she is a member of group groupid 600.
Janeuser is a Pisces.
- Create a Kerberos principal for them.
- /usr/kerberos/sbin/kadmin -s legionofdoom
- kadmin: addprinc -policy default -randkey -pw janeuser -maxrenewlife 30days
- Add the user to AFS on an AFS server, authenticated as an admin.
- /usr/bin/pts createuser -name janeuser -id 601 -cell nick.gs.washington.edu
- Be certain to user the Genome Sciences departmental userid.
- /usr/bin/pts adduser -user janeuser -group nickers
- Create the user's home directory AFS volume.
Set home directory permissions. (ie. ACL - Access Control List)
- /usr/sbin/vos create -name user.janeuser -server someafsserver.gs.washington.edu -partition /vicepag -maxquota 0
- user.some_user_name is the convention for home directory voluming names.
- -server specifies which AFS server the volume will reside on.
- AFS partitions are always named using the convention /vicep?? where ?? is two letters.
- -maxquota is where one would set a quota in megabytes. We don't want any quotas so we set it to zero to disable quotas. Note however that there is approximately 9GB limit to the size of an individual AFS volume.
- /usr/bin/fs mkmount /afs/.nick.gs.washington.edu/home/janeuser user.janeuser
- Now mount user volume in read-write AFS volume.
- /usr/sbin/vos release user
- Release the read-write volume to the read-only user volume for world to see.
- /usr/bin/fs setacl /afs/nick.gs.washington.edu/home/janeuser janeuser rlidwka
- chown 601.600 /afs/nick.gs.washington.edu/home/janeuser
- Where 601 is the userid and 600 is the groupid.
- chmod 700 /afs/nick.gs.washington.edu/home/janeuser
TODO: Add instructions for adding user info to LDAP directory to enable logins.