commands for groups - raeker/ARC-Wiki-Test GitHub Wiki
When creating a Unix Group for Mcommunity group, they must use the same GID. See below for how to retrive the GID.
If you are given a GID (group ID) number to use, then run this command
$ sudo /usr/sbin/groupadd -g <GID> <group_name>
If you need to create a new group, you will need to know the name the
new group should have, and some description of what it is for. New
groups must use either a GID from MCommunity or one created by the
following script, which will obtain from ITS a unique GID for you. The
script will print the groupadd command you will need to then run. The
description is not used, so far as we can tell, but the ITS API requires
it.
/nfs/turbo/arcts-ops/Shared/utilities/create_gid.sh -n <group_name> -d "<group_description>"
An example of that scripts use is
$ /nfs/turbo/arcts-ops/Shared/utilities/create_gid.sh
Usage
/nfs/turbo/arcts-ops/Shared/utilities/create_gid.sh -n name -d description [-D ] [-h]Must specify both -n [group name] -d [quoted description string]May optionally specify -D turn on debugging -h print this help message
$ /nfs/turbo/arcts-ops/Shared/utilities/create_gid.sh -n arcts-test-group -d "A group to test with"
To add this group to an ARCTS cluster use this command
# sudo groupadd -g 2600272 arcts-test-group
To add a user to a group, use
$ sudo /usr/sbin/usermod -aG <group_name> <uniqname>
To remove user from a group, use
$ sudo /usr/bin/gpasswd -d <uniqname> <group_name>
After adding/removing a user from a group, make sure you run
ansibleSync.sh.
$ sudo /usr/arcts/systems/scripts/ansibleSync.sh
Groups that will be used as mail groups, or will be synchronized with Active Directory need to be created using the MCommunity web interface (Note, https://mcommunityumich.edu/ does not work with Firefox on Windows/Mac). Once that is done, use the following command to get the GID for that group to use in the creation of a Unix Group on Great Lakes, Armis2, etc. Allow 5-15 minutes for the newly created group to propagate to all the LDAP servers.
$ /usr/arcts/systems/scripts/get_ldap_gid <group_name>