old-website/docs/execmanual/sysadmin.xml

<?xml version="1.0" encoding="UTF-8"?>
<chapter>
  <title>System Administrator</title>

  <para>The systems administrator position is probably the position
  requiring the largest amount of &quot;ad-hoc&quot; knowledge. In
  particular, there are many decisions related to how the CSC
  computers are run which may not be so obvious from looking at the
  systems themselves.</para>

  <para>For this reason, as sysadmin of the CSC it is of vital
  importance that you not only read this document, but keep it up to
  date as well.</para>

  <sect1>
    <title>Your responsibilities</title>

    <para>According to the constitution, the following are the duties
    of the sysadmin:</para>

    <itemizedlist>
      <listitem>
        <para>to operate any and all equipment in the possession of the Club;</para>
      </listitem>

      <listitem>
        <para> to maintain and upgrade the software on equipment that is
        operated by the Club;</para>
      </listitem>

      <listitem>
        <para>to facilitate the use of equipment that is operated by the Club.</para>
      </listitem>
    </itemizedlist>

    <para>It has become quite regular for the CSC to get new equipment each
    term. The sysadmin is responsible for ensuring this gear gets installed
    and works as intended.</para>
  </sect1>

  <sect1>
    <title>Useful contacts</title>

    <itemizedlist>
      <listitem>
        <para>You can try getting access to the machine room from MFCF/CSCF.
        You probably want to talk to Dave Gawley, <email>dlgawley@cs.uwaterloo.ca</email>.
        He&#39;s been really friendly to the CSC in the past and is a cool guy
        in general.</para>
      </listitem>
    </itemizedlist>
  </sect1>

  <sect1>
    <title>Changing Users</title>
     <para>To alter users and groups please use the cpu command.  cpu is setup
	to use ldap to change any given user or group.</para>
     <itemizedlist>
       <listitem>To change a users group use cpu usermod -G current,groups,new,groups</listitem>
       <listitem>man cpu-ldap</listitem>
       <listitem>cpu groupadd cvs-ceo</listitem>
     </itemizedlist>
  </sect1>
  <sect1>
    <title>Expiring Users</title>

    <para>This procedure is for users that were expired at the end of spring
    2003.</para>

    <orderedlist>
      <listitem>
        <para>login as root on peri (you probably can&#39;t do this, but might
        have access to someone who can..)</para>
      </listitem>

      <listitem>
        <para>Unexpire the account in the ldap database</para>

        <para><prompt>peri# </prompt><userinput>echo username
        |/root/dead-accounts/unexpire.pl</userinput> If this worked, it should
        spit back the username.</para>
      </listitem>

      <listitem>
        <para>Extract home directory onto peri</para>

        <para>extract home directory onto peri mount &#34;Expired /u&#34; on
        sugar (or wherever) copy /$mntpoint/username.tar to somewhere
        accessible to root@peri</para>

        <para>Note: the home directories are not compressed on the CD,
        remember this when &#39;cp&#39; is telling you &#39;username.tgz: no
        such file or directory&#39;. tar (below) doesn&#39;t need &#39;z&#39;
        either. <prompt>peri# </prompt><userinput>tar xf /path/to/username.tar
        -C /u</userinput></para>
      </listitem>

      <listitem>
        <para>Restore mail onto peri </para>

        <para><prompt>peri$ </prompt><userinput>grep username
        /root/dead-accounts/unreadable-accounts</userinput> if the username is
        there, the mbox is on &#34;Expired mail 2&#34; otherwise, the mbox is
        on &#34;Expired mail&#34; mount appropriate CD cd to a temporary
        directory (*not* /var/mail) extract mbox from archive -- on the
        &#34;Expired mail&#34;, this will take a while -- just hit ^C after
        you see the username printed and you&#39;re happy tar has moved on to
        other files.</para>

        <para>(I say &#39;sugar&#39;, but really any machine with a CD
        drive...) <prompt>sugar$ </prompt><userinput>tar jxvf
        /$mntpoint/mail_tar.bz2 username </userinput> (hmm.. I don&#39;t
        remember what the tarball is called on Expired2, maybe the same thing,
        maybe different, but I&#39;m pretty sure this is the filename for
        Expired1. Besides, there&#39;s only one file on the CD, so just
        tab-complete the damn thing :) (probably scp username root@peri: or
        something here) restore mail, appending any mail received since backup
        was made, and preserving permissions on the file. (Note: this
        doesn&#39;t take into account locks -- i.e., stuff might get screwed
        if the account receives mail while one of the below cats is running. A
        message received between the cats simply gets lost.)</para>

        <para> The following commands should also work from another machine if
        the account was on &#34;Expired mail&#34; (i.e., was not in
        ``unreadable-accounts&#39;&#39;). But doing it on peri will always</para>

        <para><prompt>peri#</prompt><userinput>cat /var/mail/username
        &#62;&#62;username</userinput></para>

        <para><prompt>peri#</prompt><userinput>cat username
        &#62;/var/mail/username</userinput></para>
      </listitem>
    </orderedlist>
  </sect1>
</chapter>