List of NIS Groups for LCLS:  LCLS

Removing a user of an NIS-Group
The owner of the NIS-Group must perform this operation.
ypgroup removeuser -group <NIS-group name> -user <username>

Listing users of an NIS-Group
ypgroup membership <NIS-group name>

Listing the owner of the NIS-Group
ypgroup listowner -group <NIS-group name>

Listing additional informaiton of NIS-Group
ypgroup examine -group <NIS-group name>

Listing what groups your account is in
groups

Listing the ACL group of a directory 
fs listacl <directory path>

Listing the members of an ACL Group
pts member <ACL-group name>

Adding a user of an ACL Group
The owner of the ACL-Group must perform this operation.
pts adduser -user <username> -group <ACL-group name>

Removing a user of an ACL Group
The owner of the ACL-Group must perform this operation.
pts removeuser -user <username> -group <ACL-group name>

Listing information about the ACL (including the owner)
pts examine <ACL-group name>

AFS Users Guide

/afs/slac/g/www/lcls

Web Area

must be in g-www:g-grp-lcls-users

/afs/slac/g/lcls/cvs /nfs/slac/g/lcls/builder

CVS Repository Development

must be in g-lcls ACL must be in NIS-group lcls, lcls-rtems lcls-softegr, lcls-iocegr

/nfs/slac/g/lcls/epics/ioc/data /nfs/slac/g/lcls/<others>

Writing IOC data

must be in lcls NIS-group,lcls-rtems lcls-softegr,lcls-iocegr must be in lcls NIS-group

/tftpboot/g/lcls

tftp boot area

must be in lcls NIS-grouup must be logged onto tftp host

AFS Account Name	ACL-group	NIS-Group	Uid	Gid	Comments
laci	laci:owner-laci g-laci	xr lcls	8412	1096(xr) 2292(lcls)	This password-less account is used for starting and stopping lcls control system processes.

Who should be added to this shared account?
LCLS Software developers will find it necessary to have access to the laci account. If you are need access to the laci account, please send email to Dayle Kotturi or Stephanie Allison.

Generating a "public rsa key"
Log into your account and issue the following command. Responds to all prompts with a return.

ssh-keygen -t rsa1
Generating public/private rsa key pair.
Enter file in which to save the key (/u/cd/zelazny/.ssh/identity.pub):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /u/cd/zelazny/.ssh/identity.pub.
Your public key has been saved in /u/cd/zelazny/.ssh/identity.pub.

Adding a user to a shared account
The owner of the shared account must perform this operation. Please noet that the authorized_keys file will work only if it is owned by shared account.

1. Add user public rsa key to the shared AFS account authorized keys
cat ~<user_name>/.ssh/identity.pub >> ~<shared account name>/.ssh/authorized_keys

2. Add the user to the ACL group as follows:
pts adduser -user <user name> -group <ACL-group name>

3.  If the user will need to run cron jobs under the shared AFS account and wants to receive email regarding problems with these jobs, edit the file ~<AFS account name>/.forward and add the users to the email list.

Removing a users from a shared account
The owner of the shared account must perform this operation. Please noet that the authorized_keys file will work only if it is owned by shared account.

1. Remove user public rsa key to the shared AFS account authorized keys
cd ~<user_name>/.ssh/identity.pub
pts adduser -user <user name> -group <ACL-group name>
cp authorized_keys authorized_keys.old
cp authorized_keys temp
edit temp to remove the user's ssh key
cat temp >authorized_keys
rm temp

2. Remove the user to the ACL group as follows:
pts removeuser -user <user name> -group <ACL-group name>

3.  Chek the file  ~<AFS account name>/.forward and remove the user from this file if it appears.

Listing the owner of the AFS shared account
$ ypmatch <AFS account name> passwd

Listing the members of the shared account