Loading s7nsa_07_users...
useradd -u 1001 -g users -c 'Alice Example' -d /home/alice -s /bin/bash alice useradd -u 1002 -g users -c 'Bob Example' -d /home/bob -s /bin/bash bob useradd -u 1003 -g users -c 'Charlie Example' -d /home/charlie -s /bin/bash charlie
install -d -m 700 -o alice -g users /home/alice install -d -m 700 -o bob -g users /home/bob install -d -m 700 -o charlie -g users /home/charlie
echo 'alice ALL=(ALL:ALL) ALL' >/tmp/sudoers_admins visudo -c -f /tmp/sudoers_admins && \ install -m 440 /tmp/sudoers_admins /etc/sudoers.d/admins rm /tmp/sudoers_admins
install -d -m 2770 -g project /home/project setfacl -d -m g::rwx /home/project
cat <<'EOF' >change.ldif dn: ou=people,dc=s7nsa,dc=lab objectClass: organizationalUnit ou: people
dn: ou=groups,dc=s7nsa,dc=lab objectClass: organizationalUnit ou: groups EOF
cat <<'EOF' >change.ldif dn: cn=personnel,ou=groups,dc=s7nsa,dc=lab objectClass: posixGroup cn: personnel gidNumber: 2000 EOF ldapadd -x -D "cn=Manager,dc=s7nsa,dc=lab" -W -f change.ldif
cat <<'EOF' >change.ldif dn: uid=alice,ou=people,dc=s7nsa,dc=lab objectClass: posixAccount objectClass: inetOrgPerson uid: alice cn: Alice Example givenName: Alice sn: Example uidNumber: 2001 gidNumber: 2000 homeDirectory: /home/alice loginShell: /bin/bash
dn: uid=bob,ou=people,dc=s7nsa,dc=lab objectClass: posixAccount objectClass: inetOrgPerson uid: bob cn: Bob Example givenName: Bob sn: Example uidNumber: 2002 gidNumber: 2000 homeDirectory: /home/bob loginShell: /bin/bash
dn: uid=charlie,ou=people,dc=s7nsa,dc=lab objectClass: posixAccount objectClass: inetOrgPerson uid: charlie cn: Charlie Example givenName: Charlie sn: Example uidNumber: 2003 gidNumber: 2000 homeDirectory: /home/charlie loginShell: /bin/bash EOF ldapadd -x -D "cn=Manager,dc=s7nsa,dc=lab" -W -f change.ldif
cat <<'EOF' >change.ldif dn: cn=project,ou=groups,dc=s7nsa,dc=lab objectClass: posixGroup cn: project gidNumber: 3000 memberUid: alice memberUid: bob EOF ldapadd -x -D "cn=Manager,dc=s7nsa,dc=lab" -W -f change.ldif
ldappasswd -x -D "cn=Manager,dc=s7nsa,dc=lab" -W -s "alice123" \ "uid=alice,ou=people,dc=s7nsa,dc=lab" ldappasswd -x -D "cn=Manager,dc=s7nsa,dc=lab" -W -s "bob123" \ "uid=bob,ou=people,dc=s7nsa,dc=lab" ldappasswd -x -D "cn=Manager,dc=s7nsa,dc=lab" -W -s "charlie123" \ "uid=charlie,ou=people,dc=s7nsa,dc=lab"
ldapwhoami -x -D "uid=alice,ou=people,dc=s7nsa,dc=lab" -W ldapwhoami -x -D "uid=bob,ou=people,dc=s7nsa,dc=lab" -W ldapwhoami -x -D "uid=charlie,ou=people,dc=s7nsa,dc=lab" -W
cat <<'EOF' >/etc/sssd/sssd.conf [sssd] services = nss, pam config_file_version = 2 domains = default
[domain/default] id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://192.168.10.1 ldap_search_base = dc=s7nsa,dc=lab ldap_user_search_base = ou=people,dc=s7nsa,dc=lab ldap_group_search_base = ou=groups,dc=s7nsa,dc=lab ldap_id_use_start_tls = true # do NOT allow self-signed certificates in production! OK for this tutorial ldap_tls_reqcert = allow EOF chmod 600 /etc/sssd/sssd.conf systemctl enable --now sssd.service
sed -i -re 's/# sss/sss/' /etc/nsswitch.conf sed -i -re 's/^# (.*pam_sss.so.*)/\1/' /etc/pam.d/system-auth
echo '/home 192.168.10.0/24(rw,sync)' >>/etc/exports exportfs -arv systemctl enable --now nfs-server.service systemctl status --no-pager nfs-server.service
install -d -m 700 -o alice -g personnel /home/alice install -d -m 700 -o bob -g personnel /home/bob install -d -m 700 -o charlie -g personnel /home/charlie
echo '192.168.10.1:/home /home nfs _netdev,soft 0 0' >>/etc/fstab systemctl daemon-reload mount -a
install -d -m 2770 -g project /home/project setfacl -d -m g::rwx /home/project