Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity

cleanup markdown

Browse Source
This commit is contained in:
ebner
2021-07-14 09:17:12 +02:00
parent 138c08e60e
commit 7eab7a0007
1 changed files with 10 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin-guide/architecture/accounts-and-groups.md
+10 -12
View File
@@ -1,6 +1,4 @@
---
title: Accounts
---
# Accounts
Linux accounts are generally stored and managed in Active Directory.
@@ -8,7 +6,7 @@ Linux accounts are generally stored and managed in Active Directory.
Current user (uid) and group (gid) ranges can be found here: [UID and GID Management](https://git.psi.ch/linux-infra/documentation/blob/master/pdf/UID_and_GID.pdf)
```
# Account Types
## Account Types
There are several types of accounts, which are usually indicated by a
prefix or suffix:
@@ -25,7 +23,7 @@ prefix or suffix:
- Service accounts. These come with an `svcusr-` prefix and are used
for running services.
# UID Allocation
## UID Allocation
---------------- -------------
Old accounts 1000-6000
@@ -34,7 +32,7 @@ prefix or suffix:
New accounts 35000+
---------------- -------------
# LDAP Attribute Mapping
## LDAP Attribute Mapping
Attribute LDAP Attribute
----------- ------------------------
@@ -44,7 +42,7 @@ prefix or suffix:
home `msSFU30HomeDirectory`
shell `msSFU30LoginShell`
# Primary Groups
## Primary Groups
At PSI the user-private group scheme (UPG), the default on Red Hat
distributions, is **not** used. Instead, every user\'s primary group is
@@ -54,7 +52,7 @@ eg. `unx-ait`.
Users for whom there is no natural choice of primary group are assigned
`unx-nogroup`.
# Low GIDs
## Low GIDs
A number of groups have very low GIDs (\<500), in particular:
@@ -89,16 +87,16 @@ A number of groups have very low GIDs (\<500), in particular:
unx-dtp:*:451:
unx-lsu:*:490:
# Shells
## Shells
We support bash, and we also try to keep tcsh working.
Currently bash, tcsh, and sh are used. The form for ordering accounts
also offers `/bin/ksh` and `/bin/zsh`. The most popular by far is bash.
# Special Accounts
## Special Accounts
## `linux_ldap`: query LDAP
### `linux_ldap`: query LDAP
The [linux_ldap]{.title-ref} account has read-only permissions on a
limited subset of the LDAP attributes. It is used by
@@ -112,7 +110,7 @@ which contains the password, world-readable.
This account **must not** be given additional access or privileges.
## `linuxadjoin.psi.ch@D.PSI.CH`
### `linuxadjoin.psi.ch@D.PSI.CH`
This account is a pure AD account (ie it doesn\'t have Unix attributes
like uid), which is used to manage computer objects in AD automatically.