Users can grant themselves sudo access when the machine is first booted after installation. TIG can provide additional sudo access or the root password upon request. You can also add new sudoers files to the /etc/sudoers.d directory, for example:
sudo visudo -f /etc/sudoers.d/12_local_sudo
If you are reading this, its probably because you want to customize
something on your machine — install some extra software, set up a root
cron job, add a local (non-Kerberos) account for a collaborator, or the
like. If that is the case, you should arrange for yourself to get root
mail. You can do this by creating a file
and adding a line that says
That does not prevent TIG sysadmins from getting root mail as well, but it means you will see it too, and you can fix problems related to software you’ve installed or configuration changes you’ve made. (Of course, if you need help with that, send mail to email@example.com.)
Restricting login access
Machine owners can limit access to their computers by providing a list (one per line) of allowed or denied usernames in /etc/csail/users.allow.
On 16.04 (Xenial) systems
/etc/csail/groups.allow is also supported.
Note: On 16.04 (Xenial),
/etc/csail/groups.allow must exist (even if
empty) in order for
/etc/csail/users.allow to function correctly.
It is also restrict ssh access to a specific group or list of groups.
This is done by adding a line to the file in
/etc/facter/facts.d/local.txt (which may not yet exisist) defining
sshdallowgroups to a space seperated list of groups to allow, for
sshdallowgroups=group1 group2 etc
This will be activated on the next configuration management run (within 30min) or can be activated immediately by running
sudo puppet agent -t
The sshallowgroups method is preferred for 14.04 (Trusty) and older systems. On newer systems /etc/csail/groups.allow and /etc/csail/users.allow is preferred
Access to NFS
Autofs is unconfigured by default. If you’d like to access the CSAIL NFS
shares, add the following line to
might not exist already):
You should be able to access the NFS shares in approximately 30 minutes after the next puppet agent runs.