Project

General

Profile

SeaQuest Account Workflow

New users can obtain computing privileges by requesting a Fermilab account and ID. Selecting "E-906 (Drell-Yan) (SeaQuest)" as affiliation, ensures privileges for all computing services that are included in the SeaQuest account work flow. The Computing Sector is responsible for the FNALU account, the Kerberos account, and the account for the Grid submission host (seaquestgpvm01). New users are also subscribed to the SeaQuest mailing list. SeaQuest is responsible for creating accounts on e906-gat1, e906-gat2, and our analysis cloud (seaquestgpvm02). By default, no account on other SeaQuest servers is created.

The account workflow is transparent for the user. When a new user requests a SeaQuest account, tasks are created in ServiceNow and assigned to the responsible groups. The "SeaQuest ServiceNow Assignment Group" is responsible for creating the accounts on the SeaQuest servers (e906-gat1, e906-gat2, e906-gat6, seaquestgpvm02) and for documenting this task in ServiceNow. The account workflow is transparent for the user: (s)he needs to request only one account, the SeaQuest account, and all accounts that are part of the account workflow are created.

Creating accounts on e906-gat1, e906-gat2 and e906-gat6

On the SeaQuest servers, we use the command useradd to add users.

useradd -g 500 -u <FNALU UID> -d /seaquest/users/<LOGIN> <LOGIN>

It is important to assign the UID of the new user according to the <FNALU UID>. The <FNALU UID> can be looked up on the fnalu server:
<flxi02.fnal.gov> id <LOGIN>
uid=<FNALU UID>(<LOGIN>) gid=6269(e-906) groups=6269(e-906) context=user_u:system_r:unconfined_t

Creating accounts on seaquestgpvm02

On seaqestgpvm02, we use the UPS product systools, to manage user accounts:

source /usr/local/etc/setups.sh
setup systools

New user accounts can be added via adduser; the systools commands chguser, disuser, and moduser, can be used for modifying existing user accounts. Below, an example for the adduser command is given:
seaquestgpvm02:~ cmd adduser <LOGIN>
adduser: No matches for <LOGIN> in login data.  Please wait for new data.
adduser: Thank you for waiting for new login list retrieval.
adduser: Enter number of correct login entry or 0 if none are correct:
    1-    <FNALU UID>   <NAME>   <LOGIN>
1
adduser: Enter number of correct gid entry or 0 if none are correct:
    1-    6269    e-906    Seaquest Drell-Yan E-906
1
adduser: Enter number of correct disk entry or 0 if none are correct:
    1-    /home
    2-    /seaquest/users
2
adduser: Enter the name of the login shell, default is /usr/local/bin/tcsh
/bin/bash
adduser: /seaquest/users/<LOGIN> already exists, do you still want me to create the account? [y/n]
y
adduser: Enter number of correct password policy:
  1-  Only Kerberos passwords are used [default]
  2-  A system local password should be used
  3-  An NIS (cluster-wide) password should be used
1
Password assigned for <LOGIN> is their Kerberos password.
Enter e-mail address for password notification for <NAME>
[default is <LOGIN>@fnal.gov]:
        --- for no mail