Forums

Resolved
0 votes
I made a couple of accounts with useradd, then discovered they weren't showing up in webconfig. I installed account manager, but it didn't find the new accounts (or groups). In fact the only thing it found was allusers. I was hoping to confirm the group for httpd (apache), but allusers is the only one offered now (not apache or anything else). I tried adding an account already added with useradd, and account manager made a duplicate name (different user ID number). There was no option in the account manager to allow shell logins (I have seen the trick for that but haven't been able to run it down again).

And now I see there's no option to remove account manager, or the duplicate account, or do any of the other things one can do with useradd.

Am I just stupid, or is Account manager designed so we don't have those options, or capability, or flexibility?
Wednesday, June 10 2020, 06:51 PM
Share this post:
Responses (3)
  • Accepted Answer

    Wednesday, June 10 2020, 08:04 PM - #Permalink
    Resolved
    0 votes
    As you've found out, you can't make regular accounts with useradd, and FWIW, I believe if you reboot, you'll lose them. You can add system accounts this way (with the -R flag IIRC).

    Use the Users and Groups apps to add your users and groups. I don't think you need the apache account or group for anything. If you use the Web Server of Flexshare apps, they will use LDAP goups for permissions. If you remove the Account Manager (or reset LDAP) you may have a lot of problems as as a lot of authentication uses LDAP and the a number of Webconfig screens will push you to initialise the accounts.

    For shell logins, use the Shell Extension app. If you want the users to have root access you'll need to manipulate /etc/sudoers or, better and more controllable, add little files for each user to /etc/sudoers.d
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, June 11 2020, 12:50 PM - #Permalink
    Resolved
    0 votes
    I don't suppose there's a way to use ClearOS without Account Manager and Flexshare? They seem to be cumbersome and unnecessary baggage for what I need to do. Or would that turn it into CentOS and I might as well go with that?

    I've not gotten things working on 7, but before switching, Flexshares kept trying to take over a simple https server we were setting up. I didn't need Flexshares, but there didn't seem to be a way to disable or configure the web server without it (as I recall).

    As for Account Manager, if it picked up pre-existing user accounts upon initialisation, or allowed for the traditional /etc/passwd and /etc/group to be synchronized, even manually, I could probably live with it. But it would be better if there were well documented command-line tools that worked with it from the start, because webconfig hasn't always been easily available. Resetting or re-initialising should be just a few clicks in the webconfig, picking up existing accounts and permissions ... not because I'll want to do it every day, but because Murphy will want LDAP to be recovered/rebuilt/reinstalled at some point, usually just before I get around to figuring out how to back it up (or where the automatic backup is stored and how to recover it).

    I used to enjoy the detective work involved in digging up documentation that (still) isn't easily linked from the Marketplace, but lately, I just want to make my two user accounts without having to learn a whole new Account Manager mechanism, and set up an HTTPS web server without needing to deal with Samba by another name.

    Thanks for the clue about the shell extension app. I'm pretty sure I would have noticed it in my search through the Marketplace (e.g. I looked for extensions for Account Manager). I'll go look for it by name and see how it goes.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, June 11 2020, 01:43 PM - #Permalink
    Resolved
    0 votes
    There is no way Account Manager could puck up existing accounts. ClearOS is always a clean install.

    LDAP and command line users don't mix well. UID's < 1000 are reserved for system use (Linux users) all the rest belongs to LDAP

    You don't need flexshares per-se but they will be there under the hood. Use the Web Server app. Then all the flexshares do (if you let them) is five you a way to upload into your website with Samba/Windows Networking and FTP.

    ClearOS keeps a rolling 10 days of backups in /var/clearos/configuration_backup. These are also available through the webconfig and are what you need to restore LDAP (among other things)

    Resetting LDAP is drastic and command line only as it is too dangerous. If you do that you lose all your user->UID mappings and all file ownerships will become corrupt/messed up. There is a good reason for not making it easy.

    For documentation, you don't have to go to the marketplace. Every screen has its own help text accessed from the sloping book icon at the top right of the page.
    The reply is currently minimized Show
Your Reply