[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Testbed-admins] Problem adding new users to my testbed

To: Leigh Stoller <stoller@flux.utah.edu>
From: "Miguel A. Erazo" <miguel.erazo@gmail.com>
Subject: Re: [Testbed-admins] Problem adding new users to my testbed
Date: Tue, 13 Apr 2010 15:42:46 -0500

I could not create an 'alternate account'. The way I created my first account was by creating the first project (when logged as elabman), then I entered the 'Project Head Information' and with that info my account was created. However, now I am not being asked for this information so whenever I create a new project I am being added (an admin) to that project by default and I have the problem I described before again.

Also, I logged out and hit 'Request an account' then I chose 'Start a new project', filled the form and after clicking submit I got:

Error Creating Project: /usr/testbed/sbin/newuser: Could not create new user! Transient Error: (3, 65280, newuser -t leader /tmp/newusersOoVvp) *** WARNING: Could not find an unused unix_uid!

Thanks,

Miguel

On Tue, Apr 13, 2010 at 2:45 PM, Leigh Stoller <stoller@flux.utah.edu> wrote:

Joining Project: You cannot join project 'test' due to security
restrictions! If you were told to join this project specifically,
email either the project leader

You have run into a security feature; Emulab does not allow users who
are not admins be in the same projects as users who are admins. The
idea is that there are enough things that project members can do that
having a non-admin in a project with admins might make it possible for
the non-admin to escalate his privileges and gain admin access.

We have this enabled because we have 1000s of users we do not know,
and this is just safer. Some sites elect to turn this off because
their user base is more tightly controlled. If you want to turn this
off, add this lines to your defs file:

ISOLATEADMINS=0

Then reconfig, rebuild, reinstall ... note though that there is a bug
fix to this code, that was pushed to emulab-stable yesterday. Its been
in emulab-devel for a few weeks.

If you want to keep this security feature turned on, what you would do
(and what we do) is create an alternate account for yourself that does
not have admin privs, which you can use in projects that are likely to
have students and other non-admin users. Log in as your alter ego and
create the new project.

Lbs

--
PhD student
School of Computer Science
Florida International University

Follow-Ups:
- Re: [Testbed-admins] Problem adding new users to my testbed
  - From: Leigh Stoller <stoller@flux.utah.edu>

References:
- [Testbed-admins] Problem adding new users to my testbed
  - From: "Miguel A. Erazo" <miguel.erazo@gmail.com>
- Re: [Testbed-admins] Problem adding new users to my testbed
  - From: Leigh Stoller <stoller@flux.utah.edu>

Prev by Date: Re: [Testbed-admins] Problem adding new users to my testbed
Next by Date: Re: [Testbed-admins] Problem adding new users to my testbed
Previous by thread: Re: [Testbed-admins] Problem adding new users to my testbed
Next by thread: Re: [Testbed-admins] Problem adding new users to my testbed
Index(es):
- Date
- Thread