== Managing Shell Access == Information and instructions about managing users' access to our VMs' UN!X shells. <> These instructions assume that you are already a member of the "alberts_lab_admins" group. If you are not and need to be, ask someone who is a member for help. === Group Manager === A user's access to a VM is determined by his/her Duke NetID's membership in a specific access group. To manage users' membership in these groups, use Duke's [[DukeOITTools#Group_Manager|Group Manager]]. Managing users in a group is a pretty simple task. See [[https://papio.biology.duke.edu/babasewiki/UserManagement#Adding_a_Babase_User|Adding a Babase User]] and [[https://papio.biology.duke.edu/babasewiki/UserManagement#Removing_a_Babase_User|Removing a Babase User]] for an example how to do this in the "babase users" group. === Adding a New Shell User === Granting shell access for a particular VM takes a few steps. ==== Get a Duke NetID ==== A user needs a Duke NetID before we can grant any access for that NetID. Non-Duke users can be sponsored for an "affiliate" NetID by Duke faculty members. ==== Create a "Per-User" Group for the User ==== Each user with shell access needs to be the sole member of a private group whose name is "biology-systems-[their NetID]" (So NetID abc123 will be in group "biology-systems-abc123"). This is needed because '''[REASONS]'''. After logging in to the Group Manager, hit the "Create a Group +" button near the top of the window. Two fields will appear. Set the "Group Display Name" to match the new user's NetID. Write the "Group Description" using the format: {{{ Private group for Firstname Lastname, NetID xxx123. S/he must be the sole member of this group. }}} When finished, hit "Submit". You will be brought to a new window to manage more details about the new group. Under "Group Owners (1):", hit the "Manage group owners +" button, then "Add Group as Owner +". In the field that opens, type "biology-systems-alberts_lab_admins" and hit "Submit". Next, find your name listed among the group owners, and hit "remove". Next, hit the "Manage group options +" button. In the table that opens up, switch "Sync to WIN Active Directory" and "Make Public in Grouper" to the "on" position. The namesake user should actually be a member of the group. Under "Group Members", hit "Add Individual Member +" and add him/her as the sole member of the group. ==== Add to Other Relevant Groups ==== Depending on the VM to which you're granting access and the level of access you want to grant, there are other groups to which the new user should be added. A user with shell (but not sudo) access to Papio should be in the "papio_shell_users" group, for example. Note that it is possible to add whole groups as members of another group. When a user is granted membership to a group because of his/her membership in another group, it is not necessary to also add that person to the group individually. Avoid redundantly adding individuals to a group. ==== Contact OIT about Linking the New Group ==== [I feel like an explanation of "why" should be added here. I don't have enough information to provide that.] Contact Darrell Cooley in Duke Biology OIT and ask him to link the new "per-user" group to [I DON'T KNOW WHAT]. ==== Create an Account on the VM ==== [Add instructions about how to sudo in and create a new user]