How to (Extra) Ban Someone

This is a (hopefully comprehensive) guide on ensuring their existing account (based on their WatIAM) is put out of action for good, and immediately. This guide is mainly intended for Syscom as it requires root or admin access to many CSC services.

Step 1: Remove Membership

Through CEO's TUI (ceo) :

Reset their password

Step 2: Screw Up Their Account

Change their Login Shell (through LDAP - guide here) to something like /sbin/nologin or /bin/false

NOTE: CEO will not allow this change, so LDAP is the best (and likely only way)

Step 3: Deauth Them Everywhere

Suspend Kerberos: https://wiki.csclub.uwaterloo.ca/Kerberos#Suspending_an_Account
Remove their SSH keys:
- Run sudo -u <user_to_ban> mv ~<user_to_ban>/.ssh/{authorized_keys,banned_keys} from a CSC machine.

Step 4: Remove all Their Resources

Remove their CSC Cloud VMs: https://wiki.csclub.uwaterloo.ca/CloudStack#Administration
(optional) Kill all processes they are running in General Use
(optional) Delete their home directory - ONLY if necessary

How to (Extra) Ban Someone

Contents

Step 1: Remove Membership

Step 2: Screw Up Their Account

Step 3: Deauth Them Everywhere

Step 4: Remove all Their Resources

Navigation menu

How to (Extra) Ban Someone

Step 1: Remove Membership

Step 2: Screw Up Their Account

Step 3: Deauth Them Everywhere

Step 4: Remove all Their Resources

Navigation menu

Search