How to (Extra) Ban Someone

From CSCWiki
Revision as of 11:01, 18 September 2023 by N4chung (talk | contribs) (Prevent a CSC user from seeing the light of data at CSC again ;))
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Ahem, so in recent times, we had to *disable/ban* a CSC user's account for their repeated attempts to circumvent their ban in MathSoc/CSC (FR, totally no pun intended)...


This is a (hopefully comprehensive) guide on ensuring their existing account (based on their WATIAM) is put out of action for good, and immediately. This guide is mainly for *Syscom* as it requires root or admin access to many CSC services.


    1. Step 1: Remove Membership

Through CEO's TUI (`ceo`) or LDAP ([guide from Raymond](https://wiki.csclub.uwaterloo.ca/Ceo#raymo's_guide_on_how_to_fix_things_after_screwing_up)): - Remove all their `memberTerm`s - Reset their password (**and don't tell them!**)

    1. Step 2: Screw Up Their Account

- Change their Login Shell (through LDAP) to something like `/sbin/nologin` or `/bin/false`

    • NOTE**: CEO will not allow this change, so LDAP is best (and likely only way)
    1. Step 3: Deauth Them Everywhere

- Suspend Kerberos: https://wiki.csclub.uwaterloo.ca/Kerberos#Suspending_an_Account - Remove their SSH keys: 

 - Go to a Syscom-only machine that could edit the `/users` directory (**be extremely careful**)
 - Navigate to the banned users directory, and remove their ssh keys (`.ssh/authorized_keys`)

- Remove their CSC Cloud VMs: https://wiki.csclub.uwaterloo.ca/CloudStack#Administration - (optional) Kill all processes they are running in General Use

Retrieved from "https://wiki.csclub.uwaterloo.ca/index.php?title=How_to_(Extra)_Ban_Someone&oldid=5064"