How to (Extra) Ban Someone
Jump to navigation
Jump to search
Ahem, so in recent times, we had to *disable/ban* a CSC user's account for their repeated attempts to circumvent their ban in MathSoc/CSC (FR, totally no pun intended)...
This is a (hopefully comprehensive) guide on ensuring their existing account (based on their WATIAM) is put out of action for good, and immediately. This guide is mainly for *Syscom* as it requires root or admin access to many CSC services.
Step 1: Remove Membership
Through CEO's TUI (`ceo`) or LDAP ([guide from Raymond](https://wiki.csclub.uwaterloo.ca/Ceo#raymo's_guide_on_how_to_fix_things_after_screwing_up)):
- Remove all their `memberTerm`
- Reset their password (**and don't tell them!**)
Step 2: Screw Up Their Account
- Change their Login Shell (through LDAP) to something like `/sbin/nologin` or `/bin/false`
NOTE: CEO will not allow this change, so LDAP is best (and likely only way)
Step 3: Deauth Them Everywhere
- Suspend Kerberos: https://wiki.csclub.uwaterloo.ca/Kerberos#Suspending_an_Account - Remove their SSH keys:
- Go to a Syscom-only machine that could edit the `/users` directory (be extremely careful)
- Navigate to the banned users directory, and remove their ssh keys (`.ssh/authorized_keys`)
- Remove their CSC Cloud VMs: https://wiki.csclub.uwaterloo.ca/CloudStack#Administration - (optional) Kill all processes they are running in General Use