Remove FreeIPA user from computer? - fedora

We connected a computer to our FreeIPA system on the network, no problems there... However, we can't figure out how to remove a FreeIPA user account from the computer after they've logged in at least once.
Were running Fedora 27, and running userdel -r {username} results in:
userdel: cannot remove entry 'admin' from /etc/passwd
we don't want to delete the user from FreeIPA, just the system so it no longer shows on the login screen.
** We also tried using gnome's user screen to remove the user, and it prompts to confirm removal, we confirm, but then it doesn't remove the user.

FreeIPA does not store users locally, so using 'userdel' will not help.
From your description, it looks like you are interested in removing a user from GDM welcome screen rather than removing a user itself.
GDM uses GNOME AccountsService to store information about recently logged in users. AccountsService stores these details in files /var/lib/AccountsService/users/<username> and provides a dbus interface to access those details. UncacheUser method is what you need:
Running
dbus-send --system --print-reply --dest=org.freedesktop.Accounts /org/freedesktop/Accounts org.freedesktop.Accounts.UncacheUser string:username
would remove username from the list of cached users.

Related

What does the command line arguments for PM2 startup mean precisely

I am a little confused about start up scripts and the command line options. I am building a small raspberry pi based server for my node applications. In order to provide maximum protection against power failures and flash write corruption, the root file system is read only, and that embraces the home directory of my main user, were the production versions of my apps (two of them) are stored. Because the .pm2 directory here is no good for logs etc I currently set PM2_HOME environment variable to a place in /var (which has 512kb unused space around it to ensure writes to i. The eco-system.json file reads this environment variable also to determine where to place its logs.
In case I need to, I also have a secondary user with a read write home directory in another (protected by buffer space around it) partition. This contains development versions of my application code which because of the convenience of setting environments up etc I also want to monitor with PM2. If I need to investigate a problem I can log in to that user and run and test the application there.
Since this is a headless box, and with watchdog and kernel panic restarts built in, I want pm2 to start during boot and at minimum restart the two production apps. Ideally it should also starts the two development versions of the app also but I can live without that if its impossible.
I can switch the read only root partition to read/write - indeed it does so automatically when I ssh into my production user account. It switches back to read only automatically when I log out.
So I went to this account to try and create a startup script. It then said (unsurprisingly) that I had to run a sudo command like so:-
sudo su -c "env PATH=$PATH:/usr/local/bin pm2 startup ubuntu -u pi --hp /home/pi"
The key issue for me here is the --hp switch. I went searching for some clue as to what it means. Its clearly a home directory, but it doesn't match PM2_HOME - which is set to /var/pas in my case to take it out of the read only area. I don't want to try and and spray my home directory with files that shouldn't be there. So am asking for some guidance here
I found out by experiment what it does with an "ubuntu" start up script. It uses it to set PM2_HOME in the script by appending "/.pm2" to it.
However there is nothing stopping you editing the script once it has created it and setting PM2_HOME to whatever you want.
So effectively its a helper for the script, but only that and nothing more special.

How to create a Chrome profile programmatically?

Development, testing, staging environments are controlled via different proxy servers in my setup. I want to script creation of multiple Chrome profiles (sometimes called "user" or "person") and connect to a different proxy server for each of them. Finally I want to share this script with colleagues so that they have access to the exactly same setup.
The latter can be done via scripted installation of extensions such as Falcon Proxy or Proxy Helper to the Chrome profile. I would like to know how to script creation of the different profiles.
A profile is a folder inside ~/.config/google-chrome (Linux, ~/Library/Application Support/Google/Chrome (Mac OS X) and %USERPROFILE%\AppData\Local\Google\Chrome\User Data (Windows). But how to create and initialize one? Where do I register the new profile?
Creating a user
The following example applies to Windows, but the basic procedure should be the same.
First, change to the UserData folder in your Chrome installation:
cd "%APPDATA%\..\Local\Google\Chrome\User Data"
This method will copy the current user as a template for the new user. If the new user should be blank, you need to delete (CTRL + SHIFT + DEL the current browser data).
Now create a new user:
mkdir NewUser && copy Default NewUser
Change your directory to the chrome installation:
cd "C:\Program Files (x86)\Google\Chrome\Application"
Factory-Reset all user parameters:
chrome.exe --user-data-dir="..\User Data\NewUser" -first-run
where --user-data-dir is the path (full or relative) to the previously created NewUser directory.
Running as NewUser
To run chrome again using this profile, simply run chrome without the -first-run flag.
From this documentation, I finally found a way to create a user/person, rather than a separate profile. The difference is especially important in Mac OS X since different profiles can be opened concurrently using the same Chrome process.
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --profile-directory="StagingEnv" --first-run
The only unfortunate fact is that this new person doesn't inherit the name from the profile directory. Instead, it is always called Person X where X is an increment number.
I need to go to the Local State file to change it.
grep -o '"StagingEnv":{[^}]*}' ~/Library/Application\ Support/Google/Chrome/Local\ State
"StagingEnv":{"active_time":1437709453.172762,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_6","background_apps":false,"is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"<b>Person 3</b>","user_name":""}
This file is overridden when Chrome quits, so I need to kill Chrome, change the file and run Chrome again.
I think the easiest way to create multiple chrome profile is
On your computer, open Chrome.
At the top right, click Profile.
Click Manage people.
Click Add person.
Choose a name and a photo/picture.
Select Create a short cut on the desktop.
Click Save. A new window will open and ask you to turn on sync which is
optional.
By this, each chrome profile will be created and you can check on C:\Users\youname\AppData\Local\Google\Chrome\User Data.

Sourcetree constantly asks for authenticate with Mercurial (Kiln)?

I'm running Lion latest with SourceTree.
I tried to connect to a Fogbugz Kiln reponsitory, which succeeded, but whenever I PUSH or PULL Sourcetree consistently asks me for a username and password despite I saved it to my KeyChain. Anyone have any insight to this issue?
This helped me solve this issue in a mac:
Open the Hosted Repositories window by clicking View > Show Hosted Repositories or Command + Shift + H.
Click Edit Accounts
Double-click on your account
Click Set Password
I had the same and I fixed it using the system git instead of the embedded one:
Settings -> git -> Use System git
Open terminal and Type git config --global credential.helper osxkeychain
Allow access when asked. Make a pull from sourcetree, you may have to enter password one more time after that it wont ask again from next time onwards.
PS: This solution is only for Mac OS
I occasionally run into the same problem. None of the methods listed here actually helped me out, but after I restart my computer, I am again able to do as I please with SourceTree and git.
Nevertheless this issues is annoying as hell and seeing that Atlassian haven't resolved it in over 3 years, since the original question was posted, is even more unnerving.
I had the same problem and it troubled me for a long time, but I found a solution:
Go to terminal in your project folder.
Run #git pull
Input your username and password
Go back to sourceTree and run Fetch or Pull, it does not ask for your password again.
I met the same problem, what I did is
Open Keychain Access
Find the corresponding keychain entry for your repo, and double click to open (e.g. the entry with name github.com)
Click the 'Access Control' tag
Select 'Allow all applications to access this item' and save changes
This solves the problem (or at least for me), but in some sense makes it less secure though.
As said by Laurens in the comment, you can file an issue with us via jira.atlassian.com (project SRCTREE). It shouldn't constantly ask for authentication if you've saved your credentials to the keychain unless there's an authentication problem.
Cheers
Wasted 90 minutes on all this. Sourcetree simply would not let me remove my account and add it back. Finally uninstalled and downloaded an older version:
https://www.sourcetreeapp.com/download-archives
ver 1.10 fixed all my issues:

run jenkins as user "hudson"

we've updated hudson to jenkins and have a few dependencies upon the "hudson" user we used to have.
Now that we have jenkins running (works fine) we'd like it to run as the user "hudson" in order to keep our other processes intact without having to rewrite them.
We found instructions on how to do this BEFORE installing jenkins, but we're already past that point. Jenkins is installed and up and running. Is there a way to let jenkins run as the user "hudson"?
We are running CENTOS
Jenkins usually runs with it's own user, so there are two main issues to handle:
Make sure user 'hudson' has full access to the files of user 'jenkins' (or whatever user it was set to run as).
Start the Jenkins-daemon (or other initiator) with the 'hudson' user.
(another approach is to change the user-ID so it is actually the same user but with two names)
Good luck!
If you've installed Jenkins from RPM, there should be an /etc/sysconfig/jenkins file with a JENKINS_USER setting that defaults to 'jenkins' that you can change to 'hudson'.
I second Gonen's comment above about making sure you change the ownership of the 'jenkins' owned files to 'hudson'. Don't forget about the /var/log/jenkins logs.
Also don't forget to restart the Jenkins service after updating the files.

HG4Idea hangs on windows

Has anybody else had an issue with the new Intellij HG4IDEA not working in Windows? Whenever I try to pull from a remote repository it just hangs, never asking for my ssh username/password.
My initial thought was that I should set my username/password in mercurial.ini somehow.
It just sits like this indefinably, if I try to cancel it it will not stop.
You need to configure it to work with your keys without password or
use ssh client that is able to ask password in a dialog window, like
TortoisePlink.exe.
When using console SSH client, there is no way for IDEA to see if it's
requesting passwords and provide them (it's just not supported, so ssh
client must either work without asking anything in the console or ask
a password via dialog).
See also
http://youtrack.jetbrains.net/issue/IDEA-62230 and http://youtrack.jetbrains.net/issue/IDEA-56004.
In order to get Intellij 10 to work with hg4idea I just changed my mercurial.ini file in my user directory of windows.
# Generated by TortoiseHg setting dialog
[extensions]
hgext.convert=
[ui]
username = myusername
[trusted]
users = *
groups = *
[ui]
ssh="C:\Program Files\TortoiseHg\bin\TortoisePlink.exe"
The key was to set ssh= to a client that supports prompting for passwords.