Machines with the isl-pvaccess module installed can control who can log in or become root (via the ksu command) on a particular machine. This document describes how to create the proper lists for each machine.

How the lists work

Each machine controlled via the isl-pvaccess package has three lists:

• machine.name/root
• machine.name/exclude
• machine.name

Where machine.name is the first two parts of a machine's domain name (for example, the machine eris.ait.iastate.edu would have three lists, all starting with eris.ait).

Access to a machine is granted to anyone who is on the list machine.name who is also not on the list machine.name/exclude. All three lists are owned by machine.name/root (which means that anyone on machine.name/root can add or remove members from all three lists). In addition, anyone on machine.name/root can become root on the machine by using the ksu command.

Anyone with an ISU Net-ID can be a member of any of these lists. In addition, other lists you or others have created can be used on Access Control Lists. There is a special list, everybody, that includes every Net-ID, and centrally maintained class and department lists can also be used.

Creating the lists

You create all of the lists by going to https://asw.iastate.edu and logging in with your Net-ID and password. Click on "Manage Lists" and then "Create a List". Enter the list name (you will have to do machine.name/root, machine.name/exclude, and machine.name separately, and in that order) in the "List:" box and "LIST:machine.name/root" in the "Owner:" box, and click on "Create List".

On the next screen, check the "Access (login/print)" box and click on "Update Now". After it has updated, you can use "Get Members" to add or remove members.

Bulk list creation

If you have large numbers of ACLs to create, using ASW may be tedious. The Solution Center has a mechanism for creating ACLs in bulk, and can do so if you e-mail a list of the machines needing ACLs to solution@iastate.edu. Requests will have to come from the registered owner of the machine, or a known departmental or college support person.