[tech] Flame VM (was Re: Reducing entropy on mooneye )

Andrew Williams andrew at ucc.gu.uwa.edu.au
Sun Jun 14 00:40:22 AWST 2020 

On 2020-06-13 3:27 PM, Mark Tearle wrote:

>> 3) We might need to work out why flame has the same uid as andrew and
>> correct this.
>>
>> Yep, that's weird. Until then, I don't have root access on mooneye or
>> maculatus. If I try to 'sudo' (on maculatus or mooneye), whether I'm
>> logged in as 'flame' or 'andrew', it asks for the the password for
>> 'flame', and as far as I know, the flame account doesn't have a
>> password. I can use sudo on motsugo, so it must just the UID clash on
>> those two machines.
>>
> 
> I've changed flames UID to 4242 to fix this.  Nick looked up the UIDs for yourself and flame historically.  Flame has been 26 and 10026 in previous passwd files.    Your password entry is coming from AD, whereas flame is a local user on the VM.

Thanks Mark, but there's a teeny problem - now I can't log into 
maculatus at all...

'ssh -J motsugo.ucc.asn.au andrew at maculatus.ucc.asn.au' asks me for a 
password, and my UCC password doesn't work. Last night, this worked, and 
didn't ask me for a password.

'ssh motsugo.ucc.asn.au' takes me to motsugo, without needing a 
password, where I can 'sudo' with my usual UCC password.  Looks like my 
AD directory entry is OK, and has the correct password.

'ssh maculatus.ucc.asn.au' asks me for a password, and my usual UCC 
password doesn't work. Last night, this worked, and didn't ask me for a 
password.

'ssh ucc.asn.au' takes me to mooneye, without needing a password, where 
my UID is still the same as flame's. I can't sudo because it asks me for 
flame's password, and my password doesn't work.

I have no idea what's going on here - not sure whether it's something 
simple, like ~andrew/.ssh being owned by the wrong UID, or something 
subtle to do with the AD setup.

Anyway instead of doing a final backup, I've logged into the old and new 
flame and posted notes explaining the swapover and the new IP address. 
James, Michael and Leighton will just lose a few hours on their login 
counters.

Andrew

More information about the tech mailing list