[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: user management
|
From: |
Luke A. Kanies |
|
Subject: |
Re: user management |
|
Date: |
Wed, 23 Jun 2004 11:12:08 -0500 (CDT) |
On Tue, 15 Jun 2004, Martin A. Brooks wrote:
Hi
I'd like to manage the passwd/group files on a largish number of
machines where the user list for each machine is arbitrary. The machines
will be running either Solaris or Linux.
I can be sure that no two users have the same UID/GID so I'm not worried
about clashes.
Looking at the cfengine docs, there's no integrated way of doing this
however I'm sure I'm not the first person who's needed to do this.
Tips and suggestions appreciated.
I have not yet done this, but when I next need to solve this problem my
plan will be roughly this:
Have all of my users in LDAP (although you could use a central flat file).
Create a cfengine module that could take a list of users and/or groups and
create the corresponding passwd/group/shadow files from the information in
LDAP. Set up a users.cf file to collect accordingly:
# users.cf
control:
web_servers:: users = ( "${users} www @webadmins" )
mail_servers:: users = ( "${users} postfix" )
any:: users = ( "${users} @sysadmin" )
groups = ( "${groups} sysadmin" )
actionsequence = (
"module:users -u '${users}' -g '${groups}'"
)
---------------------
Something like that, anyway.
The user data is all stored in LDAP, the code for converting between user
data and flat files is all stored in the module (actually, it's hopefully
stored in library files which you've either retrieved from or published to
CPAN or whatever -- see Unix::PasswdFile and its ilk), and the decision
for which hosts or classes of hosts get which users and groups is all
stored in cfengine. I used the '@' symbol to denote including anyone in
that group on the host, but anything else could be used.
Anyway, that's my plan. If you wait long enough I'll have to implement
it, but if you implement it, please share your code. :)
--
Secondly, Latin is a so-called "dead language." It takes a lot to
kill a language. There are countries the size of my kitchen that have
their own healthy languages. Clearly, if Latin was useful in its
normal form, it would be alive today. Therefore the language must be
defective. I don't see much risk in changing it. What's the worst
thing that could happen -- Latin will become unpopular?
-- from the DNRC Newsletter, by Scott Adams
---------------------------------------------------------------------
Luke Kanies | http://abstractive.org | http://reductiveconsulting.com
- user management, Martin A. Brooks, 2004/06/15
- Re: user management,
Luke A. Kanies <=