[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user management

From: Luke A. Kanies
Subject: Re: user management
Date: Wed, 23 Jun 2004 11:12:08 -0500 (CDT)

On Tue, 15 Jun 2004, Martin A. Brooks wrote:


I'd like to manage the passwd/group files on a largish number of
machines where the user list for each machine is arbitrary. The machines
will be running either Solaris or Linux.

I can be sure that no two users have the same UID/GID so I'm not worried
about clashes.

Looking at the cfengine docs, there's no integrated way of doing this
however I'm sure I'm not the first person who's needed to do this.

Tips and suggestions appreciated.

I have not yet done this, but when I next need to solve this problem my plan will be roughly this:

Have all of my users in LDAP (although you could use a central flat file). Create a cfengine module that could take a list of users and/or groups and create the corresponding passwd/group/shadow files from the information in LDAP. Set up a file to collect accordingly:

  web_servers::  users = ( "${users} www @webadmins" )
  mail_servers:: users = ( "${users} postfix" )
  any::          users = ( "${users} @sysadmin" )
                 groups = ( "${groups} sysadmin" )

  actionsequence = (
    "module:users -u '${users}' -g '${groups}'"


Something like that, anyway.

The user data is all stored in LDAP, the code for converting between user data and flat files is all stored in the module (actually, it's hopefully stored in library files which you've either retrieved from or published to CPAN or whatever -- see Unix::PasswdFile and its ilk), and the decision for which hosts or classes of hosts get which users and groups is all stored in cfengine. I used the '@' symbol to denote including anyone in that group on the host, but anything else could be used.

Anyway, that's my plan. If you wait long enough I'll have to implement it, but if you implement it, please share your code. :)

Secondly, Latin is a so-called "dead language."  It takes a lot to
kill a language.  There are countries the size of my kitchen that have
their own healthy languages.  Clearly, if Latin was useful in its
normal form, it would be alive today.  Therefore the language must be
defective.  I don't see much risk in changing it.  What's the worst
thing that could happen -- Latin will become unpopular?
                -- from the DNRC Newsletter, by Scott Adams
Luke Kanies | |

reply via email to

[Prev in Thread] Current Thread [Next in Thread]