Same passwd/group file on 3 boxes - HOW?

Same passwd/group file on 3 boxes - HOW?

Post by Orn Frosti Asgeirss » Thu, 29 Dec 1994 05:48:43



Subect says it all.  Have considered NIS but I don't like it and many
have told me not to use it - don't ask why.  The boxes are ethernet
connected and all have 3 to 4 dial in modems.

Any help truly appreciated.

Best regards,
==============================================================================
Orn Asgeirsson   | Phone (voice): (354)-557-4656  | Discount Computer Supplies
Kotlufell 7      |   -   (fax):   (354)-587-0027  | DC Umbodid - Mail Order
111 Reykjavik    |   -   (mobile):     985-42104  | Phone: (354)-587-0067
Iceland          |================================| Fax:   (354)-587-0027


==============================================================================

 
 
 

Same passwd/group file on 3 boxes - HOW?

Post by Erik Prop » Thu, 29 Dec 1994 09:52:37


o...@rhi.hi.is (Orn Frosti Asgeirsson) writes:

>Subect says it all.  Have considered NIS but I don't like it and many
>have told me not to use it - don't ask why.  The boxes are ethernet
>connected and all have 3 to 4 dial in modems.
>Any help truly appreciated.

Hi,
  in the past I've setup such a config (and it's still running), and
sometime  next month I have to setup something similar again.
While I was typing this reply I discovered that my old solution does not work
anymore with slackware 2.0 ... must have been a security leak I guess ;-)
The problem is that passwd now refuses to use a symbolic link to a passwd
file ...
However, I have found another solution ... which I haven't been able to
test in practice yet as I'm waiting for a second Linux box to arrive ....

What to do:
  1) On each machine you will have to split /etc into stuff that needs to
     be kept local and stuff that will be stored on the server.
     a) make /letc
     b) move all local stuff to /letc
     c) ln -s /letc/* to /etc
     NOTE: it is essential to have a passwd and group file that works
     on all machines as we will put one central passwd and group file on
     the server, but if you reboot a client machine and the
     connection to the server is down, you still want to be able to login as
     root on that client machine. Another crucial one is the hosts file ...
     the client must at least be able to connect to the server ...

     In my case it is not only group and passwd that will be stored centrally,
     I also centralised:
      - hosts.*
      - printcap
      - mailrc
      - automount config files
      - config.ps
      - ... (at the end there's an ls -l of my /letc and /etc)

  2) Select 1 machine as the central server for the password (and
     for hosts.*, and automounter config files, etc ....)

  6) Now it is time to export /etc from the server to the client
     machines, so add it to /etc/exports (euhhhh, that's /letc/exports ;-) )
     and limit access to the
     client machines controlled by YOU only!!! Unless you want to settle for
     a situation where the passwords can only be changed from the server, in
     that case you can export it read only to .... the world???

  7) On the clients add server:/etc /etc to the fstab

     The idea is now to let the client mount the server's /etc over its
     own /etc ... if the server's up, otherwise there's always the local
     /etc. All real local stuff is save in /letc on each of the machines.

  Now for a test, you can disconnect a client from the net and reboot.
You should then only be able to login as root using the password on the
local password file. To get things up and running reboot (or restart
mountd and nfsd) the server. Then reboot the clients. You should now have
access to the central passwd file from all you machines.

As I said before ... I haven't been able to test this yet!!!! Be carefull
if you test it (and keep me posted ...)

Cheers,
   Erik

My ls -l /etc gives:
total 211
lrwxrwxrwx   1 root     root           16 Dec 28 10:11 DIR_COLORS -> /letc/DIR_COLORS
lrwxrwxrwx   1 root     root           14 Dec 28 10:11 HOSTNAME -> /letc/HOSTNAME
lrwxrwxrwx   1 root     root           16 Dec 28 10:11 NETWORKING -> /letc/NETWORKING
lrwxrwxrwx   1 root     root           16 Dec 28 10:33 X11 -> /var/X11/lib/X11
lrwxrwxrwx   1 root     root           27 Dec 28 10:34 XF86Config -> /var/X11/lib/X11/XF86Config
drwxr-xr-x   2 root     root         1024 Dec  5 18:04 amd
lrwxrwxrwx   1 root     root           13 Dec 28 10:11 amd.pid -> /letc/amd.pid
-rw-r--r--   1 root     root            0 May 13  1994 at.deny
lrwxrwxrwx   1 root     root           14 Dec 28 10:11 bootptab -> /letc/bootptab
-rw-r--r--   1 root     root         1680 Dec  6 15:07 config.ps
-rw-r--r--   1 root     root            0 Feb 15  1994 csh.cshrc
-rw-r--r--   1 root     root          688 Jun  2  1994 csh.login
lrwxrwxrwx   1 root     root           13 Dec 28 10:11 default -> /letc/default
lrwxrwxrwx   1 root     root           14 Dec 28 10:11 diphosts -> /letc/diphosts
lrwxrwxrwx   1 root     root           13 Dec 28 10:11 disktab -> /letc/disktab
lrwxrwxrwx   1 root     root           13 Dec 28 10:11 exports -> /letc/exports
lrwxrwxrwx   1 root     root           11 Dec 28 10:11 fdprm -> /letc/fdprm
drwxr-xr-x   2 root     root         1024 Nov 23 20:59 fs
lrwxrwxrwx   1 root     root           11 Dec 28 10:11 fstab -> /letc/fstab
lrwxrwxrwx   1 root     root           15 Dec 28 10:11 ftpaccess -> /letc/ftpaccess
lrwxrwxrwx   1 root     root           14 Dec 28 10:11 ftpusers -> /letc/ftpusers
lrwxrwxrwx   1 root     root           14 Dec 28 10:11 gateways -> /letc/gateways
lrwxrwxrwx   1 root     root           15 Dec 28 10:11 gettydefs -> /letc/gettydefs
-rw-r--r--   1 root     root          272 Dec  7 19:21 group
lrwxrwxrwx   1 root     root           15 Dec 28 10:11 host.conf -> /letc/host.conf
-rw-r--r--   1 root     root          604 Dec  8 10:08 hosts
-rw-r--r--   1 root     root          293 Nov 26  1993 hosts.allow
-rw-r--r--   1 root     root          296 Nov 26  1993 hosts.deny
-rw-r--r--   1 root     root          313 Dec  8 09:40 hosts.equiv
-rw-r--r--   1 root     root          302 Sep 23  1993 hosts.lpd
lrwxrwxrwx   1 root     root            1 Dec 28 10:28 inet -> .
lrwxrwxrwx   1 root     root           16 Dec 28 10:11 inetd.conf -> /letc/inetd.conf
lrwxrwxrwx   1 root     root           15 Dec 28 10:11 inetd.pid -> /letc/inetd.pid
lrwxrwxrwx   1 root     root           13 Dec 28 10:11 inittab -> /letc/inittab
-rw-r--r--   1 root     root           26 Dec 21 09:39 issue
lrwxrwxrwx   1 root     root           15 Dec 28 10:11 klogd.pid -> /letc/klogd.pid
lrwxrwxrwx   1 root     root           17 Dec 28 10:11 ld.so.cache -> /letc/ld.so.cache
lrwxrwxrwx   1 root     root           16 Dec 28 10:11 ld.so.conf -> /letc/ld.so.conf
lrwxrwxrwx   1 root     root           10 Dec 28 10:11 lilo -> /letc/lilo
lrwxrwxrwx   1 root     root           15 Dec 28 10:11 lilo.conf -> /letc/lilo.conf
lrwxrwxrwx   1 root     root           11 Dec 28 10:11 magic -> /letc/magic
-r--r--r--   1 root     root          136 Dec 28 10:15 mail.rc
-rwxr-xr-x   1 root     root           51 Dec  6 17:01 mklink
-rw-r--r--   1 root     root           22 Dec 21 09:39 motd
lrwxrwxrwx   1 root     root           10 Dec 28 10:11 mtab -> /letc/mtab
lrwxrwxrwx   1 root     root           12 Dec 28 10:11 mtools -> /letc/mtools
lrwxrwxrwx   1 root     root           16 Dec 28 10:11 named.boot -> /letc/named.boot
lrwxrwxrwx   1 root     root           15 Dec 28 10:11 named.pid -> /letc/named.pid
lrwxrwxrwx   1 root     root           22 Dec 28 10:35 named.reload -> /usr/sbin/named.reload
lrwxrwxrwx   1 root     root           23 Dec 28 10:35 named.restart -> /usr/sbin/named.restart
lrwxrwxrwx   1 root     root           14 Dec 28 10:11 networks -> /letc/networks
-rwxr-xr-x   1 root     root          240 Dec  7 22:01 nfs.restart
-rw-r--r--   1 root     root            1 Sep 23  1993 nntpserver
-rw-r--r--   1 root     orm           890 Dec 28 10:18 passwd
-rw-r--r--   1 root     orm           890 Dec 28 10:17 passwd.OLD
-rw-r--r--   1 root     root          274 Dec  5 15:55 printcap
-rw-r--r--   1 root     root         1128 Dec  5 15:55 profile
lrwxrwxrwx   1 root     root           15 Dec 28 10:11 protocols -> /letc/protocols
lrwxrwxrwx   1 root     root           10 Dec 28 10:11 rc.d -> /letc/rc.d
lrwxrwxrwx   1 root     root           17 Dec 28 10:11 resolv.conf -> /letc/resolv.conf
lrwxrwxrwx   1 root     root            9 Dec 28 10:11 rpc -> /letc/rpc
lrwxrwxrwx   1 root     root           11 Dec 28 10:11 samba -> /letc/samba
lrwxrwxrwx   1 root     root           16 Dec 28 10:11 sample.dip -> /letc/sample.dip
lrwxrwxrwx   1 root     root           15 Dec 28 10:11 securetty -> /letc/securetty
-rw-r--r--   1 root     root         3267 Dec  5 15:55 sendmail.cf
lrwxrwxrwx   1 root     root           14 Dec 28 10:11 services -> /letc/services
-rwxr-xr-x   1 root     root          369 Dec 28 10:14 setlinks
-rw-r--r--   1 root     root           37 Nov 23 21:03 shells
drwxr-xr-x   3 root     root         1024 Nov 23 20:56 skel
-rw-r-----   1 root     root          379 Jan  2  1994 syslog.conf
lrwxrwxrwx   1 root     root           16 Dec 28 10:11 syslog.pid -> /letc/syslog.pid
-rw-r--r--   1 root     root       183935 May 20  1994 termcap
lrwxrwxrwx   1 root     root           10 Dec 28 10:11 ttys -> /letc/ttys
lrwxrwxrwx   1 root     root           10 Dec 28 10:11 utmp -> /letc/utmp
lrwxrwxrwx   1 root     root           13 Nov 23 20:56 wtmp -> /var/adm/wtmp

And ls -l /letc gives:
-rw-r--r--   1 root     root         1828 Feb 15  1994 DIR_COLORS
-rw-r--r--   1 root     root           19 Nov 23 13:03 HOSTNAME
-rw-r--r--   1 root     root            4 Feb 24  1993 NETWORKING
-rw-r--r--   1 root     root            5 Dec 22 10:30 amd.pid
-rw-r--r--   1 root     root         1212 Jul 10  1993 bootptab
drwxr-xr-x   2 root     root         1024 Nov 23 21:00 default
-rw-r--r--   1 root     root          525 Feb 13  1994 diphosts
-rw-r--r--   1 root     root          443 Jan 25  1994 disktab
-rw-r--r--   1 root     root          711 Dec 15 21:17 exports
-rw-r--r--   1 root     root         1118 Jan 28  1994 fdprm
-rw-r--r--   1 root     root          154 Dec 27 14:31 fstab
-rw-r--r--   1 root     root         1245 May 11  1994 ftpaccess
-rw-r--r--   1 root     root          503 May  6  1994 ftpusers
-rw-r--r--   1 root     root          211 May 28  1993 gateways
-rw-r--r--   1 root     root          669 May 19  1994 gettydefs
-rw-r--r--   1 root     root           26 May 20  1994 host.conf
-rw-r--r--   1 root     root         3126 Dec 16 18:10 inetd.conf
-rw-r--r--   1 root     root            3 Dec 21 09:39 inetd.pid
-rw-r--r--   1 root     root         2038 Feb 19  1994 inittab
-rw-r--r--   1 root     root            3 Dec 21 09:39 klogd.pid
-rw-r--r--   1 root     root          554 Dec 21 09:39
...

read more »

 
 
 

Same passwd/group file on 3 boxes - HOW?

Post by Matt Warno » Sat, 31 Dec 1994 11:33:48





>>Subect says it all.  Have considered NIS but I don't like it and many
>>have told me not to use it - don't ask why.  The boxes are ethernet
>>connected and all have 3 to 4 dial in modems.

>>Any help truly appreciated.

>Hi,
>  in the past I've setup such a config (and it's still running), and
>sometime  next month I have to setup something similar again.
>While I was typing this reply I discovered that my old solution does not work
>anymore with slackware 2.0 ... must have been a security leak I guess ;-)
>The problem is that passwd now refuses to use a symbolic link to a passwd
>file ...
>However, I have found another solution ... which I haven't been able to
>test in practice yet as I'm waiting for a second Linux box to arrive ....

[complex solution deleted]

I have three machines here with the same /etc/passwd and /etc/group.
One is the central NFS server for the /home files-- the other machines
just mount /home via NFS.  I usually edit /etc/passwd on the server, and
copy the files to the other machines.  This is made easier by the fact that
the server has the other machines' root partitions mounted via NFS.  Thus
the following commands will edit the passwd file:
  emacs /etc/passwd
  cp /etc/passwd /sys1/etc/passwd
  cp /etc/passwd /sys2/etc/passwd
My needs are simple, and the files don't change often, so I haven't
bothered to put it in a script.  But it would be easy to do something like:
  emacs /etc/passwd (or adduser, or useradd, or whatever)
  for sys in sys1 sys2 sys3 ...
  do mount $sys:/etc /mnt
     cp /etc/passwd /mnt
     umount /mnt
  done
You get the idea.  Real simple, but it works.

--

60 West Main Avenue, Suite 12A, Morgan Hill CA  95037-4553  Fax:408.778.7989