o...@rhi.hi.is (Orn Frosti Asgeirsson) writes:
>Subect says it all. Have considered NIS but I don't like it and many
>have told me not to use it - don't ask why. The boxes are ethernet
>connected and all have 3 to 4 dial in modems.
>Any help truly appreciated.
Hi,
in the past I've setup such a config (and it's still running), and
sometime next month I have to setup something similar again.
While I was typing this reply I discovered that my old solution does not work
anymore with slackware 2.0 ... must have been a security leak I guess ;-)
The problem is that passwd now refuses to use a symbolic link to a passwd
file ...
However, I have found another solution ... which I haven't been able to
test in practice yet as I'm waiting for a second Linux box to arrive ....
What to do:
1) On each machine you will have to split /etc into stuff that needs to
be kept local and stuff that will be stored on the server.
a) make /letc
b) move all local stuff to /letc
c) ln -s /letc/* to /etc
NOTE: it is essential to have a passwd and group file that works
on all machines as we will put one central passwd and group file on
the server, but if you reboot a client machine and the
connection to the server is down, you still want to be able to login as
root on that client machine. Another crucial one is the hosts file ...
the client must at least be able to connect to the server ...
In my case it is not only group and passwd that will be stored centrally,
I also centralised:
- hosts.*
- printcap
- mailrc
- automount config files
- config.ps
- ... (at the end there's an ls -l of my /letc and /etc)
2) Select 1 machine as the central server for the password (and
for hosts.*, and automounter config files, etc ....)
6) Now it is time to export /etc from the server to the client
machines, so add it to /etc/exports (euhhhh, that's /letc/exports ;-) )
and limit access to the
client machines controlled by YOU only!!! Unless you want to settle for
a situation where the passwords can only be changed from the server, in
that case you can export it read only to .... the world???
7) On the clients add server:/etc /etc to the fstab
The idea is now to let the client mount the server's /etc over its
own /etc ... if the server's up, otherwise there's always the local
/etc. All real local stuff is save in /letc on each of the machines.
Now for a test, you can disconnect a client from the net and reboot.
You should then only be able to login as root using the password on the
local password file. To get things up and running reboot (or restart
mountd and nfsd) the server. Then reboot the clients. You should now have
access to the central passwd file from all you machines.
As I said before ... I haven't been able to test this yet!!!! Be carefull
if you test it (and keep me posted ...)
Cheers,
Erik
My ls -l /etc gives:
total 211
lrwxrwxrwx 1 root root 16 Dec 28 10:11 DIR_COLORS -> /letc/DIR_COLORS
lrwxrwxrwx 1 root root 14 Dec 28 10:11 HOSTNAME -> /letc/HOSTNAME
lrwxrwxrwx 1 root root 16 Dec 28 10:11 NETWORKING -> /letc/NETWORKING
lrwxrwxrwx 1 root root 16 Dec 28 10:33 X11 -> /var/X11/lib/X11
lrwxrwxrwx 1 root root 27 Dec 28 10:34 XF86Config -> /var/X11/lib/X11/XF86Config
drwxr-xr-x 2 root root 1024 Dec 5 18:04 amd
lrwxrwxrwx 1 root root 13 Dec 28 10:11 amd.pid -> /letc/amd.pid
-rw-r--r-- 1 root root 0 May 13 1994 at.deny
lrwxrwxrwx 1 root root 14 Dec 28 10:11 bootptab -> /letc/bootptab
-rw-r--r-- 1 root root 1680 Dec 6 15:07 config.ps
-rw-r--r-- 1 root root 0 Feb 15 1994 csh.cshrc
-rw-r--r-- 1 root root 688 Jun 2 1994 csh.login
lrwxrwxrwx 1 root root 13 Dec 28 10:11 default -> /letc/default
lrwxrwxrwx 1 root root 14 Dec 28 10:11 diphosts -> /letc/diphosts
lrwxrwxrwx 1 root root 13 Dec 28 10:11 disktab -> /letc/disktab
lrwxrwxrwx 1 root root 13 Dec 28 10:11 exports -> /letc/exports
lrwxrwxrwx 1 root root 11 Dec 28 10:11 fdprm -> /letc/fdprm
drwxr-xr-x 2 root root 1024 Nov 23 20:59 fs
lrwxrwxrwx 1 root root 11 Dec 28 10:11 fstab -> /letc/fstab
lrwxrwxrwx 1 root root 15 Dec 28 10:11 ftpaccess -> /letc/ftpaccess
lrwxrwxrwx 1 root root 14 Dec 28 10:11 ftpusers -> /letc/ftpusers
lrwxrwxrwx 1 root root 14 Dec 28 10:11 gateways -> /letc/gateways
lrwxrwxrwx 1 root root 15 Dec 28 10:11 gettydefs -> /letc/gettydefs
-rw-r--r-- 1 root root 272 Dec 7 19:21 group
lrwxrwxrwx 1 root root 15 Dec 28 10:11 host.conf -> /letc/host.conf
-rw-r--r-- 1 root root 604 Dec 8 10:08 hosts
-rw-r--r-- 1 root root 293 Nov 26 1993 hosts.allow
-rw-r--r-- 1 root root 296 Nov 26 1993 hosts.deny
-rw-r--r-- 1 root root 313 Dec 8 09:40 hosts.equiv
-rw-r--r-- 1 root root 302 Sep 23 1993 hosts.lpd
lrwxrwxrwx 1 root root 1 Dec 28 10:28 inet -> .
lrwxrwxrwx 1 root root 16 Dec 28 10:11 inetd.conf -> /letc/inetd.conf
lrwxrwxrwx 1 root root 15 Dec 28 10:11 inetd.pid -> /letc/inetd.pid
lrwxrwxrwx 1 root root 13 Dec 28 10:11 inittab -> /letc/inittab
-rw-r--r-- 1 root root 26 Dec 21 09:39 issue
lrwxrwxrwx 1 root root 15 Dec 28 10:11 klogd.pid -> /letc/klogd.pid
lrwxrwxrwx 1 root root 17 Dec 28 10:11 ld.so.cache -> /letc/ld.so.cache
lrwxrwxrwx 1 root root 16 Dec 28 10:11 ld.so.conf -> /letc/ld.so.conf
lrwxrwxrwx 1 root root 10 Dec 28 10:11 lilo -> /letc/lilo
lrwxrwxrwx 1 root root 15 Dec 28 10:11 lilo.conf -> /letc/lilo.conf
lrwxrwxrwx 1 root root 11 Dec 28 10:11 magic -> /letc/magic
-r--r--r-- 1 root root 136 Dec 28 10:15 mail.rc
-rwxr-xr-x 1 root root 51 Dec 6 17:01 mklink
-rw-r--r-- 1 root root 22 Dec 21 09:39 motd
lrwxrwxrwx 1 root root 10 Dec 28 10:11 mtab -> /letc/mtab
lrwxrwxrwx 1 root root 12 Dec 28 10:11 mtools -> /letc/mtools
lrwxrwxrwx 1 root root 16 Dec 28 10:11 named.boot -> /letc/named.boot
lrwxrwxrwx 1 root root 15 Dec 28 10:11 named.pid -> /letc/named.pid
lrwxrwxrwx 1 root root 22 Dec 28 10:35 named.reload -> /usr/sbin/named.reload
lrwxrwxrwx 1 root root 23 Dec 28 10:35 named.restart -> /usr/sbin/named.restart
lrwxrwxrwx 1 root root 14 Dec 28 10:11 networks -> /letc/networks
-rwxr-xr-x 1 root root 240 Dec 7 22:01 nfs.restart
-rw-r--r-- 1 root root 1 Sep 23 1993 nntpserver
-rw-r--r-- 1 root orm 890 Dec 28 10:18 passwd
-rw-r--r-- 1 root orm 890 Dec 28 10:17 passwd.OLD
-rw-r--r-- 1 root root 274 Dec 5 15:55 printcap
-rw-r--r-- 1 root root 1128 Dec 5 15:55 profile
lrwxrwxrwx 1 root root 15 Dec 28 10:11 protocols -> /letc/protocols
lrwxrwxrwx 1 root root 10 Dec 28 10:11 rc.d -> /letc/rc.d
lrwxrwxrwx 1 root root 17 Dec 28 10:11 resolv.conf -> /letc/resolv.conf
lrwxrwxrwx 1 root root 9 Dec 28 10:11 rpc -> /letc/rpc
lrwxrwxrwx 1 root root 11 Dec 28 10:11 samba -> /letc/samba
lrwxrwxrwx 1 root root 16 Dec 28 10:11 sample.dip -> /letc/sample.dip
lrwxrwxrwx 1 root root 15 Dec 28 10:11 securetty -> /letc/securetty
-rw-r--r-- 1 root root 3267 Dec 5 15:55 sendmail.cf
lrwxrwxrwx 1 root root 14 Dec 28 10:11 services -> /letc/services
-rwxr-xr-x 1 root root 369 Dec 28 10:14 setlinks
-rw-r--r-- 1 root root 37 Nov 23 21:03 shells
drwxr-xr-x 3 root root 1024 Nov 23 20:56 skel
-rw-r----- 1 root root 379 Jan 2 1994 syslog.conf
lrwxrwxrwx 1 root root 16 Dec 28 10:11 syslog.pid -> /letc/syslog.pid
-rw-r--r-- 1 root root 183935 May 20 1994 termcap
lrwxrwxrwx 1 root root 10 Dec 28 10:11 ttys -> /letc/ttys
lrwxrwxrwx 1 root root 10 Dec 28 10:11 utmp -> /letc/utmp
lrwxrwxrwx 1 root root 13 Nov 23 20:56 wtmp -> /var/adm/wtmp
And ls -l /letc gives:
-rw-r--r-- 1 root root 1828 Feb 15 1994 DIR_COLORS
-rw-r--r-- 1 root root 19 Nov 23 13:03 HOSTNAME
-rw-r--r-- 1 root root 4 Feb 24 1993 NETWORKING
-rw-r--r-- 1 root root 5 Dec 22 10:30 amd.pid
-rw-r--r-- 1 root root 1212 Jul 10 1993 bootptab
drwxr-xr-x 2 root root 1024 Nov 23 21:00 default
-rw-r--r-- 1 root root 525 Feb 13 1994 diphosts
-rw-r--r-- 1 root root 443 Jan 25 1994 disktab
-rw-r--r-- 1 root root 711 Dec 15 21:17 exports
-rw-r--r-- 1 root root 1118 Jan 28 1994 fdprm
-rw-r--r-- 1 root root 154 Dec 27 14:31 fstab
-rw-r--r-- 1 root root 1245 May 11 1994 ftpaccess
-rw-r--r-- 1 root root 503 May 6 1994 ftpusers
-rw-r--r-- 1 root root 211 May 28 1993 gateways
-rw-r--r-- 1 root root 669 May 19 1994 gettydefs
-rw-r--r-- 1 root root 26 May 20 1994 host.conf
-rw-r--r-- 1 root root 3126 Dec 16 18:10 inetd.conf
-rw-r--r-- 1 root root 3 Dec 21 09:39 inetd.pid
-rw-r--r-- 1 root root 2038 Feb 19 1994 inittab
-rw-r--r-- 1 root root 3 Dec 21 09:39 klogd.pid
-rw-r--r-- 1 root root 554 Dec 21 09:39
...
read more »
by