03-05-2012
We have had to do this. At first it seemed impossible because the oldest users on the master system had UIDs which clashed with system users the backup system.
Do not embark on this sort of exercise without an Ignite backup and a full backup of your system and a decent amount of booked downtime.
To cut a long story short, and working on a non-Trusted system:
Used "vipw" on the master system to move any system accounts to be definitely before any user accounts in /etc/passwd. This is only needed if system software was installed after any user accounts. i.e. what normally happens.
Created a cross-reference table of before-and-after UIDs and changed every non-system UID to a new range well clear of the system accounts (I chose 1001+). The choice of 1001 for the base was because I did not have any UID higher than 1001 on the master system or the backup system. This is not trivial because after changing the passwd file with "vipw" it involves issuing the correct "find" and "chown" command for every file owned by every non-system user.
Once you have got all your user accounts in a section of /etc/passwd which definitely does not contain any system accounts you can copy files at will to your backup system and periodically replace the "user" section of the /etc/passwd file with the user section from your source system using "vipw" (which can be scripted).
I must stress again that this technique does not work at all on Trusted systems.
There was a hint earlier. Never delete a user account. Lock it, remove data files, whatever, but do not delete it from /etc/passwd. It will mess up you backup system big time the moment you allow two different users to have the same UID.
Imho. In a D.R. backup scenario, never let two different users have the same UID.
Last edited by methyl; 03-05-2012 at 07:39 PM..
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I have a unix box which runs as a webserver and ftp server. I have a user account for a friend and while I trust him, I noticed that he can view directories above his own "web" folder which is his default directory.
I'm still trying to understand users/groups and privileges so bear with me if... (2 Replies)
Discussion started by: creyc
2 Replies
2. UNIX for Dummies Questions & Answers
Hi Friends,
Can any of you explain me about the below line of code?
mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'`
Im not able to understand, what exactly it is doing :confused:
Any help would be useful for me.
Lokesha (4 Replies)
Discussion started by: Lokesha
4 Replies
3. Shell Programming and Scripting
hi All,
cat file_name | awk /^~/'{print $1","$2","$3","$4}' | sed -e 's/~//g'
Can this be done by using sed or awk alone (4 Replies)
Discussion started by: harshakusam
4 Replies
4. Shell Programming and Scripting
Hi,
I have line in input file as below:
3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL
My expected output for line in the file must be :
"1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL"
Can someone... (7 Replies)
Discussion started by: shis100
7 Replies
5. Solaris
The system don't boot.
on the screen appears following:
press enter to maintenance (or type CTRL-D to continue)...I checked with format command.
... the slices "0-root","1-swap","2-backup" exist.
...the slises "3-var","6-usr" -unassigned. :( (16 Replies)
Discussion started by: wolfgang
16 Replies
6. Post Here to Contact Site Administrators and Moderators
Majority of the questions are pertaining file/string parsing w.r.t
sed
or
awk
It would be nice to have these two as their own sub category under shell-programming-scripting which can avoid lot of duplicate posts. (1 Reply)
Discussion started by: jville
1 Replies
7. UNIX for Dummies Questions & Answers
How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address
and column 3 contains “cc” e-mail address to include with same email.
Sample input file, email.txt
Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies
8. Shell Programming and Scripting
Hello.
System : opensuse leap 42.3
I have a bash script that build a text file.
I would like the last command doing :
print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt
where :
print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies
9. AIX
Hi 2 all,
i have had AIX 7.2
:/# /usr/IBMAHS/bin/apachectl -v
Server version: Apache/2.4.12 (Unix)
Server built: May 25 2015 04:58:27
:/#:/# /usr/IBMAHS/bin/apachectl -M
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
mpm_worker_module (static)
... (3 Replies)
Discussion started by: penchev
3 Replies
lppasswd(1) Apple Inc. lppasswd(1)
NAME
lppasswd - add, change, or delete digest passwords.
SYNOPSIS
lppasswd [ username ]
lppasswd -a [ -g groupname ] username
lppasswd -x username
DESCRIPTION
lppasswd adds, changes, or deletes passwords in the CUPS digest password file, passwd.md5. When run by a normal user, lppasswd will prompt
for the old and new passwords. When run by the super-user, lppasswd can add new accounts (-a username), change existing accounts (user-
name), or delete accounts (-x username) in the digest password file. Digest usernames do not have to match local UNIX usernames.
OPTIONS
lppasswd supports the following options:
-g groupname
Specifies a group other than the default system group.
SECURITY ISSUES
By default, the lppasswd program is not installed to allow ordinary users to change their passwords. To enable this, the lppasswd command
must be made setuid to root with the command:
chmod u+s lppasswd
While every attempt has been made to make lppasswd secure against exploits that could grant super-user privileges to unprivileged users,
paranoid system administrators may wish to use Basic authentication with accounts managed by PAM instead.
SEE ALSO
lp(1), lpr(1),
http://localhost:631/help
COPYRIGHT
Copyright 2007-2013 by Apple Inc.
22 February 2008 CUPS lppasswd(1)