"Synchronize" users/groups Post: 302604710

Sponsored Content

Operating Systems HP-UX "Synchronize" users/groups Post 302604710 by methyl on Monday 5th of March 2012 06:33:50 PM

03-05-2012

Registered User

We have had to do this. At first it seemed impossible because the oldest users on the master system had UIDs which clashed with system users the backup system.

Do not embark on this sort of exercise without an Ignite backup and a full backup of your system and a decent amount of booked downtime.

To cut a long story short, and working on a non-Trusted system:

Used "vipw" on the master system to move any system accounts to be definitely before any user accounts in /etc/passwd. This is only needed if system software was installed after any user accounts. i.e. what normally happens.

Created a cross-reference table of before-and-after UIDs and changed every non-system UID to a new range well clear of the system accounts (I chose 1001+). The choice of 1001 for the base was because I did not have any UID higher than 1001 on the master system or the backup system. This is not trivial because after changing the passwd file with "vipw" it involves issuing the correct "find" and "chown" command for every file owned by every non-system user.

Once you have got all your user accounts in a section of /etc/passwd which definitely does not contain any system accounts you can copy files at will to your backup system and periodically replace the "user" section of the /etc/passwd file with the user section from your source system using "vipw" (which can be scripted).

I must stress again that this technique does not work at all on Trusted systems.

There was a hint earlier. Never delete a user account. Lock it, remove data files, whatever, but do not delete it from /etc/passwd. It will mess up you backup system big time the moment you allow two different users to have the same UID.

Imho. In a D.R. backup scenario, never let two different users have the same UID.

Last edited by methyl; 03-05-2012 at 07:39 PM..

methyl

View Public Profile for methyl

Find all posts by methyl

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Limit "exploring" from users/groups

I have a unix box which runs as a webserver and ftp server. I have a user account for a friend and while I trust him, I noticed that he can view directories above his own "web" folder which is his default directory. I'm still trying to understand users/groups and privileges so bear with me if...

2. UNIX for Dummies Questions & Answers

Explain the line "mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'`"

Hi Friends, Can any of you explain me about the below line of code? mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'` Im not able to understand, what exactly it is doing :confused: Any help would be useful for me. Lokesha

3. Shell Programming and Scripting

cat $como_file | awk /^~/'{print $1","$2","$3","$4}' | sed -e 's/~//g'

hi All, cat file_name | awk /^~/'{print $1","$2","$3","$4}' | sed -e 's/~//g' Can this be done by using sed or awk alone

4. Shell Programming and Scripting

awk command to replace ";" with "|" and ""|" at diferent places in line of file

Hi, I have line in input file as below: 3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL My expected output for line in the file must be : "1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL" Can someone...

5. Solaris

The slices "usr", "opt", "tmp" disappeared!!! Help please.

The system don't boot. on the screen appears following: press enter to maintenance (or type CTRL-D to continue)...I checked with format command. ... the slices "0-root","1-swap","2-backup" exist. ...the slises "3-var","6-usr" -unassigned. :(

6. Post Here to Contact Site Administrators and Moderators

Suggestion: adding two new groups "sed" and "awk"

Majority of the questions are pertaining file/string parsing w.r.t sed or awk It would be nice to have these two as their own sub category under shell-programming-scripting which can avoid lot of duplicate posts.

7. UNIX for Dummies Questions & Answers

Using "mailx" command to read "to" and "cc" email addreses from input file

How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing �To� e-mail address and column 3 contains �cc� e-mail address to include with same email. Sample input file, email.txt Below is an sample code where...

8. Shell Programming and Scripting

Bash script - Print an ascii file using specific font "Latin Modern Mono 12" "regular" "9"

Hello. System : opensuse leap 42.3 I have a bash script that build a text file. I would like the last command doing : print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt where : print_cmd ::= some printing...

9. AIX

Apache 2.4 directory cannot display "Last modified" "Size" "Description"

Hi 2 all, i have had AIX 7.2 :/# /usr/IBMAHS/bin/apachectl -v Server version: Apache/2.4.12 (Unix) Server built: May 25 2015 04:58:27 :/#:/# /usr/IBMAHS/bin/apachectl -M Loaded Modules: core_module (static) so_module (static) http_module (static) mpm_worker_module (static) ...

LEARN ABOUT DEBIAN

grab-account

GRAB-ACCOUNT(8) 						 chiark utilities						   GRAB-ACCOUNT(8)

NAME

       grab-account - add new account synchronised to remote system

SYNOPSIS

       grab-account local-user source [remote-user]

DESCRIPTION

       grab-account  reconfigures  sync-accounts  to  start synchronising a specified local user (which may not yet exist) from a specified remote
       system, and then invokes sync-accounts once to synchronise from that source.

       /etc/sync-accounts/createuser should contain a addhere line in the appropriate source section (ie, after host source).  grab-account adds a
	 user local-user [remote=remote-user]
       directive just before addhere and runs sync-accounts source.

EXIT STATUS

       0      All went well.

       any other
	      There were problems.

FILES

       /etc/sync-accounts; See also sync-accounts(8).

ENVIRONMENT

       See sync-accounts(8).

BUGS

       There is no locking of /etc/sync-accounts so do not invoke grab-account from a script, or more than once at a time by hand.   Do  not  edit
       /etc/sync-accounts by hand and also simultaneously run grab-account.

       The mechanism involving addhere is suboptimal.  This should be done with an include feature in sync-accounts, so that grab-account does not
       have to edit a configuration file that really belongs to the sysadmin.

AUTHOR

       grab-account and this manpage are part of the sync-accounts package which was written by Ian  Jackson  <ian@chiark.greenend.org.uk>.   They
       are Copyright 1999-2000,2002 Ian Jackson <ian@davenant.greenend.org.uk>, and Copyright 2000-2001 nCipher Corporation Ltd.

       The  sync-accounts  package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as
       published by the Free Software Foundation; either version 3, or (at your option) any later version.

       This is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY	or
       FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You  should  have received a copy of the GNU General Public License along with this program; if not, consult the Free Software Foundation's
       website at www.fsf.org, or the GNU Project website at www.gnu.org.

SEE ALSO

       sync-accounts(8), sync-accounts(5), passwd(5)

Greenend							  14th July 2002						   GRAB-ACCOUNT(8)