"Synchronize" users/groups


 
Thread Tools Search this Thread
Operating Systems HP-UX "Synchronize" users/groups
# 1  
Old 02-28-2012
"Synchronize" users/groups

Hello!

I'm hoping for a bit of advice on this...we have a need to synchronize users/groups between a couple servers in widely separated locations (our main DC and a disaster-recovery DC). This only has to happen, at this stage, with one server in each location, and the synchronization only has to happen in one direction (from main to disaster-recovery). We don't want to use directory authentication...this needs to be a synchronization based on the /etc/passwd and /etc/group files.

This seems to me something that others would have needed to solve in the past. Has anyone here implemented a solution for this?

Thanks!
# 2  
Old 02-29-2012
Do you mean synchronizing users and all that goes with it (home directories, passwd and if exist shadow or trusted db and group files)?
To start, have a look at rdist or rsync! I dont think you will find them installed by default (but ofter in HA...) in which case you would have to go to your favorite HP porting and archive site.
# 3  
Old 03-01-2012
Thanks for the response.

The most important bit (that I'm having trouble with) is the one way, non-destructive, sync of usernames, numeric user ids (so that NFS mounts have no issues), passwords, and group memberships. The home directories and files are a much lesser concern.
# 4  
Old 03-01-2012
If I remember rsync (and rdist but not sure anymore... long time) had a possibility on not overwiting if files were indentical...Now the question is more when you are syncing, it is more to update for all users (concerned) their passwd they have changed on the master server, then update modifications like new users and groups... Till here you should not have any issues.
Removing users is different for you find yourself having to decide what to do with users files all over the system(s) so it is not wise to remove them on the master before you have decided what to do and cleanup on all slaves then master.
What we used to do e.g. new user: create on master then create the accounts where needed in urgence so the user could work immediatly not having to wait for synch...
Have a script ready for synchro you can use anytime if needed and schedule a synchor when there is minimum activity
I would go with rsync...
# 5  
Old 03-05-2012
Java

Quote:
Originally Posted by KickstartUF
Thanks for the response.

The most important bit (that I'm having trouble with) is the one way, non-destructive, sync of usernames, numeric user ids (so that NFS mounts have no issues), passwords, and group memberships. The home directories and files are a much lesser concern.
- I think you should have in mind that wherever NFS is used, "the right UID" is always the major concern - and THAT's why NIS was invented in the first place (then NIS+ and now we use LDAP) ;

- if you have a legacy environment where NFS was deployed without taking the various UID into account - then ... sorry - you're doomed. Smilie

- but if you have a chance to do a fresh setup, then REMEMBER :

1) every username MUST have the same UID on ALL servers suitable to NFS perusal ;
2) it does not matter if you will accomplish this task 'manually' or thru NIS/NIS+/LDAP - the choice will only change the amount of work to see it done ;

It's all I have to say about that Smilie

HTH

good luck, and success !

_________________________________________
alexandre botao ( progsmith, polymath, ideator )
"comets never dodge"
# 6  
Old 03-05-2012
We have had to do this. At first it seemed impossible because the oldest users on the master system had UIDs which clashed with system users the backup system.

Do not embark on this sort of exercise without an Ignite backup and a full backup of your system and a decent amount of booked downtime.

To cut a long story short, and working on a non-Trusted system:

Used "vipw" on the master system to move any system accounts to be definitely before any user accounts in /etc/passwd. This is only needed if system software was installed after any user accounts. i.e. what normally happens.

Created a cross-reference table of before-and-after UIDs and changed every non-system UID to a new range well clear of the system accounts (I chose 1001+). The choice of 1001 for the base was because I did not have any UID higher than 1001 on the master system or the backup system. This is not trivial because after changing the passwd file with "vipw" it involves issuing the correct "find" and "chown" command for every file owned by every non-system user.

Once you have got all your user accounts in a section of /etc/passwd which definitely does not contain any system accounts you can copy files at will to your backup system and periodically replace the "user" section of the /etc/passwd file with the user section from your source system using "vipw" (which can be scripted).

I must stress again that this technique does not work at all on Trusted systems.


There was a hint earlier. Never delete a user account. Lock it, remove data files, whatever, but do not delete it from /etc/passwd. It will mess up you backup system big time the moment you allow two different users to have the same UID.

Imho. In a D.R. backup scenario, never let two different users have the same UID.

Last edited by methyl; 03-05-2012 at 07:39 PM..
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. AIX

Apache 2.4 directory cannot display "Last modified" "Size" "Description"

Hi 2 all, i have had AIX 7.2 :/# /usr/IBMAHS/bin/apachectl -v Server version: Apache/2.4.12 (Unix) Server built: May 25 2015 04:58:27 :/#:/# /usr/IBMAHS/bin/apachectl -M Loaded Modules: core_module (static) so_module (static) http_module (static) mpm_worker_module (static) ... (3 Replies)
Discussion started by: penchev
3 Replies

2. Shell Programming and Scripting

Bash script - Print an ascii file using specific font "Latin Modern Mono 12" "regular" "9"

Hello. System : opensuse leap 42.3 I have a bash script that build a text file. I would like the last command doing : print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt where : print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies

3. UNIX for Dummies Questions & Answers

Using "mailx" command to read "to" and "cc" email addreses from input file

How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address and column 3 contains “cc” e-mail address to include with same email. Sample input file, email.txt Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies

4. Post Here to Contact Site Administrators and Moderators

Suggestion: adding two new groups "sed" and "awk"

Majority of the questions are pertaining file/string parsing w.r.t sed or awk It would be nice to have these two as their own sub category under shell-programming-scripting which can avoid lot of duplicate posts. (1 Reply)
Discussion started by: jville
1 Replies

5. Solaris

The slices "usr", "opt", "tmp" disappeared!!! Help please.

The system don't boot. on the screen appears following: press enter to maintenance (or type CTRL-D to continue)...I checked with format command. ... the slices "0-root","1-swap","2-backup" exist. ...the slises "3-var","6-usr" -unassigned. :( (16 Replies)
Discussion started by: wolfgang
16 Replies

6. Shell Programming and Scripting

awk command to replace ";" with "|" and ""|" at diferent places in line of file

Hi, I have line in input file as below: 3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL My expected output for line in the file must be : "1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL" Can someone... (7 Replies)
Discussion started by: shis100
7 Replies

7. Shell Programming and Scripting

cat $como_file | awk /^~/'{print $1","$2","$3","$4}' | sed -e 's/~//g'

hi All, cat file_name | awk /^~/'{print $1","$2","$3","$4}' | sed -e 's/~//g' Can this be done by using sed or awk alone (4 Replies)
Discussion started by: harshakusam
4 Replies

8. UNIX for Dummies Questions & Answers

Explain the line "mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'`"

Hi Friends, Can any of you explain me about the below line of code? mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'` Im not able to understand, what exactly it is doing :confused: Any help would be useful for me. Lokesha (4 Replies)
Discussion started by: Lokesha
4 Replies

9. UNIX for Dummies Questions & Answers

Limit "exploring" from users/groups

I have a unix box which runs as a webserver and ftp server. I have a user account for a friend and while I trust him, I noticed that he can view directories above his own "web" folder which is his default directory. I'm still trying to understand users/groups and privileges so bear with me if... (2 Replies)
Discussion started by: creyc
2 Replies
Login or Register to Ask a Question