LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-13-2007, 04:23 AM   #1
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
How does ls translate UIDs to names?


I'm considering distributing /etc/passwd files, or parts thereof, from a central machine to multiple other machines.
The important part is that all machines identify the same user names with the same UIDs, which is important for security on NFS shared partitions.

However, it is not needed that all users have logins on all machines.

So, my question is how can I trick "ls" and the other utilities in translating user names to UIDs in a consistent way across multiple machines, without having to add users (with or without login) to each machine.

I have tried editing the plain-text /etc/passwd file in a text editor directly (rather than via useradd, which would probably update the /etc/shadow file used for login authentication).

Other, related questions are:
-when is /etc/shadow updated?
-do "ls" and the other utilities use the /etc/passwd file, or it's binary counterpart (/etc/shadow) for the username to UID translations?
-when updating a user's UID via "usermod", does it update the UID in the file ownership bits of the files owned by that user?
 
Old 03-13-2007, 05:23 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
you'd use a central user base, on ldap or nis really... you shouldn't be looking to "trick" anything intoo doing anything.

- shadow is updated when you change data stored in it, like a password
- ls doesn't do that, that's the linux glibc subsystems telling the app that directly. the app is given a uid in the case of ls, and it just calls a c function to convert it to a username. how that result is achived is none of ls's business.
- shadow is *NOT* a binary counterpart in any way whatsoever. passwd contains user accounts, shadow contains the passwords for those accounts
- no, you'd do that seperately.
 
Old 03-13-2007, 05:49 AM   #3
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Original Poster
Rep: Reputation: 61
Thanks for the reply, acid kewpie. That's really good to know.

LDAP seems to have a few downsides:
-when the central LDAP machine is down, all logins on other machines are disabled as well.
-some systems have additional services and software installed, like MySql databases, that require a separate user, which does not necessarily have the same UID/username on all systems. Hence, some accounts are machine-specific, whereas others should be made the same on all machines (and can thus be stored centrally).

To overcome the first, I was considering an older approach of distributing (parts) of the /etc/passwd and related files.

Any idea how that c function works internally? Does it actually read and parse the /etc/passwd file?
I suppose the same glibc function is used throughout lots of apps, right?

Just to be sure: the changing of the file ownership (ie just after "usermod" call), can be done via a command like
Code:
find / -uid old_UID -xdev -exec chown new_UID {} \;
and repeat that on all local (non-NFS) filesystems.
Does that seem OK to you?
 
Old 03-13-2007, 07:43 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
you would not use ldap exclusively. you'd use ldap for the gloabl accounts, and still use passwd files for the local accounts. there no reason whatsoever to need to deviate from standard practises. don't hack anything, there is no need.
 
Old 03-13-2007, 08:08 AM   #5
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Original Poster
Rep: Reputation: 61
Any tips or tutorials on how to set this up?
Can I also use a local DB instead of LDAP?

I have no experience with LDAP, so please be patient with me.
 
Old 03-13-2007, 08:45 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
i *really* don't understand this obsession with making things local fo no reason... you want the same credentials across multiple boxes, do it properly, and use ldap or nis+. i'd just say use ldap howto's if it is ldap you use... it's really quite simple, but if you know nothign about ldap then naturally there's a learning curve.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OOo and problem with UIDs... marekjs Linux - Software 3 04-21-2006 11:25 PM
two users with uids of 0 shanenin Linux - Security 2 03-04-2005 09:57 AM
How can I find and change UIDs k2merlinsix Linux - Networking 5 12-28-2004 03:15 PM
Multiple UIDS at the same time ? SiLiCoN Linux - General 3 12-17-2004 04:20 AM
Help with UIDs please :) gponto18 Linux - Newbie 5 10-22-2002 02:29 PM


All times are GMT -5. The time now is 01:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration