Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm considering distributing /etc/passwd files, or parts thereof, from a central machine to multiple other machines.
The important part is that all machines identify the same user names with the same UIDs, which is important for security on NFS shared partitions.
However, it is not needed that all users have logins on all machines.
So, my question is how can I trick "ls" and the other utilities in translating user names to UIDs in a consistent way across multiple machines, without having to add users (with or without login) to each machine.
I have tried editing the plain-text /etc/passwd file in a text editor directly (rather than via useradd, which would probably update the /etc/shadow file used for login authentication).
Other, related questions are:
-when is /etc/shadow updated?
-do "ls" and the other utilities use the /etc/passwd file, or it's binary counterpart (/etc/shadow) for the username to UID translations?
-when updating a user's UID via "usermod", does it update the UID in the file ownership bits of the files owned by that user?
you'd use a central user base, on ldap or nis really... you shouldn't be looking to "trick" anything intoo doing anything.
- shadow is updated when you change data stored in it, like a password
- ls doesn't do that, that's the linux glibc subsystems telling the app that directly. the app is given a uid in the case of ls, and it just calls a c function to convert it to a username. how that result is achived is none of ls's business.
- shadow is *NOT* a binary counterpart in any way whatsoever. passwd contains user accounts, shadow contains the passwords for those accounts
- no, you'd do that seperately.
Thanks for the reply, acid kewpie. That's really good to know.
LDAP seems to have a few downsides:
-when the central LDAP machine is down, all logins on other machines are disabled as well.
-some systems have additional services and software installed, like MySql databases, that require a separate user, which does not necessarily have the same UID/username on all systems. Hence, some accounts are machine-specific, whereas others should be made the same on all machines (and can thus be stored centrally).
To overcome the first, I was considering an older approach of distributing (parts) of the /etc/passwd and related files.
Any idea how that c function works internally? Does it actually read and parse the /etc/passwd file?
I suppose the same glibc function is used throughout lots of apps, right?
Just to be sure: the changing of the file ownership (ie just after "usermod" call), can be done via a command like
you would not use ldap exclusively. you'd use ldap for the gloabl accounts, and still use passwd files for the local accounts. there no reason whatsoever to need to deviate from standard practises. don't hack anything, there is no need.
i *really* don't understand this obsession with making things local fo no reason... you want the same credentials across multiple boxes, do it properly, and use ldap or nis+. i'd just say use ldap howto's if it is ldap you use... it's really quite simple, but if you know nothign about ldap then naturally there's a learning curve.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.