Script to organize passwd and group
Vulpes Velox
v.velox at vvelox.net
Sat May 27 23:21:17 PDT 2006
On Sat, 27 May 2006 11:10:18 +0200
Kyrre Nygard <kyrreny at broadpark.no> wrote:
>
> Hello!
>
> I was wondering if anybody out there share the same need as I do
> to better organize /etc/passwd and /etc/group.
>
> I would like to see chronologic ordering of UIDs and GIDs, instead
> of having them sorted by what ports their corresponding daemons run
> on.
>
> Look below how much more flow it all gets.
>
> Then, if possible, it would be cool to make 3 distinct classes:
>
> 01 Necessities, with 1 to 2 digit IDs
>
> (maybe keep nobody seperate)
>
> 02 Servers, with 3 digit IDs
> 03 Users, with 4 digit IDs
>
> I'm aware that when adding new users, one would manually have to
> rearrange, but this is not because you shouldn't, it's because
> adduser and pw doesn't yet support this kind of order.
>
> Here is my ideal setup:
>
> --
>
> # cat /etc/.passwd
>
> root:*:0:0::0:0:Core:/root:/usr/local/bin/zsh
> daemon:*:1:1::0:0:System Processes:/root:/usr/sbin/nologin
> operator:*:2:2::0:0:Operator:/:/usr/sbin/nologin
> kmem:*:3:65533::0:0:KMem:/:/usr/sbin/nologin
> bin:*:4:4::0:0:Binaries:/:/usr/sbin/nologin
> tty:*:5:65533::0:0:Titty:/:/usr/sbin/nologin
> news:*:6:6::0:0:News:/:/usr/sbin/nologin
> man:*:7:7::0:0:Manuals:/usr/share/man:/usr/sbin/nologin
>
> nobody:*:55555:55555::0:0:Unprivileged:/nonexistent:/usr/sbin/nologin
>
> sshd:*:101:101::0:0:Secure Shell:/var/empty:/usr/sbin/nologin
> www:*:102:102::0:0:World Wide Web:/usr/local/www:/usr/sbin/nologin
> ftp:*:103:103::0:0:File Transfer
> Protocol:/home/websites:/usr/sbin/nologin
> mysql:*:104:104::0:0:MySQL:/var/db/mysql:/sbin/nologin
> proxy:*:105:105::0:0:Packet Filter:/nonexistent:/usr/sbin/nologin
> smmsp:*:106:106::0:0:Sendmail
> Submission:/var/spool/clientmqueue:/usr/sbin/nologin
> mailnull:*:107:107::0:0:Sendmail
> Default:/var/spool/mqueue:/usr/sbin/nologin
> postfix:*:108:108::0:0:Postfix:/var/spool/postfix:/usr/sbin/nologin
> cyrus:*:109:109::1111874400:0:Cyrus:/nonexistent:/usr/sbin/nologin
> spamd:*:110:110::0:0:SpamAssassin:/var/spool/spamd:/sbin/nologin
> vscan:*:111:111::0:0:Scanner:/var/amavis:/bin/sh
> clamav:*:112:112::0:0:ClamAV:/nonexistent:/usr/sbin/nologin
>
> kyrre:*:1001:0::0:0:Kyrre:/home/kyrre:/usr/local/bin/zsh
> nomad:*:1002:1002::0:0:Hednod:/home/nomad:/usr/local/bin/zsh
> polvott:*:1003:1003::0:0:Thomas:/home/polvott:/usr/local/bin/zsh
> nughaud:*:1004:1004::0:0:King:/home/nughaud:/usr/local/bin/zsh
>
> --
>
> # cat /etc/group
>
> wheel:*:0:root
> daemon:*:1:
> operator:*:2:root
> kmem:*:3:
> bin:*:4:
> tty:*:5:
> news:*:6:
> man:*:7:
>
> nobody:*:55555:
>
> sshd:*:101:
> www:*:102:
> ftp:*:103:
> mysql:*:104:
> proxy:*:105:
> smmsp:*:106:
> mailnull:*:107:
> postfix:*:108:
> cyrus:*:119:
> spamd:*:110:
> vscan:*:111:
> clamav:*:112:
>
> nomad:*:1002:
> polvott:*:1003:
> nughaud:*:1004:
>
> --
>
> The script would rearrange passwd and group into classes, based on a
> predefined list maybe. Then it should renumber the UIDs and GIDs.
For keeping stuff like this organized on a small system, I've all
ways found keeping IDs with in certain ranges based on what they do
to be useful. Like 1000 to 1999 is for users, 2000 to 2999 is for
special non-login users, and etc.
Or if you are using LDAP you can have something like this for a few
OUs.
ou=generalUsers,ou=userGroups,ou=usersANDgroups,dc=foo,dc=bar
ou=services,ou=userGroups,ou=usersANDgroups,dc=foo,dc=bar
ou=whatever,ou=userGroups,ou=usersANDgroups,dc=foo,dc=bar
And then just set the nss and pam module to look for to look for
users recursively under ou=userGroups,ou=usersANDgroups,dc=foo,dc=bar.
I just throw them all under the same ou myself.
> Then it should do something like:
>
> find -s / -uid foo | xargs chown bar
> find -s / -gid foo | xargs chgrp bar
Why not just rename the user/group foo to bar? That way name is
changed and there is no need to change any thing on the file system
because the IDs are the same.
> And before you know it :)
>
> Your system will be looking tighter than ever!
>
> I hope somebody can help me with this. It will take me at least a
> year, I've estimated, until I master Ruby well enough to do stuff
> like this.
More information about the freebsd-questions
mailing list