Sincronize /etc/passwd and /etc/yp/passwd.master

Wed Apr 30 02:32:42 PDT 2003

On Wednesday 30 April 2003 08:17, Neeraj Arora wrote:
> You can force your nis server machine to act as a nis client to itself;
> look in the handbook for the section that says something similar to 'nis
> servers which are nis clients too'.

The server is a very complex machine so, I have to keep all local users in the 
file /etc/master.passwd and I can't implement a solution of this kind :( 

>
> You will have to maintain a different master.passwd, passwd and group file
> for yp. Then update the Makefile in /var/yp to accomodate the path for
> yp-related master.passwd, group and passwd files.
>
> Use pw(8) with the -V option (to specify location to the yp-related files)
> to update, delete and modify user and groups. This will update only the
> files in the seperate directory (specified after the -V option) and not
> touch your local system database. On the local database keep only root,
> system and one user who is member of the group wheel. The rest will be
> sourced from/by yp (the server is a client to itself).
>
> The above applies only to the nis server.
>
> The clients are configured as normal. Thus, all accept root and the local
> user who is member of the group wheel, will need to use passwd to update
> their passwd, on all machines seperately; while users existing only on the
> nis database will need to use yppasswd to update their passwd; no matter
> which machine they are logged on from.
>
> Hope this helps.
>
> Regards,
> Neeraj
>
> >>> Ângelo Rodrigues <amr at fccn.pt> 04/30/03 00:44 AM >>>
>
> Hi again,
>
> My problem is simple. I'm trying to install a central login/password system
> but I want to find a way to sincronize /etc/master.passwd and
> /var/yp/master.passwd without having to force all local users to run two
> commands, passwd and yppasswd.
> It has been suggested me to make a simbolic link from 
> /var/yp/master.passwd to /etc/master.passwd. This is a possible solution
> but, this will force the server's root user to be the client's root user
> so, I won't be able to access to any client when the network is down.
> I think any client should have at least one local user to avoid this
> critical situation.
> Do you have any ideia about this?
>
> Regards,
>
> On Tuesday 29 April 2003 11:37, Neeraj Arora wrote:
> > Hmm...needed to search the trash for your original post before replying
> > is it...???
> >
> > And I did it....I think amidst the replies I got the impression that you
> > werent able to direct the home directory to the correct one when the
> > machine was not the nis server machine.
> >
> > Well cleared up now...
> >
> > Sorry about that...:^)
> >
> > So is your problem solved??? Or would you like to state it again in a
> > clean way (your problem (undeleted) minus all the replies that have been
> > made by now...:^)
> >
> > Regards,
> > Neeraj
> >
> > >>> Ângelo Rodrigues <amr at fccn.pt> 04/29/03 20:59 PM >>>
> >
> > Hi,
> >
> > I think you have made a series confusion!!! I don't want to use any file
> > server, I just want to use a centralized system of login/password.
> > Please, read all messages to understand all point.
> >
> > Regards,
> >
> > On Tuesday 29 April 2003 10:31, Neeraj Arora wrote:
> > > Please refer to the email below (that I am replying to) before reading
> > > what I write...
> > >
> > > /var/yp/master.passwd is not to be a softlink or symbolic link to
> > > /etc/master.passwd According the documentation (handbook I think),
> > > /var/yp/master.passwd is a copy of /etc/master.passwd without the root,
> > > system and one user who is also the member of group wheel.
> > >
> > > One can use amd (automount daemon) to have all users have their home
> > > directories in /home, while the directories inside /home are themselves
> > > mounted when needed according to the amd map supplied by nis. On the
> > > fileserver or the nfs server system, one could have different
> > > directories for different machines depending on any one or a
> > > combination of the os/hostname/ipaddress/network/etc. of the mounting
> > > machine.
> > >
> > > So if the fileserver had /allhomedirs and in that had ./linux, and
> > > ./freebsd and in each of them ./tom ./dick and ./harry; a linux client
> > > would end up providing /allhomedirs/linux/<user> at /home/<user> while
> > > a freebsd client would do the same by providing
> > > /allhomedirs/freebsd/<user> at /home/<user>.
> > >
> > > This will allow the entries in the /var/yp/master.passwd and
> > > /var/yp/passwd to remain untouched when produced as nis maps for
> > > different clients/hosts. Same can be done by mounting the appropriate
> > > shell binary from a fileserver using amd maps while the path for the
> > > shell can still remain only /path/shell or /usr/local/bin/bash; for
> > > linux clients the
> > > /usr/local/whatever is mounted from /allusrlocaldirs/linux/whatever and
> > > for freebsd it is mounted from /allusrlocaldirs/freebsd/whatever.
> > >
> > > One might not need to overwrite any field produced by nis on a client
> > > machine.
> > >
> > > Personally I feel, the less the configuration differences in different
> > > client machines, the better.
> > >
> > > Hope I havent got off the point completely...:-\
> > >
> > > Regards,
> > > Neeraj
> > >
> > > >>> Ângelo Rodrigues <amr at fccn.pt> 04/29/03 20:08 PM >>>
> > >
> > > On Monday 28 April 2003 17:39, Dan Nelson wrote:
> > > > In the last episode (Apr 28), ^Angelo Rodrigues said:
> > > > > On Monday 28 April 2003 16:22, Matthew Seaman wrote:
> > > > > > On Mon, Apr 28, 2003 at 05:06:36PM +0000, ^Angelo Rodrigues wrote:
> > > > > > > On Monday 28 April 2003 15:48, Dan Nelson wrote:
> > > > > > > > You want the same password; why wouldn't you want the same
> > > > > > > > homedir and shell also?  All our NIS users have their homedir
> > > > > > > > set to /net/homedirmachine/home/username.
> > > > > > >
> > > > > > > But my server users are distributed betwen /home and /homeapp
> > > > > > > and this method will force the same thing in the clients.
> > > > > >
> > > > > > You can selectively override part of a NIS password database
> > > > > > entry by using NIS magic tokens in the local passwd file --- see
> > > > > > passwd(5). For instance, user 'fred' might have home directory
> > > > > > /home/fred in the NIS database, but you can override that in a
> > > > > > client machine to /users/fred by putting:
> > > > > >
> > > > > >     +fred::::::::/users/fred:
> > > > > >
> > > > > > into /etc/master.passwd on the client.  All of the other fields
> > > > > > are inherited from the NIS database.
> > > > >
> > > > > This could be a solution :)
> > > >
> > > > Standardizing the name of the homedir would make your job a lot
> > > > easier. Can you make symlinks in /home so that every user whose
> > > > homedir is in /homeapp can use /home/user also?  Then the user's home
> > > > is
> > > > "/home/user" no matter what machine he logs into.
> > >
> > > But there's still a little problem... As the /var/yp/master.passwd is a
> > > softlink to /etc/master.passwd, the server's root user will be the same
> > > in the client so, the client won't have any local user. This can cause
> > > some series problems when the network is down. The client machine
> > > should have at least some local users to avoid this kind of problem.
> > >
> > > Regards,

-- 

Ângelo Rodrigues - amr at fccn.pt 
FCCN - Fundação para a Computação Científica Nacional
Av. Brasil, 101  1700-066 Lisboa - Portugal
Tel: +351 218440100   Fax: +351 218472167
-----------------------------------------------------