1

I have a cluster of 100 iMacs and I wanted to replicate all the accounts via SSH, in linux, I wrote a very simple script in which copies the /etc/passwd* /etc/group* /etc/shadow* to /etc in each node, but I can't do this in Mac OSX just like that. How can I do something similar like this in OSX?

EEAA
  • 109,363
  • 18
  • 175
  • 245
natorro
  • 111
  • 3

2 Answers2

2

You should be able to use the same approach on OS X, except that the relevant files to clone are /var/db/dslocal/nodes/Default/users/*, /var/db/dslocal/nodes/Default/groups/*, and /var/db/shadow/hash/*. I haven't tested this, but it should work.

Gordon Davisson
  • 11,216
  • 4
  • 28
  • 33
  • @natorro: Glad to hear it. Can you mark this answer as accepted? BTW, the /var/db/shadow/hash directory contains both password hash files and ".state" files that track things like the time of last successful login, number of authentication failures, etc. It would actually be a bit better (though not very important) to clone only the hash files, not the .state files. Here's a shell pattern to match just the hash files: `/var/db/shadow/hash/*[A-Z0-9]` – Gordon Davisson Apr 14 '11 at 15:32
1

I would use a MacOS Server and OpenDirectory, so you have centralized authentication.

Other than that, you will have to use scripts creating the user via the dscl command line utility, as MacOS uses a local directory even for standalone systems.

Third option is to use a configuration management tool like Puppet.

Sven
  • 98,649
  • 14
  • 180
  • 226
  • That's exactly why I wanted to avoid, using any of those three options, as far as I've reached is that I used dsexport to create a backup of users and groups then copy those files to the other machines and use dsimport to import that information, the users are created, but then the passwords for the accounts that didn't exist just don't work, any ideas? :-( – natorro Apr 13 '11 at 19:02