I have two machines, same hardware (one should be for backup), same software (red hat 4). I need to know how to sync all the users used for ftp and email accounts. It's enough to copy the /etc/passw and /etc/shadow to the other machine for getting this to work?
Maybe with cron and using rsync?
Asked
Active
Viewed 2,390 times
1
2 Answers
4
You can use rsync if the two installs are really identical, as in: no uids are different, and you don't plan on ever creating unique users for the backup server (note that that implies not installing software that needs its own uid). It's not the recommended solution most of the time (that would be NIS or LDAP) but it should work.
A somewhat more flexible solution would be to use a script that copies the info per-user (passwd, groups, shadow) only when needed (user is new or has been modified). You can do this with a shell script with the help of diff or using something like perl or python. Let me know if you're interested in this solution and need help. This way you can also easily avoid having to share system accounts (including root) between systems, which may not be appropriate.
Are you sure your ftp and mail daemons both exclusively use system users? Sometimes they use their own user databases.
EDIT:
On the main server (this fragment comes from an answer to Simple one-way synchronisation of user password list between servers):
awk -F: '($3>=500) && ($3!=65534)' /etc/passwd > passwd.prod
awk -F: '($3>=500) && ($3!=65534)' /etc/group > group.prod
awk -F: '($3>=500) && ($3!=65534) {print $1}' /etc/passwd | grep -f - /etc/shadow > shadow.prod
Then transfer the *.prod files to the backup server (I'm guessing you already have public key auth in place) and do this:
awk -F: '($3<500)' /etc/passwd > passwd.new &&
cat passwd.prod >> passwd.new &&
cppw passwd.new
awk -F: '($3<500)' /etc/group > group.new &&
cat group.prod >> group.new &&
cpgr passwd.new
awk -F: '($3<500) {print $1}' /etc/passwd | grep -f - /etc/shadow > shadow.new &&
cat shadow.prod >> shadow.new &&
cppw -s shadow.new
This should keep system accounts unchanged on the backup server, but replace regular user information on each run. You could do this more efficiently (searching for changed user accounts, and then changing only those lines with sed) but this way it's easier to use cppw and cpgr, which use locking. NOTE: if you do use this please comment out the cppw and cpgr lines first, so you can check the *.new files.
Eduardo Ivanec
- 14,881
- 1
- 37
- 43
-
Yes, sure. The ftp and mail daemons uses the users that are in the passwd/shadow files. Can I copy only the lines that I'm interested for? Because I'm a little scared about the root account :) – Kreker Apr 21 '11 at 07:02
-
I added a way to only copy non-system users, hope it helps. – Eduardo Ivanec Apr 21 '11 at 14:22
-
Thanks. I take a look but I'm on an old system (red hat 4) and seems no trace of cppw and cpgr – Kreker Apr 22 '11 at 07:42
-
You can use plain old cp then. Just *don't use mv* and you should be fine. – Eduardo Ivanec Apr 22 '11 at 14:39
1
Yes, if the machines really are comparable just copying those files is enough. However the software and services you have installed and running on the backup machine is likely to be a small subset of those on a different machine. It might be advisable to only copy the users above whatever uid# threshold your distro uses to distinguish system/software users from regular users.
Caleb
- 11,813
- 4
- 36
- 49