I am using FreeBSD with ZFS to run several jails. For jail management I'm using ezjail, and I have a template jail which I use for provisioning.
I want to share passwd, groups, and authentication information across all jails and the host. For the jails it can be read-only.
Is there some mechanism which can share the host passwd, groups, etc. without any complex system such as LDAP/NIS/etc.?
LDAP or NIS is the Right Solution -- it's really not that complicated, and you should take a day and learn both (figure about half a day each to get the basics. Less if you buy the O'Reilly NIS book & LDAP book.
The big advantage here is you can centralize some accounts (administrative access/support users), authorize others on a per-jail basis, and still have local users on specific machines.
If you're really dead-set against LDAP or NIS the next best thing is to use Puppet, Chef, radmind, or similar to update the passwd and group files -- you can automatically synchronize the authentication/authorization files as part of a site-wide deployment process.
Automatic deployment tools have their own complexity issues, but also bring a number of benefits which may make them appropriate for your environment
The next step down is a cron job on the host system that copies standard passwd and group files to each jail at a set time. This is the simplest solution and works very well, though it is only a very small step up from copying the files yourself manually.
If I remember right, then ezjail sets up a lot of directories and files in the default jail, that are shared across the other jails. I guess you could put users in there too. Maybe it's a bit of analysis first and manual work then.
But to be honest, I think this ruins your jails security. I normally create a jail to isolate as much as possible.
