Date: Thu, 24 Sep 1998 00:52:50 -0500 From: Dan Howard - EnterAct Admin Team <djhoward@enteract.com> To: freebsd-isp@FreeBSD.ORG Subject: adding users to populous systems Message-ID: <19980924005250.F9091@enteract.com>
next in thread | raw e-mail | index | archive | help
We have a busy shell machine available to our customers that runs a great many
services and has over 14000 user accounts.
Over the past month, I've been involved in overhauling bits and pieces of the
system involved in adding new users into the system. For a long time, we'd
been running an old version of the standard adduser script, hacked in very
scary ways by various persons who've been in charge of the system for the
past two years. It was prone to breakage, and was scary to maintain, so I
scrapped it and wrote our own version, which uses pw.
I've observed that stuff like adduser, pwd_mkdb, and even pw, are not
particularly suited to running in this environment. Why? 1) Race conditions
involved with either of the first two regarding multiple copies being used at
a time. (We have several employees adding users every day.) 2) A preference
for rebuilding the entire password database once a user is added.
A few things we've done are:
- Wrap pwd_mkdb with lockf so it'll only run one at a time - it can be invoked
several times, but those invocations will block and complete serially.
- Hack pw so that it doesn't rebuild the database. After the new script runs
pw, it calls pwd_mkdb -u.
Even so, I notice that pw likes to make certain assumptions, such as that the
password environment it's working in reflects accurately the state of the
passwd file it's editing - this means that until I put a lock around pw ->
pwd_mkdb -u, that some duplicate UIDs were appearing on accasion.
I think pw is a cool program though, and keep thinking that some spare time
should be devoted to getting it, and possibly pwd_mkdb to act in a different
manner - the former rebuilding the database more conservatively, and the
latter not running over itself, as other utilities like passwd, chfn, et al,
manage to do.
Before I start getting too intimate with some rather sober and serious code
there, I was wondering if anyone else has been involved with this sort of
stuff too, and hopefully has certain suggestions or insight they might share?
Thanks!
-danny
--
Dan Howard, EnterAct System Administration Team || EnterAct: Top-rated
http://www.dannyland.org/~dannyman/ || ISP in Illinois
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980924005250.F9091>