Date: Thu, 24 Sep 1998 11:35:42 +0300 From: Ruslan Shevchenko <Ruslan@Shevchenko.Kiev.UA> To: Dan Howard - EnterAct Admin Team <djhoward@enteract.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: adding users to populous systems Message-ID: <360A045E.E926E051@Shevchenko.Kiev.UA> References: <19980924005250.F9091@enteract.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Howard - EnterAct Admin Team wrote: > > We have a busy shell machine available to our customers that runs a great many > services and has over 14000 user accounts. > > Over the past month, I've been involved in overhauling bits and pieces of the > system involved in adding new users into the system. For a long time, we'd > been running an old version of the standard adduser script, hacked in very > scary ways by various persons who've been in charge of the system for the > past two years. It was prone to breakage, and was scary to maintain, so I > scrapped it and wrote our own version, which uses pw. > > I've observed that stuff like adduser, pwd_mkdb, and even pw, are not > particularly suited to running in this environment. Why? 1) Race conditions > involved with either of the first two regarding multiple copies being used at > a time. (We have several employees adding users every day.) 2) A preference > for rebuilding the entire password database once a user is added. > > A few things we've done are: > > - Wrap pwd_mkdb with lockf so it'll only run one at a time - it can be invoked > several times, but those invocations will block and complete serially. > > - Hack pw so that it doesn't rebuild the database. After the new script runs > pw, it calls pwd_mkdb -u. > > Even so, I notice that pw likes to make certain assumptions, such as that the > password environment it's working in reflects accurately the state of the > passwd file it's editing - this means that until I put a lock around pw -? > pwd_mkdb -u, that some duplicate UIDs were appearing on accasion. > > I think pw is a cool program though, and keep thinking that some spare time > should be devoted to getting it, and possibly pwd_mkdb to act in a different > manner - the former rebuilding the database more conservatively, and the > latter not running over itself, as other utilities like passwd, chfn, et al, > manage to do. > > Before I start getting too intimate with some rather sober and serious code > there, I was wondering if anyone else has been involved with this sort of > stuff too, and hopefully has certain suggestions or insight they might share? > few monthes ego I wrote X and HTML tool for adding/deleting users and groups. It work with set of users in memory, than use pwd_mkdb for a generating of passwd files, locking it before. All *semantic* work is doing in C++ core, all *GUI* is writeln in TCL. add yet another interface (I mean tewxtual) would be very simple. This tools is work good for our internal network. For a pity, I'm very busy now and have no time for extensive testing it before release. I will be happy, if you will grab the sources (http://cam.grad.kiev.ua/~rssh/admin/admin.html) and will use it as start point. Please, contact me for any additional questions. > Thanks! > > -danny > > -- > Dan Howard, EnterAct System Administration Team || EnterAct: Top-rated > http://www.dannyland.org/~dannyman/ || ISP in Illinois > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- @= //RSSH mailto:Ruslan@Shevchenko.Kiev.UA CORBA in Ukraine & ex-USSR: http://www.corbadev.kiev.ua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?360A045E.E926E051>