From owner-freebsd-isp  Thu Sep 24 01:41:25 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA25300
          for freebsd-isp-outgoing; Thu, 24 Sep 1998 01:41:25 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from proxy.grad.kiev.ua (grad-UTC-28k8.ukrtel.net [195.5.25.54])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA25292
          for <freebsd-isp@FreeBSD.ORG>; Thu, 24 Sep 1998 01:41:10 -0700 (PDT)
          (envelope-from Ruslan@Shevchenko.Kiev.UA)
Received: from Shevchenko.Kiev.UA (cam [10.0.0.50])
	by proxy.grad.kiev.ua (8.8.8/8.8.7) with ESMTP id LAA06751;
	Thu, 24 Sep 1998 11:41:55 +0300 (EEST)
	(envelope-from Ruslan@Shevchenko.Kiev.UA)
Message-ID: <360A045E.E926E051@Shevchenko.Kiev.UA>
Date: Thu, 24 Sep 1998 11:35:42 +0300
From: Ruslan Shevchenko <Ruslan@Shevchenko.Kiev.UA>
Reply-To: rssh@grad.kiev.ua
X-Mailer: Mozilla 4.05 [en] (X11; I; FreeBSD 2.2.5-STABLE i386)
MIME-Version: 1.0
To: Dan Howard - EnterAct Admin Team <djhoward@enteract.com>
CC: freebsd-isp@FreeBSD.ORG
Subject: Re: adding users to populous systems
References: <19980924005250.F9091@enteract.com>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Dan Howard - EnterAct Admin Team wrote:
> 
> We have a busy shell machine available to our customers that runs a great many
> services and has over 14000 user accounts.
> 
> Over the past month, I've been involved in overhauling bits and pieces of the
> system involved in adding new users into the system.  For a long time, we'd
> been running an old version of the standard adduser script, hacked in very
> scary ways by various persons who've been in charge of the system for the
> past two years.  It was prone to breakage, and was scary to maintain, so I
> scrapped it and wrote our own version, which uses pw.
> 
> I've observed that stuff like adduser, pwd_mkdb, and even pw, are not
> particularly suited to running in this environment.  Why?  1) Race conditions
> involved with either of the first two regarding multiple copies being used at
> a time. (We have several employees adding users every day.)  2) A preference
> for rebuilding the entire password database once a user is added.
> 
> A few things we've done are:
> 
> - Wrap pwd_mkdb with lockf so it'll only run one at a time - it can be invoked
>   several times, but those invocations will block and complete serially.
> 
> - Hack pw so that it doesn't rebuild the database.  After the new script runs
>   pw, it calls pwd_mkdb -u.
> 
> Even so, I notice that pw likes to make certain assumptions, such as that the
> password environment it's working in reflects accurately the state of the
> passwd file it's editing - this means that until I put a lock around pw -?
> pwd_mkdb -u, that some duplicate UIDs were appearing on accasion.
> 
> I think pw is a cool program though, and keep thinking that some spare time
> should be devoted to getting it, and possibly pwd_mkdb to act in a different
> manner - the former rebuilding the database more conservatively, and the
> latter not running over itself, as other utilities like passwd, chfn, et al,
> manage to do.
> 
> Before I start getting too intimate with some rather sober and serious code
> there, I was wondering if anyone else has been involved with this sort of
> stuff too, and hopefully has certain suggestions or insight they might share?
> 

  few monthes ego I wrote X and HTML tool for adding/deleting users
and groups.

  It work with set of users in memory, than use pwd_mkdb for a
generating of passwd files, locking it before.

All *semantic* work is doing in C++ core, all *GUI* is writeln in TCL.

add yet another interface (I mean tewxtual) would be very simple.

  This tools is work good for our internal network.

For a pity, I'm very busy now and have no time for extensive  testing
it before release.

 I will be happy, if you will grab the sources 
 (http://cam.grad.kiev.ua/~rssh/admin/admin.html) 
 and will use it as start point.

 Please, contact me for any additional questions.


> Thanks!
> 
> -danny
> 
> --
> Dan Howard, EnterAct System Administration Team || EnterAct: Top-rated
>      http://www.dannyland.org/~dannyman/        ||   ISP in Illinois
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message

-- 
    @=                                   
     //RSSH                             
mailto:Ruslan@Shevchenko.Kiev.UA

CORBA in Ukraine & ex-USSR: http://www.corbadev.kiev.ua

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message