help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ways to manage passwd/shadow files?

From: Ted Zlatanov
Subject: Re: Ways to manage passwd/shadow files?
Date: 16 Mar 2005 14:57:52 -0500
User-agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3.50 (gnu/linux) 
On Thu, 10 Mar 2005, spam-collector@artair.com wrote:

> What's the best way to use cfengine to manage /etc/passwd and
> /etc/shadow?

I would use useradd/usermod/userdel, which are available on most
modern Unix systems (or you can write a reasonable wrapper around
them).  Editing passwd files is VERY difficult to do properly in a
portable way.

cfperl, which I maintain at http://lifelogs.com/cfperl, does
useradd/mod/del internally based on commands you specify, e.g. "this
user should exist" or "this user should be deleted."  It can check NIS
or another external source to see if a user already exists so they are
not duplicated.

Here is an example from the manual
(http://lifelogs.com/cfperl/manual.html#A%20sample%20configuration):

users:
 any::
# the user will be created if they don't exist, otherwise the settings
# will only be adjusted
  user cftest uid=1500 gid = 500 secondary_gid= 7 gecos="The 'test' Mongoose"
  user cftest uid=1501
  user cftest delete full

# the groups will be created if they don't exist, otherwise the
# settings will only be adjusted
  group cftest gid =1500
  group cftest gid=1501
  group cftest delete

If you decide to evaluate cfperl, let me know if you have any questions.

Hope that helps
Ted
reply via email to
[Prev in Thread] Current Thread [Next in Thread]