- Greg Freemyer (freemyer@NorcrossGroup.com) [030328 10:55]:
I have a series of similar boxes that I want to have identical system
Then use mount --bind over to a configuration/data disk for the few unique files like passwd/shadow/group/etc.
You might just want to rsync /etc, seems much simpler and can be done over ssh if that's a concern.
I don't understand.
During normal day to day admin, I would need to rsync files from /etc to /config/etc.
Then immediately after a system disk replacement, I would have to reverse the rsync.
It seems possible, but it also seems like eventually I would screw something up and lose my user accounts.
I could use timestamps to try to avoid a screw up, but somehow I don't really trust that approach.
I should be able to just write a short script:
#!/bin/sh chroot /config useradd $*
You'll need to copy a shell, libc, and whatever else useradd needs into the chroot as well.
I copied over a dozen or so files and I still could not get it to work.
I ran strace on useradd to see what was failing.
It seemed to revolve around PAM authentication which can get fairly involved.
So I gave up on that approach.
Instead, I got the shadow-4.0.2.src.rpm off of the CDs and extracted the source.
Then I edited ./lib/defines.h to have
=== #define PASSWD_FILE "/config/etc/passwd" #define GROUP_FILE "/config/etc/group" #define SHADOW_FILE "/config/etc/shadow" #define SGROUP_FILE "/config/etc/gshadow" ===
And did a make; make install.
So far it seems to be working, but I have done very little testing. In particular, I have not tested a single-user boot!!!
I hope this effectively means that all changes are made to my /config/etc set of files, but PAM uses the /etc set I have setup as --bind to the /config set.
BTW: One nice thing about using binds for this is that if /config is not available, or if I boot single user mode, then the underlying files are still available and I _hope_ I can still login with the base accounts like root.