merging-uids 1.0 review
Downloadmerging-uids project merges one or more files in /etc/passwd format
|
|
merging-uids project merges one or more files in /etc/passwd format. You give it a list of n password files on the commandline (leftmost varies least in the output) and a series of n-1 scripts that will be used by sed. In return, you get a new password file and a series of UIDs that need to be rearranged on-disk with chowns.
The general flow of the task is to:
Transfer all of your password files to a central host, in a single directory, one file per domain.
Delete any accounts from the domain files you don't want to have in the resulting password file.
Create one "-paths" script for each domain. This script will change users' home directory paths. If you don't need homedirs changed, just use a NOOP -path script like:
#!/bin/sh
echo "$1"
Run uid-merge until you get a series of pwent and chown lines. If it errors out, you probably have username collisions, which need to be resolved manually. I like to contact both users, see if they're the same person, ask them which homedir they'd like to be made a subdir of the other. If they're two different people, that may make the merge policitally complex, but one approach is to ask both of them to vacate the username, give them two new ones, and put a vacation message on the old one explaining what happened.
sed apart the output into a password file and a series of chowns files
Run the chowns on each host with user files in the former password domains
Install your new password file.
uid-merge is a program that you just give a series of password files to on the command line, like:
uid-merge domain1 domain2 domain3
In this example, domain1's uid's will vary least frequently in the event of UID collisions, and domain3 will very most frequently.
Here's an example of the sort of input and output you might expect:
seki-strombrg> for i in *; do echo $i; sed 's/^/ /' < $i; done
domain1
user1:x:10000:600::/tmp:/bin/bash
user2:x:10000:600::/tmp:/bin/bash
user3:x:10001:600::/tmp:/bin/bash
user4:x:10002:600::/tmp:/bin/bash
user5:x:10003:600::/tmp:/bin/bash
user6:x:10004:600::/tmp:/bin/bash
domain1-paths
#!/bin/sh
echo /domain1"$1"
domain2
domain2a:x:20000:600::/tmp:/bin/bash
domain2b:x:20001:600::/tmp:/bin/bash
domain2c:x:20001:600::/tmp:/bin/bash
domain2d:x:10002:600::/tmp:/bin/bash
domain2e:x:20003:600::/tmp:/bin/bash
domain2f:x:20004:600::/tmp:/bin/bash
domain2-paths
#!/bin/sh
echo /domain2"$1"
domain3
domain3a:x:30000:600::/tmp:/bin/bash
domain3b:x:30001:600::/tmp:/bin/bash
domain3c:x:10001:600::/tmp:/bin/bash
domain3d:x:10002:600::/tmp:/bin/bash
domain3e:x:30003:600::/tmp:/bin/bash
domain3f:x:20004:600::/tmp:/bin/bash
domain3-paths
#!/bin/sh
echo /domain3"$1"
Mon Oct 17 12:47:19
seki-strombrg> uid-merge domain1 domain2 domain3
chown domain3 20004 100
chown domain3 10001 101
chown domain2 10002 102
chown domain3 10002 103
pwent domain3f:x:100:600::/domain3/tmp:/bin/bash
pwent domain3c:x:101:600::/domain3/tmp:/bin/bash
pwent domain2d:x:102:600::/domain2/tmp:/bin/bash
pwent domain3d:x:103:600::/domain3/tmp:/bin/bash
pwent user1:x:10000:600::/domain1/tmp:/bin/bash
pwent user2:x:10000:600::/domain1/tmp:/bin/bash
pwent user3:x:10001:600::/domain1/tmp:/bin/bash
pwent user4:x:10002:600::/domain1/tmp:/bin/bash
pwent user5:x:10003:600::/domain1/tmp:/bin/bash
pwent user6:x:10004:600::/domain1/tmp:/bin/bash
pwent domain2a:x:20000:600::/domain2/tmp:/bin/bash
pwent domain2b:x:20001:600::/domain2/tmp:/bin/bash
pwent domain2c:x:20001:600::/domain2/tmp:/bin/bash
pwent domain2e:x:20003:600::/domain2/tmp:/bin/bash
pwent domain2f:x:20004:600::/domain2/tmp:/bin/bash
pwent domain3a:x:30000:600::/domain3/tmp:/bin/bash
pwent domain3b:x:30001:600::/domain3/tmp:/bin/bash
pwent domain3e:x:30003:600::/domain3/tmp:/bin/bash
Mon Oct 17 12:47:28
So you just save that output in a file with ">", and sed apart the pieces:
grep '^chown domain1 ' < tempfile | sed 's/^chown domain1 //' > chowns-input-for-domain-domain1
grep '^chown domain2 ' < tempfile | sed 's/^chown domain2 //' > chowns-input-for-domain-domain2
grep '^chown domain3 ' < tempfile | sed 's/^chown domain3 //' > chowns-input-for-domain-domain3
grep '^chown ' < tempfile | sed 's/^pwent //' > resulting-password-file
As it happens, the chowns-input for domain "domain1" probably will be empty. You then go to each domain (except the first listed on the uid-merge line), feeding that "chowns-input" file into the "chowns" program. You'll probably want to run it on every file server and machine with non-network-accessible accounts, to get all the UID's changed appropriately. An example of chowns use is:
fileserver1-root> chowns < chowns-input-for-domain3
Then you just install your new password file ("resulting-password-file") in /etc/passwd, or as your NIS password source file.
merging-uids 1.0 keywords