Simple one-way synchronisation of user password list between servers
Using a RedHat-derivative distro (CentOS), I'd like to keep the list of regular users (UID over 500), and group (and shadow files) pushed to a backup server.
The sync is only one-way, from the main server to the backup server.
I don't really want to have to deal with LDAP or NIS.
All I need is a simple script that can be run nightly to keep the backup server updated.
The main server can SSH into the backup system.
Any suggestion?
Edit:
Thanks for the suggestions so far but I think I didn't make myself clear enough.
I'm only looking at synchronising normal users whose UID is on or above 500.
System/service users (with UID below 500) may be different on both system.
So you can't just sync the whole files I'm afraid.
You can use awk to extract users/groups with IDs of 500 or greater. I have also taken the liberty of excluding user id 65534, which is often reserved for the "nobody" user (depending on distro; no clue if CentOS does so):
awk -F: '($3>=500) && ($3!=65534)' /etc/passwd > passwd.new
awk -F: '($3>=500) && ($3!=65534)' /etc/group > group.new
awk -F: '($3>=500) && ($3!=65534) {print $1}' /etc/passwd | grep -f - /etc/shadow > shadow.new
Then use rsync, scp, or your file transmission method of choice to copy the files to your backup system. These files can then be appended to the end of a 'clean' passwd, group or shadow file when you need to restore them (ie: default system users/groups only, to prevent unintentional duplications of ID/username).
cat passwd.new >> /etc/passwd
cat group.new >> /etc/group
cat shadow.new >> /etc/shadow
NIS/NIS+ were invented for this exact reason.
But they're kind of ugly and centralized (LDAP/Kerberos/SMB/etc.) authentication is a much much better idea if you can do it. To setup NIS/NIS+ you will need:
Packages:
yp-tools ypbind ypserv portmap
and an /etc/yp.conf with something like:
domain example.org server nis.example.org
ypserver nis.example.org
and then in /etc/sysconfig/network:
NISDOMAIN=example.org
And I got lazy, here's a good howto: http://www.wains.be/index.php/2007/02/28/setting-up-nis-under-centos-4/ that will walk you through it.
Personally for backup I'd just backup the entire /etc/ directory and be done with it. It's only a few megs at most.
use cppw and cpgr:
CPPW(8)
NAME
cppw, cpgr - copy with locking the given file to the
password or group file
SYNOPSIS<br>
cppw [-h] [-s] password_file
cpgr [-h] [-s] group_file
DESCRIPTION
cppw and cpgr will copy, with locking, the given file to
/etc/passwd and /etc/group, respectively. With the -s flag,
they will copy the shadow versions of those files,
/etc/shadow and /etc/gshadow, respectively.
With the -h flag, the commands display a short help message
and exit silently.
SEE ALSO
vipw(8), vigr(8), group(5), passwd(5), shadow(5), gshadow(5)
AUTHOR
cppw and cpgr were written by Stephen Frost, based on vipw
and vigr written by Guy Maor.