I would guess that, for a system to be useful, /etc/passwd and shadow would change over time to include other userids for whatever task or application is taking place there. That would preclude copying and old copy over the current one producing any useful results.
The approach we've used is to connect pam on each image to an LDAP server which maintains the accounts. Each server has an associated netgroup, and users of that server have that netgroup included in their LDAP profiles, allowing them to log into the server. Doing maintenance by writing over the /, /usr, or /boot directories is a "Very Bad Idea" . Even if you only do /boot, there are kernel changes which necessitate changes to the programs that interface to the kernel function. Maintenance is an all-inclusive thing, where changes are made in /etc, /boot, /usr/bin, /usr/share and many other locations, all at once. These things, most times, need to be in sync in order for the system to run correctly. I've not seen a way to correctly propagate all the necessary pieces of a maintenance run, other than using YaST itself. Down other paths lie insanity. There are system management and provisioning products that claim to be able to do it... Look at them closely and make them prove that they work before you commit your systems to them. -- Robert P. Nix Mayo Foundation .~. RO-OE-5-55 200 First Street SW /V\ 507-284-0844 Rochester, MN 55905 /( )\ ----- ^^-^^ "In theory, theory and practice are the same, but in practice, theory and practice are different." On 7/22/08 10:35 AM, "Whiteman, Mark" <[EMAIL PROTECTED]> wrote: > I guess my point is, if I deploy from a "gold" image, I'll probably > want to change passwords on the various clones. If I put patches/fixes > onto my "gold" image and want to redeploy it, I'll go back to the > original passwords. So, when I redploy, could I simply take a backup of > the /etc/passwd, group, shadow and copy them back over the original > members that existed on the "gold" image ? > > > > Mark W. > > . > > The only place Linux stores "local" user information is in /etc/passwd, > /etc/shadow, and /etc/group. Without special schemes to get around it, > /etc lives in your root file system. So, any method you come up with to > copy one system to another will automatically bring with it the same > userids and passwords. > > > Mark Post > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
