Pete,
> The fact that you are excluding /home worries me. Are you going to
> have different users on the machines?
I have had some requests to setup terminal servers for a couple of
local ngo's. These servers would have different user accounts.
I would like to do it using a controlled enviroment.
I'm only running one public terminal server. It servers a library and
a group of terminals used by educational staff. The user accounts are
not personalized. I call this script from Xstartup so ever new login
gets a clean account.
*******************
#! /bin/sh
#group 1001:library
#group 1002:cataleg
#group 1004:pc-tutor
USER_ID=`getent passwd $USER|cut -f 3 -d :`
HOMEDIR=`getent passwd $USER|cut -f 6 -d :`
#only renew homes of users above 1999
if [ "$USER_ID" -ge "2000" ]; then
GROUP_ID=`getent passwd $USER|cut -f 4 -d :`
rm -fr $HOMEDIR
mkdir $HOMEDIR
tar xf /etc/restore/$GROUP_ID.tar --directory $HOMEDIR
#.sversionrc ooffice uses absolut path
cat > $HOMEDIR/.sversionrc << EOF
[versions]
OpenOffice.org 1.1.4=file://$HOMEDIR/.openoffice/1.1.4
EOF
chown -R $USER.$GROUP_ID $HOMEDIR
#chmod go-rx $HOMEDIR
fi
*******************
> Bad things can happen if users/groups don't match.
I'm finding that out :)
At least one of the reason the update with the freenx server didn't
work is because of user accounts.
freenx wrote in /etc/passwd but that update was suppressed by
push-update.exclude
So yes, Bad things do happen.
Perhaps there is a way of seperating the user accounts from the rest
of the system.
With these ngo's I would have different users and file shareing too.
It would be nice to have some sort of abstraction that clearly defines
'user world' and system. Perhaps ldap and samba could do this? I've
never used ldap.
Chris.
On 10/27/05, Peter Billson <[EMAIL PROTECTED]> wrote:
> Chris,
> I rsync the whole thing on production servers all the time. As long
> as you are trying to maintain nearly identical servers it works fine.
>
> The fact that you are excluding /home worries me. Are you going to
> have different users on the machines? Bad things can happen if
> users/groups don't match.
>
> Pete Billson
> --
> http://www.elbnet.com
> ELB Internet Service, Inc.
> Web Design, Computer Consulting, Internet Hosting
>
> Chris Fanning wrote:
> > Hi,
> >
> >>Not sure why you needed to exclude /dev, generally I include it.
> >
> > I can't remenber the exact error, but it resulted in a kernel panic.
> >
> >
> > I think some files are good to copy onto the new base installation,
> > but less files should be copied onto a production server.
> >
> > I'm trying to see how to do a quick new install from a master copy,
> > and then use the master copy to push maintenance updates to production
> > servers.
> >
> > new-install.exclude
> > *****************************
> > /boot
> > /vmlinuz
> > /initrd.img
> > /lib/modules
> > /etc/fstab
> > /etc/mtab
> > /etc/mdadm
> > /etc/rsync
> > /etc/hostname
> > /etc/ssh/ssh_host_*
> > /etc/ssl
> > /var/tmp
> > /var/log
> > /var/run
> > /var/lock
> > /mount
> > /media
> > /proc
> > /tmp
> > /dev
> > /usr/src
> > /home
> > *****************************
> >
> > push-update.exclude
> > *****************************
> > /etc/hosts
> > /etc/resolve.conf
> > /etc/dhcpd.conf
> > /etc/firewall
> > /etc/network
> > /etc/passwd*
> > /etc/shadow*
> > /etc/group*
> > /var/spool
> > /opt/ltsp/i386/etc/lts.conf
> > /boot
> > /vmlinuz
> > /initrd.img
> > /lib/modules
> > /etc/fstab
> > /etc/mtab
> > /etc/mdadm
> > /etc/rsync
> > /etc/hostname
> > /etc/ssh/ssh_host_*
> > /etc/ssl
> > /var/tmp
> > /var/log
> > /var/run
> > /var/lock
> > /mount
> > /media
> > /proc
> > /tmp
> > /dev
> > /usr/src
> > /home
> > *****************************
> > This morning I added ltsp sound to the master server and pushed the
> > update to a client server. It worked. Following this idea, apt-get
> > should never be used on the client server.
> >
> > I do feel however that i'm going to run into problems.
> > I installed freeNX server on the master server, and pushed the copy to
> > the client server.
> > Bad. nxserver had touched many different files and it didn't work.
> >
> > This adds complexity to the invention (something to avoid).
> >
> > Any ideas?
> >
> > Chris.
> >
> >
> > On 10/26/05, Peter Billson <[EMAIL PROTECTED]> wrote:
> >
> >>Good point with ssh, I've added it
> >>
> >>Not sure why you needed to exclude /dev, generally I include it.
> >>
> >>Pete Billson
> >>--
> >>http://www.elbnet.com
> >>ELB Internet Service, Inc.
> >>Web Design, Computer Consulting, Internet Hosting
> >>
> >>Chris Fanning wrote:
> >>
> >>>>If you have the same keys on the other servers this is a security problem.
> >>>>You should to generate another keys for each server.
> >>>>You shoul be interested with ssl too.
> >>>
> >>>
> >>>Good point.
> >>>I also needed to exclude /dev
> >>>
> >>>On 10/26/05, Marcin Kuk <[EMAIL PROTECTED]> wrote:
> >>>
> >>>
> >>>>Peter
> >>>>
> >>>>I saw your exclude file:
> >>>>
> >>>>http://www.elbnet.com/libsys/files/exclude
> >>>>/boot
> >>>>/cdrom
> >>>>/etc/fstab
> >>>>/etc/hostname
> >>>>/etc/lilo.conf
> >>>>/etc/mtab
> >>>>/etc/network/interfaces
> >>>>/etc/rsync
> >>>>/floppy
> >>>>/lib/modules
> >>>>/proc
> >>>>/tmp
> >>>>/usr/src
> >>>>/vmlinuz
> >>>>
> >>>>I think you forgot one thing:
> >>>>/etc/ssh directory
> >>>>
> >>>>If you have the same keys on the other servers this is a security problem.
> >>>>You should to generate another keys for each server.
> >>>>You shoul be interested with ssl too.
> >>>>
> >>>>Regards
> >>>>
> >>>>Marcin Kuk
> >>>>
> >>>>On 10/21/05, Peter Billson <[EMAIL PROTECTED]> wrote:
> >>>>
> >>>>
> >>>>>Chris Fanning wrote:
> >>>>>
> >>>>>
> >>>>>>Hi,
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> I do a base install of the OS on the new server then use rsync to
> >>>>>>>copy a master copy of my server set up, which I keep on a portable USB
> >>>>>>>drive.
> >>>>>>
> >>>>>>That sounds like just the sort of thing I'm thinking of.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> Of course I exclude a few files - i.e. /boot since the hardware is
> >>>>>>>usually different, hostname, network interface set up, etc.
> >>>>>>
> >>>>>>
> >>>>>>Would it be too much to ask you for the list of excludes and includes
> >>>>>>to help get me started?
> >>>>>>
> >>>>>>Thanks.
> >>>>>>Chris.
> >>>>>
> >>>>>Chris,
> >>>>> I included everything, except what is listed in
> >>>>>http://www.elbnet.com/libsys/files/exclude
> >>>>>
> >>>>> This is for a debian system.
> >>>>>
> >>>>>Pete Billson
> >>>>>--
> >>>>>http://www.elbnet.com
> >>>>>ELB Internet Service, Inc.
> >>>>>Web Design, Computer Consulting, Internet Hosting
> >>>>>
> >>>>>
> >>>>>-------------------------------------------------------
> >>>>>This SF.Net email is sponsored by:
> >>>>>Power Architecture Resource Center: Free content, downloads, discussions,
> >>>>>and more. http://solutions.newsforge.com/ibmarch.tmpl
> >>>>>_____________________________________________________________________
> >>>>>Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
> >>>>> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
> >>>>>For additional LTSP help, try #ltsp channel on irc.freenode.net
> >>>>>
> >>>>
> >>>>
> >>>>-------------------------------------------------------
> >>>>This SF.Net email is sponsored by the JBoss Inc.
> >>>>Get Certified Today * Register for a JBoss Training Course
> >>>>Free Certification Exam for All Training Attendees Through End of 2005
> >>>>Visit http://www.jboss.com/services/certification for more information
> >>>>_____________________________________________________________________
> >>>>Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
> >>>> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
> >>>>For additional LTSP help, try #ltsp channel on irc.freenode.net
> >>>>
> >>>
> >>>
> >
>
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
