Hi, I'm late to this discussion and missed the beginning, but you might want to take a look at the method I used for a shared-root setup at one of our student labs in ca. 2002 (presented at the 2nd EuroBSDon).
https://www.researchgate.net/publication/1957467_A_Shared_Write-protected_Root_Filesystem_for_a_Group_of_Networked_Clients key points: I configured a lot of /etc changeables to be constant, and as catch-all I union-mounted a tmpfs on top of /etc to catch what was unhandled. User authentication and group directory were done via NIS back then (configured in via nsswitch), name service via DNS, of course. Regards, -is -- Ignatios Souvatzis, Chief IPv6 enabler RFC 6540 Gemeinsame Systemgruppe b-it + Informatik Tel. +49 228 73-60701 [email protected]
