Re: [xcat-user] [External] What is the best way for changing/maintain users/groups/passwords for the computing nodes?

[Trafford, Tyler]

At our site we use LDAP, but to allow for the possibility of some local 
accounts I've implemented this simple thing:

/install/custom/synclist.accounts =>
MERGE:
/install/custom/etc/passwd -> /etc/passwd
/install/custom/etc/shadow -> /etc/shadow
/install/custom/etc/group -> /etc/group


Then this runs twice a day:

#!/bin/bash
export XCATROOT="/opt/xcat"
export PATH="/opt/xcat/bin:${PATH}"

awk -F: '$3>=1000&&$3<10000{print}' /etc/passwd > /install/custom/etc/passwd
awk -F: '$3>=1000&&$3<10000{print}' /etc/group > /install/custom/etc/group

cp -a /etc/shadow /install/custom/etc/shadow
yes | pwck -q /install/custom/etc/{passwd,shadow} > /dev/null

xdcp login,compute -v -F /install/custom/synclist.accounts


The ranges for uids/gids exclude system accounts and our LDAP, and this is 
simple to run and manage.

Implementing inotify for this would be pretty simple,  I think- but it doesn't 
account for changing the root password.

-Tyler

________________________________________
From: Christian Caruthers <ccaruth...@lenovo.com>
Sent: Tuesday, June 19, 2018 10:15 AM
To: xCAT Users Mailing list
Subject: Re: [xcat-user] [External] What is the best way for changing/maintain 
users/groups/passwords for the computing nodes?

Some suggestions:

Rather than sync'ing the passwd, group, and shadow files to the systems, use a 
postscript to simply appended what you need to those files.

Set the xCAT management node up as an NIS server.

Set up ansible  on xCAT MN to manage/create user accounts.

Connect to LDAP or AD domain.

Regards,
Christian Caruthers
Lenovo Professional Services
Mobile: 757-289-9872

-----Original Message-----
From: Daniel Hilst Selli <dan...@versatushpc.com.br>
Sent: Monday, June 18, 2018 12:56
To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
Subject: [External] [xcat-user] What is the best way for changing/maintain 
users/groups/passwords for the computing nodes?

Hi!

I had a problem where I couldn't login to a computing node with the password 
contained at system key of passwd table. I search in the internet for options 
on setting password for xcat.

The documentation says

chtab key=system passwd.username=root passwd.password=abc123

But I don't really understand how this password would get to /etc/shadow of the 
computing nodes. Changing the password and reboot stateless node doesn't has 
effect, the node keep using the old password and passwd table and nodes 
/etc/shadow are out of sync.

I saw people on internet synchronizing /etc/{group,shadow,passwd} from 
management node, but if this is the case, what is the point of the system key 
on passwd table?

Any suggestion on how to handle computing node users will be appreciated!


Regards,

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most engaging tech 
sites, Slashdot.org! 
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsdm.link%2Fslashdot&data=02%7C01%7Ctyler.trafford%40yale.edu%7Cd2835177acba4be78e7d08d5d5f01ccf%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C636650149622436439&sdata=xQbjcwEkBuqb8rNli71U7Xbx3YDtjwdKVRKlvLX0yQs%3D&reserved=0
 _______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=02%7C01%7Ctyler.trafford%40yale.edu%7Cd2835177acba4be78e7d08d5d5f01ccf%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C636650149622436439&sdata=RMfl%2FNBnn2xUcfQgAulh0g5MAf2zzVR0rPkU7p7eXKU%3D&reserved=0

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! 
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsdm.link%2Fslashdot&data=02%7C01%7Ctyler.trafford%40yale.edu%7Cd2835177acba4be78e7d08d5d5f01ccf%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C636650149622446447&sdata=helGcKb5WkKiiWw%2BvEdCj%2B7ZwqX1JAv6%2BQiShRXGcrM%3D&reserved=0
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=02%7C01%7Ctyler.trafford%40yale.edu%7Cd2835177acba4be78e7d08d5d5f01ccf%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C636650149622446447&sdata=xAaKCr%2FEqWHUOBYI%2FvoSudkrr5DxX9GIgqr11Wgr6Zk%3D&reserved=0

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user