Forum: Cfengine Help Subject: Looking for ideas: System User Management Author: absinfo_...@yahoo.com Link to topic: https://cfengine.com/forum/read.php?3,18518,18518#msg-18518
Hi, Still I'm a newbie to cfengine and would appreciate ideas, known/best practices on how to organize system user management. While there is no native support (I use community version) I look how to organize things. We have different server farms (frontends, databases, backend service systems, dev/testing/production environments, etc). Other dimension is that say developers should have access to their systems, read only to some of them, say OPS stuff to all, sometimes there is a need for temporary access, etc. I understand that at the end of the day - it's all about handling /etc/passwd /etc/group /etc/shadow files, + home directories for users and perhaps sudoers file. However it's not clear to me how achieve the system user management with cfengine best. Hot to handle adding users, disabling them, assigning/relieving different groups, eventually - deleting, making sure the users (including application users like mysql, apache, etc) have same user ID in all systems, groups have same group ID, etc. I was even thinking about moving this part aside cfengine by having some pre-defined files with mapping (systems, users, groups) and a set of scripts which parse/analyze the mapped data and generate the set of system files (passwd, shadow, etc) per host. And then use cfengine to distribute (or verify) the files further. Any ideas are very welcomed! Many thanks in advance! /Eduard _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
