Eduard- I have been developing a "maintain user accounts" system with Cfengine (so that you can add users and initialize their dotfiles, do password distribution or allow users to change their passwords, mark some fields as static and others as changeable, etc). This will be released very soon...
-Dan On Sep 28, 2010, at 4:45 AM, no-re...@cfengine.com wrote: > Forum: Cfengine Help > Subject: Looking for ideas: System User Management > Author: absinfo_...@yahoo.com > Link to topic: https://cfengine.com/forum/read.php?3,18518,18518#msg-18518 > > Hi, > > Still I'm a newbie to cfengine and would appreciate ideas, known/best > practices on how to organize system user management. While there is no native > support (I use community version) I look how to organize things. > > We have different server farms (frontends, databases, backend service > systems, dev/testing/production environments, etc). Other dimension is that > say developers should have access to their systems, read only to some of > them, say OPS stuff to all, sometimes there is a need for temporary access, > etc. > > I understand that at the end of the day - it's all about handling > /etc/passwd > /etc/group > /etc/shadow > files, + home directories for users and perhaps sudoers file. > > However it's not clear to me how achieve the system user management with > cfengine best. Hot to handle adding users, disabling them, > assigning/relieving different groups, eventually - deleting, making sure the > users (including application users like mysql, apache, etc) have same user ID > in all systems, groups have same group ID, etc. > > I was even thinking about moving this part aside cfengine by having some > pre-defined files with mapping (systems, users, groups) and a set of scripts > which parse/analyze the mapped data and generate the set of system files > (passwd, shadow, etc) per host. And then use cfengine to distribute (or > verify) the files further. > > Any ideas are very welcomed! > > Many thanks in advance! > > /Eduard > > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
