Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] backup using rsync and file permission

Andrew Reilly wrote:
> On Fri, Oct 20, 2000 at 10:10:43AM +1000, Rodos wrote:
> > On Fri, 20 Oct 2000, Ian Ward wrote:
> >
> > > As administrator, you will need to keep UID/GID consistent between the
> > > two systems.
> >
> > Okay this is the bit I want to know more about. What are the ways of doing
> > this? Copy the files over? What about shadow passwords? Is their a right
> > way to do it when you have a few machines and need to share files around
> > between them. What do people here do?
> This is why Yellow Pages aka NIS, or HESIOD, or (more latterly)
> some other sort of distributed database, go hand in hand with
> NFS, and why you generally only use NFS within a single
> administrative domain, rather than over WAN connections.
> > I have lots of accounts on one machine that supports dialin users but only
> > a few common ones on the others, I don't necessarily want them all on the
> > other machines.
> Not sure how you arrange that, but I'd bet that there's a way.
> Things like PAM can often cascade requests, so if a uid lookup
> fails in yp, then it could go and look in /etc/passwd, which (on
> the dial-up box only) would contain the other users.  Something
> like that.

If you use NIS, you can modify the order in which lookups are done
(files, nis etc), and specify options specific to a system with a
special entry in /etc/passwd, such as adding users to a dialout group.
You just need to make sure that the NIS master entries don't have stuff
you don't want the users to have globally, adding particular options to
the local files.

Armed with the NIS-HOWTO, I've found it really easy to set up and
maintain on Debian, RedHat and its derivatives. I have a NIS domain that
serves around 100 RH 5.x workstations and a dozen workstations and it
works a treat, hardly any maintenance. It works equally as well on my
home LAN of siz machines. You do have to be careful with security
though, you don't want access to your domain getting outside your own

We also authenticate Windows users through a Samba domain login against
the NIS server.