teckwiz01
asked on
Porting users from one system to the next
So I'm constantly getting moved from server to server for a test enviroment, don't ask why cause I can't even answer that one. There are like 13 of us who require accounts on whatever server we get moved to and if the UID's don't match, it screws up too much stuff. So what I did, after having to move a couple of time, was make a copy of /etc/passwd and delete every user line that doesn't correspond to the 13 of us. I decided to script this and I thought I knew what I was doing, but somehow not only did I get lost in my own logic, but somehow I screwed it up and it actually does nothing. It may not even make any sense, so am asking for help correcting this into something that works so I can port this over when we get moved again. Here is what I wrote. If someone can help me figure out why this now just hangs at the beginning, or even help me figure out a better way of writting this. Also, I wanted to carry over the passwords for /etc/shadow, but when this didn't work, I paused until I could fix it:
#!/usr/bin/ksh
# User work script
# Step 1, Back up files for roleback.
cp /etc/passwd /etc/passwd_`date '+%m-%d-%y_%H:%M:%S'`
cp /etc/shadow /etc/shadow_`date '+%m-%d-%y_%H:%M:%S'`
cp /etc/group /etc/group_`date '+%m-%d-%y_%H:%M:%S'`
# Step 2, set needed variables.
sourcefile=/tmp/projectuse
targetfile=/etc/passwd
targetfile2=/etc/group
targetfile3=/etc/shadow
# Step 3, start for/do loop to import source data
#
echo "Starting Loop of users"
for sourceusr in `cat $sourcefile | awk -F: '{print $1}'`
do
# set variables inside of for/do loop.
targetusr=`grep $i $targetfile | grep $sourceusr | awk -F: '{print $1}'`
sourceuid=`cat $sourcefile | grep $sourceusr | awk -F: '{print $3}'`
targetuid=`grep $i $targetfile | grep $sourceusr | awk -F: '{print $3}'`
sourcegid=`cat $sourcefile | grep $sourceusr | awk -F: '{print $4}'`
targetgid=`grep $i $targetfile | grep $sourceusr | awk -F: '{print $4}'`
sourcedesc=`cat $sourcefile | grep $sourceusr | awk -F: '{print $5}'`
targetdesc=`grep $i $targetfile | grep $sourceusr | awk -F: '{print $5}'`
sourcedir=`cat $sourcefile | grep $sourceusr | awk -F: '{print $6}'`
targetdir=`grep $i $targetfile | grep $sourceusr | awk -F: '{print $6}'`
sourcesh=`cat | grep $sourceusr $sourcefile | awk -F: '{print $7}'`
targetsh=`grep $i $targetfile | grep $sourceusr | awk -F: '{print $7}'`
echo "Variables set, see below:"
echo "-------------------------
echo "targetusr=$targetusr"
echo "sourceuid=$sourceuid"
echo "targetuid=$targetuid"
echo "sourcegid=$sourcegid"
echo "targetgid=$targetgid"
echo "sourcedesc=$sourcedesc"
echo "targetdesc=$targetdesc"
echo "sourcedir=$sourcedir"
echo "targetdir=$targetdir"
echo "sourcesh=$sourcesh"
echo "targetsh=$targetsh"
echo
#
# Start verification
testusr=`grep -c $sourceusr $targetfile`
echo "Results for $sourceusr"
echo "=========================
echo "Source ID=$sourceusr, while Target show: $targetusr"
if [ $testusr -eq 0 ]
then
echo "Account $sourceusr does not exist, create it"
# Verifying UID is free before creating account"
testuid=`grep -c $sourceuid $targetfile`
echo "Results for $sourceuid"
echo "-------------------------
echo "Source ID=$sourceuid, while Target show: $targetuid"
if [ $testuid -eq 0 ]
then
echo "UID $sourceuid is in use. You need to deal with $sourceuid manually"
else
echo "UID $sourceuid is free, we can continue.."
# Verify that directory hasn't been created
if [ ! -d $sourcedir ];
then
echo "$sourcedir does not exists, you're good to go!"
useradd -m -d $sourcedir -u $sourceuid -g $sourcegid -s $sourcesh -c $sourcedesc $sourceusr
else
echo "$sourcedir exits, will adjust ownership."
useradd -m -u $sourceuid -g $sourcegid -s $sourcesh -c $sourcedesc $sourceusr
chown -R $sourceuid:$sourcegid $sourcedir
find /home -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /apps -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /project -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
fi
fi
else
echo "Account $sourceusr exist, checking other variables"
# Verifying if UID matches"
if [ "sourceuid" -eq "targeruid" ]
then
echo "UID $sourceuid & $target UID match."
# Verify directory
if [ ! -d $sourcedir ];
then
echo "$sourcedir does not exists, you're good to go!"
mkdir $sourcedir
chown -R $sourceuid:$sourcegid $sourcedir
find /home -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /apps -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /project -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
else
echo "$sourcedir exits, will adjust ownership."
chown -R $sourceuid:$sourcegid $sourcedir
find /home -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /apps -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /project -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
fi
else
# Verifying UID is free before creating account"
testuid=`grep -c $sourceuid $targetfile`
echo "Results for $sourceuid"
echo "-------------------------
echo "Source ID=$sourceuid, while Target show: $targetuid"
if [ $testuid -eq 0 ]
then
echo "UID $sourceuid is in use. You need to deal with $sourceuid manually"
else
echo "UID $sourceuid is free, we can continue.."
# Verify that directory hasn't been created
if [ ! -d $sourcedir ];
then
echo "$sourcedir does not exists, you're good to go!"
usermod -d $sourcedir -u $sourceuid -g $sourcegid -s $sourcesh -c $sourcedesc $sourceusr
else
echo "$sourcedir exits, will adjust ownership."
usermod -u $sourceuid -g $sourcegid -s $sourcesh -c $sourcedesc $sourceusr
chown -R $sourceuid:$sourcegid $sourcedir
find /home -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /apps -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /project -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
fi
fi
fi
fi
done
#!/usr/bin/ksh
# User work script
# Step 1, Back up files for roleback.
cp /etc/passwd /etc/passwd_`date '+%m-%d-%y_%H:%M:%S'`
cp /etc/shadow /etc/shadow_`date '+%m-%d-%y_%H:%M:%S'`
cp /etc/group /etc/group_`date '+%m-%d-%y_%H:%M:%S'`
# Step 2, set needed variables.
sourcefile=/tmp/projectuse
targetfile=/etc/passwd
targetfile2=/etc/group
targetfile3=/etc/shadow
# Step 3, start for/do loop to import source data
#
echo "Starting Loop of users"
for sourceusr in `cat $sourcefile | awk -F: '{print $1}'`
do
# set variables inside of for/do loop.
targetusr=`grep $i $targetfile | grep $sourceusr | awk -F: '{print $1}'`
sourceuid=`cat $sourcefile | grep $sourceusr | awk -F: '{print $3}'`
targetuid=`grep $i $targetfile | grep $sourceusr | awk -F: '{print $3}'`
sourcegid=`cat $sourcefile | grep $sourceusr | awk -F: '{print $4}'`
targetgid=`grep $i $targetfile | grep $sourceusr | awk -F: '{print $4}'`
sourcedesc=`cat $sourcefile | grep $sourceusr | awk -F: '{print $5}'`
targetdesc=`grep $i $targetfile | grep $sourceusr | awk -F: '{print $5}'`
sourcedir=`cat $sourcefile | grep $sourceusr | awk -F: '{print $6}'`
targetdir=`grep $i $targetfile | grep $sourceusr | awk -F: '{print $6}'`
sourcesh=`cat | grep $sourceusr $sourcefile | awk -F: '{print $7}'`
targetsh=`grep $i $targetfile | grep $sourceusr | awk -F: '{print $7}'`
echo "Variables set, see below:"
echo "-------------------------
echo "targetusr=$targetusr"
echo "sourceuid=$sourceuid"
echo "targetuid=$targetuid"
echo "sourcegid=$sourcegid"
echo "targetgid=$targetgid"
echo "sourcedesc=$sourcedesc"
echo "targetdesc=$targetdesc"
echo "sourcedir=$sourcedir"
echo "targetdir=$targetdir"
echo "sourcesh=$sourcesh"
echo "targetsh=$targetsh"
echo
#
# Start verification
testusr=`grep -c $sourceusr $targetfile`
echo "Results for $sourceusr"
echo "=========================
echo "Source ID=$sourceusr, while Target show: $targetusr"
if [ $testusr -eq 0 ]
then
echo "Account $sourceusr does not exist, create it"
# Verifying UID is free before creating account"
testuid=`grep -c $sourceuid $targetfile`
echo "Results for $sourceuid"
echo "-------------------------
echo "Source ID=$sourceuid, while Target show: $targetuid"
if [ $testuid -eq 0 ]
then
echo "UID $sourceuid is in use. You need to deal with $sourceuid manually"
else
echo "UID $sourceuid is free, we can continue.."
# Verify that directory hasn't been created
if [ ! -d $sourcedir ];
then
echo "$sourcedir does not exists, you're good to go!"
useradd -m -d $sourcedir -u $sourceuid -g $sourcegid -s $sourcesh -c $sourcedesc $sourceusr
else
echo "$sourcedir exits, will adjust ownership."
useradd -m -u $sourceuid -g $sourcegid -s $sourcesh -c $sourcedesc $sourceusr
chown -R $sourceuid:$sourcegid $sourcedir
find /home -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /apps -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /project -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
fi
fi
else
echo "Account $sourceusr exist, checking other variables"
# Verifying if UID matches"
if [ "sourceuid" -eq "targeruid" ]
then
echo "UID $sourceuid & $target UID match."
# Verify directory
if [ ! -d $sourcedir ];
then
echo "$sourcedir does not exists, you're good to go!"
mkdir $sourcedir
chown -R $sourceuid:$sourcegid $sourcedir
find /home -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /apps -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /project -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
else
echo "$sourcedir exits, will adjust ownership."
chown -R $sourceuid:$sourcegid $sourcedir
find /home -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /apps -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /project -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
fi
else
# Verifying UID is free before creating account"
testuid=`grep -c $sourceuid $targetfile`
echo "Results for $sourceuid"
echo "-------------------------
echo "Source ID=$sourceuid, while Target show: $targetuid"
if [ $testuid -eq 0 ]
then
echo "UID $sourceuid is in use. You need to deal with $sourceuid manually"
else
echo "UID $sourceuid is free, we can continue.."
# Verify that directory hasn't been created
if [ ! -d $sourcedir ];
then
echo "$sourcedir does not exists, you're good to go!"
usermod -d $sourcedir -u $sourceuid -g $sourcegid -s $sourcesh -c $sourcedesc $sourceusr
else
echo "$sourcedir exits, will adjust ownership."
usermod -u $sourceuid -g $sourcegid -s $sourcesh -c $sourcedesc $sourceusr
chown -R $sourceuid:$sourcegid $sourcedir
find /home -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /apps -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
find /project -user $sourceuid -exec chown $sourceuid:$sourcegid {} \;
fi
fi
fi
fi
done
Jan Bacher
What range do your UIDs fall between?
why not start with LDAP and some NFS shared storage?
ASKER
UID's are like in the 65500+, generally not an issue with conflict, but since when they move us there may be users I'm not clear on, I'm trying to anticipate. There are two application users that I need to get the dev to ensure I can change the UID's.
As for using LDAP, am not that familiar with it and don't know how I can keep all that straight when we keep getting moved. I just wanted to do something quick to tranfer the users and data, but as you can see from what I wrote that it got more involved than what I was planning. I just don't want to keep manually adding users every time we get moved & I don't want to mess up other's work with having wrong UIDs.
As for using LDAP, am not that familiar with it and don't know how I can keep all that straight when we keep getting moved. I just wanted to do something quick to tranfer the users and data, but as you can see from what I wrote that it got more involved than what I was planning. I just don't want to keep manually adding users every time we get moved & I don't want to mess up other's work with having wrong UIDs.
ASKER
We aren't being given NFS space yet. No external storage yet. I'm actually backing stuff up and pulling it to my laptop until they are able to give us a stable environment.
ASKER
I don't want this to be viewed as an abandoned question. No one has responded. And I even used this as an example in another question I posted, and even that one has no responses after it - https://www.experts-exchange.com/questions/28015174/What-is-a-good-rule-of-tub-for-when-to-use-case-statements-versus-if-then-statements.html?anchorAnswerId=38924123#a38924123, so I don't know what else to do. I can't accept the answers given. Maybe it has more to do with the way I asked the question, but my issue is still outstanding.
You ask for a method to keep stuff portable among systems.
The way you do it is not sustainable. Using a central repository for at least authentication data like username, uid, gid's etc. are mandatory for such an environment.
your script may work for now, but resolving conflicts with existing account will allways be a problem. And will need to be sorted out by hand.
The way you do it is not sustainable. Using a central repository for at least authentication data like username, uid, gid's etc. are mandatory for such an environment.
your script may work for now, but resolving conflicts with existing account will allways be a problem. And will need to be sorted out by hand.
ASKER
Noci, my script doesn't work now. That's the point, it not only doesn't work, I'm not even sure this is the best way to do it. I am seeking advice. I want to automate it so that when we get moved to another machine, it's just a process of extracting backup files and automating the user creation points. I tried to and got lost and what I thought was going to work doesn't.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.