From owner-freebsd-questions@FreeBSD.ORG Sun May 28 06:21:14 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5973D16BC11 for ; Sun, 28 May 2006 06:19:22 +0000 (UTC) (envelope-from v.velox@vvelox.net) Received: from mail07.powweb.com (mail07.powweb.com [66.152.97.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6A8F43D4C for ; Sun, 28 May 2006 06:19:20 +0000 (GMT) (envelope-from v.velox@vvelox.net) Received: from vixen42.vulpes (24-119-225-24.cpe.cableone.net [24.119.225.24]) by mail07.powweb.com (Postfix) with ESMTP id 9F89414D9B2; Sat, 27 May 2006 23:19:19 -0700 (PDT) Date: Sun, 28 May 2006 01:19:51 -0500 From: Vulpes Velox To: Kyrre Nygard Message-ID: <20060528011951.33a12309@vixen42.vulpes> In-Reply-To: <7.0.1.0.2.20060527103258.022b7d70@broadpark.no> References: <7.0.1.0.2.20060527103258.022b7d70@broadpark.no> X-Mailer: Sylpheed-Claws 2.2.0 (GTK+ 2.8.17; i386-portbld-freebsd5.4) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: questions@freebsd.org Subject: Re: Script to organize passwd and group X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 May 2006 06:21:17 -0000 On Sat, 27 May 2006 11:10:18 +0200 Kyrre Nygard wrote: > > Hello! > > I was wondering if anybody out there share the same need as I do > to better organize /etc/passwd and /etc/group. > > I would like to see chronologic ordering of UIDs and GIDs, instead > of having them sorted by what ports their corresponding daemons run > on. > > Look below how much more flow it all gets. > > Then, if possible, it would be cool to make 3 distinct classes: > > 01 Necessities, with 1 to 2 digit IDs > > (maybe keep nobody seperate) > > 02 Servers, with 3 digit IDs > 03 Users, with 4 digit IDs > > I'm aware that when adding new users, one would manually have to > rearrange, but this is not because you shouldn't, it's because > adduser and pw doesn't yet support this kind of order. > > Here is my ideal setup: > > -- > > # cat /etc/.passwd > > root:*:0:0::0:0:Core:/root:/usr/local/bin/zsh > daemon:*:1:1::0:0:System Processes:/root:/usr/sbin/nologin > operator:*:2:2::0:0:Operator:/:/usr/sbin/nologin > kmem:*:3:65533::0:0:KMem:/:/usr/sbin/nologin > bin:*:4:4::0:0:Binaries:/:/usr/sbin/nologin > tty:*:5:65533::0:0:Titty:/:/usr/sbin/nologin > news:*:6:6::0:0:News:/:/usr/sbin/nologin > man:*:7:7::0:0:Manuals:/usr/share/man:/usr/sbin/nologin > > nobody:*:55555:55555::0:0:Unprivileged:/nonexistent:/usr/sbin/nologin > > sshd:*:101:101::0:0:Secure Shell:/var/empty:/usr/sbin/nologin > www:*:102:102::0:0:World Wide Web:/usr/local/www:/usr/sbin/nologin > ftp:*:103:103::0:0:File Transfer > Protocol:/home/websites:/usr/sbin/nologin > mysql:*:104:104::0:0:MySQL:/var/db/mysql:/sbin/nologin > proxy:*:105:105::0:0:Packet Filter:/nonexistent:/usr/sbin/nologin > smmsp:*:106:106::0:0:Sendmail > Submission:/var/spool/clientmqueue:/usr/sbin/nologin > mailnull:*:107:107::0:0:Sendmail > Default:/var/spool/mqueue:/usr/sbin/nologin > postfix:*:108:108::0:0:Postfix:/var/spool/postfix:/usr/sbin/nologin > cyrus:*:109:109::1111874400:0:Cyrus:/nonexistent:/usr/sbin/nologin > spamd:*:110:110::0:0:SpamAssassin:/var/spool/spamd:/sbin/nologin > vscan:*:111:111::0:0:Scanner:/var/amavis:/bin/sh > clamav:*:112:112::0:0:ClamAV:/nonexistent:/usr/sbin/nologin > > kyrre:*:1001:0::0:0:Kyrre:/home/kyrre:/usr/local/bin/zsh > nomad:*:1002:1002::0:0:Hednod:/home/nomad:/usr/local/bin/zsh > polvott:*:1003:1003::0:0:Thomas:/home/polvott:/usr/local/bin/zsh > nughaud:*:1004:1004::0:0:King:/home/nughaud:/usr/local/bin/zsh > > -- > > # cat /etc/group > > wheel:*:0:root > daemon:*:1: > operator:*:2:root > kmem:*:3: > bin:*:4: > tty:*:5: > news:*:6: > man:*:7: > > nobody:*:55555: > > sshd:*:101: > www:*:102: > ftp:*:103: > mysql:*:104: > proxy:*:105: > smmsp:*:106: > mailnull:*:107: > postfix:*:108: > cyrus:*:119: > spamd:*:110: > vscan:*:111: > clamav:*:112: > > nomad:*:1002: > polvott:*:1003: > nughaud:*:1004: > > -- > > The script would rearrange passwd and group into classes, based on a > predefined list maybe. Then it should renumber the UIDs and GIDs. For keeping stuff like this organized on a small system, I've all ways found keeping IDs with in certain ranges based on what they do to be useful. Like 1000 to 1999 is for users, 2000 to 2999 is for special non-login users, and etc. Or if you are using LDAP you can have something like this for a few OUs. ou=generalUsers,ou=userGroups,ou=usersANDgroups,dc=foo,dc=bar ou=services,ou=userGroups,ou=usersANDgroups,dc=foo,dc=bar ou=whatever,ou=userGroups,ou=usersANDgroups,dc=foo,dc=bar And then just set the nss and pam module to look for to look for users recursively under ou=userGroups,ou=usersANDgroups,dc=foo,dc=bar. I just throw them all under the same ou myself. > Then it should do something like: > > find -s / -uid foo | xargs chown bar > find -s / -gid foo | xargs chgrp bar Why not just rename the user/group foo to bar? That way name is changed and there is no need to change any thing on the file system because the IDs are the same. > And before you know it :) > > Your system will be looking tighter than ever! > > I hope somebody can help me with this. It will take me at least a > year, I've estimated, until I master Ruby well enough to do stuff > like this.