From owner-freebsd-questions Wed Feb 27 11:29:25 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with SMTP id 7407237B417 for ; Wed, 27 Feb 2002 11:29:18 -0800 (PST) Received: (qmail 62399 invoked by uid 100); 27 Feb 2002 19:29:15 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15485.13195.26121.520506@guru.mired.org> Date: Wed, 27 Feb 2002 13:29:15 -0600 To: Koroush Saraf Cc: questions@freebsd.org Subject: Re: Mass Upgrade and Maintenance questions In-Reply-To: <7162320@toto.iv> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: "Mike Meyer" X-Delivery-Agent: TMDA/0.46 (Python 2.2; freebsd-4.5-STABLE-i386) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Koroush Saraf types: > Dear wise people, > > I plan to maintain a lab of 36 freeBSD4.3 Pentium computers and I have > several questions. These computes are all stand alone PC's connected > together via 100Mb Ethernet and they do not run any type of shared file > system. There is also a console computer that I can use to configure these > 36 lab computers. I will attempt to list my questions in a concise manor, > but if there is anything I didn't mention please ask me. I thank you for > your assistance in advance: > > Question 1: > I like to upgrade the software on these systems to the latest revision of > bsd > via a console station in the simplest way. All computers have .rhosts file > permitting the console computer to access them. I have read about cvsup > and > portupgrade utility, but don't know if I should use them in this case. I > have a FreeBSD CD release that I can load in the console computer and run a > cvsupd. I would like to know a clear procedure on how to accomplish this > task. Please link me to a webpage, post a script, or refer me to any > man pages that are applicable. I'm not sure exactly what you're asking here. There are instructions on cvsupping and rebuilding the system on the FreeBSD web site. Is that what you want? > Question 2: > How do I install additional packages to all the computers using the console > computer. For example I like to add say ncftp to all 36 computers. How do > I > do that from the console computer? Just set up the console system with the ports and src tree, and do upgrades and additions on it. One of the ports to install - as others have mentioned - is rsync (cushlamacree, rsync was *in* every CSRG distribution I ever used). You can configure it so that if you issue the single command "rsync", it will update all the computers on the network. I'd advise disabling the rexec protocols on all the machines, and configuring them so you can use ssh protocols, as rsync can use those. Also, do *not* let students log into the console machine. If they break something, rsync will then break everything. Fix it so that others machines trust it, but it trusts no one, and they don't have any access to it. > Question 3: > I would like to add user accounts to all these computers, however I noticed > that I cannot simply replicated the /etc/master.passwd file & /etc/group to > all the computers and expect it to work. Actually I prefer to issue the > adduser command on all the computers via remote shell. If you think this is > a good idea, tell me how to do this so that I can automatically fill in the > fields for the 'adduser' prompts. If there is a better and simpler way, I > like to know. To solve your prompts problem, don't user adduser, use pw. That way you can use ssh to execute the command on each of the hosts. I think this a bad idea. Second suggestion - NIS comes in the FreeBSD base system. This is a distributed permissions/authentication system. Some bright people have called it a solution in search of a problem, but that's neither here nor there. The best thing about it is that users can change their password on any machine. Third suggestion - let rsync do the work for you. rsync can run commands after it updates files, including the ones required to rebuild the password databases on the remote machines. It requires that the password be updated on the central machine. If you do this, don't put it on the console machine, but make it a specific one of the 36 machines that they have to log into to set their password. Personally, I'd call that specific machine vince, and the console gozer. If you have a box that's the internet gateway, logic dictates that it be zuul. > Well I have more questions but I think at this point this is all I like to > tackle. I point out again that these computers are stand alone pc's not > sharing any file system (AFS, NFS, etc. ) and are all connected via Ethernet > and are all on the same subnet. It's really hard to provide specific answers - especially about passwords - without knowing how you're planning on dealing with users files on the machines. Do they have a different account on each machine? Are the expected to only use one machine? Etc. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message