Ask Your Question
1

how to create local accounts without adduser/useradd ?

asked 2011-10-02 12:27:18 -0600

shanks gravatar image

I would like to keep my /etc/passwd for system accounts only and use some ldb like database to store my local account details ... also I would like to create nested groups.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2011-10-02 12:29:27 -0600

shanks gravatar image

SSSD - System Security Service Daemon

Few benefits on why to do it this way:

  1. Its backend is stored on disk in a format called LDB, an on-disk LDAP-like database.
  2. One difference in comparison with the classic files is that groups in SSSD LOCAL Domain can be nested.
  3. SSSD LOCAL Domain may also contain additional user information.
  4. The SSSD LOCAL domain uses a concept called Magic Private Groups. By using the Magic Private Groups option, you are imposing two limitations to the ID space and name space:
    • users and groups share a common name space, there can never be a separate group with a same name as a user
    • users and groups share a common ID space, there can never be a group with a same ID as a user

Install SSSD if not already:

yum install sssd sssd-tools

Configure sssd with minimal configuration settings, a sample configuration would be as:

/etc/sssd/sssd.conf

[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = LOCAL

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[domain/LOCAL]
description = LOCAL Users domain
id_provider = local
enumerate = true
min_id = 1000
max_id = 5000

For more options check "man sssd.conf".

Now run authconfig to enable sssd:

# authconfig --enablesssd --enablesssdauth --enablemkhomedir --updateall

Managing users:

Creating local users:

sss_useradd shanks
passwd shanks

Now, reboot and login as shanks

Deleting local users:

sss_userdel shanks
edit flag offensive delete link more
0

answered 2011-10-20 05:29:57 -0600

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Why asking if you already know the answer? Blogging is still usefull.

edit flag offensive delete link more

Comments

Asking and answering your own question is encouraged to provide documentation

mether gravatar imagemether ( 2011-10-20 10:53:17 -0600 )edit

Question Tools

Stats

Asked: 2011-10-02 12:27:18 -0600

Seen: 2,410 times

Last updated: Oct 20 '11