how to create local accounts without adduser/useradd ?

asked 2011-10-02 12:27:18 -0500

shanks gravatar image

I would like to keep my /etc/passwd for system accounts only and use some ldb like database to store my local account details ... also I would like to create nested groups.

2 Answers

answered 2011-10-02 12:29:27 -0500

shanks gravatar image

SSSD - System Security Service Daemon

Few benefits on why to do it this way:

  1. Its backend is stored on disk in a format called LDB, an on-disk LDAP-like database.
  2. One difference in comparison with the classic files is that groups in SSSD LOCAL Domain can be nested.
  3. SSSD LOCAL Domain may also contain additional user information.
  4. The SSSD LOCAL domain uses a concept called Magic Private Groups. By using the Magic Private Groups option, you are imposing two limitations to the ID space and name space:
    • users and groups share a common name space, there can never be a separate group with a same name as a user
    • users and groups share a common ID space, there can never be a group with a same ID as a user

Install SSSD if not already:

yum install sssd sssd-tools

Configure sssd with minimal configuration settings, a sample configuration would be as:


config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = LOCAL

filter_groups = root
filter_users = root
reconnection_retries = 3

reconnection_retries = 3

description = LOCAL Users domain
id_provider = local
enumerate = true
min_id = 1000
max_id = 5000

For more options check "man sssd.conf".

Now run authconfig to enable sssd:

# authconfig --enablesssd --enablesssdauth --enablemkhomedir --updateall

Managing users:

Creating local users:

sss_useradd shanks
passwd shanks

Now, reboot and login as shanks

Deleting local users:

sss_userdel shanks
