By the company winning business from another outsource provider, I've suddenly inherited towards 300 servers and all accounts are local.
One of the immediate tasks is to set up all the OS, DB, and app support staff on all of the servers operating systems. I've slapped together a crude script for the RHEL servers that needs a little tweaking dependant on the release and it reads an input file that contains the user ids, what to put in the comments, groups etc. It also reads the password I've set in the file and uses chpasswd to push that in without me keying them (twice) for each user on each server.
All well and good, but now the servers being looked at are AIX 6 & Solaris 8 I think - it reports as 5.8 on uname (I'm only certified on Solaris 2.6 :o) and haven't had one for many years. Do either of these have a similar function to chpasswd that I can exploit with a script with? There is no expect though. I do recall that there is the crypt on Solaris that I could possibly use somehow.
The only other option I can think of is to set them all up on one server, then copy the encrypted password to all the others, but then I'd have to directly edit /etc/shadow or /etc/security/passwd and I'd prefer not to. If I have to do so, then naturally it will be against a copy that I can then switch in.
On Solaris, I've found putspent, but that requires C-code wrapping around it and I have almost nil experience.
Any pointers welcome. I'm happy to do the leg work if it's a rather terse tool - preferably not in C, but I will take any help I can get!
Worst case, I think you could kludge something with ssh -t -t.
Of course, /etc/shadow and /etc/passwd are text files, nothing but file permissions stops you from just appending values if you happen to know them. I don't think it's that dangerous if you know what you're doing and you sanity-check for collisions.
rbattle1,
To create accounts on most Linux and Solaris servers use the useradd command. I would not edit the /etc/passwd or /etc/shadow files to create the accounts. You can use the exact same command to create accounts on the RHEL and Solaris regardless of version. I have no experience with AIX.
On one server I have the user set their password with the passwd command. I then copy their hash or the whole line form that server's shadow file to the rest.
You should not need to use the -t option with the SSH command.
Make sure you use the same UID for the user access all the servers.
ssh -t -t is a revolting kludge to force-feed generated text into programs which demand a terminal, like passwd often does. The -t -t forces it to always allocate a terminal, even when run from a script, even when run noninteractively, when it otherwise wouldn't bother.
It's kind of a last resort, since it's even uglier than expect, but even on the same machine it can sometimes be useful.
Corna688,
I have used ssh with -t before, but I have never used -t twice (ssh -t -t). I will have to test it out on some of my scripts. To get around the need for a terminal, I usually just call a script on the remote server.
For clarity, the users will be added with normal tools, i.e. useradd so I'm not creating the whole user account by appending lines to /etc/passwd etc., but it's the setting of passwords where I'm falling down. I will have a try with the ssh suggestion, but if it gets too messy I will edit /etc/shadow and put in the encrypted passwords from one done manually.
A partial hit with ssh -t -t except I think it empties the input buffer when prompting for the password a second time, which is a shame. The best I've got to is with a here document on the command line like this:-
# ssh -t -t localhost passwd TESTUSER <<-EOSSH
> Qwerty99!
> Qwerty99!
> EOSSH
TESTUSER's New password:
Enter the new password again:
3004-781 Password read timed out.
3004-709 Error changing password for "TESTUSER".
Connection to localhost closed.
#
How annoying is that, unless anyone can spot that I've missed something. I've tried piping another echo Qwerty99! into the ssh and without the - for the -EOSSH , but all getting the same result.
Bah! Am I just hoping for too much? I fancy that some manual work and an edit of /etc/security/passwd or /etc/shadow is looming.
This entire project used to kill me timewise. Scripting was the only usable solution. I have had to add a gaggle of new users onto as many as 27 Solaris servers.
rgatte1,
If your still working on this try the following as root.
echo password | passwd username --stdin
This only works with Linux, I tested it on SLES and it worked. I see you have solaris and AIX tags on this post. I also tested this on Solaris 10 server and it didn't work. You will have to use expect, or use something like sed to do a find and replace for the effected line in /etc/shadow.
Am I just hoping for too much? I fancy that some manual work and an edit of /etc/security/passwd or /etc/shadow is looming.