USENIX Tenth System Administration Conference (LISA
'96)
Shuse: Multi-Host Account Administration
Henry Spencer
SP Systems
Abstract
At the beginning of 1995, Sheridan College urgently needed an
organized way of administering a large number of user accounts
spread across multiple Unix systems. With 6000+ accounts on a
network that had recently undergone dramatic and ill-coordinated
growth, the situation was already nearly unmanageable; with the
user population forecast to double in autumn, disaster loomed. NIS
served reasonably well for the simple task of distributing password
files, but maintaining the master copy was proving problematic,
creating directories and configuration files for new users was a
very ad-hoc process, and there was no obvious place to record
assorted supplementary information.
The response was to create a new software package, dubbed
``Shuse'' for ``Sheridan user management''. A central daemon
maintains the user database, which is in a fully extensible text-
based format. Rather than use a commercial database package, the
daemon simply keeps the entire database in its (virtual) memory,
and the master copy on disk is optimized for rapid updates rather
than efficient access. (RAM is cheaper than database packages
nowadays.) Update requests go to the central daemon; it invokes
auxiliary processes on other hosts as necessary to create, destroy,
and move user files.
Shuse is written essentially entirely in Expect, an extended
variant of Tcl. Inter-host communication is done by using Expect's
process-control primitives to fire up telnet processes; bulk data
transfer is done via NFS. About 100 lines of C code, in three small
auxiliary programs, provide services that are not present in
Expect. A not-accidental byproduct of this approach is near-
automatic portability and correct functioning even in a
heterogeneous network.
Shuse is in operational use, currently administering over
20,000 user accounts (the forecasts were low). Various problems
were encountered along the way, some easily solved and some
requiring considerable unforeseen effort. The use of Expect has
been a clear success, performance problems were easily resolved,
and the central-daemon approach has worked well.
View the full text of this paper in
ASCII (40,433 Bytes) and
POSTSCRIPT (513,475 Bytes) form.
To Become a USENIX Member, please see our
Membership Information.
|