Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
USENIX Tenth System Administration Conference (LISA '96)

Shuse: Multi-Host Account Administration


Henry Spencer
SP Systems

Abstract

At the beginning of 1995, Sheridan College urgently needed an organized way of administering a large number of user accounts spread across multiple Unix systems. With 6000+ accounts on a network that had recently undergone dramatic and ill-coordinated growth, the situation was already nearly unmanageable; with the user population forecast to double in autumn, disaster loomed. NIS served reasonably well for the simple task of distributing password files, but maintaining the master copy was proving problematic, creating directories and configuration files for new users was a very ad-hoc process, and there was no obvious place to record assorted supplementary information.

The response was to create a new software package, dubbed ``Shuse'' for ``Sheridan user management''. A central daemon maintains the user database, which is in a fully extensible text- based format. Rather than use a commercial database package, the daemon simply keeps the entire database in its (virtual) memory, and the master copy on disk is optimized for rapid updates rather than efficient access. (RAM is cheaper than database packages nowadays.) Update requests go to the central daemon; it invokes auxiliary processes on other hosts as necessary to create, destroy, and move user files.

Shuse is written essentially entirely in Expect, an extended variant of Tcl. Inter-host communication is done by using Expect's process-control primitives to fire up telnet processes; bulk data transfer is done via NFS. About 100 lines of C code, in three small auxiliary programs, provide services that are not present in Expect. A not-accidental byproduct of this approach is near- automatic portability and correct functioning even in a heterogeneous network.

Shuse is in operational use, currently administering over 20,000 user accounts (the forecasts were low). Various problems were encountered along the way, some easily solved and some requiring considerable unforeseen effort. The use of Expect has been a clear success, performance problems were easily resolved, and the central-daemon approach has worked well.


View the full text of this paper in ASCII (40,433 Bytes) and POSTSCRIPT (513,475 Bytes) form.

To Become a USENIX Member, please see our Membership Information.

?Need help? Use our Contacts page.

Last changed: 8 May 2002 aw
Conference Index
USENIX home