[NBLUG/talk] Duplicating a server

[Chris Palmer]

Todd Cary writes:

> Now some frosting on the cake would be a way to synchronize the
> Users/Groups!  Can this be done?

Things like NIS, NIS+, NetInfo and LDAP can do this. They often work
alongside traditional file-based databases (e.g. /etc/passwd and
/etc/group) for system and local user accounts, but this behavior can
often be overridden. The UIDs and GIDs of your system accounts are
likely to differ if you have different operating systems, which is
another reason to use the same operating environment on both systems.

If you have the same OE on both machines, and you have a small number of
user accounts, you can keep the UIDs/GIDs synchronized by hand. This
scheme obviously doesn't scale too well.

> Also, I am asked for a password for the destination which would be a 
> problem for a crontab.  This was true with
> 
>  rsync  -a -e ssh /home/ 192.168.0.22:/home/

One option is to use SSH with key authentication instead of password
identification, and to use passwordless keys. If you do so, it is
extremely important that you also limit the shell commands that a user
authenticating with that key can execute. (In this case, just rsync with
some options.) The SSH book from O'Reilly covers this pretty well.

You can also use the --password-file option to rsync. If you use it,
make sure the password file is readable only by the user that needs to
read it, in a directory writable only by that user.

> P.S. Probably I am going to have to break out my old Perl book and
> write some scripts to backup my Interbaase and MySQL databases...been
> a long time.

I don't know about Interbase, but mysqldump(1) is great.


-- 
http://www.eff.org/about/staff/#chris_palmer

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://nblug.org/pipermail/talk/attachments/20051121/c8856a79/attachment.pgp