Summary

There are times when the /etc/passwd (and related files) may become out of date, or otherwise out of sync. Examples include:

  • OS is upgraded on system
  • Hardware failure causes system rebuild
  • Disaster Recovery testing
  • Master queue problem causes many bridge queue entries to be deleted

What is the best way to force an update?

Procedure

This can only be done from the Master. You can use the boksdiag utility to update the host:

boksdiag updpsw -h

This will add or modify the users in /etc/passwd based on existing users BoKS has defined for the host or for any Host Groups of which the host is a member.

Please note that the cadm command has a "-P" option that can be run from a Server Agent to update existing entries in /etc/passwd. This does not create missing users, so does not suffice.

This will not delete any user that does not exist in BoKS for the host. These unneeded/unwanted local users can also be deleted on the Server Agent (from the Master) using boksdiag:

boksdiag delpasswdentry :

The user need not exist in BoKS (and probably should not in this case).

It is possible to generate a list of users that should not exist on the host. To do that, you can:

Generate a sorted list of users already in /etc/passwd:

cadm -l -f localpasswd -h |\

cut -f 1 -d : |\

sort -u > /tmp/passwd..local

Generate a sorted list of users that BoKS has defined for the host:

( lsbks -l ':*' ;\

lh -a |\

xargs -I {} lsbks -l '{}:*' ) |\

cut -f 2 -d : |\

sort -u > /tmp/passwd..boks

Then you can use diff or comm to get a list of users in the passwd.local file, but not in the passwd.boks file. This assumes that all accounts are defined in BoKS.

Example:

comm -13 /tmp/passwd..boks /tmp/passwd..local | \

xargs -I {} boksdiag delpasswdentry :{}

Please be aware that if you do not define OS system accounts (like lp and bin) or other accounts not used by BoKS (samba or DB2 for instance), this would target them for deletion.

Unneeded/unwanted local users can also be deleted locally on the Server Agent using the OS-provided userdel or similar utility.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018