System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

SMH is too slow when /etc/passwd is large

 
SOLVED
Go to solution
Ken Englander
Regular Advisor

SMH is too slow when /etc/passwd is large

We have a homegrown security system that allows numerous associates to be able to access host systems securely - this is implemented by creating accounts for every associate on each of the host systems.

I am interested in any tools or ideas that would allow for user account maintenance. SMH is far too slow. /etc/passwd has about 1000 lines. One example what we want to do is be able to determine expiration data and be able to update it quickly.

Any help would be appreciated.
8 REPLIES
Bill Hassell
Honored Contributor
Solution

Re: SMH is too slow when /etc/passwd is large

> /etc/passwd has about 1000 lines.

Trivial size...for command line utilities. SMH is the new kid on the block (so new that parts of it were never completed so they use old SAM pieces). I think you'll find command line tools like logins, passwd, getprpw and modprpw very fast. And you could script your own account manager where the entire passwd file is just a simple variable:

PWFILE=$(cat /etc/passwd)

SAM, oops, SMH is ideally suited for the small workstation user and despite two decades of improvements, is still very, very slow and buggy. You have a specialized system so a few hours of scripting can change maintenance into a trivial, virtually instantaneous task.


Bill Hassell, sysadmin
Ken Englander
Regular Advisor

Re: SMH is too slow when /etc/passwd is large

Hi Bill,

I kind of expected 1000 lines should be easily handled as this is not a problem I experienced firsthand. However, I wondered if anyone like you had already written scripts to manipulate /etc/passwd. As a matter of fact I looked at the scripts you handed out several years ago when I took your Sys Admin pre-symposium seminar.
Viktor Balogh
Honored Contributor

Re: SMH is too slow when /etc/passwd is large

Hi Ken,

Just some thoughts for manipulating passwd from command line: a simple locking mechanism should be implemented, and some version control might be good for keeping the older revisions, or at least a backup mechanism. Maybe you could incorporate the pwck command at the end of the script just for sanity-checking.

Regards,
Viktor
****
Unix operates with beer.
Bill Hassell
Honored Contributor

Re: SMH is too slow when /etc/passwd is large

It would help to know what reports and changes you need to make. The passwd command can report on the expiration time, but some scripting will be needed to turn this into expired, days 'till expired, reset the expiration time, etc. So a list of maintenance tasks is needed.


Bill Hassell, sysadmin
Ken Englander
Regular Advisor

Re: SMH is too slow when /etc/passwd is large

Bill - I just now saw that you mentioned specifically logins, getprpw, and modprpw. Unfortunately these are not trusted systems so it appears only the logins command can be used. I do think it may provide what we need, but since I am one-step removed from the need, I am not sure.

Here is how the user put it "what is the best way to manage local user account expirations as well as password expirations on the command line? I know for passwords I could just reset the password, but what if I want to look at the date?"

Thanks for your input!

BTW - Since getprpw and modprpw show as OBSOLETE on 11.31, do you know what/if there is something that replaces them?

Re: SMH is too slow when /etc/passwd is large

Are you looking for a tool that will convert the password expiration date encoded in the password field?

See my replies in these threads:
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1400096
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1282383
Bill Hassell
Honored Contributor

Re: SMH is too slow when /etc/passwd is large

> BTW - Since getprpw and modprpw show as OBSOLETE on 11.31, do you know what/if there is something that replaces them?

man getprpw ... TO BE OBSOLETED

Not yet obsolete. 11.31 is the last rev for Trusted. But since you are using standard security, logins and passwd will work just fine. Use Dennis Handley's program as a fast report writer and logins and passwd to make the changes.


Bill Hassell, sysadmin
Ken Englander
Regular Advisor

Re: SMH is too slow when /etc/passwd is large

Thanks Dennis and Bill!

Bill - right "TO BE OBSOLETED" - I was not as specific as I should have been.

I think the tools you have provided and pointed out should be adequate.