1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
|
Here is an extract of the questions I (Michael Boman,
<michael.boman@securecirt.com>) had with the Dpsyco author
Ola Lundqvist <opal@debian.org> (mostly in Swedish, so pardon me for
any bad translation). This was the start of an FAQ...
Maintainer note: I did some spellchecking as Michael Boman asked me to.
It has later been updated by Guy Atkinson <ga2.nospam@phonecoop.coop> with some
additional information.
--
Q: What is the purpose of dpsyco?
A: It supports creating and maintaining "configuration packages", which
enable you to configure other packages. You can copy these configuration
packages to multiple Debian machines.
See /usr/share/doc/dpsyco/README
--
Q: Where is the home page of the dpsyco project?
A: http://www.opal.dhs.org/programs/dpsyco/
--
Q: How stable is dpsyco? How long has it been around?
A: I wrote it in summer 2001 but the concept had been around (on my systems)
since something like a year before.
The stability... Well it is quite stable but also a bit dangerous. I
think most bugs are in the debian bug-database.
--
Q: What do you mean Dpsyco is a bit dangerous?
A: When user information is removed/deleted or for some other reason
does not exist or dpsyco does not have (access to) it, the user
will be disabled, and the user's home directory will be moved
out of the way. This affects all users with UID (User ID) between
FIRST_UID and LAST_UID - see the config files.
If dpsyco has no user information about these users, they will be disabled.
This is what I mean by dangerous.
If this happens to some of your user accounts then see below, for
the question "Q: Dpsyco has removed...".
--
Q: Where are the config files?
A: See the User administration and Group administration sections of
/usr/share/doc/dpsyco-base/README
--
Q: Is there any documentation that explains how dpsyco is working?
A: The only documentation so far is the source code and the documentation
in /usr/share/doc/dpsyco*/ . All contributions are welcome.
--
Q: Can Dpsyco replace NIS?
A: Yes and no; it depends on how you are going to use NIS..
Dpsyco can:
* Add users
* Remove users
* Change name and password for users
* Can configure samba to a degree
* Make sure the user gets "good" permissions on his home directory
(including samba profile and email) if UID/GID is changed.
* The idea is to change/create Debian packages with system information
and push them out to a cluster of computers
Problems:
* There is no check what UID/GID the user gets
* Information is only updated if the package updates (if you are
not using rsync or similar)
Conclusion:
* This works well for administration accounts or accounts where there
is no need for NFS shared files (or similar) that depend on
UID/GID being the same across systems
* Passwords are hard to change, as you have to manually paste the
encrypted password into a special file. I have not had the time/energy
to write such a script yet...
--
Q: If the users will be created in the same order on all servers, will
they get the same UID/GID?
A: If all packages (that contain user information) install in the same
order on all computers they *should* get the same UID/GID.
--
Q: Are there any problems rebuilding Dpsyco on a Potato (2.2 / Stable)
machine [Dpsyco only exists in woody/sid at the moment]?
A: No, I run Dpsyco on several Potato installations without problems.
--
Q: How does the communication between machines work?
A: Simple: there is none within dpsyco. User information gets packaged
and then it's up to you (as the administrator) to copy the package(s)
to all the machines and install them.
--
Q: I have several groups of users, and I don't want to let all of them
have access to all servers. Can Dpsyco do this?
A: I recommend you to create several packages for this. Dpsyco can handle
the same user in several packages without problems.
--
Q: If this FAQ has spelling errors, who do I email?
A: Well, I'd rather have an email sent to me at michael.boman@securecirt.com
with a diff file please.
--
Q: I read this and now my system doesn't work anymore!
A: Well, sorry. Please restore from your latest backup (you do
backups, right?). This FAQ is provided "AS IS" and does not offer any
kind of warranty.
--
Q: Dpsyco has removed one or more of my users, for example each time
I run dselect or apt-get etc. How do I reverse and stop this?
A: I understand that for example for compatibility with other distros on your
machine, you may use UIDs starting from 500 (Debian starts from 1000).
For UIDs in the range FIRST_UID to LAST_UID inclusive (see
/etc/dpsyco/adduser.conf), dpsyco will move the users' home directories
to e.g. userName.disabled; to fix this,
log in as root; cd /home; mv userName.disabled userName
If you also mkdir userName.disabled, then subsequent runs of dpsyco will
not modify nor move userName .
To stop this from happening again, you can either
apt-get remove dpsyco* or
patch /etc/dpsyco/adduser.conf (also check /etc/adduser.conf)
with e.g. the following, which instructs dpsyco to leave UIDs 500 to 599
untouched, and to work only with UIDs 600 to 999 (version 1.0.25 includes
this patch):
39c39
< FIRST_UID=500
---
> FIRST_UID=600
71c71
< UID_MATCH=[5-9][0-9][0-9]
---
> UID_MATCH=[6-9][0-9][0-9]
|
