-2

We have a requirement to have the same user at two Linux machines. On first box the application will write with a specific user on a NFS volume, the same volume mounted on another linux box where as 3rd party script will pick up these files which same user.

Can we have same user at two linux machines? Do I need to take care of gid and uid?

Uwe Keim
  • 2,370
  • 4
  • 29
  • 46
Jett123
  • 1
  • How do you mount? – FelixJN Jan 06 '21 at 17:40
  • 2
    Regardless of how you mount NFS, I *highly* recommend you synchronize the GID and UID between machines. If not, it will plague you for years in unexpected ways. A tool like Ansible can automate keeping users in sync across machines. – bitinerant Jan 06 '21 at 17:50
  • 3
    Arguably better once you reach more than a couple of users is a centralized user database such as LDAP , sssd etc – Bob Jan 06 '21 at 18:01
  • @HermanB - agreed; a centralized user database is the best choice for many scenarios. Ansible may be better if users will need to sign in on a disconnected laptop (or is there a way to cache LDAP credentials locally?). – bitinerant Jan 06 '21 at 18:37
  • I am mounting this as nsf4 – Jett123 Jan 06 '21 at 18:40
  • how to synchronize GID and UID among machine ? – Jett123 Jan 06 '21 at 18:49
  • Although it may seem as overkill when having only two machines, you may consider using NIS for centralized user database. NIS and NFS were originally developed to work together, where all machines in the network use the same user database (provided by NIS) and the same home directories (provided by NFS), so you can login to any of them and have your data and settings everywhere. There are multiple tutorials available on the Net how to configure NIS for Linux. – raj Jan 07 '21 at 14:51

1 Answers1

1

It's recommended, or at-least I would personally recommend you sync the group ID and user ID. There are many ways to do, and maintain this consistently - I'll go over three options.

Manually:

You can manually add the user to each host, the first SSH into both hosts then execute useradd -u 1500 testuser replacing testuser with a preferred username.

This will create a user with the GID/UID of 1500, which you can confirm with id testuser which should give you something like uid=1500(testuser) gid=1500(testuser) groups=1500(testuser)

SaltStack:

This will require some more learning if you're not familiar with SaltStack but here is a really simple state.

testuser:
  user.present:
    - fullname: 'Test User'
    - uid: 1500
    - gid: 1500

Reference: https://docs.saltstack.com/en/3000/ref/modules/all/salt.modules.useradd.html

(There are other options for configuration management, such as Ansible, Puppet, Chef)

Centralised:

There are a few options, but a popular one is FreeIPA which is a good all-in-one solution when it comes to centralised Linux authentication.

Of course, this option is more involved and will require you do some research - but there are tonnes of guides on how to install and configure this, such as this one.

Ashley Primo
  • 406
  • 2
  • 10