I am using FreeBSD with ZFS to run several jails. For jail management I'm using ezjail, and I have a template jail which I use for provisioning.
I want to share passwd, groups, and authentication information across all jails and the host. For the jails it can be read-only.
Is there some mechanism which can share the host passwd, groups, etc. without any complex system such as LDAP/NIS/etc.?
Best Answer
LDAP or NIS is the Right Solution -- it's really not that complicated, and you should take a day and learn both (figure about half a day each to get the basics. Less if you buy the O'Reilly NIS book & LDAP book.
The big advantage here is you can centralize some accounts (administrative access/support users), authorize others on a per-jail basis, and still have local users on specific machines.
If you're really dead-set against LDAP or NIS the next best thing is to use Puppet, Chef, radmind, or similar to update the
passwdandgroupfiles -- you can automatically synchronize the authentication/authorization files as part of a site-wide deployment process.Automatic deployment tools have their own complexity issues, but also bring a number of benefits which may make them appropriate for your environment
The next step down is a cron job on the host system that copies standard
passwdandgroupfiles to each jail at a set time. This is the simplest solution and works very well, though it is only a very small step up from copying the files yourself manually.