adrmlocal
1. 命令的产生
客户安装了软件后, 创建他们自己的ad user,然后导入/etc/passwd file中. 因此, 他们的localuser其实就是zone user(机器加入的域中的域用户). 这时候是AD在管理这些users,所以这些users不需要在/etc/passwd file中. 但事实上, 这里会有安全风险. 当在disconnect mode时, user可能会用旧的local user的account去登陆系统. 因此管理员想去除不必要的风险.于是就有了adrmlocal.
{
A customer buys our product, installs it on a machine, then sets up their AD
2. 命令的使用
a. '-i/--interactive' display a prompt before any removal of local users and
groups
The --interactive option prompts you interactively
for confirmation that you want to remove the duplicated local user account before performing the delete operation.
NOTE: 显示提示信息提示你是否确认要删除重复的user account.
Qestion: what kinds of users are called conflicted. Here listed four kinds.
1) same uid with different user name
2) same username with different uid
3) same username and uid
4) one local user mapped to one ad user, but they have different uids
1)~3), these users, we called them 'not in conflict'. Because 这些user的unix info 存储在ad 上的 和本地unix系统的匹配.(也就是说, ad可以控制这些信息). 所以, 我们的办法就是安全的删除它们,无需提示.
4), this user, we called it 'in conflict'. Because 同一个user有不同的uid. 这种情况可能会导致在import的过程中,发生错误. 所以我们的做法是给出提示信息让管理员确认是否删除这个localuser.
b. '-c/--commit' remove duplicated local users and groups, prompt only
when there are uid or gid conflicts
c. '-f/--force' remove duplicated local users and groups, never prompt
even if there are uid or gid conflicts
3. Test cases.
1) "-i", should prompted message to delete these users
a. only username conflict
b. only uid conflict
c. both username and uid conflict
d. one unix local user mapped to one ad user, with different uid.[user map setting in /etc/centrifydc/centrifydc.conf]
2) "-c", Remove duplicated user without prompting message, and prompted message for uid conflict.
3) "-f", Remove all users who are duplicated and conflicted.