That assumes you already have these users configured on a differentOn Thu, 2017-04-20 at 14:39 -0400, Stephen Smalley wrote:
> On Thu, 2017-04-20 at 23:14 +0530, Lakshmipathi.G wrote:
> > It takes 10 seconds to create user account,where as without -Z
> > option
> > it takes less a second. I tried changing SELinux to Permissive mode
> > or
> > try to use tmpfs for /etc/selinux mountpoint , both didn't help.The
> > problem is I'm re-creating 50000+ user accounts in a new server.
> > Looks
> > for options to speed-up this process. thanks for
> > any pointers/help.
> >
> > # time useradd --uid=20005 -Z guest_u u20005
> > real 0m10.194s
> > user 0m8.866s
> > sys 0m1.273s
> >
> > # time useradd --uid=20006 u20006
> > real 0m0.050s
> > user 0m0.018s
> > sys 0m0.021s
>
> Maybe an alternative until you get an updated libsemanage would be to
> transfer the SELinux configuration via semanage export/import and
> just
> run useradd without -Z. That way you can do all of the additions to
> seusers in a single transaction.
server from which you can run semanage export (I assumed that because
you said you were re-creating 50000+ user accounts). If not, then you
could essentially write a script to generate the input expected by
semanage import to add all the users. It would look something like
this:
$ cat userlist
login -a -s guest_u -r 's0' u20005
login -a -s guest_u -r 's0' u20006
...
$ <add all of the users with useradd first, without -Z>
$ sudo semanage import -f userlist
If you are instead using semanage export from an existing system with
the users already defined, be careful since it always starts with
commands to delete all local customizations before adding the new ones,
so you might not want to do that on your system. You can always delete
those lines from its output before feeding to semanage import.