X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=chiark-utils.git;a=blobdiff_plain;f=sync-accounts%2Fsync-accounts;h=3efa06e334dc15ba439c305d3de5dd1f82dd4682;hp=fe5b666d10b0ae25960c90437a2a547305817e33;hb=f791716cd4ca5f25a2b1977c3a635722a8a5c316;hpb=79d2c4e838e1dd1fc37e55eea4414abb94e5ac1c diff --git a/sync-accounts/sync-accounts b/sync-accounts/sync-accounts index fe5b666..3efa06e 100755 --- a/sync-accounts/sync-accounts +++ b/sync-accounts/sync-accounts @@ -1,8 +1,8 @@ #!/usr/bin/perl -# $Id: sync-accounts,v 1.19 2002-07-14 17:07:44 ianmdlvl Exp $ +# $Id: sync-accounts,v 1.20 2002-07-14 19:29:37 ianmdlvl Exp $ # -# Copyright (C)1999-2000 Ian Jackson -# Copyright (C)2000-2001 nCipher Corporation Ltd +# Copyright 1999-2000,2002 Ian Jackson +# Copyright 2000-2001 nCipher Corporation Ltd # # This is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free @@ -17,183 +17,6 @@ # You should already have a copy of the GNU General Public License. # If not, write to the Free Software Foundation, Inc., 59 Temple # Place - Suite 330, Boston, MA 02111-1307, USA. -# -# The config file consists of directives, one per line. Leading and -# trailing whitespace, blank lines and lines starting # are ignored. -# -# Some config file directives apply globally and should appear first: -# -# lockpasswd link -# lockgroup link -# Specifies the lockfile suffix or pathname to use when editing -# the passwd and group files. The value is a suffix if it does -# not start with `/'. If set to /dev/null no locking is done. -# -# lockpasswd runvia -# lockgroup runvia -# Lock by reinvoking ourselves via a program as EDITOR. -# ( would typically be vipw or vigr.) -# -# lockpasswd none -# lockgroup none -# Do not lock. -# -# logfile -# Append log messages to instead of stdout. -# Errors still go to stderr. -# -# localformat bsd|std -# Specifies the local password file is in the relevant format: -# `std' is the standard V7 password file (with a SysV- style -# /etc/shadow if one is detected at run-time); `bsd' is the weird -# BSD4.4 master.passwd format, and should be used only with -# `lockpasswd runvia vipw'. The default is `std'. -# -# Some config file directives set options which may be different at -# different points in the file. The most-recently-seen value is used -# at each point: -# -# uidmin -# uidmax -# homebase -# When an account is to be created, a uid/gid will be chosen -# which is one higher than the highest currently in use (except -# that ids outside the range - are ignored and will -# never be used). The default home directory location is -# /. -# -# sameuid -# nosameuid -# Specifies whether uids are supposed to match. The default is -# nosameuid. When sameuid is on, it is an error for the uid or -# gid of a local account not to match the corresponding remote -# account, and new local accounts will get the remote accounts' -# ids. -# -# usergroups -# nousergroups -# defaultgid -# Specifies whether local accounts are supposed to have -# corresponding groups, or all be part of a particular group. If -# usergroups is set, when a new account is created, the -# corresponding per-user group will be created as well, and -# per-user groups are created for existing accounts if necessary -# (if account creation is enabled). If the gid or group name for -# a per-user group is already taken for a different group name or -# gid this will be logged, and processing of that account will be -# inhibited, but it is not a fatal error. If defaultgid is used, -# then newly-created accounts will be made a part of that group, -# and the groups of existing accounts will be left alone. If -# nousergroups is specified then no new accounts can be created, -# and existing accounts' groups will be left alone. The default -# is `usergroups'. -# -# createuser -# createuser -# nocreateuser -# Specifies whether accounts found on the remote host should be -# created if necessary, and what command to run to do the -# creation (eg, setup of home directory). The default is -# nocreateuser. If createuser is specified without a commandname -# then sync-accounts-createuser is used. The command is found on -# the PATH if necessary. Either sameuid, or both uidmin and -# uidmax, must be specified, if accounts are to be created. -# -# The command (which will be run with sh -c) must at least create -# the new account's home directory. The passwd and group entries -# will not have been set up. The following environment variables -# will be set, giving details about the account to be created: -# SYNCUSER_CREATE_USER -# SYNCUSER_CREATE_UID -# SYNCUSER_CREATE_GID -# SYNCUSER_CREATE_COMMENT -# SYNCUSER_CREATE_HOME -# SYNCUSER_CREATE_SHELL -# If it chooses, the script may modify the password entry which -# will be added to the system, by outputting a replacement -# password file entry. (The password field of that is ignored.) -# If the script outputs a line which does not contain a : then -# the account will not be created after all. -# -# group -# nogroup -# Specifies that the membership of the local groups specified -# should be adjusted or not adjusted whenever account data for a -# particular user is copied, so that the account will be a member -# of the affected group locally iff it is a member of the same -# group on the remote host. The most recently-encountered -# glob-pattern for a particular group takes effect. The default -# is `nogroups *'. -# -# defaultshell -# If, when creating an account, the remote account's shell is not -# available on the local system, this value will be used. The -# default is /bin/sh. -# -# Some config file directives are per-host, and should appear before -# any directives which actually modify accounts: -# -# host -# Starts a host's section. This resets the per-host parameters -# to the defaults. The shorthostname need not be the host's -# official name in any sense. If sync-accounts is invoked with -# host names on the command line they are compared with the -# shorthostnames. -# -# getpasswd -# getgroup -# Commands to run on the local host to get the passwd, shadow and -# group data for the host in question. getpasswd must be -# specified if user data is to be transferred; getgroup must be -# specified if group data is to be transferred. -# -# getshadow -# Specifies that shadow file data is to be used (by default, -# password information is found from the output of getpasswd). -# The command should emit shadow data in the format specified by -# shadow(5) on Linux. getshadow should not be specified without -# getpasswd. -# -# remoteformat std|bsd -# Specifies the format of the output of `getpasswd'. `std' is -# standard V7 passwd file format (optionally augmented by the use -# of a shadow file fetched with getshadow). `bsd' is the weird -# BSD4.4 master.passwd format (and getshadow should not normally -# be used with `remoteformat bsd'). The default is `std'. -# -# Some configuration file directives specify that account data is to -# transferred from the current host. They should appear as the last -# thing(s) in a host section: -# -# user [remote=] -# Specifies that account data should be copied for local user -# from the remote account (assumed to -# be the same as if not specified). The account -# password, comment field, and shell will be copied -# unconditionally. If sameuid is specified the uid will be -# checked. -# -# users - -# Specifies that all remote users whose uid is in the given range -# are to be copied to corresponding local user accounts. -# -# nouser -# Specifies that data for is _not_ to be copied, even -# if subsequent user or users directives suggest that it should -# be. -# -# (A note is made when a `user', `users' or `nouser' directive is -# encountered for a particular account, and no subsequent directives -# for that account will take effect.) -# -# addhere -# This directive has no effect on `sync-accounts'. However, it -# is used as a placeholder by `grab-account': new accounts for -# creation are inserted just before `addhere'. -# -# Finally, the config file must finish with: -# -# end use POSIX;