[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OFFTOPIC] passwd-ng



On Fri, Sep 26, 2003 at 01:26:16PM -0700, Blars Blarson wrote:
> In article <20030926122953.GR16087@khan.acc.umu.se> david@southpole.se writes:
> >On Wed, Sep 24, 2003 at 09:52:22AM -0700, Blars Blarson wrote:
> >> readable output
> >> 	 lsuser has a glop of output that it is difficult to find
> >> 	 anything in.
> >
> >You can specify what attributes you want to show via --attr.
> 
> When you remember the attribute name.  The default should be easily

lsuser --help will kindly provide you with this information...

> readable.  There should also be a way for a program or shell script to
> get the information easily.

lsuser -f <username>

shows things in stanza form, that is:

euwe:~# lsuser -f tao
tao:
        id=1000
        locked=no
        pgrp=tao
        groups=dialout,cdrom,floppy,audio,src,media
        admgroups=
        home=/home/tao
        shell=/bin/bash
        gecos=David Weinehall,,,

and

lsuser -c <username>

shows things colon-separated:

euwe:~# lsuser -f tao
#name:locked:id:pgrp:groups:admgroups:home:shell:gecos
tao:no:1000:tao:dialout,cdrom,floppy,audio,src,media::/home/tao:/bin/bash:David
Weinehall,,,

The stanza format should be easy enough to read.  I prefer to keep the
default behaviour as it is, though. Both stanza-format and the
colon-separated list should be pretty easy to parse.

> >> 	things being updated by login should be in a database.
> >
> >Care to provide examples?
> 
> Last login date/time and location, failed login date/time and
> location.  This should be able to be updated without one user's update

Not stored in /etc/passwd; this information is stored in
/var/log/lastlog and /var/log/faillog...

> locking out another login.  Aix's /etc/security is an exmple of how
> not to do it.  It should be possible to make /etc/passwd and
> /etc/shadow immutable or stored on read-only media.

This can be tricky if you want to allow your users to change their
passwords, gecos-information, or shell, or allow yourself to change
expiry-information and to lock out users...  The same goes for
group-administration.

But if you don't desire these things, there shouldn't be any problem.


BTW: I did a lot of passwd-ng work this weekend; wrote more
manual-pages, fixed tons of bugs, and began adding a few more desirable
features.


/David
-- 
 /) David Weinehall <tao@acc.umu.se> /) Northern lights wander      (\
//  Maintainer of the v2.0 kernel   //  Dance across the winter sky //
\)  http://www.acc.umu.se/~tao/    (/   Full colour fire           (/



Reply to: