Section: chiark utilities (8)Updated: 14th July 2002Local indexUp
NAME
sync-accounts - synchronise accounts and passwords
SYNOPSIS
sync-accounts [options] [source ...]
DESCRIPTION
sync-accounts
is a tool for copying account information into the local system's
password and group databases, or equivalent, from other systems. It
can be used to slave individual accounts, whole systems, or various
partial combinations.
By default, when invoked, sync-accounts reads is configuration file
and updates all of the local details it is configured to synchronise,
from all relevant sources.
If one or more sources are named as command-line arguments, only
information from those sources is installed locally.
See
sync-accounts(5)
for detailed information about sync-accounts's behaviour and
configuration.
OPTIONS
-Cconfig-file
Reads
config-file
instead of
/etc/sync-accounts.
-q
Instead of updating local information, sync-accounts displays a
summary of which accounts are synchronised or not, and from where.
-n
Causes sync-accounts not to actually install the new information in
the local password and group databases. Instead, updated versions are
written to the files
passwd
and
group
in the current directory. With
-n
new accounts are not created at all. The system databases are not
locked.
SECURITY
sync-accounts is not resistant to malicious data in the local
password and group databases, or its configuration file or command
line arguments.
Malicious data in source information will not be able to take control
of sync-accounts, but will be copied to the local databases if
sync-accounts is configured to do so.
To update the local databases, sync-accounts must be run as root.
For -q and -n sync-accounts still needs to be able to successfuly
invoke the commands specified in the configuration for getpasswd and
getgroup.
EXIT STATUS
0
All went well and there were no warnings.
any other
There were problems. The local databases may or may not have been
updated.
FILES
/etc/sync-accounts
Default configuration file. (Override with
-C.)
sync-accounts-createuser
Default command invoked by sync-accounts to create local users.
/home
Default location for created users' home directories.
Local account databases, depending on configuration.
/etc/shadow-non-existent
Must not exist.
ENVIRONMENT
EDITOR, VISUAL
Manipulated by sync-ccounts when it is reinvoking itself via vipw or
vigr, according to
lockpasswd runvia
or
lockgroup runvia.
SYNC_ACCOUNTS_*
Used by sync-accounts for its own purposes. Do not set these
variables.
Setting variables used by
vipw(8)
and
vigr(8),
apart from
EDITOR and/orVISUAL
will affect the operation of sync-accounts.
Avoid messing with these if possible.
PATH
is used to find subprograms such as
sync-accounts-createuser and vipw/vigr.
BUGS
Using sync-accounts does not give particularly prompt propagation of
changed account information.
There is no simple mechanism for automatically getting the right
configuration details for accessing the local system's password and
group databases.
All the systems sharing account information using sync-accounts need
to be using compatible encrypted-password schemes.
AUTHOR
sync-accounts
and this manpage are part of the
sync-accounts
package which was written by Ian Jackson <ian@chiark.greenend.org.uk>.
They are Copyright 1999-2000,2002 Ian Jackson
<ian@davenant.greenend.org.uk>, and Copyright 2000-2001 nCipher
Corporation Ltd.
The sync-accounts package is free software; you can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 3, or (at
your option) any later version.
This is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
You should have received a copy of the GNU General Public License along
with this program; if not, consult the Free Software Foundation's
website at www.fsf.org, or the GNU Project website at www.gnu.org.