[ANN] SysUser: access to the users' system database

[Archos]

I'm glad to announce version 0.8 of SysUser, a package to handle users and groups
in Linux, with the next features:

+ Lookup and editing of information.
+ Set/change of passwords.
+ Add/del users and groups.

== Configuration

SysUser uses some values got from the system configuration, i.e. to get the next
available UID or GID, but every distribution of a same system can have a
different configuration system. In the case of Linux, the research has been done
in 10 different distributions:

    Arch
    CentOS
    Debian
    Fedora
    Gentoo
    Mageia (Mandriva's fork)
    OpenSUSE
    PCLinuxOS
    Slackware
    Ubuntu

== Other systems

BSD systems and Windows are unsopported, and it is not my priority to support
those systems. But if somebody does research about Windows API to get the same
result than in Linux, I'll write the code.


https://github.com/kless/sysuser

[Ingo Oeser]

Any plans to support PAM?

Because all the stuff configured there like having an LDAP or Kerberos back-end are simply ignored by the package right now.

[Archos]

I added support for editing with the goal to add/remove users and groups in the main systems
of home systems (Windows, Mac OS, Linux --in order of number of users--).

LDAP and Kerberos are used in servers or work stations but not in home systems so it is not
in my list of priorities, although I would like to build it some day, together with other backend to
handle those data into a RDBMS for web services.
But I have to continue developing an infrastructure which depends of this package and I have not
too time to working in several projects at the same time. Anyway, I'll support Mac OS and
Windows at some point from my project needs it.

By the way, is LDAP widely used in servers? Because OpenLDAP is one of the most difficult
I've had to configure.

[Arne Hormann]

I'm just browsing your repo and came here to ask: Do you know the command getent?

I'd imagine it would help you, though it's for reading only - it retrieves the contents for passwd, shadow, gshadow and a bunch more and accesses LDAP and others when present.

If the user doesn't have the required privileges, it returns nothing.

[Archos]

Thanks for the information, I didn't know about getent.
Anyway, the library has functions Lookup* to retieve all that content.

The goal of to use a libray instead of calling to a specific command, is to have the same
API in different systems, since some commands have different flags in BSD systems
and Linux systems, and also to can use it in Windows systems.

[Arne Hormann]

I thought it could help you because it's installed by default in most distros and always uses the "right" information source (say you do use LDAP - it'll report the passwd data from LDAP instead of /etc/passwd).

[James Bardin]

Yes, this really needs to be done via the system libraries to be complete. It looks to cover the basics fairly well (you didn't even forget about gshadow like most people), but I wouldn't try to go much further down this path (e.g. don't parse nsswitch.conf yourself, and try to resolve usernames elsewhere). 

Take a look at python-libuser to see what's required for a more complete interface. https://fedorahosted.org/libuser/

It's a crufty old system, and you really have to go through the standard C libraries to make sure your library follows the same rules as everything else that resolves user and group information.

[Archos]

Thanks for the information, it's very useful.