Name
vitalnix -- user/group account management software
Description
The Vitalnix User Management Suite is a collection of programs and libraries that implement frontend access to databases storing UNIX user and group accounts.
History -- The task
A tool suite (now evolved to the Vitalnix Suite) was developed in 1997 at the Otto-Hahn-Gymnasium Göttingen, Germany, to import user descriptions from a text file dump from the secretary office and make ready-to-use UNIX user accounts out of it, but taking into account existing accounts. The program updated the Unix passwd database with changes calculated from that external text file.
Database access has been modularized so that LDAP support would be easily possible; the tool suite has also gained many more programs that relate to the day-to-day administrative job in computer networks; predominantly in the educational sector, but as LDAP emerges as a common technology in any area, this tool suite will be helpful.
Authors
The original Perl scripts were created by Eike Teiwes in 1997-1999.
Jan Engelhardt has picked them up in fall 1999 keeping them up to date (including rewriting the tool suite to get it to new levels) and is the current maintainer, reachable at jengelh@computergmbh.de.
I would like to thank the following people for their beta testing, suggestions and contributions over the years: Cordula Petzold, Cristoph Thiel, Eberhard Mönkeberg.
Limits of existing software
A lot of user account maintenance programs I have come across use NSS ("getpwent") for retrieving information and issue backend-specific (shadow, LDAP) commands for write operations, such as adding, modifying or deleting a user or group.
The standard NSS API is neither thread-safe nor multi-use safe
(a single thread, but intertwined invocations of functions). The GNU libc
thread-safe extensions do not cover all functions, for example
setpwent()
. Write support is totally absent from NSS -- libc
has a mere putpwent()
which requires a stdio file handle, which
of course does not work with other storage methods such as LDAP or MYSQL.
So most programs implement their own write handling, each coming with its own bulk of bugs, limitations or configuration files (and Vitalnix is surely no different). Gluing programs together requires a tremendous amount of time and often you just do not trust some programs when they ask for information that would normally not be required to perform a given task.
Current project status
Vitalnix provides a library, libvxdb, which abstracts away the underlying storage mechanism and provides generalized methods of basic operations such as "add a user", modify, delete. With regard to user/group information retrieval, it is mostly equivalent to NSS, but is designed with thread-safety and multi-use safety in mind from the beginning. I consider the API and code to be rather clean compared to NSS and pwdutils.
Vitalnix is not the solution to everything. For example, it does not allow you to add arbitrary attributes to a user account, even if the underlying storage mechanisms could be adopted to do so. The primary focus on providing a simple (ideally) API and tools to get a typical essential server system (e.g. Windows network logon with SMB) working.
The Vitalnix package is considered to be in beta stage. It works for what we do with it, but it has yet to see widespread usage.
Of course, there is a bit more than just libvxdb. SAMBA Logon Time Restriction and Print Accounting are two parts for example, which are not directly related to user management, but they were nonetheless needed.
Refer to the following subsections and the linked manpages for further reading.
Part 1 -- Basic setup of Vitalnix
(To be done)
Part 2 -- Basic user/group information
This group of tools are mostly equivalent to various system programs, except that they use the Vitalnix API for interacting with databases.
vxfinger(1) | user information lookup |
vxid(1) | print user identity (UID/GID/groups) |
Part 3 -- Basic user/group administration
These tools are equivalent to /usr/sbin/useradd
and friends. They only operate on the common NSS fields, i.e. do not handle
Vitalnix-specific extensions like the Vitalnix Group Tag or Deferred
Deletion. Use these when working with system accounts
vxuseradd(8), vxusermod(8), vxuserdel(8), vxgroupadd(8), vxgroupmod(8), vxgroupdel(8)
Part 4 -- Auxiliary tools and helpers
A few helper programs which may be used from other scripts or programs at your option. They provide a program-based interface to the Vitalnix C API.
vxrandpw(1) | Generating random passwords |
vxtryauth(8) | Interface to the PAM system authentication |
Part 5 -- Tools for user/group synchronization
Synchronizing parts of the user database with an External Data Source (EDS, usually a text file) is an essential block of the Vitalnix Suite.
vxckuuid(8) | Finding users whose UUID potentially needs correction prior to synchronization |
vxfixuuid(8) | UUID correction for users |
vxusersync(8) | User account synchronization |
vxgroupbld(8) | Group membership synchronization |
vxpwlfmt(8) | Password list prettyprinting -- conversion from simple list to magnificient documents |
vxnewuser(8) | Single-user addition with handling for Vitalnix-specific fields(!) |
steelmill(8) | Graphical user interface for vxusersync and vxpwlfmt (incomplete) |
Part 6 -- Administrative library code
(To be done)
pam_ihlogon(8) | Class-based login time restriction module for the PAM stack (Pluggable Authentication Modules) |
Part 7 -- Vitalnix CGI programs
(To be done)
vxcgi_chpasswd(8) | Set password |
vxcgi_ntactiv(8) | Reset SMBNT password to UNIX password |
vxcgi_vwquota(8) | Display DiskQuota |
Part 8 -- Print accounting
(To be done)
lpacct_filter(8) | Vitalnix print job analyzer |
lpacct_scv(8) | Vitalnix print job confirmator - CUPS backend |
lpacview(8) | PHP webscript for managing print jobs |
Part 9 -- Database drivers
(To be done)
vxdrv_ldap(7) | LDAP database driver |
vxdrv_mmd(7) | Multiple Module pseudo-driver |
vxdrv_mysql(7) | MYSQL database driver |
vxdrv_shadow(7) | Shadow database driver (/etc/passwd ) |
Part 10 -- Vitalnix library API
(To be done)
libvxcgi(3) | Helper functions for CGI programs |
libvxcli(3) | Helper functions for CLI-based programs |
libvxcore(3) | Really core functions; used by database drivers to register with libvxdb. |
libvxdb(3) | General Vitalnix API for interaction with user databases |
libvxeds(3) | Library for parsing External Data Sources |
libvxmdfmt(3) | Library for postformatting password lists (used by vxpwlfmt and steelmill) |
libvxmdsync(3) | Library for handling user synchronization |
libvxutil(3) | Various helper functions related to user management |
Part 11 -- Vitalnix internal commands
Tools for inspecting and debugging Vitalnix and the user database.
vxdbdump(8) | Dump contents of database |
vxdbinfo(8) | Information about database drivers |