Perl module for managing user groups (UNIX)

[J.D. Baldwin]

I'm looking for a module or maybe some good sample code to save me
some labor in implementing a front-end for group management. For
example, changing a user's primary group membership from 'foo' to
'bar' or removing a user from one of his secondary groups, adding him
to a new secondary group, etc.

Seems this should be pretty straightforward, it's just that it's a lot
of code, particularly for the error-checking. I'd rather not write it
if I can steal-- er, "reuse" it.

 

[Tim Greer]

I'm looking for a module or maybe some good sample code to save me
some labor in implementing a front-end for group management. For
example, changing a user's primary group membership from 'foo' to
'bar' or removing a user from one of his secondary groups, adding him
to a new secondary group, etc.

Seems this should be pretty straightforward, it's just that it's a lot
of code, particularly for the error-checking. I'd rather not write it
if I can steal-- er, "reuse" it.

What OS are you using, specifically? There are likely commands that
will do all of the error checking, file locking, etc. for you (i.e.,
usermod, groupmod, etc.)

 

[smallpond]

I'm looking for a module or maybe some good sample code to save me
some labor in implementing a front-end for group management. For
example, changing a user's primary group membership from 'foo' to
'bar' or removing a user from one of his secondary groups, adding him
to a new secondary group, etc.

Seems this should be pretty straightforward, it's just that it's a lot
of code, particularly for the error-checking. I'd rather not write it
if I can steal-- er, "reuse" it.

webmin is written in perl.

 

[Eric Pozharski]

Seems this should be pretty straightforward, it's just that it's a lot
of code, particularly for the error-checking. I'd rather not write it
if I can steal-- er, "reuse" it.

{50997:35} [0:1]$ file /usr/sbin/adduser
/usr/sbin/adduser: a /usr/bin/perl script text executable
{51006:36} [0:0]$ dpkg -S /usr/sbin/adduser
adduser: /usr/sbin/adduser
{51168:38} [0:0]$ apt-cache show -a=no adduser |grep Homepage
Homepage: http://alioth.debian.org/projects/adduser/

 

[J.D. Baldwin]

What OS are you using, specifically? There are likely commands that
will do all of the error checking, file locking, etc. for you (i.e.,
usermod, groupmod, etc.)

While platform-independence is a nice-to-have objective for the longer
term, all the hosts in the system in question are Solaris 8/9/10 at
the moment.

What I do now involves usermod -- but you can't just tell usermod "add
this guy to this group." You have to say "Assign this guy to
secondary membership of all these groups." As a result, I have to
collect all the existing groups, figure out which ones are
secondaries, error-check the request, then execute the comment. That
error-checking is the most involved step by far; there are a lot of
ways to malform a request. Then we have the case of asking to delete
a user's primary group, which of course involves picking one of the
secondary groups to assign in its place ... and so on and so forth.

It's not that I can't do this, it's just that I'd rather not write 500
lines of code if someone has module-ized the tasks.

 

[Peter J. Holzer]

What I do now involves usermod -- but you can't just tell usermod "add
this guy to this group." You have to say "Assign this guy to
secondary membership of all these groups." As a result, I have to
collect all the existing groups, figure out which ones are
secondaries, error-check the request, then execute the comment. That
error-checking is the most involved step by far; there are a lot of
ways to malform a request. Then we have the case of asking to delete
a user's primary group, which of course involves picking one of the
secondary groups to assign in its place ... and so on and so forth.

It's not that I can't do this, it's just that I'd rather not write 500
lines of code if someone has module-ized the tasks.

Your estimate is remarkably correct:

% wc -l sync_*
[...]
502 sync_hpux_user
[...]

My sync_hpux_user script has almost exactly 500 lines ;-). It does the
stuff you describe. Unfortunately it is not well modularized, and the
sync_* scripts in general are rather crufty. I've meant to rewrite the
whole system for years, but there is never time.

hp

 

[Tim Greer]

While platform-independence is a nice-to-have objective for the longer
term, all the hosts in the system in question are Solaris 8/9/10 at
the moment.

What I do now involves usermod -- but you can't just tell usermod "add
this guy to this group." You have to say "Assign this guy to
secondary membership of all these groups." As a result, I have to
collect all the existing groups, figure out which ones are
secondaries, error-check the request, then execute the comment. That
error-checking is the most involved step by far; there are a lot of
ways to malform a request. Then we have the case of asking to delete
a user's primary group, which of course involves picking one of the
secondary groups to assign in its place ... and so on and so forth.

It's not that I can't do this, it's just that I'd rather not write 500
lines of code if someone has module-ized the tasks.

Got ya. I can't see the earlier articles in this thread, as my news
reader is configured to drop articles which I've already read after 30
days has passed (that is intentional), so could you (re)post the
relevant code you have now, if you have any? Pardon me if you've
already posted it. Sorry, I don't personally know of an existing
module for this, but there could be one. I'm sure there are some
existing solutions out there posted, which could probably be modified
if they aren't exactly what you need now... but your own code might be
close enough now for that task, too.

 

[J.D. Baldwin]

Got ya. I can't see the earlier articles in this thread, as my news
reader is configured to drop articles which I've already read after
30 days has passed (that is intentional), so could you (re)post the
relevant code you have now, if you have any? Pardon me if you've
already posted it. Sorry, I don't personally know of an existing
module for this, but there could be one. I'm sure there are some
existing solutions out there posted, which could probably be
modified if they aren't exactly what you need now... but your own
code might be close enough now for that task, too.

The code I have is at work just now and is such a mess that my plan is
to throw it out and start from scratch. Here's my original query,
though:


I'm looking for a module or maybe some good sample code to
save me some labor in implementing a front-end for group
management. For example, changing a user's primary group
membership from 'foo' to 'bar' or removing a user from one of
his secondary groups, adding him to a new secondary group,
etc.

Seems this should be pretty straightforward, it's just that
it's a lot of code, particularly for the error-checking. I'd
rather not write it if I can steal-- er, "reuse" it.

 

[Mart van de Wege]

I'm looking for a module or maybe some good sample code to save me
some labor in implementing a front-end for group management. For
example, changing a user's primary group membership from 'foo' to
'bar' or removing a user from one of his secondary groups, adding him
to a new secondary group, etc.

Seems this should be pretty straightforward, it's just that it's a lot
of code, particularly for the error-checking. I'd rather not write it
if I can steal-- er, "reuse" it.

Hmm.

How about the Debian adduser and addgroup scripts? I just took a short
look at them, and I think they could be ported to Solaris without too
much trouble.

Regards,

Mart

 

[J.D. Baldwin]

In the previous article, Mart van de Wege

How about the Debian adduser and addgroup scripts? I just took a
short look at them, and I think they could be ported to Solaris
without too much trouble.

Thanks. I'll give them a look.

 

[Dr.Ruud]

J.D. Baldwin schreef:

I'm looking for a module or maybe some good sample code to save me
some labor in implementing a front-end for group management. For
example, changing a user's primary group membership from 'foo' to
'bar' or removing a user from one of his secondary groups, adding him
to a new secondary group, etc.

Seems this should be pretty straightforward, it's just that it's a lot
of code, particularly for the error-checking. I'd rather not write it
if I can steal-- er, "reuse" it.

You could look into LDAP, several modules and front-ends available.