Passman.pm is an object-oriented Perl module for doing generic passwd/shadow management. It currently supports get/set methods for all fields that appear in the standard shadow/passwd files, and provides an API for creating new accounts. A Passman object contains all of the user accounts represented in the passwd/shadow files and allows operations to be performed on them. Since Passman writes to the passwd/shadow files, almost all scripts using this module will need to run with root privaleges, so certain security precautions are assumed to have been taken. For example, care should be taken in doing sanity checks on any arguments to the object constructor, since a shell command is later executed using those arguments (see the writeout method for details). Remember that scripts run as root or that are SUID root should be sure to sanitize the environment of all variables, or all such input and environment information should come from a trusted source. To utilize Passman in a Perl script, put it in a use line: use Passman; Passman field names: Some Passman methods (the various get and set methods) use field names to specify which field they operate on. There are two separate groups- one for the fields in passwd, and one for the fields in shadow. passwd field names user account user name passwd set to 'x' according to customary shadow file usage uid account user ID number gid account group ID number gcos account owner's name, or other info homedir home directory shell login shell shadow field names user account user name passwd account password, in encrypted form lastchg days since 1/1/1970 that te password was last modified min minimum days between password changes max maximum days between password changes warn days before password expiration that user is warned inactive days of inactivity allowed for the user expire absolute date of expiration flag reserved, not changeable Passman object instance methods: Methods for Passman objects are accessed through standard Perl OO method syntax (e.g. $object->method();). new(pfile, sfile) This method is the object constructor. The two arguments are both optional, and are the pathnames of files to use in place of the passwd and shadow files, respectively. If an argument is omitted, the standard /etc/passwd and /etc/shadow files are used as defaults. If a file is specified in the arguments, the resulting object will alter that file instead of the actual passwd or shadow file. If either the shadow or passwd files (or their substitutes supplied as method arguments) cannot be opened for writing, Passman prints an error message and returns undef instead of an object reference. writeout This method can be called to write the Passman object back into the passwd and shadow files. This method forces a write without calling the object destructor. This method is also called by the object destructor when a Passman object goes out of scope, or is otherwise garbage-collected. In a future version of Passman, a flag will allow the writeout-on-destruction behavior to be toggled. Note, this method makes backup copies of both the shadow and passwd files in .bkup and .bkup. This is done with a shell command, so if the passwd and shadow file locations were changed by using the constructor arguments (see new for details), be sure to confirm that the new names are safe. writeout returns 1 on success and 0 on failure. adduser(username, gcos, dir, shell, gid, uid) This method creates a new user in the given Passman object with the given attributes. It returns a 0 on failure and a 1 on success. The username must be unique (it can't already have an entry), but multiple accounts with the same UID number are allowed. All of the above arguments are required except for the uid and gid. If the uid isn't specified, a search is made for the next available one above 100. If the gid isn't specified, it is set to the newly found uid. removeuser(user) This method removes the given user from this instance. It returns 1 on success and 0 on failure. 0 will only be returned if the user is not in this instance. The argument is required. get(field, user) This method returns the value of the given field in the passwd file for the given user. Both arguments are required. getuid(uid) This method returns a list of usernames that have the given uid. This can also be used as a "uidexist" function, since when the output is tested in scalar context, it will be true if the uid exists, and false otherwise. The uid is required. set(field, user, value) This method sets the given field in the passwd file to the given value for the given user. If this method is used to change the username, that account entry will be accessable only as the new username. The change will also be reflected in the output of the getuid method. Likewise, a change of uid will be reflected in the output of the getuid method. All arguments are required. shget(field, user) This method returns the value of the given field in the shadow file for the given user. Both arguments are required. shset(field, user, value) This method sets the given field to the given value for the given user. It returns true on success and false on error. An error will occur if field is equal to 'flag' because flag is reserved, or if field is equal to 'user' because the username should be set with the passwd set method (see set()). alluids A convenience method that returns a list of all uids in the instance, sorted in ascending order. The sort is numerical, so '2' appears before '10' in the list. allusers A convenience method that returns a list of all usernames in the instance, sorted aphabetically in ascending order. The sort is lexical, so '10' appears before '2' in the list. userexists(username) Returns true if the user exists in the instance, false otherwise.