Provided by: chiark-scripts_4.0.0_all
sync-accounts - synchronise accounts and passwords
sync-accounts [options] [source ...]
sync-accounts is a tool for copying account information into the local
system’s password and group databases, or equivalent, from other
systems. It can be used to slave individual accounts, whole systems,
or various partial combinations.
By default, when invoked, sync-accounts reads is configuration file and
updates all of the local details it is configured to synchronise, from
all relevant sources.
If one or more sources are named as command-line arguments, only
information from those sources is installed locally.
See sync-accounts(5) for detailed information about sync-accounts’s
behaviour and configuration.
Reads config-file instead of /etc/sync-accounts.
-q Instead of updating local information, sync-accounts displays a
summary of which accounts are synchronised or not, and from
-n Causes sync-accounts not to actually install the new information
in the local password and group databases. Instead, updated
versions are written to the files passwd and group in the
current directory. With -n new accounts are not created at all.
The system databases are not locked.
sync-accounts is not resistant to malicious data in the local password
and group databases, or its configuration file or command line
Malicious data in source information will not be able to take control
of sync-accounts, but will be copied to the local databases if sync-
accounts is configured to do so.
To update the local databases, sync-accounts must be run as root. For
-q and -n sync-accounts still needs to be able to successfuly invoke
the commands specified in the configuration for getpasswd and getgroup.
0 All went well and there were no warnings.
There were problems. The local databases may or may not have
Default configuration file. (Override with -C.)
Default command invoked by sync-accounts to create local users.
/home Default location for created users’ home directories.
Default shell for created users.
/etc/passwd, /etc/group, /etc/shadow, /etc/master.passwd
Local account databases, depending on configuration.
Must not exist.
Manipulated by sync-ccounts when it is reinvoking itself via
vipw or vigr, according to lockpasswd runvia or lockgroup
Used by sync-accounts for its own purposes. Do not set these
Setting variables used by vipw(8) and vigr(8), apart from EDITOR
and/orVISUAL will affect the operation of sync-accounts. Avoid messing
with these if possible.
PATH is used to find subprograms such as sync-accounts-createuser and
Using sync-accounts does not give particularly prompt propagation of
changed account information.
There is no simple mechanism for automatically getting the right
configuration details for accessing the local system’s password and
All the systems sharing account information using sync-accounts need to
be using compatible encrypted-password schemes.
sync-accounts and this manpage are part of the sync-accounts package
which was written by Ian Jackson <email@example.com>. They
are Copyright 1999-2000,2002 Ian Jackson
<firstname.lastname@example.org>, and Copyright 2000-2001 nCipher
The sync-accounts package is free software; you can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2, or (at
your option) any later version.
This is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
sync-accounts(5), grab-account(8), sync-accounts-createuser(8),
passwd(5), group(5), shadow(5), master.passwd(5), vipw(8), vigr(8)