Provided by: chiark-scripts_4.3.0_all bug

NAME

       sync-accounts - synchronise accounts and passwords

SYNOPSIS

       sync-accounts [options] [source ...]

DESCRIPTION

       sync-accounts  is  a tool for copying account information into the local system's password
       and group databases, or  equivalent,  from  other  systems.   It  can  be  used  to  slave
       individual accounts, whole systems, or various partial combinations.

       By default, when invoked, sync-accounts reads is configuration file and updates all of the
       local details it is configured to synchronise, from all relevant sources.

       If one or more sources are named as command-line arguments, only  information  from  those
       sources is installed locally.

       See   sync-accounts(5)  for  detailed  information  about  sync-accounts's  behaviour  and
       configuration.

OPTIONS

       -Cconfig-file
              Reads config-file instead of /etc/sync-accounts.

       -q     Instead of updating local information, sync-accounts displays a  summary  of  which
              accounts are synchronised or not, and from where.

       -n     Causes  sync-accounts  not  to  actually  install  the new information in the local
              password and group databases.  Instead, updated versions are written to  the  files
              passwd and group in the current directory.  With -n new accounts are not created at
              all.  The system databases are not locked.

SECURITY

       sync-accounts is not  resistant  to  malicious  data  in  the  local  password  and  group
       databases, or its configuration file or command line arguments.

       Malicious  data  in  source information will not be able to take control of sync-accounts,
       but will be copied to the local databases if sync-accounts is configured to do so.

       To update the local databases, sync-accounts must be run as root.  For  -q  and  -n  sync-
       accounts  still  needs  to  be  able  to  successfuly invoke the commands specified in the
       configuration for getpasswd and getgroup.

EXIT STATUS

       0      All went well and there were no warnings.

       any other
              There were problems.  The local databases may or may not have been updated.

FILES

       /etc/sync-accounts
              Default configuration file.  (Override with -C.)

       sync-accounts-createuser
              Default command invoked by sync-accounts to create local users.

       /home  Default location for created users' home directories.

       /bin/sh
              Default shell for created users.

       /etc/passwd, /etc/group, /etc/shadow, /etc/master.passwd
              Local account databases, depending on configuration.

       /etc/shadow-non-existent
              Must not exist.

ENVIRONMENT

       EDITOR, VISUAL
              Manipulated by sync-ccounts  when  it  is  reinvoking  itself  via  vipw  or  vigr,
              according to lockpasswd runvia or lockgroup runvia.

       SYNC_ACCOUNTS_*
              Used by sync-accounts for its own purposes.  Do not set these variables.

       Setting  variables used by vipw(8) and vigr(8), apart from EDITOR and/orVISUAL will affect
       the operation of sync-accounts.  Avoid messing with these if possible.

       PATH is used to find subprograms such as sync-accounts-createuser and vipw/vigr.

BUGS

       Using sync-accounts does not give  particularly  prompt  propagation  of  changed  account
       information.

       There is no simple mechanism for automatically getting the right configuration details for
       accessing the local system's password and group databases.

       All the  systems  sharing  account  information  using  sync-accounts  need  to  be  using
       compatible encrypted-password schemes.

AUTHOR

       sync-accounts  and this manpage are part of the sync-accounts package which was written by
       Ian Jackson <ian@chiark.greenend.org.uk>.  They are Copyright 1999-2000,2002  Ian  Jackson
       <ian@davenant.greenend.org.uk>, and Copyright 2000-2001 nCipher Corporation Ltd.

       The sync-accounts package is free software; you can redistribute it and/or modify it under
       the terms of the GNU General Public License as published by the Free Software  Foundation;
       either version 3, or (at your option) any later version.

       This  is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
       even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
       GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program;
       if not, consult the Free Software Foundation's website at www.fsf.org, or the GNU  Project
       website at www.gnu.org.

SEE ALSO

       sync-accounts(5),   grab-account(8),   sync-accounts-createuser(8),  passwd(5),  group(5),
       shadow(5), master.passwd(5), vipw(8), vigr(8)