upf - Manipulate /etc/{passwd,shadow,group,gshadow} entries
This document describes version 0.050 of upf (from Perl distribution App-upf), released on 2020-04-29.
Usage:
% upf add-delete-user-groups [--add-to-json=s] [--add-to=s+] [--config-path=path | -c] [--config-profile=profile | -P] [--delete-from-json=s] [--delete-from=s+] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-config | -C] [--no-env] [--page-result[=program]] <user> % upf add-group [--backup] [--config-path=path | -c] [--config-profile=profile | -P] [--etc-dir=s] [--format=name] [--gid=s] [--json] [--max-gid=s] [--members-json=s] [--members=s] [--min-gid=s] [--(no)naked-res] [--no-backup] [--no-config | -C] [--no-env] [--nobackup] [--page-result[=program]] <group> % upf add-user [--backup] [--config-path=path | -c] [--config-profile=profile | -P] [--encpass=s] [--etc-dir=s] [--expire-date=s] [--format=name] [--gecos=s] [--gid=s] [--group=s] [--home=s] [--json] [--last-pwchange=s] [--max-gid=s] [--max-pass-age=s] [--max-uid=s] [--min-gid=s] [--min-pass-age=s] [--min-uid=s] [--(no)naked-res] [--no-backup] [--no-config | -C] [--no-env] [--nobackup] [--page-result[=program]] [--pass-inactive-period=s] [--pass-warn-period=s] [--pass=s] [--shell=s] [--uid=s] <user> % upf add-user-to-group [--config-path=path | -c] [--config-profile=profile | -P] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-config | -C] [--no-env] [--page-result[=program]] <user> <group> % upf delete-group [--backup] [--config-path=path | -c] [--config-profile=profile | -P] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-backup] [--no-config | -C] [--no-env] [--nobackup] [--page-result[=program]] <group> % upf delete-user [--backup] [--config-path=path | -c] [--config-profile=profile | -P] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-backup] [--no-config | -C] [--no-env] [--nobackup] [--page-result[=program]] <user> % upf delete-user-from-group [--config-path=path | -c] [--config-profile=profile | -P] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-config | -C] [--no-env] [--page-result[=program]] <user> <group> % upf get-group [--config-path=path | -c] [--config-profile=profile | -P] [--etc-dir=s] [--format=name] [--gid=s] [--group=s] [--json] [--(no)naked-res] [--no-config | -C] [--no-env] [--page-result[=program]] [--with-field-names] [--without-field-names] % upf get-max-gid [--config-path=path | -c] [--config-profile=profile | -P] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-config | -C] [--no-env] [--page-result[=program]] % upf get-max-uid [--config-path=path | -c] [--config-profile=profile | -P] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-config | -C] [--no-env] [--page-result[=program]] % upf get-user [--config-path=path | -c] [--config-profile=profile | -P] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-config | -C] [--no-env] [--page-result[=program]] [--uid=s] [--user=s] [--with-field-names] [--without-field-names] % upf get-user-groups [--config-path=path | -c] [--config-profile=profile | -P] [--detail] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-config | -C] [--no-detail] [--no-env] [--nodetail] [--page-result[=program]] [--with-field-names] [--without-field-names] <user> % upf group-exists [--config-path=path | -c] [--config-profile=profile | -P] [--etc-dir=s] [--format=name] [--gid=s] [--group=s] [--json] [--(no)naked-res] [--no-config | -C] [--no-env] [--page-result[=program]] % upf is-member [--config-path=path | -c] [--config-profile=profile | -P] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-config | -C] [--no-env] [--page-result[=program]] <user> <group> % upf list-groups [--config-path=path | -c] [--config-profile=profile | -P] [--detail] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-config | -C] [--no-detail] [--no-env] [--nodetail] [--page-result[=program]] [--with-field-names] [--without-field-names] % upf list-users [--config-path=path | -c] [--config-profile=profile | -P] [--detail] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-config | -C] [--no-detail] [--no-env] [--nodetail] [--page-result[=program]] [--with-field-names] [--without-field-names] % upf list-users-and-groups [--config-path=path | -c] [--config-profile=profile | -P] [--detail] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-config | -C] [--no-detail] [--no-env] [--nodetail] [--page-result[=program]] [--with-field-names] [--without-field-names] % upf modify-group [--admins=s] [--backup] [--config-path=path | -c] [--config-profile=profile | -P] [--encpass=s] [--etc-dir=s] [--format=name] [--gid=s] [--json] [--members=s] [--(no)naked-res] [--no-backup] [--no-config | -C] [--no-env] [--nobackup] [--page-result[=program]] [--pass=s] <group> % upf modify-user [--backup] [--config-path=path | -c] [--config-profile=profile | -P] [--encpass=s] [--etc-dir=s] [--expire-date=s] [--format=name] [--gecos=s] [--gid=s] [--home=s] [--json] [--last-pwchange=s] [--max-pass-age=s] [--min-pass-age=s] [--(no)naked-res] [--no-backup] [--no-config | -C] [--no-env] [--nobackup] [--page-result[=program]] [--pass-inactive-period=s] [--pass-warn-period=s] [--shell=s] [--uid=s] <user> % upf set-user-groups [--config-path=path | -c] [--config-profile=profile | -P] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-config | -C] [--no-env] [--page-result[=program]] <user> <groups> ... % upf set-user-password [--backup] [--config-path=path | -c] [--config-profile=profile | -P] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-backup] [--no-config | -C] [--no-env] [--nobackup] [--page-result[=program]] <user> <pass> % upf user-exists [--config-path=path | -c] [--config-profile=profile | -P] [--etc-dir=s] [--format=name] [--json] [--(no)naked-res] [--no-config | -C] [--no-env] [--page-result[=program]] [--uid=s] [--user=s]
Add or delete user from one or several groups.
This can be used to reduce several add_user_to_group() and/or delete_user_from_group() calls to a single call. So:
add_user_to_group()
delete_user_from_group()
add_delete_user_groups(user=>'u',add_to=>['a','b'],delete_from=>['c','d']);
is equivalent to:
add_user_to_group (user=>'u', group=>'a'); add_user_to_group (user=>'u', group=>'b'); delete_user_from_group(user=>'u', group=>'c'); delete_user_from_group(user=>'u', group=>'d');
except that add_delete_user_groups() does it in one pass.
add_delete_user_groups()
Add a new group.
Add a new user.
Add user to a group.
Delete a group.
Delete a user.
Delete user from a group.
Get group details by group name or gid.
Either group OR gid must be specified.
group
gid
The function is not dissimilar to Unix's getgrnam() or getgrgid().
getgrnam()
getgrgid()
Get maximum GID used.
Get maximum UID used.
Get user details by username or uid.
Either user OR uid must be specified.
user
uid
The function is not dissimilar to Unix's getpwnam() or getpwuid().
getpwnam()
getpwuid()
Return groups which the user belongs to.
Check whether group exists.
Check whether user is member of a group.
List Unix groups in group file.
List Unix users in passwd file.
List Unix users and groups in passwd/group files.
This is basically list_users() and list_groups() combined, so you can get both data in a single call. Data is returned in an array. Users list is in the first element, groups list in the second.
list_users()
list_groups()
Modify an existing group.
Specify arguments to modify corresponding fields. Unspecified fields will not be modified.
Modify an existing user.
Set the groups that a user is member of.
Set user's password.
Check whether user exists.
* marks required options.
*
Set path to configuration file.
Set configuration profile to use.
Specify location of passwd files.
Default value:
"/etc"
Choose output format, e.g. json, text.
undef
Display help message and exit.
Set output format to json.
When outputing as JSON, strip result envelope.
0
By default, when outputing as JSON, the full enveloped result is returned, e.g.:
[200,"OK",[1,2,3],{"func.extra"=>4}]
The reason is so you can get the status (1st element), status message (2nd element) as well as result metadata/extra result (4th element) instead of just the result (3rd element). However, sometimes you want just the result, e.g. when you want to pipe the result for more post-processing. In this case you can use `--naked-res` so you just get:
[1,2,3]
Do not use any configuration file.
Do not read environment for default options.
Filter output through a pager.
List available subcommands.
Display program's version and exit.
List of group names to add the user as member of (JSON-encoded).
See --add-to.
--add-to
List of group names to add the user as member of.
[]
Can be specified multiple times.
List of group names to remove the user as member of (JSON-encoded).
See --delete-from.
--delete-from
List of group names to remove the user as member of.
Whether to backup when modifying files.
Backup is written with `.bak` extension in the same directory. Unmodified file will not be backed up. Previous backup will be overwritten.
Pick a specific new GID.
Adding a new group with duplicate GID is allowed.
Pick a range for new GID.
65535
If a free GID between `min_gid` and `max_gid` is not found, error 412 is returned.
Fill initial members (JSON-encoded).
See --members.
--members
Fill initial members.
1000
Encrypted password.
The date of expiration of the account, expressed as the number of days since Jan 1, 1970.
Usually, it contains the full username.
Pick a specific GID when creating group.
Duplicate GID is allowed.
Select primary group (default is group with same name as user).
Normally, a user's primary group with group with the same name as user, which will be created if does not already exist. You can pick another group here, which must already exist (and in this case, the group with the same name as user will not be created).
User's home directory.
The date of the last password change, expressed as the number of days since Jan 1, 1970..
Pick a range for GID when creating group.
The number of days after which the user will have to change her password.
Pick a range for new UID.
If a free UID between `min_uid` and `max_uid` is not found, error 412 is returned.
The number of days the user will have to wait before she will be allowed to change her password again.
The number of days after a password has expired (see max_pass_age) during which the password should still be accepted (and user should update her password during the next login).
The number of days before a password is going to expire (see max_pass_age) during which the user should be warned.
Password, generally should be "x" which means password is encrypted in shadow.
User's shell.
Pick a specific new UID.
Adding a new user with duplicate UID is allowed.
By default, a hashref is returned containing field names and its values, e.g. `{group=>"titin", pass=>"x", gid=>500, ...}`. With `with_field_names=>0`, an arrayref is returned instead: `["titin", "x", 500, ...]`.
By default, a hashref is returned containing field names and its values, e.g. `{user=>"titin", pass=>"x", uid=>500, ...}`. With `with_field_names=>0`, an arrayref is returned instead: `["titin", "x", 500, ...]`.
If true, return all fields instead of just group names.
By default, when `detail=>1`, a hashref is returned for each entry containing field names and its values, e.g. `{group=>"titin", pass=>"x", gid=>500, ...}`. With `with_field_names=>0`, an arrayref is returned instead: `["titin", "x", 500, ...]`.
If true, return all fields instead of just usernames.
By default, when `detail=>1`, a hashref is returned for each entry containing field names and its values, e.g. `{user=>"titin", pass=>"x", uid=>500, ...}`. With `with_field_names=>0`, an arrayref is returned instead: `["titin", "x", 500, ...]`.
If true, return all fields instead of just names.
It must be a comma-separated list of user names, or empty.
Numeric group ID.
Group name.
List of usernames that are members of this group, separated by commas.
Password, generally should be "x" which means password is encrypted in gshadow.
Numeric primary group ID for this user.
Numeric user ID.
User (login) name.
List of group names that user is member of (JSON-encoded).
See --groups.
--groups
List of group names that user is member of.
Aside from this list, user will not belong to any other group.
This script has shell tab completion capability with support for several shells.
To activate bash completion for this script, put:
complete -C upf upf
in your bash startup (e.g. ~/.bashrc). Your next shell session will then recognize tab completion for the command. Or, you can also directly execute the line above in your shell to activate immediately.
It is recommended, however, that you install modules using cpanm-shcompgen which can activate shell completion for scripts immediately.
To activate tcsh completion for this script, put:
complete upf 'p/*/`upf`/'
in your tcsh startup (e.g. ~/.tcshrc). Your next shell session will then recognize tab completion for the command. Or, you can also directly execute the line above in your shell to activate immediately.
It is also recommended to install shcompgen (see above).
For fish and zsh, install shcompgen as described above.
This script can read configuration files. Configuration files are in the format of IOD, which is basically INI with some extra features.
By default, these names are searched for configuration filenames (can be changed using --config-path): ~/.config/upf.conf, ~/upf.conf, or /etc/upf.conf.
--config-path
All found files will be read and merged.
To disable searching for configuration files, pass --no-config.
--no-config
To put configuration for a certain subcommand only, use a section name like [subcommand=NAME] or [SOMESECTION subcommand=NAME].
[subcommand=NAME]
[SOMESECTION subcommand=NAME]
You can put multiple profiles in a single file by using section names like [profile=SOMENAME] or [SOMESECTION profile=SOMENAME] or [subcommand=SUBCOMMAND_NAME profile=SOMENAME] or [SOMESECTION subcommand=SUBCOMMAND_NAME profile=SOMENAME]. Those sections will only be read if you specify the matching --config-profile SOMENAME.
[profile=SOMENAME]
[SOMESECTION profile=SOMENAME]
[subcommand=SUBCOMMAND_NAME profile=SOMENAME]
[SOMESECTION subcommand=SUBCOMMAND_NAME profile=SOMENAME]
--config-profile SOMENAME
You can also put configuration for multiple programs inside a single file, and use filter program=NAME in section names, e.g. [program=NAME ...] or [SOMESECTION program=NAME]. The section will then only be used when the reading program matches.
program=NAME
[program=NAME ...]
[SOMESECTION program=NAME]
Finally, you can filter a section by environment variable using the filter env=CONDITION in section names. For example if you only want a section to be read if a certain environment variable is true: [env=SOMEVAR ...] or [SOMESECTION env=SOMEVAR ...]. If you only want a section to be read when the value of an environment variable has value equals something: [env=HOSTNAME=blink ...] or [SOMESECTION env=HOSTNAME=blink ...]. If you only want a section to be read when the value of an environment variable does not equal something: [env=HOSTNAME!=blink ...] or [SOMESECTION env=HOSTNAME!=blink ...]. If you only want a section to be read when an environment variable contains something: [env=HOSTNAME*=server ...] or [SOMESECTION env=HOSTNAME*=server ...]. Note that currently due to simplistic parsing, there must not be any whitespace in the value being compared because it marks the beginning of a new section filter or section name.
env=CONDITION
[env=SOMEVAR ...]
[SOMESECTION env=SOMEVAR ...]
[env=HOSTNAME=blink ...]
[SOMESECTION env=HOSTNAME=blink ...]
[env=HOSTNAME!=blink ...]
[SOMESECTION env=HOSTNAME!=blink ...]
[env=HOSTNAME*=server ...]
[SOMESECTION env=HOSTNAME*=server ...]
List of available configuration parameters:
etc_dir (see --etc-dir) format (see --format) naked_res (see --naked-res)
add_to (see --add-to) delete_from (see --delete-from) user (see --user)
backup (see --backup) gid (see --gid) group (see --group) max_gid (see --max-gid) members (see --members) min_gid (see --min-gid)
backup (see --backup) encpass (see --encpass) expire_date (see --expire-date) gecos (see --gecos) gid (see --gid) group (see --group) home (see --home) last_pwchange (see --last-pwchange) max_gid (see --max-gid) max_pass_age (see --max-pass-age) max_uid (see --max-uid) min_gid (see --min-gid) min_pass_age (see --min-pass-age) min_uid (see --min-uid) pass (see --pass) pass_inactive_period (see --pass-inactive-period) pass_warn_period (see --pass-warn-period) shell (see --shell) uid (see --uid) user (see --user)
group (see --group) user (see --user)
backup (see --backup) group (see --group)
backup (see --backup) user (see --user)
gid (see --gid) group (see --group) with_field_names (see --without-field-names)
uid (see --uid) user (see --user) with_field_names (see --without-field-names)
detail (see --detail) user (see --user) with_field_names (see --without-field-names)
gid (see --gid) group (see --group)
detail (see --detail) with_field_names (see --without-field-names)
admins (see --admins) backup (see --backup) encpass (see --encpass) gid (see --gid) group (see --group) members (see --members) pass (see --pass)
backup (see --backup) encpass (see --encpass) expire_date (see --expire-date) gecos (see --gecos) gid (see --gid) home (see --home) last_pwchange (see --last-pwchange) max_pass_age (see --max-pass-age) min_pass_age (see --min-pass-age) pass_inactive_period (see --pass-inactive-period) pass_warn_period (see --pass-warn-period) shell (see --shell) uid (see --uid) user (see --user)
groups (see --groups) user (see --user)
backup (see --backup) pass (see --pass) user (see --user)
uid (see --uid) user (see --user)
Specify additional command-line options.
~/.config/upf.conf
~/upf.conf
/etc/upf.conf
Please visit the project's homepage at https://metacpan.org/release/App-upf.
Source repository is at https://github.com/perlancar/perl-App-upf.
Please report any bugs or feature requests on the bugtracker website https://rt.cpan.org/Public/Dist/Display.html?Name=App-upf
When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.
perlancar <perlancar@cpan.org>
This software is copyright (c) 2020, 2015 by perlancar@cpan.org.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
To install App::upf, copy and paste the appropriate command in to your terminal.
cpanm
cpanm App::upf
CPAN shell
perl -MCPAN -e shell install App::upf
For more information on module installation, please visit the detailed CPAN module installation guide.