PAMMySQLTools: Manage libnss-mysql and pam-mysql Users via the Shell

Through my work, I faced the problem that we wanted to authenticate users centrally via MySQL. This is not inherently a problem thanks to libnss-mysql and pam-mysql, but unfortunately, there is a lack of programs to manage users effectively.

Therefore, I have written tools that imitate the Linux programs user{add,mod,del} and group{add,mod,del} and published them as PAMMySQLTools on PyPI.

Installation

Thanks to pip, you only need to run the command:

pip install pammysqltools

or

pip3 install pammysqltools

to install the tools. This will install the following programs:

  • myuseradd
  • myusermod
  • myuserdel
  • mygroupadd
  • mygroupmod
  • mygroupdel
  • myimportusers
  • myimportgroups

The myuser* and mygroup* tools are mostly modeled after the Linux programs and behave largely the same.

The tools myimportusers and myimportgroups import users from /etc/passwd and /etc/groups, or /etc/shadow and /etc/gshadow.

For an overview of the arguments, simply append --help.

Example: myuseradd

$ myuseradd --help
Usage: myuseradd [OPTIONS] LOGIN

Options:
  -b, --basedir BASE_DIR          base directory for the home directory of the
                                  new account
  -c, --comment COMMENT           GECOS field of the new account
  -d, --home-dir HOME_DIR         home directory of the new account
  -e, --expiredate EXPIRE_DATE    expiration date of the new account
  -f, --inactive INACTIVE         password inactivity period of the new
                                  account
  -g, --gid GROUP                 name or ID of the primary group of the new
                                  account
  -G, --groups GROUPS             list of supplementary groups of the new
                                  account
  -k, --skel SKEL_DIR             use this alternative skeleton directory
  -K, --key KEY=VALUE             override /etc/login.defs defaults
  -M, --no-create-home / -m, --create-home
                                  do not create the user's home directory
  -U, --no-user-group / -N, --user-group
                                  do not create a group with the same name as
                                  the user
  -o, --non-unique                allow to create users with duplicate (non-
                                  unique) UID
  -p, --password PASSWORD         encrypted password of the new account
  -r, --system                    create a system account
  -s, --shell SHELL               login shell of the new account
  -u, --uid UID                   user ID of the new account
  --config CONF_PATH              path to the config file for this tool
  --help                          Show this message and exit.

Configuration

To customize the database connection and the naming of tables and columns, the file /etc/pam_mysql_manager.conf must be created according to this scheme. Alternatively, the path to the configuration file can be passed with the --config argument. For all options not specified here, the values in the sample file are the defaults.

Once everything is set up, you’re ready to go.

Examples

Create a user:

$ myuseradd testuser

Change the shell:

$ myusermod -s /bin/zsh testuser

Import groups without passwords:

$ mygroupimport -i