![(please configure the [header_logo] section in trac.ini)](/userpkg/static/userpkg-logo.png){kind=logo}
userpkg
userpkg is an approach to handling the problem of configuring administrative users on Debian-style servers, especially where no centralised authentication scheme exists.
With userpkg, admin users are installed as packages. The package for a user contains a small number of files, including an ssh public key. The userpkg command finds an available username, and sets up the new user. ssh access is configured and sudo rights are granted. A password is generated and securely communicated to the new user.
How you get those user packages onto the server is up to you -- you can copy the .deb files onto the server and run dpkg, or you can set up a private repository.
the user package
Typically installed in /etc/userpkg/''packagename''/, the user package contains the following files :-
- /etc/userpkg/''packagename''/
- usernames -- a space-separated list of possible usernames for this user, in priority order
- ssh.pub -- the ssh public key that will allow the user access to the machine
- openpgp.pub -- an openpgp public key, used for secure notification of the user's setup
- gecos -- metadata about the user; full name, email address, etc.
These files are read by the userpkg command, which is automatically invoked as part of the package postinstallation.
capabilities
userpkg will be able to :-
- provision a new user, optionally "taking over" a pre-existing account
- update a user, updating the ssh key and generating a new password
- remove a user, offering options to preserve existing files
- assist in creating a 'user package'
status
This is the initial release of userpkg. The current status is :-
- A working userpkg command that can install users
- No working userpkg command to update users
- No working userpkg command to remove users
- No commands to help in creating user packages
Please visit the download page for current options.
features in planning
- create an email redirection from the local account to the user's external email address
- use debconf to handle interaction during user package installation
what userpkg is not
userpkg will not become a generic "install a user" system. If you have a need for provisioning lots of normal users, you should be looking at some alternatives to local accounts (for example, an LDAP solution of some kind).
contribution
Please directly contact the author, Jim Cheetham jim@inode.co.nz, or raise a ticket on this wiki. The userpkg code is licensed under the GNU GPL v3.
