vitalnix user management suite

The Vitalnix User Management Suite is a collection of programs for managing UNIX users and groups in a multitude of databases. Using a module plugin architecture, arbitrary storage methods can be interfaced with; currently there is support for Shadow, LDAP and MySQL.

The suite comes with useradd(8)-like command-line programs for single operations, programs for synchronization against another data source such as plain text files, web interface scripts, login restriction plugins, and print accounting.

Limits of existing software

A lot of user account maintenance programs I have come across use NSS (“getpwent”) for retrieving information and issue backend-specific (shadow, LDAP) commands for write operations, such as adding, modifying or deleting a user or group.

The standard NSS API is neither thread-safe nor multi-use safe (a single thread, but intertwined invocations of functions). The GNU libc thread-safe extensions do not cover all functions, for example setpwent(). Write support is totally absent from NSS — libc has a mere putpwent() which requires a stdio file handle, which of course does not work with other storage methods such as LDAP or MYSQL.

So most programs implement their own write handling, each coming with its own bulk of bugs, limitations or configuration files (and Vitalnix is surely no different). Gluing programs together requires a tremendous amount of time and often you just do not trust some programs when they ask for information that would normally not be required to perform a given task.

Current project status

Vitalnix provides a library, libvxdb, which encapsulates away the underlying storage mechanism and provides generalized methods of basic operations such as “add a user”, modify, delete. With regard to user/group information retrieval, it is mostly equivalent to NSS, but is designed with thread-safety and multi-use safety in mind from the beginning. I consider the API and code to be rather clean compared to NSS and pwdutils.

Vitalnix is not the solution to everything. For example, it does not allow you to add arbitrary attributes to a user account, even if the underlying storage mechanisms could be adopted to do so. The primary focus on providing a simple (ideally) API and tools to get a typical essential server system (e.g. Windows network logon with SMB) working.

The Vitalnix package is considered to be in beta stage. It works for what we do with it, but it has yet to see widespread usage.

Of course, there is a bit more than just libvxdb. SAMBA Logon Time Restriction and Print Accounting are two parts for example, which are not directly related to user management, but they were nonetheless needed.

Have a read in the full documentation shipped as PDF (programs documented in manpages) in the tarball!