The module has a single dialog to handle the process. Here is a description of every fields.
If you update the account database from a given file, you may want to remember what you did and the options you selected. Enter a configuration name (a single word, no space), fill the other fields and hit the "save configuration" button.
Later, when you visit the dialog, click on the help list button (right next to the field) and pick the configuration name. The dialog will reload itself with the configuration you saved.
There are zillions of database out there and Linuxconf can't hope to understand them all. Instead, Linuxconf expects a tab delimited file containing one account per line. Most database tools can export using such a format. The fields in each line generally are:
Some of the fields may be missing from the file. The module has some facility to supply the missing information. See the parsing section below.
Instead of using an intermediate file, you may want to extract the account information directly using a command. The command must output the account information as a TAB delimited ASCII text (like the data file).
Using this strategy, there is no need to produce an intermediate file: The accountbatch module execute the command, which extract the information from some database and the module process the output on the fly.
The "data command" can't be used with the "data file path". Use one or the other.
The Linux account database (/etc/passwd) contains several special user accounts. For schools, it may also contain accounts for teachers, technicians and so on. You external database may be only authoritative for a subset of the Linux accounts (the students).
When enabling the "Delete old accounts" check box, this field (operate on group above) is the key to limit the scope of the process. Every Linux account not found in the data file (or produced by the data command) will be deleted, if and only if, the account group id is greater or equal to the group specified here.
Note that using this field is seldom practical. In general, one prefer to update accounts member of few specific group.
Instead of limiting the scope of the deletion process (explained above) to group above a certain threshold, you can enumerate the groups on which the process must operate. Any user account not member of those groups won't be deleted/disabled, even if it is not part of the data file.
You can specify a single star (*) as well. This means the module is authoritative on all groups found in the input file.
When attempting to delete or disable accounts, accountbatch may run a command operating as a filter. The command reads a list of account proposed for deletion on its standard input and produces a result list on its standard output. The result simply confirm which accounts may be deleted.
In general, you write a shell to protect some special accounts not created by accountbatch (not part of the input file).
Accountbatch produces extensive statistics about the account it created, updated, disabled or deleted. If you specify a log file, all the reports will be copied silently (appended) to that file.
The module expect either a file, or the output of a command with a specific format. It expects one line per record. The TAB character is used as the field separator. We often have an almost suitable file: Important fields are available, some are missing and the order is wrong. In this section, we can fixe some problems.
The file normally contains the following fields:
For every field, there is two input in the parsing section. The first is a list box where you can select the following
/home/#3/#1
The is the login identifier.
Sometime, we have a user account list where the login is made or only numbers. Many linux applications expect a user ID to start with a letter. We can specify a prefix.
One may achieve the same trick more generally using the "format" feature explained above.
You specify here which column contains the password. "Not supplied" means that the default value will be used. An empty default value means no password (the account is disabled). "generate" means the module will invent a password and produce a list of password assignments.
The module may be used to perform 3 tasks. You can select which one you want independently using 3 check boxes.
Any account not found in the Linux account database will be added if this check-box is selected.
Existing account will be updated according to the selection done in the updates section. You must select the various fields you wish to update (home,password,shell,name,...).
Any Linux account not found in the data file, member of one of the specified group, or with a group id above a given threshold will be deleted.
Instead of deleting accounts, the module may disable them. You must use Delete or Disable, not both.
You may want to preserve the data owned by the account you are deleting. Or you may want to delete it or archive it. You can select the behavior. The account data is the home directory and the mail in-box folder.
Archiving is done by moving all the data in a compress tar file, located
in the oldaccounts directory. The directory is created as needed
in the same directory holding the home of the user account.
Archiving is probably the recommend practice. You may want to clean the
oldaccounts directory a couple month later, just in case the user
come back to retrieve some personal documents.
The test button produce a report of the action done. It will tell you which account would be added, deleted and updated. It is a good idea to experiment with the module using this button to make sure you understand its behavior. Having a good backup of the system is not a bad idea either :-)
The preview button displays the first 20 account lines. It allows you to check the parsing of the input file and see if each field as been properly identified.
Once you are satisfied, after using the test button a couple time, you hit the accept button. Then the real processing goes on. A pop-up window shows up, with completion bar. Each one shows the progress of the three operation (add, delete, update).
Note that archiving an account may be a fairly slow process. So if you delete many accounts, you may take a coffee ... or two.