passwd — PyCI /etc/passwd Module

class PasswdFile

ConfigFile class to read and write to /etc/passwd and /etc/shadow

comments()

Returns a list of comments in /etc/passwd

gids()

Returns a list of gids in /etc/passwd

homedirs()

Returns a list of unique home directories in /etc/passwd

read_passwd()

Read /etc/passwd and return it as a list of User objects.

read_shadow()

Read /etc/shadow and assign each User() a ShadowEntry() object based on the found information. Also returns /etc/shadow as a list (useful for doing comparisons).

Note: We don’t use User.get_shadow_entry() to cut down on filesystem reads.

remove(userobj)

Meant to emulate the remove() built-in (for lists).

save()

Overwrites /etc/passwd with the data from self.asList(). Also stores any hashed passwords in /etc/shadow if present.

shells()

Returns a list of unique shells in /etc/passwd

uids()

Returns a list of uids in /etc/passwd

user(username)

If the user exists, returns a User object generated from said user’s properties in /etc/passwd.

users()

Returns a list of users in /etc/passwd

class ShadowEntry(userobj, password='!', password_last_changed='14489', password_days_before_change='0', password_days_must_change='99999', password_days_expire_warn='7', password_days_expiration_disable='', password_days_expiration='', reserved='')

Data structure to store a user’s parameters in /etc/shadow.

Here’s a description of the values (taken directly from ‘man shadow’):

password_last_changed # Today, in days since Jan 1, 1970 that password was last changed password_days_before_change # days before password may be changed password_days_must_change # days after which password must be changed password_days_expire_warn # days before password is to expire that user is warned password_days_expiration_disable # days after password expires that account is disabled password_days_expiration # days since Jan 1, 1970 that account is disabled

asList()

Returns our parameters as a list

class User(username, password, uid, gid, gecos, homedir, shell)

Class for referencing and saving user properties (UID, GID, password, shell, etc)

UserException()

A custom exception for reporting problems performing operations within User()

asList()

Returns the user’s parameters as a list.

Note: Does not include self.shadow.

construct_shadow_entry()

Creates and assigns a NEW ShadowEntry() object as self.shadow using default values.

Note: This is primarily for when you create a new User() object from scratch.

delete()

Permanently delete the user from /etc/passwd and /etc/shadow (if enabled)

disable()

Permanently disables the user’s account by replacing their password hash with ‘!’

expire(days=None)

Sets a user’s password expiration date (in days since Jan 1 1970). If no ‘days’ variable is given it immediately expires their password. Note: Only works on systems with /etc/shadow.

get_password_status()

Sets self.password_status based on the password of this User object (dealing with /etc/shadow if necessary)

get_shadow_entry()

Creates a new ShadowEntry() object from the user’s parameters in /etc/shadow and assigns it to self.shadowobj.

Note: This should only be used when creating a new user from scratch outside of a PasswdFile() object.

hash_password(magic='$1$')

Hash the user’s password if it isn’t already. Stores it as self.password or self.shadow.password appropriately.

lock()

Locks the user’s account by placing an asterisk (*) at the beginning of their password hash.

Example: ‘$1$6zC7IDVb$D0KADmAQwgy4thyPjrwn31’ becomes ‘*$1$6zC7IDVb$D0KADmAQwgy4thyPjrwn31’

This prevents the user from being able to use a password to login.

save()

Saves/updates the user’s properties in /etc/passwd and /etc/shadow

unlock()

Unlocks the user’s account by removing the leading asterisk in their password hash.

crypt_password(password, magic='$1$')

Returns a shadow-valid encrypted password hash (using ‘$1$’ magic by default).

get_user_password_status(username)

Returns the password status (‘Password’, ‘Empty Password’, or ‘Disabled’) of the given user.

list_etc_passwd()

Returns /etc/passwd as a list of strings.