[Pkg-shadow-devel] Modifying users/groups outside of /

[Mike Kelly]

Hello,

As part of the Exherbo distribution[1], we are managing users/groups
required by various packages via the package manager with a special
package format[2]. That basically just ends up calling useradd/groupadd
to do the dirty work for us. In the standard case where we are managing
the system installed in /, this works well.  However, problems occur
when we try to install a system to a non-/ root.  (As is the case when
bootstrapping a new system image, for example).

FreeBSD's pw command has support for altering a pwdb elsewhere with its
-V switch[3], however, as far as we can tell, no such option exists for
shadow.

I looked into this a few years ago for another project, and found that,
ignoring PAM, it wasn't too hard to do this, apparently. But, PAM...

We don't want to have to install a full system in these non-/ roots,
meaning we can't just do `chroot /some/path /usr/bin/useradd blah`.

So, do any of you have suggestions on how we can approach this problem?

[1] http://www.exherbo.org/
[2]
http://ciaranm.wordpress.com/2009/01/26/managing-accounts-with-the-package-manager/
[3] http://www.freebsd.org/cgi/man.cgi?query=pw&sektion=8

-- 
Mike Kelly