Section: User Contributed Perl Documentation (1)
Updated: perl v5.6.1
Return to Main Contents


savannahusers - manage shell accounts with  


    savannahusers [--help] [--verbose] [--fake]
          [--firstuid=<number>] [--lastuid=<number>]
          [--reuse] [--user=<login>]
          [--allow-conflicts] [--www] [--ssh=<prog>] --file <file.xml>



It is convenient to use Savannah ( to manage accounts on a machine that is completly unrelated to Savannah itself. For instance, the project lists all the users who should have a shell account on the machine.

A cron job on the target machine ( in this case) can fetch the list of users from Savannah and update the password files accordingly. Adding a user to the machine can then simply be done by adding the user as a developer of the project.

By default savannahusers only use a limited range of uid (61000 to 62000) to avoid interferences with existing users.  


You should do the following before using the savannahusers on the machine.
create a Savannah project
You should first login, register a new project named gnuxxx. The only thing required is to explain the following in the project description:

    Manage accounts on  Each member of the
    project has an ssh account and can login with her
    ssh protocol 1 public key. Automated.

create a saccount user
The saccount user is needed in order to avoid using the environment of the root user since it's potentialy hazardous for security.

  useradd -m -p '*' -c 'Savannah Account Creation' -d /home/saccount saccount

add saccount to sudoers
The only action this user needs to do with root permissions is to run the savannahuser script. This can be done by adding a line in the sudoer file.

  saccount      ALL=(root) NOPASSWD:  /usr/bin/savannahusers

send saccount ssh public of
The ssh public key of root on will needed to be registered in the authorized_keys file of the xmlbase user on

  ssh-keygen or ssh-keygen1

Do "not" set the passphrase. Only type return when asked for one.

Send it to, saying that it's for the project gnuxxx. Once it is added, you should be able to run:

   rsync --rsh=ssh .

as saccount. This will download a file with account information for the machine, extracted from the member list of the project.

Once these steps are complete, you should be able to install and run savannahusers properly. Before actually doing something, run it a few times using --fake to make sure it does what you expect. When you're satisfied install the cron job and forget about it.  


All user have access to www account. This account must already exists. The ssh public keys of all the users known by savannahusers are inserted in the authorized_key files of this account. All users will be able to login as user www.
Run rsync as <login> user instead of root. The ssh protocol 1 key of the <login> user will be used and should be known to Savannah.
Instead of fetching the account descriptions file with rsync, reuse the file (see --file) that is in the temporary directory on the target machine. When the program terminates the file is not deleted.
The XML account information filename. This is the filename created by the rsync --rsh=ssh xmlbase\ . command. The name of the file is not decided by the target machine. When the program terminates the file is deleted. It is placed in the temporary directory.
--ssh=<prog> (default ssh)
The name of the ssh program to use. For instance --ssh=ssh1.
Only send a warning if a login name conflict occurs. A name conflict occurs when a login name is already in use with a uid outside the range of uid managed by savannah users. The savannahusers script assumes that this user was created independantly by someone with root access on the target machine. As a consequence, savannahusers will refuse to create it (or update it) even if the same login name was registered in the Savannah project. The default behaviour is to abort, with the --allow-conflicts a warning is sent, and the login name is ignored by savannahusers.
--firstuid=<number> (default 61000)
The low bound of the uid range managed by savannahusers.
--lastuid=<number> (default 62000)
The high bound of the uid range managed by savannahusers.
print actions and do nothing
print a short usage message.
print debugging messages on the stderr file descriptor.


Here is a sample cron job that can be stored in the file /etc/cron.d/savannahusers:
  # Update accounts from Savannah project fsffr
  37 20 * * *     saccount    ( date ; sudo /usr/bin/savannahusers \
          --file accounts-fsffr.xml --user saccount --www \
          ) >> /var/log/savannahusers.log 2>&1 < /dev/null

Before installing this cron job you should create the savannahusers.log file and make sure it is owned by the saccount user.

  touch /var/log/savannahusers.log
  chown saccount /var/log/savannahusers.log



Here is a sample logrotate specification that can be stored in the file /etc/logrotate.d/savannahusers:

  /var/log/savannahusers.log {
    rotate 30



Accented names are output in UTF-8. getpwent just discard them. Should either be unaccented using Text-Unaccent.  


Loic Dachary (  





This document was created by man2html, using the manual pages.
Updated: $Date: 2006/04/22 13:07:11 $