{"id":45704963,"url":"https://github.com/alexlance/userd","last_synced_at":"2026-02-25T00:10:05.446Z","repository":{"id":149715239,"uuid":"68456646","full_name":"alexlance/userd","owner":"alexlance","description":"Userd gathers user account information from the specified git repository, then administrates the Linux accounts and their ssh access across particular servers.","archived":false,"fork":false,"pushed_at":"2024-01-19T00:08:42.000Z","size":125,"stargazers_count":9,"open_issues_count":4,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-01-19T12:34:30.945Z","etag":null,"topics":["account","centos","debian","linux","management","ssh","ubuntu","user"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alexlance.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-09-17T14:20:44.000Z","updated_at":"2024-01-19T12:34:30.946Z","dependencies_parsed_at":"2023-04-25T15:02:21.358Z","dependency_job_id":null,"html_url":"https://github.com/alexlance/userd","commit_stats":null,"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"purl":"pkg:github/alexlance/userd","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexlance%2Fuserd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexlance%2Fuserd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexlance%2Fuserd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexlance%2Fuserd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alexlance","download_url":"https://codeload.github.com/alexlance/userd/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexlance%2Fuserd/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29806147,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-24T22:43:48.403Z","status":"ssl_error","status_checked_at":"2026-02-24T22:43:18.536Z","response_time":75,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["account","centos","debian","linux","management","ssh","ubuntu","user"],"created_at":"2026-02-25T00:10:04.725Z","updated_at":"2026-02-25T00:10:05.438Z","avatar_url":"https://github.com/alexlance.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"userd v1.21\n===========\n\n\nDebian/Ubuntu/CentOS user management\n------------------------------------\n\nUser account and ssh key management on Linux.\n\nUserd gathers user account definitions from a git repository, then\nadministrates the user accounts and ssh access for Linux servers.\n\n\n### Installation\n\nDownload the latest `userd` binary from the github releases tab and put the\nfile into a $PATH. Ensure the file is executable. Then add it as a cron\njon or systemd timer on every server that you want to administrate.\n\n    # /etc/crontab\n    */15 * * * * root userd --realm development --repo https://github.com/somewhere/ourusers\n\n\n### Git repository\n\nWhen the application is run, `userd` clones a git repository into memory.\n\nThe repository should contain a list of users. `Userd` checks that list and\nadds or removes user accounts from a server as required.\n\n    The user account git repository should be locked down to prevent unauthorized write access.\n\nIf the git repo contains ssh public keys, `userd` will keep each user's\n`~/.ssh/authorized_keys` up to date with those keys. Each user's group membership\n(and other account details) will be updated as well.\n\nSince all user administration is performed by git repository commits, there is\na solid audit trail behind every access that is granted to every user. A Pull\nRequest may be created by unauthorized users to kick-start a grant for access.\n\n\n### Realms\n\nRealms are used to define access perimeters. The actual realm names are\narbitrary and defined by you.\n\nEach server belongs to a realm. The realm name is used by `userd` to decide\nwhether a user account should or shouldn't exist on a server (ie is _this_ user\nin _that_ realm?).\n\nYou might decide to define your realms quite broadly eg: green, orange, red.\nOr take a fine-grained approach eg: using each server's hostname or IP address\nas a separate realm.\n\nFor example, we use *AWS Instance Profile names* as our realms. This works\nbecause our particular applications are spread across multiple servers that may\nall have the same Instance Profile name.\n\n\n### User definition format\n\nThe git repository that contains all the user accounts should contain multiple\nJSON files, **one JSON file per user**. Each JSON file should have the file suffix\n`.json`.\n\nThe contents of one file should define all the servers and groups that one user\nbelongs to, eg here is `jane.smith.json`:\n\n    {\n      \"username\": \"jsmith\",\n      \"comment\": \"Jane Smith\",\n      \"realms\": [\n        \"production\",\n        \"development\",\n        \"test-*\"\n      ],\n      \"groups\": [\n        \"admin\",\n        \"sudo:development\"\n      ],\n      \"shell\": \"/bin/bash\",\n      \"password\": \"[encrypted-password-hash]\",\n      \"ssh_keys\": [\n          \"ssh-ed25519 AAAAC3NzaKYCoqgI7JQGXzMQ jsmith@home\"\n      ]\n    }\n\nIn this example Jane will be added to all servers that are part of the\n*production* or *development* realms, she will also be granted access to\n**every realm** whose name begins with \"test-\".\n\nJane will be in the *admin* group for every realm, but will only be in\nthe *sudo* group for the *development* realm.\n\nThe encrypted password hash can be generated using the `openssl` tool, eg:\n\n    openssl passwd -1\n    Password: [enter a new password]\n    Verifying - Password: [enter it again]\n    $1$uxa.NCuA$Y6FQJaSRaRtfK1OUcOD5P1\n\nMost fields in the JSON file can be omitted if they are not desired. If the\n*realms* are set to an empty array `[]` then that user account will be removed\nfrom every server that `userd` is administrating.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexlance%2Fuserd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falexlance%2Fuserd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexlance%2Fuserd/lists"}