Date: Tue, 3 Jan 1995 17:13:57 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: jkh@time.cdrom.com (Jordan K. Hubbard) Cc: hackers@freebsd.org Subject: Re: New adduser script Message-ID: <9501032313.AA13094@brasil.moneng.mei.com> In-Reply-To: <11724.789169119@time.cdrom.com> from "Jordan K. Hubbard" at Jan 3, 95 01:38:39 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Can it handle sites like freefall, where different groups of people > get assigned to the end of some range? (e.g hackers get the next 6xx > uid, WC staff get 2xxx, archive maintainers get 1xxx, etc). > > If so, *I* would sure use it! :-) Creating accounts on freefall now is > kind of a pain in the butt. You need to find the next free uid in the > 600 range (for 99% of new users, anyway), then create the account, > then make a corresponding group id, then create the REAL home dir in > /a, then chown it to <user>.<user>, then create a symlink to it in > /home. > > I'll agree that it's probably something of a special case, but it's not > a bad model, either. kinda a trivial case... :-) consider tossing automounted homes and the like into the fray - access to multiple systems, some depending on group memberships - etc etc. ;-) What would be really excellent is a consistent interface to do particular parts of the "adduser" phase, because some of us are ultimately going to have to roll our own administrative tools, as has been done in the past. It would be real nice to say pwd_add jkh guest,uuadmin /home/wye/u0/jkh "Jordan K. Hubbard" passwd and have this program just add the friggin' passwd file entry, encrypt the password, maybe piddle with groups, and be done. Given enough "small module" functionality, it would become much easier to write adduser scripts for particularly complex environments. My adduser script for the Sun actually calls "vipw" with a munged VISUAL environment variable to do the dirty work. Gross!! Gross!! But it was the only reasonable way to get it working reliably. The rest of it is highly tied in with my paperwork/accounting system and security system - unfortunately, I have to do gross things like separate users into "underage" and "adult" groups, to prevent kiddies from reading alt.sex, or to prevent them from downloading alt.binaries.pictures.erotica.* and having their parents sue my butt off. That means that the monolithic adduser script is pretty much useless. (I know, it sucks.) Anyone else in a situation like this? Can we work out an "interface" of some sort that provides modules to do things, while not locking somebody in too much? I can see a few obvious ones: pwd_add, pwd_delete, homedir_add (create home dir, create dotfiles from /usr/share/skel, set modes), homedir_delete, grp_add, etc... Then we can roll a generic 5-line "adduser" metascript, and it would be a little easier to customize on a per-site basis... ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9501032313.AA13094>