User account management

Thread: User account management

Search this list only Search all lists
User account management
	2006-06-12 21:20:56
Folks- Has anyone thought out user management in a prefix setting. An example being apache or mysql which usually run as their own users. Is this the plan for prefix too? I'd like to hear others thoughts on this. thanks matt -- gentoo-osxgentoo.org mailing list

User account management
	2006-06-13 05:52:18
m h wrote: > Folks- > Has anyone thought out user management in a prefix setting. An > example being apache or mysql which usually run as their own users. > Is this the plan for prefix too? > > I'd like to hear others thoughts on this. Is this a call for system-level user/group account management on prefix installs, or am I missing something? -- gentoo-osxgentoo.org mailing list

User account management
	2006-06-13 09:00:28
On 12-06-2006 15:20:56 -0600, m h wrote: > Folks- > Has anyone thought out user management in a prefix setting. An > example being apache or mysql which usually run as their own users. > Is this the plan for prefix too? The last ideas for OSX were to have some propagation tools from prefix to host OS. This is a bit scary, but would mean useradd actions just get forwarded. This requires root privileges of course. The portage people seem to work on something to keep the administration of users added by Portage, and keep that administration synchronised with the real password backend. This initiative is very nice for prefix of course, as it would probably allow us to just plug on that administration... Sorry, I have no pointers... -- Fabian Groffen Gentoo for Mac OS X Project -- gentoo-osxgentoo.org mailing list

User account management
	2006-06-13 09:45:29
Hi, In the past, I had already some implementation for that, where enewuser()/enewgroup() in case of not being root (uid zero) used some 'root.sh' file, containing real commands for the target-userland to be executed by real-root, as well as easy-to-parse comments containing the arguments of previous enewuser/enewgroup calls. What was missing there: to empty the file once it was executed by real-root user, because i had no need yet to really add the users as i did not need to start some daemons installed from prefix-portage yet. But i needed this temporary "passwd-database" to have egetent() recognize not-yet-physically-executed enewuser() calls in addition to real getent-calls. In the attached 'eutils.eclass' look for access to file 'var/spool/emerge/doasroot' and calls to edoasroot(). -- haubi PS: I'm happy to be back again to prefix-portage, currently trying to get some portage-alt-prefix packages to fly on x86-redhat-linux. On Tue, 2006-06-13 at 11:00 +0200, Grobian wrote: > On 12-06-2006 15:20:56 -0600, m h wrote: > > Folks- > > Has anyone thought out user management in a prefix setting. An > > example being apache or mysql which usually run as their own users. > > Is this the plan for prefix too? > > The last ideas for OSX were to have some propagation tools from prefix > to host OS. This is a bit scary, but would mean useradd actions just > get forwarded. This requires root privileges of course. The portage > people seem to work on something to keep the administration of users > added by Portage, and keep that administration synchronised with the > real password backend. This initiative is very nice for prefix of > course, as it would probably allow us to just plug on that > administration... Sorry, I have no pointers... > > -- > Fabian Groffen > Gentoo for Mac OS X Project -- Michael Haubenwallner SALOMON Automation GmbH Forschung & Entwicklung A-8114 Friesach bei Graz mailto:michael.haubenwallnersalomon.at http://www.salomon.at No HTML/MIME please, see http://expita.com/nomim e.html -- gentoo-osxgentoo.org mailing list

User account management
	2006-06-13 18:36:20
Michael- Thanks for your response. I'd like to have a look at your solution but didn't see any attachment. FYI, we have been building prefix under redhat, suse and ubuntu (and some of their derivitives for a bit know). (We also have most of a Java 1.5 stack, this isn't even in normal gentoo). It's not currently publicly available (still waiting for that public repository...). Let me know what you'd be interested in and I'll see what we can do. -matt On 6/13/06, Michael Haubenwallner <michael.haubenwallnersalomon.at> wrote: > Hi, > > In the past, I had already some implementation for that, where > enewuser()/enewgroup() in case of not being root (uid zero) used some > 'root.sh' file, containing real commands for the target-userland to be > executed by real-root, as well as easy-to-parse comments containing the > arguments of previous enewuser/enewgroup calls. > > What was missing there: to empty the file once it was executed by > real-root user, because i had no need yet to really add the users as i > did not need to start some daemons installed from prefix-portage yet. > > But i needed this temporary "passwd-database" to have egetent() > recognize not-yet-physically-executed enewuser() calls in addition to > real getent-calls. > > In the attached 'eutils.eclass' look for access to file > 'var/spool/emerge/doasroot' and calls to edoasroot(). > > -- haubi > PS: I'm happy to be back again to prefix-portage, currently trying to > get some portage-alt-prefix packages to fly on x86-redhat-linux. > > On Tue, 2006-06-13 at 11:00 +0200, Grobian wrote: > > On 12-06-2006 15:20:56 -0600, m h wrote: > > > Folks- > > > Has anyone thought out user management in a prefix setting. An > > > example being apache or mysql which usually run as their own users. > > > Is this the plan for prefix too? > > > > The last ideas for OSX were to have some propagation tools from prefix > > to host OS. This is a bit scary, but would mean useradd actions just > > get forwarded. This requires root privileges of course. The portage > > people seem to work on something to keep the administration of users > > added by Portage, and keep that administration synchronised with the > > real password backend. This initiative is very nice for prefix of > > course, as it would probably allow us to just plug on that > > administration... Sorry, I have no pointers... > > > > -- > > Fabian Groffen > > Gentoo for Mac OS X Project > -- > Michael Haubenwallner SALOMON Automation GmbH > Forschung & Entwicklung A-8114 Friesach bei Graz > mailto:michael.haubenwallnersalomon.at http://www.salomon.at > No HTML/MIME please, see http://expita.com/nomim e.html > > -- > gentoo-osxgentoo.org mailing list > > -- gentoo-osxgentoo.org mailing list

User account management
	2006-06-13 18:41:28
On 13-06-2006 12:36:20 -0600, m h wrote: > It's not currently > publicly available (still waiting for that public repository...). On -dev a huge thread has emerged over the project Sunrise, several people seem to have left because of it, and the one responsible hasn't replied. So I guess we better host it ourselves far away from Gentoo hardware somewhere... -- Fabian Groffen Gentoo for Mac OS X Project -- gentoo-osxgentoo.org mailing list

User account management
	2006-06-14 06:57:18
On Tue, 2006-06-13 at 12:36 -0600, m h wrote: > Michael- > > Thanks for your response. I'd like to have a look at your solution > but didn't see any attachment. Even not in the second mail I sent 4 minutes later, imo with attachment ? > > FYI, we have been building prefix under redhat, suse and ubuntu (and > some of their derivitives for a bit know). (We also have most of a > Java 1.5 stack, this isn't even in normal gentoo). It's not currently > publicly available (still waiting for that public repository...). > > Let me know what you'd be interested in and I'll see what we can do. > > -matt > > On 6/13/06, Michael Haubenwallner <michael.haubenwallnersalomon.at> wrote: > > Hi, > > > > In the past, I had already some implementation for that, where > > enewuser()/enewgroup() in case of not being root (uid zero) used some > > 'root.sh' file, containing real commands for the target-userland to be > > executed by real-root, as well as easy-to-parse comments containing the > > arguments of previous enewuser/enewgroup calls. > > > > What was missing there: to empty the file once it was executed by > > real-root user, because i had no need yet to really add the users as i > > did not need to start some daemons installed from prefix-portage yet. > > > > But i needed this temporary "passwd-database" to have egetent() > > recognize not-yet-physically-executed enewuser() calls in addition to > > real getent-calls. > > > > In the attached 'eutils.eclass' look for access to file > > 'var/spool/emerge/doasroot' and calls to edoasroot(). > > > > -- haubi > > PS: I'm happy to be back again to prefix-portage, currently trying to > > get some portage-alt-prefix packages to fly on x86-redhat-linux. > > > > On Tue, 2006-06-13 at 11:00 +0200, Grobian wrote: > > > On 12-06-2006 15:20:56 -0600, m h wrote: > > > > Folks- > > > > Has anyone thought out user management in a prefix setting. An > > > > example being apache or mysql which usually run as their own users. > > > > Is this the plan for prefix too? > > > > > > The last ideas for OSX were to have some propagation tools from prefix > > > to host OS. This is a bit scary, but would mean useradd actions just > > > get forwarded. This requires root privileges of course. The portage > > > people seem to work on something to keep the administration of users > > > added by Portage, and keep that administration synchronised with the > > > real password backend. This initiative is very nice for prefix of > > > course, as it would probably allow us to just plug on that > > > administration... Sorry, I have no pointers... > > > > > > -- > > > Fabian Groffen > > > Gentoo for Mac OS X Project > > -- > > Michael Haubenwallner SALOMON Automation GmbH > > Forschung & Entwicklung A-8114 Friesach bei Graz > > mailto:michael.haubenwallnersalomon.at http://www.salomon.at > > No HTML/MIME please, see http://expita.com/nomim e.html > > > > -- > > gentoo-osxgentoo.org mailing list > > > > -- Michael Haubenwallner SALOMON Automation GmbH Forschung & Entwicklung A-8114 Friesach bei Graz mailto:michael.haubenwallnersalomon.at http://www.salomon.at No HTML/MIME please, see http://expita.com/nomim e.html -- gentoo-osxgentoo.org mailing list

User account management
	2006-06-14 07:37:29
On 14-06-2006 08:57:18 +0200, Michael Haubenwallner wrote: > On Tue, 2006-06-13 at 12:36 -0600, m h wrote: > > Michael- > > > > Thanks for your response. I'd like to have a look at your solution > > but didn't see any attachment. > > Even not in the second mail I sent 4 minutes later, imo with > attachment ? I've seen no second mail... maybe the mailing list software doesn't like attachments. sigh -- Fabian Groffen Gentoo for Mac OS X Project -- gentoo-osxgentoo.org mailing list

User account management
	2006-06-14 07:55:35
On Wed, 2006-06-14 at 09:37 +0200, Grobian wrote: > On 14-06-2006 08:57:18 +0200, Michael Haubenwallner wrote: > > On Tue, 2006-06-13 at 12:36 -0600, m h wrote: > > > Michael- > > > > > > Thanks for your response. I'd like to have a look at your solution > > > but didn't see any attachment. > > > > Even not in the second mail I sent 4 minutes later, imo with > > attachment ? > > I've seen no second mail... maybe the mailing list software doesn't like > attachments. sigh hmm, it was 'eutils.eclass.bz2' with ~15kB, have extracted the relevant bits, trying as plaintext attachment... -- Michael Haubenwallner SALOMON Automation GmbH Forschung & Entwicklung A-8114 Friesach bei Graz mailto:michael.haubenwallnersalomon.at http://www.salomon.at No HTML/MIME please, see http://expita.com/nomim e.html # Small wrapper for getent (Linux), nidump (Mac OS X), # and pw (FreeBSD) used in enewuser()/enewgroup() # Joe Jezak <josejxgmail.com> and usatagentoo.org # FBSD stuff: Aaron Walker <ka0tticgentoo.org> # # egetent(database, key) egetent() { local euser= euid= egroup= egid= eentry= while read line do case "$1:$" in 'passwd:# enewuser:') eval $(echo "$" \ \| awk -F":" "{ print \"euser='\"\$2\"'\"; print \"euid='\"\$3\"'\"; print \"eentry='\"\$2\":\& quot;\$3\":\"\$4\":\"\$5\&q uot;:\"\$6\":\"\$7\"'\" ;; }") if [[ $ = $2 ]] \|\| [[ $ = $2 ]] then echo "$" return 0 fi ;; 'group:# enewgroup:') eval $(echo "$" \ \| awk -F":" "{ print \"egroup='\"\$2\"'\"; print \"egid='\"\$3\"'\"; print \"eentry='\"\$2\":\& quot;\$3\":'\"; }") if [[ $ = $2 ]] \|\| [[ $ = $2 ]] then echo "$" return 0 fi ;; esac done <<-EOE $(cat "$$"var/spool/emerge/doasroot) EOE if [[ "$" == "Darwin" ]] ; then case "$2" in [!0-9]) # Non numeric nidump $1 . \| awk -F":" "{ if (\$1 ~ /^$2$/) {print \$0;exit;} }" ;; ) # Numeric nidump $1 . \| awk -F":" "{ if (\$3 == $2) {print \$0;exit;} }" ;; esac elif [[ "$" == "BSD" ]] ; then local action if [ "$1" == "passwd" ] then action="user" else action="group" fi pw show "$" "$2" -q else which nscd >& /dev/null && nscd -i "$1" getent "$1" "$2" fi } edoasroot() { if [[ $ != / ]] \|\| ( use secondary && [[ $(id -un) != root ]] ) then touch "$$"var/spool/emerge/doasroot [ -n "$1" ] && echo "$1" >> "$$"var/spool/emerge/doasroot shift [ -n "$" ] && echo "$( for arg in "$" do echo -n "'$' " done )" >> "$$"var/spool/emerge/doasroot return 0 fi shift eval "$" } # Simplify/standardize adding users to the system # vapiergentoo.org # # enewuser(username, uid, shell, homedir, groups, extra options) # # Default values if you do not specify any: # username: REQUIRED ! # uid: next available (see useradd(8)) # note: pass -1 to get default behavior # shell: /bin/false # homedir: /dev/null # groups: none # extra: comment of 'added by portage for $' enewuser() { # get the username local euser=$1; shift if [[ -z $ ]] ; then eerror "No username specified !" die "Cannot call enewuser without a username" fi # lets see if the username already exists if [[ $ == $(egetent passwd "$" \| cut -d: -f1) ]] ; then return 0 fi einfo "Adding user '$' to your system ..." # options to pass to useradd local opts= # handle uid local euid=$1; shift if [[ ! -z $ ]] && [[ $ != "-1" ]] ; then if [[ $ -gt 0 ]] ; then if [[ ! -z $(egetent passwd $) ]] ; then euid="next" fi else eerror "Userid given but is not greater than 0 !" die "$ is not a valid UID" fi else euid="next" fi if [[ $ == "next" ]] ; then local pwrange if [[ $ == "BSD" ]] ; then pwrange=$(jot 898 101) else pwrange=$(seq 101 999) fi for euid in $ ; do [[ -z $(egetent passwd $) ]] && break done fi opts="$ -u $" einfo " - Userid: $" # handle shell local eshell=$1; shift if [[ ! -z $ ]] && [[ $ != "-1" ]] ; then if [[ ! -e $ ]] ; then eerror "A shell was specified but it does not exist !" die "$ does not exist" fi else case $ in Darwin) eshell="/usr/bin/false";; BSD) eshell="/usr/sbin/nologin";; ) eshell="/bin/false";; esac fi einfo " - Shell: $" opts="$ -s $" # handle homedir local ehome=$1; shift if [[ -z $ ]] \|\| [[ $ == "-1" ]] ; then ehome="/dev/null" fi einfo " - Home: $" opts="$ -d $" # handle groups local egroups=$1; shift local defgroup="" exgroups="" if [[ ! -z $ ]] ; then local oldifs=$ export IFS="," for g in $ ; do export IFS=$ if [[ -z $(egetent group "$") ]] ; then eerror "You must add group $ to the system first" die "$ is not a valid GID" fi if [[ -z $ ]] ; then defgroup=$ else exgroups="$,$" fi export IFS="," done export IFS=$ opts="$ -g $" if [[ ! -z $ ]] ; then opts="$ -G ${exgroups:1}" fi else egroups="(none)" fi einfo " - Groups: $" # handle extra and add the user local oldsandbox=$ export SANDBOX_ON="0" edoasroot "# enewuser:$:$:$:added by portage for $:$:$" case $ in Darwin) ### Make the user if [[ -z $ ]] ; then edoasroot '' dscl . create /users/$ uid $ edoasroot '' dscl . create /users/$ shell $ edoasroot '' dscl . create /users/$ home $ edoasroot '' dscl . create /users/$ realname "added by portage for $" ### Add the user to the groups specified local oldifs=$ export IFS="," for g in $ ; do edoasroot '' dscl . merge /groups/$ users $ done export IFS=$ else einfo "Extra options are not supported on Darwin yet" einfo "Please report the ebuild along with the info below" einfo "eextra: $" die "Required function missing" fi ;; BSD) if [[ -z $ ]] ; then edoasroot '' pw useradd $ $ \ -c "added by portage for $" \ die "enewuser failed" else einfo " - Extra: $" edoasroot '' pw useradd $ $ \ "$" \|\| die "enewuser failed" fi ;; ) if [[ -z $ ]] ; then edoasroot '' useradd $ $ \ -c "added by portage for $" \ \|\| die "enewuser failed" else einfo " - Extra: $" edoasroot '' useradd $ $ "$" \ \|\| die "enewuser failed" fi ;; esac export SANDBOX_ON=$ if [ ! -e "$" ] && [ ! -e "$/$" ] then einfo " - Creating $ in $" dodir $ edoasroot '' fowners $ $ edoasroot '' fperms 755 $ fi } # Simplify/standardize adding groups to the system # vapiergentoo.org # # enewgroup(group, gid) # # Default values if you do not specify any: # groupname: REQUIRED ! # gid: next available (see groupadd(8)) # extra: none enewgroup() { # get the group local egroup="$1"; shift if [ -z "$" ] then eerror "No group specified !" die "Cannot call enewgroup without a group" fi # see if group already exists if [ "$" == "`egetent group \"$\" \| cut -d: -f1`" ] then return 0 fi einfo "Adding group '$' to your system ..." # options to pass to useradd local opts= # handle gid local egid="$1"; shift if [ ! -z "$" ] then if [ "$" -gt 0 ] then if [ -z "`egetent group $`" ] then if [[ "$" == "Darwin" ]]; then opts="$ $" else opts="$ -g $" fi else egid="next available; requested gid taken" fi else eerror "Groupid given but is not greater than 0 !" die "$ is not a valid GID" fi else egid="next available" fi einfo " - Groupid: $" # handle extra local eextra="$" opts="$ $" # add the group local oldsandbox="$" export SANDBOX_ON="0" edoasroot "# enewgroup:$:$" if [[ "$" == "Darwin" ]]; then if [ ! -z "$" ]; then einfo "Extra options are not supported on Darwin/OS X yet" einfo "Please report the ebuild along with the info below" einfo "eextra: $" die "Required function missing" fi # If we need the next available case $ in [!0-9]) # Non numeric for egid in `jot 898 101`; do [ -z "`egetent group $`" ] && break done esac edoasroot '' dscl . create /groups/$ gid $ edoasroot '' dscl . create /groups/$ passwd '' elif [[ "$" == "BSD" ]] ; then case $ in [!0-9]*) # Non numeric for egid in `jot 898 101`; do [ -z "`egetent group $`" ] && break done esac edoasroot '' pw groupadd $ -g $ \|\| die "enewgroup failed" else edoasroot '' groupadd $ $ \|\| die "enewgroup failed" fi export SANDBOX_ON="$" }

[1-9]

about | contact Other archives ( Real Estate discussion Medical topics )