[SUCS Devel] Sanity of the signup scripts

Andrew Price welshbyte at sucs.org
Tue Jul 10 16:45:45 BST 2007


To create user accounts once new members have signed up we've currently
got apache allowed to run the useradd.apache.ldap shell script with sudo
and when it does, it spews a bunch of confusing messages into the web page.

I've had a brief look into how it would be done better but I seem to
have a lack of knowledge (and a certain amount of paranoia) when it
comes to giving apache root access to things like adding users. My
deeply paranoid self says there should be some human intervention before
useradd gets called. My slightly less paranoid and more practical self
says there should be a separate user adding system that runs as root and
just processes validated requests from apache to add users. My lazy self
says we should just implement the shell script in a php and use one of
those crazy php su systems to get root instead of using sudo. I'd like
to hear more opinions of how to do this in the least kludgy way possible.

Other than that, we just need to make sure the script doesn't dump spew
on new members and eventually implement a single-signup tool so we don't
have to screw around with signup slips when some random person comes
along to the room and wants to sign up.

Comments appreciated.

--
Andy Price




More information about the Devel mailing list