[SUCS Devel] Sanity of the signup scripts

[Chris Jones]

On 10 Jul 2007, at 16:45, Andrew Price wrote:

> To create user accounts once new members have signed up we've  
> currently
> got apache allowed to run the useradd.apache.ldap shell script with  
> sudo
> and when it does, it spews a bunch of confusing messages into the  
> web page.

Just give the system() call a $var to throw the output to, that'll  
shut it up, the output is only really there for debugging in anycase.

> I've had a brief look into how it would be done better but I seem to
> have a lack of knowledge (and a certain amount of paranoia) when it
> comes to giving apache root access to things like adding users. My
> deeply paranoid self says there should be some human intervention  
> before
> useradd gets called.

Unless your volunteering to baby sit it for the next n years... no!

> My slightly less paranoid and more practical self
> says there should be a separate user adding system that runs as  
> root and
> just processes validated requests from apache to add users.

Separate user adding system? run as root? kinda like the  
useradd.apache.ldap script perhaps? ;)

Validated how exactly?

> My lazy self
> says we should just implement the shell script in a php and use one of
> those crazy php su systems to get root instead of using sudo. I'd like
> to hear more opinions of how to do this in the least kludgy way  
> possible.

Seriously, why?

What's wrong with using sudo like the current system?

> Other than that, we just need to make sure the script doesn't dump  
> spew
> on new members and eventually implement a single-signup tool so we  
> don't
> have to screw around with signup slips when some random person comes
> along to the room and wants to sign up.

That's certainly the plan, once the admin stuff gets implemented again.

--
Chris Jones, SUCS Admin
http://sucs.org