[SUCS Devel] Sanity of the signup scripts
rollercow at sucs.org
Tue Jul 10 17:25:47 BST 2007
On 10 Jul 2007, at 16:45, Andrew Price wrote:
> To create user accounts once new members have signed up we've
> got apache allowed to run the useradd.apache.ldap shell script with
> and when it does, it spews a bunch of confusing messages into the
> web page.
Just give the system() call a $var to throw the output to, that'll
shut it up, the output is only really there for debugging in anycase.
> I've had a brief look into how it would be done better but I seem to
> have a lack of knowledge (and a certain amount of paranoia) when it
> comes to giving apache root access to things like adding users. My
> deeply paranoid self says there should be some human intervention
> useradd gets called.
Unless your volunteering to baby sit it for the next n years... no!
> My slightly less paranoid and more practical self
> says there should be a separate user adding system that runs as
> root and
> just processes validated requests from apache to add users.
Separate user adding system? run as root? kinda like the
useradd.apache.ldap script perhaps? ;)
Validated how exactly?
> My lazy self
> says we should just implement the shell script in a php and use one of
> those crazy php su systems to get root instead of using sudo. I'd like
> to hear more opinions of how to do this in the least kludgy way
What's wrong with using sudo like the current system?
> Other than that, we just need to make sure the script doesn't dump
> on new members and eventually implement a single-signup tool so we
> have to screw around with signup slips when some random person comes
> along to the room and wants to sign up.
That's certainly the plan, once the admin stuff gets implemented again.
Chris Jones, SUCS Admin
More information about the Devel