[SUCS Devel] Sanity of the signup scripts

Chris Jones rollercow at sucs.org
Tue Jul 10 17:25:47 BST 2007

On 10 Jul 2007, at 16:45, Andrew Price wrote:

> To create user accounts once new members have signed up we've  
> currently
> got apache allowed to run the useradd.apache.ldap shell script with  
> sudo
> and when it does, it spews a bunch of confusing messages into the  
> web page.

Just give the system() call a $var to throw the output to, that'll  
shut it up, the output is only really there for debugging in anycase.

> I've had a brief look into how it would be done better but I seem to
> have a lack of knowledge (and a certain amount of paranoia) when it
> comes to giving apache root access to things like adding users. My
> deeply paranoid self says there should be some human intervention  
> before
> useradd gets called.

Unless your volunteering to baby sit it for the next n years... no!

> My slightly less paranoid and more practical self
> says there should be a separate user adding system that runs as  
> root and
> just processes validated requests from apache to add users.

Separate user adding system? run as root? kinda like the  
useradd.apache.ldap script perhaps? ;)

Validated how exactly?

> My lazy self
> says we should just implement the shell script in a php and use one of
> those crazy php su systems to get root instead of using sudo. I'd like
> to hear more opinions of how to do this in the least kludgy way  
> possible.

Seriously, why?

What's wrong with using sudo like the current system?

> Other than that, we just need to make sure the script doesn't dump  
> spew
> on new members and eventually implement a single-signup tool so we  
> don't
> have to screw around with signup slips when some random person comes
> along to the room and wants to sign up.

That's certainly the plan, once the admin stuff gets implemented again.

Chris Jones, SUCS Admin

More information about the Devel mailing list