--- loncom/build/make_domain_coordinator.pl 2003/02/03 18:03:52 1.9 +++ loncom/build/make_domain_coordinator.pl 2009/07/17 01:11:11 1.16 @@ -11,7 +11,7 @@ make_domain_coordinator.pl - Make a doma # The LearningOnline Network # make_domain_coordinator.pl - Make a domain coordinator on a system # -# $Id: make_domain_coordinator.pl,v 1.9 2003/02/03 18:03:52 harris41 Exp $ +# $Id: make_domain_coordinator.pl,v 1.16 2009/07/17 01:11:11 raeburn Exp $ # # This file is part of the LearningOnline Network with CAPA (LON-CAPA). # @@ -33,8 +33,6 @@ make_domain_coordinator.pl - Make a doma # # http://www.lon-capa.org/ # -# YEAR=2002 -# ### =pod @@ -91,10 +89,10 @@ Set roles.hist and roles.db # ---------------------------------------------------- Configure general values -my %perlvar; # Holds network-wide and machine-specific configuration values. -# We only need one configuration value however, lonUsersDir. Rather than -# read this out of loncapa.conf, I am just going to hard-code this for now. -$perlvar{'lonUsersDir'}='/home/httpd/lonUsers'; +use lib '/home/httpd/lib/perl/'; +use LONCAPA; +use LONCAPA::lonmetadata; +use DBI; =pod @@ -117,7 +115,7 @@ For example, "dcmsu" or "dcumich" would USERNAMEs for places like Mich State Univ, etc. The second argument specifies the domain of the computer -coordinator and should consist of only alphanumeric characters. +coordinator. =cut @@ -132,14 +130,14 @@ if (@ARGV!=2) { "\n".'USERNAMEs for places like Mich State Univ, etc.'."\n"); } my ($username,$domain)=(@ARGV); shift @ARGV; shift @ARGV; -unless ($username=~/^\w+$/ and $username!~/\_/) { +if ($username=~/$LONCAPA::not_username_re/) { die('**** ERROR **** '. - 'Username '.$username.' must consist only of alphanumeric characters'. + 'Username '.$username.' must consist only of - . and alphanumeric characters'. "\n"); } -unless ($domain=~/^\w+$/ and $domain!~/\_/) { +if ($domain=~/$LONCAPA::not_domain_re/) { die('**** ERROR **** '. - 'Domain '.$domain.' must consist only of alphanumeric characters'. + 'Domain '.$domain.' must consist only of - . and alphanumeric charaters and '. "\n"); } @@ -179,7 +177,7 @@ if (-d "/home/$username") { die ('**** ERROR **** '.$username.' is already a linux operating system '. 'user.'."\n".$caveat); } -my $udpath=propath($domain,$username); +my $udpath=&propath($domain,$username); if (-d $udpath) { die ('**** ERROR **** '.$username.' is already defined as a LON-CAPA '. 'user.'."\n".$caveat); @@ -233,11 +231,59 @@ if ($< != 0) { # Am I root? =cut +# ----------------------------------------------------------- /usr/sbin/groupadd +# -- Add group +$username=~s/\W//g; # an extra filter, just to be sure + +print "adding group: $username \n"; +my $status = system('/usr/sbin/groupadd', $username); +if ($status) { + die "Error. Something went wrong with the addition of group ". + "\"$username\".\n"; +} +my $gid = getgrnam($username); + # ----------------------------------------------------------- /usr/sbin/useradd +# -- Add user -$username=~s/\W//g; # an extra filter, just to be sure -`/usr/sbin/useradd $username`; # Add the user with the 'useradd' command. +print "adding user: $username \n"; +my $status = system('/usr/sbin/useradd','-c','LON-CAPA user','-g',$gid,$username); +if ($status) { + system("/usr/sbin/groupdel $username"); + die "Error. Something went wrong with the addition of user ". + "\"$username\".\n"; +} + +print "Done adding user\n"; +# Make www a member of that user group. +my $groups=`/usr/bin/groups www`; +# untaint +my ($safegroups)=($groups=~/:\s*([\s\w]+)/); +$groups=$safegroups; +chomp $groups; $groups=~s/^\S+\s+\:\s+//; +my @grouplist=split(/\s+/,$groups); +my @ugrouplist=grep {!/www|$username/} @grouplist; +my $gl=join(',',(@ugrouplist,$username)); +print "Putting www in user's group\n"; +if (system('/usr/sbin/usermod','-G',$gl,'www')) { + die "Error. Could not make www a member of the group ". + "\"$username\".\n"; +} + +# Check if home directory exists for user +# If not, create one. +if (!-e "/home/$username") { + if (!mkdir("/home/$username",0710)) { + print "Error. Could not add home directory for ". + "\"$username\".\n"; + } +} +if (-d "/home/$username") { + system('/bin/chown',"$username:$username","/home/$username"); + system('/bin/chmod','-R','0660',"/home/$username"); + system('/bin/chmod','0710',"/home/$username"); +} =pod =item 3 (as root). enter in a password @@ -258,9 +304,20 @@ foreach (split(//,$passwd)) {if ((ord($_ if ($pbad) { die('Password must consist of standard ASCII characters'."\n"); } -open(OUT,"|passwd --stdin $username"); -print(OUT $passwd."\n"); -close(OUT); + +my $distro; +if (open(PIPE,"perl distprobe|")) { + $distro = ; + close(PIPE); +} +if ($distro =~ /^ubuntu|debian/) { + open(OUT,"|usermod -p `mkpasswd $passwd` $username"); + close(OUT); +} else { + open(OUT,"|passwd --stdin $username"); + print(OUT $passwd."\n"); + close(OUT); +} =pod @@ -311,7 +368,11 @@ close(OUT); open(OUT, ">$udpath/passwd"); print(OUT 'unix:'."\n"); close(OUT); -`chown www:www $udpath/passwd`; # Must be writeable by httpd process. + +# Get permissions correct on udpath + + print "Setting permissions on user data directories. This may take a moment, please be patient ...\n"; +`chown -R www:www /home/httpd/lonUsers/$domain` ; # Must be writeable by httpd process. =pod @@ -323,22 +384,45 @@ close(OUT); =cut use GDBM_File; # A simplistic key-value pairing database. -my %hash; -tie(%hash,'GDBM_File',"$udpath/roles.db", - &GDBM_WRCREAT,0640); # Interface with GDBM database thru a hash variable. - -$hash{'/'.$domain.'/_dc'}='dc'; # Set the domain coordinator role. +my $rolesref=&LONCAPA::locking_hash_tie("$udpath/roles.db",&GDBM_WRCREAT()); +if (!$rolesref) { + die('unable to tie roles db: '."$udpath/roles.db"); +} +my $now = time; +$rolesref->{'/'.$domain.'/_dc'}='dc_0_'.$now; # Set the domain coordinator role. open(OUT, ">$udpath/roles.hist"); # roles.hist is the synchronous plain text. -map { - print(OUT $_.' : '.$hash{$_}."\n"); -} keys %hash; +foreach my $key (keys(%{$rolesref})) { + print(OUT $key.' : '.$rolesref->{$key}."\n"); +} close(OUT); -untie(%hash); # Finish interfacing with GDBM database. +&LONCAPA::locking_hash_untie($rolesref); + `chown www:www $udpath/roles.hist`; # Must be writeable by httpd process. `chown www:www $udpath/roles.db`; # Must be writeable by httpd process. +my %perlvar = %{&LONCAPA::Configuration::read_conf('loncapa.conf')}; +my $dompath = $perlvar{'lonUsersDir'}.'/'.$domain; +my $domrolesref = &LONCAPA::locking_hash_tie("$dompath/nohist_domainroles.db",&GDBM_WRCREAT()); + +if (!$domrolesref) { + die('unable to tie nohist_domainroles db: '."$dompath/nohist_domainroles.db"); +} + +# Store in nohist_domainroles.db +my $domkey=&LONCAPA::escape('dc:'.$username.':'.$domain.'::'.$domain.':'); +$domrolesref->{$domkey}= &LONCAPA::escape('0:'.$now); +&LONCAPA::locking_hash_untie($domrolesref); + + system('/bin/chown',"www:www","$dompath/nohist_domainroles.db"); # Must be writeable by httpd process. + system('/bin/chown',"www:www","$dompath/nohist_domainroles.db.lock"); + +#Update allusers MySQL table + +print "Adding new user to allusers table\n"; +&allusers_update($username,$domain,\%perlvar); + =pod =item 10. @@ -349,21 +433,66 @@ by going to http://MACHINENAME/adm/creat =cut # Output success message, and inform sysadmin about how to further proceed. -print("$username is now a domain coordinator\n"); # Output success message. +print("\n$username is now a domain coordinator\n"); # Output success message. my $hostname=`hostname`; chomp($hostname); # Read in hostname. -print("http://$hostname/adm/createuser will allow you to further define". - " this user.\n"); # Output a suggested URL. +print("\n".'Once LON-CAPA is running, you should log-in and use: '."\n". + 'http://'.$hostname.'/adm/createuser to further define this user.'."\n\n". + 'From the user management menu, click the link: "Add/Modify a Single User" '."\n". + 'to search for the user and to provide additional information (last name, first name etc.).'."\n"); +# Output a suggested URL. + +sub allusers_update { + my ($username,$domain,$perlvar) = @_; + my %tablenames = ( + 'allusers' => 'allusers', + ); + my $dbh; + unless ($dbh = DBI->connect("DBI:mysql:loncapa","www", + $perlvar->{'lonSqlAccess'}, + { RaiseError =>0,PrintError=>0})) { + print "Cannot connect to database!\n"; + return; + } + my $tablechk = &allusers_table_exists($dbh); + if ($tablechk == 0) { + my $request = + &LONCAPA::lonmetadata::create_metadata_storage('allusers','allusers'); + $dbh->do($request); + if ($dbh->err) { + print "Failed to crate allusers table\n"; + return; + } + } + my %userdata = ( + username => $username, + domain => $domain, + ); + my %loghash = + &LONCAPA::lonmetadata::process_allusers_data($dbh,undef, + \%tablenames,$username,$domain,\%userdata,'update'); + foreach my $key (keys(%loghash)) { + print $loghash{$key}."\n"; + } + return; +} -# ================================================================= SUBROUTINES -# Subroutine propath: take in domain and username, and generate filesystem path -sub propath { - my ($udom,$uname)=@_; # The lonDefDomain, and the domain coord. username. - $udom =~ s/\W//g; # Taint removal. - $uname =~ s/\W//g; # Taint removal. - my $subdir = $uname.'__'; - $subdir =~ s/(.)(.)(.).*/$1\/$2\/$3/; # The path must have three subdirs. - my $proname = "$perlvar{'lonUsersDir'}/$udom/$subdir/$uname"; # Total path. - return $proname; # Return the total user directory filesystem path. +sub allusers_table_exists { + my ($dbh) = @_; + my $sth=$dbh->prepare('SHOW TABLES'); + $sth->execute(); + my $aref = $sth->fetchall_arrayref; + $sth->finish(); + if ($sth->err()) { + return undef; + } + my $result = 0; + foreach my $table (@{$aref}) { + if ($table->[0] eq 'allusers') { + $result = 1; + last; + } + } + return $result; } =pod @@ -373,3 +502,4 @@ sub propath { Written to help the LON-CAPA project. =cut +