File:
[LON-CAPA] /
loncom /
build /
make_domain_coordinator.pl
Revision
1.9:
download - view:
text,
annotated -
select for diffs
Mon Feb 3 18:03:52 2003 UTC (21 years, 7 months ago) by
harris41
Branches:
MAIN
CVS tags:
version_2_1_X,
version_2_1_99_2,
version_2_1_99_1,
version_2_1_99_0,
version_2_1_3,
version_2_1_2,
version_2_1_1,
version_2_1_0,
version_2_0_X,
version_2_0_99_1,
version_2_0_2,
version_2_0_1,
version_2_0_0,
version_1_99_3,
version_1_99_2,
version_1_99_1_tmcc,
version_1_99_1,
version_1_99_0_tmcc,
version_1_99_0,
version_1_3_X,
version_1_3_3,
version_1_3_2,
version_1_3_1,
version_1_3_0,
version_1_2_X,
version_1_2_99_1,
version_1_2_99_0,
version_1_2_1,
version_1_2_0,
version_1_1_X,
version_1_1_99_5,
version_1_1_99_4,
version_1_1_99_3,
version_1_1_99_2,
version_1_1_99_1,
version_1_1_99_0,
version_1_1_3,
version_1_1_2,
version_1_1_1,
version_1_1_0,
version_1_0_99_3,
version_1_0_99_2,
version_1_0_99_1,
version_1_0_99,
version_1_0_3,
version_1_0_2,
version_1_0_1,
version_1_0_0,
version_0_99_5,
version_0_99_4,
version_0_99_3,
version_0_99_2,
version_0_99_1,
version_0_99_0,
conference_2003,
HEAD
best wishes to all.
1: #!/usr/bin/perl
2:
3: =pod
4:
5: =head1 NAME
6:
7: make_domain_coordinator.pl - Make a domain coordinator on a LON-CAPA system
8:
9: =cut
10:
11: # The LearningOnline Network
12: # make_domain_coordinator.pl - Make a domain coordinator on a system
13: #
14: # $Id: make_domain_coordinator.pl,v 1.9 2003/02/03 18:03:52 harris41 Exp $
15: #
16: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
17: #
18: # LON-CAPA is free software; you can redistribute it and/or modify
19: # it under the terms of the GNU General Public License as published by
20: # the Free Software Foundation; either version 2 of the License, or
21: # (at your option) any later version.
22: #
23: # LON-CAPA is distributed in the hope that it will be useful,
24: # but WITHOUT ANY WARRANTY; without even the implied warranty of
25: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26: # GNU General Public License for more details.
27: #
28: # You should have received a copy of the GNU General Public License
29: # along with LON-CAPA; if not, write to the Free Software
30: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
31: #
32: # /home/httpd/html/adm/gpl.txt
33: #
34: # http://www.lon-capa.org/
35: #
36: # YEAR=2002
37: #
38: ###
39:
40: =pod
41:
42: =head1 DESCRIPTION
43:
44: Automates the steps for domain coordinator creation. This
45: program also describes a manual procedure (see below).
46:
47: These are the steps that are executed on the linux operating system:
48:
49: =over 4
50:
51: =item *
52:
53: Tests to see if user already exists for linux system or for
54: LON-CAPA, if so aborts. A message is output that recommends following
55: a manual procedure enabling this user if so desired.
56:
57: =item *
58:
59: Creates a linux system user
60:
61: =item *
62:
63: Sets password
64:
65: =item *
66:
67: Creates a LON-CAPA lonUsers directory for user
68:
69: =item *
70:
71: Sets LON-CAPA password mechanism to be "unix"
72:
73: =item *
74:
75: Set roles.hist and roles.db
76:
77: =back
78:
79: =cut
80:
81: # NOTE: I am interspersing the manual procedure with the automation.
82: # To see the manual procedure, do perldoc ./make_domain_coordinator.pl
83:
84: # This is a standalone script. It *could* alternatively use the
85: # lcuseradd script, however lcuseradd relies on certain system
86: # dependencies. In order to have a focused performance, I am trying
87: # to avoid system dependencies until the LON-CAPA code base becomes
88: # more robust and well-boundaried. make_domain_coordinator.pl should be able
89: # to run freely as possible, irrespective of the status of a LON-CAPA
90: # installation.
91:
92: # ---------------------------------------------------- Configure general values
93:
94: my %perlvar; # Holds network-wide and machine-specific configuration values.
95: # We only need one configuration value however, lonUsersDir. Rather than
96: # read this out of loncapa.conf, I am just going to hard-code this for now.
97: $perlvar{'lonUsersDir'}='/home/httpd/lonUsers';
98:
99: =pod
100:
101: =head1 OPTIONS
102:
103: There are no flags to this script.
104:
105: usage: make_domain_coordinator.pl [USERNAME] [DOMAIN]
106:
107: The password is accepted through standard input
108: and should only consist of printable ASCII
109: characters and be a string of length greater than 5 characters.
110:
111: The first argument
112: specifies the user name of the domain coordinator and
113: should consist of only alphanumeric characters.
114: It is recommended that the USERNAME should be institution-specific
115: as opposed to something like "Sammy" or "Jo".
116: For example, "dcmsu" or "dcumich" would be good domain coordinator
117: USERNAMEs for places like Mich State Univ, etc.
118:
119: The second argument specifies the domain of the computer
120: coordinator and should consist of only alphanumeric characters.
121:
122: =cut
123:
124: # ----------------------------------------------- So, are we invoked correctly?
125: # Two arguments or abort
126: if (@ARGV!=2) {
127: die('usage: make_domain_coordinator.pl [USERNAME] [DOMAIN] '."\n".
128: '(and password through standard input)'."\n".
129: 'It is recommended that the USERNAME should be institution-specific '.
130: "\n".'as opposed to something like "Sammy" or "Jo".'."\n".
131: 'For example, "dcmsu" or "dcumich" would be good domain coordinator'.
132: "\n".'USERNAMEs for places like Mich State Univ, etc.'."\n");
133: }
134: my ($username,$domain)=(@ARGV); shift @ARGV; shift @ARGV;
135: unless ($username=~/^\w+$/ and $username!~/\_/) {
136: die('**** ERROR **** '.
137: 'Username '.$username.' must consist only of alphanumeric characters'.
138: "\n");
139: }
140: unless ($domain=~/^\w+$/ and $domain!~/\_/) {
141: die('**** ERROR **** '.
142: 'Domain '.$domain.' must consist only of alphanumeric characters'.
143: "\n");
144: }
145:
146: # Output a warning message.
147: print('**** NOTE **** '.
148: 'Generating a domain coordinator is "serious business".'."\n".
149: 'Choosing a difficult-to-guess (and keeping it a secret) password '."\n".
150: 'is highly recommended.'."\n");
151:
152: print("Password: "); $|=1;
153: my $passwd=<>; # read in password from standard input
154: chomp($passwd);
155:
156: if (length($passwd)<6 or length($passwd)>30) {
157: die('**** ERROR **** '.'Password is an unreasonable length.'."\n".
158: 'It should be at least 6 characters in length.'."\n");
159: }
160: my $pbad=0;
161: foreach (split(//,$passwd)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}}
162: if ($pbad) {
163: die('**** ERROR **** '.
164: 'Password must consist of standard ASCII characters'."\n");
165: }
166:
167: # And does user already exist
168:
169: my $caveat =
170: 'For security reasons, this script will only automatically generate '."\n".
171: 'new users, not pre-existing users.'."\n".
172: "If you want to make '$username' a domain coordinator, you "."\n".
173: 'should do so manually by customizing the MANUAL PROCEDURE'."\n".
174: 'described in the documentation. To view the documentation '."\n".
175: 'for this script, type '.
176: "'perldoc ./make_domain_coordinator.pl'."."\n";
177:
178: if (-d "/home/$username") {
179: die ('**** ERROR **** '.$username.' is already a linux operating system '.
180: 'user.'."\n".$caveat);
181: }
182: my $udpath=propath($domain,$username);
183: if (-d $udpath) {
184: die ('**** ERROR **** '.$username.' is already defined as a LON-CAPA '.
185: 'user.'."\n".$caveat);
186: }
187:
188: =pod
189:
190: =head1 MANUAL PROCEDURE
191:
192: There are 10 steps to manually recreating what this script performs
193: automatically.
194:
195: You need to decide on three pieces of information
196: to create a domain coordinator.
197:
198: * USERNAME (kermit, albert, joe, etc)
199: * DOMAIN (should be the same as lonDefDomain in /etc/httpd/conf/loncapa.conf)
200: * PASSWORD (don't tell me)
201:
202: The examples in these instructions will be based
203: on three example pieces of information:
204:
205: * USERNAME=dc103
206: * DOMAIN=103
207: * PASSWORD=sesame
208:
209: You will also need to know your "root" password
210: and your "www" password.
211:
212: =over 4
213:
214: =item 1.
215:
216: login as root on your Linux system
217: [prompt %] su
218:
219: =cut
220:
221: # ------------------------------------------------------------ So, are we root?
222:
223: if ($< != 0) { # Am I root?
224: die 'You must be root in order to generate a domain coordinator.'."\n";
225: }
226:
227: =pod
228:
229: =item 2 (as root). add the user
230:
231: Command: [prompt %] /usr/sbin/useradd USERNAME
232: Example: [prompt %] /usr/sbin/useradd dc103
233:
234: =cut
235:
236: # ----------------------------------------------------------- /usr/sbin/useradd
237:
238: $username=~s/\W//g; # an extra filter, just to be sure
239: `/usr/sbin/useradd $username`; # Add the user with the 'useradd' command.
240:
241: =pod
242:
243: =item 3 (as root). enter in a password
244:
245: Command: [prompt %] passwd USERNAME
246: New UNIX password: PASSWORD
247: Retype new UNIX passwd: PASSWORD
248: Example: [prompt %] passwd dc103
249: New UNIX password: sesame
250: Retype new UNIX passwd: sesame
251:
252: =cut
253:
254: # Process password (taint-check, then pass to the UNIX passwd command).
255: $username =~ s/\W//g; # an extra filter, just to be sure
256: $pbad = 0;
257: foreach (split(//,$passwd)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}}
258: if ($pbad) {
259: die('Password must consist of standard ASCII characters'."\n");
260: }
261: open(OUT,"|passwd --stdin $username");
262: print(OUT $passwd."\n");
263: close(OUT);
264:
265: =pod
266:
267: =cut
268:
269: =pod
270:
271: =item 4. login as user=www
272:
273: Command: [prompt %] su www
274: Password: WWWPASSWORD
275:
276: =item 5. (as www). cd /home/httpd/lonUsers
277:
278: =item 6. (as www) Create user directory for your new user.
279:
280: Let U equal first letter of USERNAME
281: Let S equal second letter of USERNAME
282: Let E equal third letter of USERNAME
283: Command: [prompt %] install -d DOMAIN/U/S/E/USERNAME
284:
285: Here are three examples of the commands that would be needed
286: for different domain coordinator names (dc103, morphy, or ng):
287:
288: Example #1 (dc103): [prompt %] install -d 103/d/c/1/dc103
289: Example #2 (morphy): [prompt %] install -d 103/m/o/r/morphy
290: Example #3 (ng): [prompt %] install -d 103/n/g/_/ng
291:
292: =cut
293:
294: # Generate the user directory.
295: `install -o www -g www -d $udpath`; # Must be writeable by httpd process.
296:
297: =pod
298:
299: =item 7. (as www) Enter the newly created user directory.
300:
301: Command: [prompt %] cd DOMAIN/U/S/E/USERNAME
302: Example: [prompt %] cd 103/d/c/1/dc103
303:
304: =item 8. (as www). Set your password mechanism to 'unix'
305:
306: Command: [prompt %] echo "unix:" > passwd
307:
308: =cut
309:
310: # UNIX (/etc/passwd) style authentication is asserted for domain coordinators.
311: open(OUT, ">$udpath/passwd");
312: print(OUT 'unix:'."\n");
313: close(OUT);
314: `chown www:www $udpath/passwd`; # Must be writeable by httpd process.
315:
316: =pod
317:
318: =item 9. (as www). Run CVS:loncapa/doc/rolesmanip.pl:
319:
320: Command: [prompt %] perl rolesmanip.pl DOMAIN USERNAME
321: Example: [prompt %] perl rolesmanip.pl 103 dc103
322:
323: =cut
324:
325: use GDBM_File; # A simplistic key-value pairing database.
326: my %hash;
327:
328: tie(%hash,'GDBM_File',"$udpath/roles.db",
329: &GDBM_WRCREAT,0640); # Interface with GDBM database thru a hash variable.
330:
331: $hash{'/'.$domain.'/_dc'}='dc'; # Set the domain coordinator role.
332: open(OUT, ">$udpath/roles.hist"); # roles.hist is the synchronous plain text.
333: map {
334: print(OUT $_.' : '.$hash{$_}."\n");
335: } keys %hash;
336: close(OUT);
337: untie(%hash); # Finish interfacing with GDBM database.
338:
339: `chown www:www $udpath/roles.hist`; # Must be writeable by httpd process.
340: `chown www:www $udpath/roles.db`; # Must be writeable by httpd process.
341:
342: =pod
343:
344: =item 10.
345:
346: You may further define the domain coordinator user (i.e. dc103)
347: by going to http://MACHINENAME/adm/createuser.
348:
349: =cut
350:
351: # Output success message, and inform sysadmin about how to further proceed.
352: print("$username is now a domain coordinator\n"); # Output success message.
353: my $hostname=`hostname`; chomp($hostname); # Read in hostname.
354: print("http://$hostname/adm/createuser will allow you to further define".
355: " this user.\n"); # Output a suggested URL.
356:
357: # ================================================================= SUBROUTINES
358: # Subroutine propath: take in domain and username, and generate filesystem path
359: sub propath {
360: my ($udom,$uname)=@_; # The lonDefDomain, and the domain coord. username.
361: $udom =~ s/\W//g; # Taint removal.
362: $uname =~ s/\W//g; # Taint removal.
363: my $subdir = $uname.'__';
364: $subdir =~ s/(.)(.)(.).*/$1\/$2\/$3/; # The path must have three subdirs.
365: my $proname = "$perlvar{'lonUsersDir'}/$udom/$subdir/$uname"; # Total path.
366: return $proname; # Return the total user directory filesystem path.
367: }
368:
369: =pod
370:
371: =head1 AUTHOR
372:
373: Written to help the LON-CAPA project.
374:
375: =cut
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>