Annotation of loncom/build/make_domain_coordinator.pl, revision 1.12
1.1 harris41 1: #!/usr/bin/perl
2:
3: =pod
4:
5: =head1 NAME
6:
7: make_domain_coordinator.pl - Make a domain coordinator on a LON-CAPA system
8:
1.2 harris41 9: =cut
10:
11: # The LearningOnline Network
12: # make_domain_coordinator.pl - Make a domain coordinator on a system
13: #
1.12 ! albertel 14: # $Id: make_domain_coordinator.pl,v 1.11 2006/10/08 23:05:18 raeburn Exp $
1.2 harris41 15: #
16: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
17: #
18: # LON-CAPA is free software; you can redistribute it and/or modify
19: # it under the terms of the GNU General Public License as published by
20: # the Free Software Foundation; either version 2 of the License, or
21: # (at your option) any later version.
22: #
23: # LON-CAPA is distributed in the hope that it will be useful,
24: # but WITHOUT ANY WARRANTY; without even the implied warranty of
25: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26: # GNU General Public License for more details.
27: #
28: # You should have received a copy of the GNU General Public License
29: # along with LON-CAPA; if not, write to the Free Software
30: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
31: #
32: # /home/httpd/html/adm/gpl.txt
33: #
34: # http://www.lon-capa.org/
35: #
36: ###
37:
38: =pod
39:
1.1 harris41 40: =head1 DESCRIPTION
41:
42: Automates the steps for domain coordinator creation. This
43: program also describes a manual procedure (see below).
44:
45: These are the steps that are executed on the linux operating system:
46:
47: =over 4
48:
49: =item *
50:
51: Tests to see if user already exists for linux system or for
1.7 harris41 52: LON-CAPA, if so aborts. A message is output that recommends following
53: a manual procedure enabling this user if so desired.
1.1 harris41 54:
55: =item *
56:
57: Creates a linux system user
58:
59: =item *
60:
61: Sets password
62:
63: =item *
64:
65: Creates a LON-CAPA lonUsers directory for user
66:
67: =item *
68:
69: Sets LON-CAPA password mechanism to be "unix"
70:
71: =item *
72:
73: Set roles.hist and roles.db
74:
75: =back
76:
77: =cut
78:
79: # NOTE: I am interspersing the manual procedure with the automation.
80: # To see the manual procedure, do perldoc ./make_domain_coordinator.pl
81:
82: # This is a standalone script. It *could* alternatively use the
83: # lcuseradd script, however lcuseradd relies on certain system
1.7 harris41 84: # dependencies. In order to have a focused performance, I am trying
85: # to avoid system dependencies until the LON-CAPA code base becomes
86: # more robust and well-boundaried. make_domain_coordinator.pl should be able
87: # to run freely as possible, irrespective of the status of a LON-CAPA
1.1 harris41 88: # installation.
89:
90: # ---------------------------------------------------- Configure general values
91:
1.10 albertel 92: use lib '/home/httpd/lib/perl/';
93: use LONCAPA;
1.1 harris41 94:
95: =pod
96:
97: =head1 OPTIONS
98:
99: There are no flags to this script.
100:
101: usage: make_domain_coordinator.pl [USERNAME] [DOMAIN]
102:
1.3 harris41 103: The password is accepted through standard input
104: and should only consist of printable ASCII
105: characters and be a string of length greater than 5 characters.
1.1 harris41 106:
107: The first argument
108: specifies the user name of the domain coordinator and
109: should consist of only alphanumeric characters.
1.8 harris41 110: It is recommended that the USERNAME should be institution-specific
111: as opposed to something like "Sammy" or "Jo".
112: For example, "dcmsu" or "dcumich" would be good domain coordinator
113: USERNAMEs for places like Mich State Univ, etc.
1.1 harris41 114:
1.3 harris41 115: The second argument specifies the domain of the computer
1.12 ! albertel 116: coordinator.
1.1 harris41 117:
118: =cut
119:
120: # ----------------------------------------------- So, are we invoked correctly?
121: # Two arguments or abort
122: if (@ARGV!=2) {
1.8 harris41 123: die('usage: make_domain_coordinator.pl [USERNAME] [DOMAIN] '."\n".
124: '(and password through standard input)'."\n".
125: 'It is recommended that the USERNAME should be institution-specific '.
126: "\n".'as opposed to something like "Sammy" or "Jo".'."\n".
127: 'For example, "dcmsu" or "dcumich" would be good domain coordinator'.
128: "\n".'USERNAMEs for places like Mich State Univ, etc.'."\n");
1.1 harris41 129: }
130: my ($username,$domain)=(@ARGV); shift @ARGV; shift @ARGV;
1.12 ! albertel 131: if ($username=~/$LONCAPA::not_username_re/) {
1.7 harris41 132: die('**** ERROR **** '.
1.12 ! albertel 133: 'Username '.$username.' must consist only of - . and alphanumeric characters'.
1.7 harris41 134: "\n");
1.1 harris41 135: }
1.12 ! albertel 136: if ($domain=~/$LONCAPA::not_domain_re/) {
1.7 harris41 137: die('**** ERROR **** '.
1.12 ! albertel 138: 'Domain '.$domain.' must consist only of - . and alphanumeric charaters and '.
1.7 harris41 139: "\n");
1.1 harris41 140: }
141:
1.7 harris41 142: # Output a warning message.
143: print('**** NOTE **** '.
144: 'Generating a domain coordinator is "serious business".'."\n".
145: 'Choosing a difficult-to-guess (and keeping it a secret) password '."\n".
146: 'is highly recommended.'."\n");
147:
148: print("Password: "); $|=1;
1.1 harris41 149: my $passwd=<>; # read in password from standard input
150: chomp($passwd);
151:
152: if (length($passwd)<6 or length($passwd)>30) {
1.7 harris41 153: die('**** ERROR **** '.'Password is an unreasonable length.'."\n".
154: 'It should be at least 6 characters in length.'."\n");
1.1 harris41 155: }
156: my $pbad=0;
157: foreach (split(//,$passwd)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}}
158: if ($pbad) {
1.7 harris41 159: die('**** ERROR **** '.
160: 'Password must consist of standard ASCII characters'."\n");
1.1 harris41 161: }
162:
163: # And does user already exist
164:
1.7 harris41 165: my $caveat =
166: 'For security reasons, this script will only automatically generate '."\n".
167: 'new users, not pre-existing users.'."\n".
168: "If you want to make '$username' a domain coordinator, you "."\n".
169: 'should do so manually by customizing the MANUAL PROCEDURE'."\n".
170: 'described in the documentation. To view the documentation '."\n".
171: 'for this script, type '.
172: "'perldoc ./make_domain_coordinator.pl'."."\n";
173:
1.1 harris41 174: if (-d "/home/$username") {
1.7 harris41 175: die ('**** ERROR **** '.$username.' is already a linux operating system '.
176: 'user.'."\n".$caveat);
1.1 harris41 177: }
1.10 albertel 178: my $udpath=&propath($domain,$username);
1.1 harris41 179: if (-d $udpath) {
1.7 harris41 180: die ('**** ERROR **** '.$username.' is already defined as a LON-CAPA '.
181: 'user.'."\n".$caveat);
1.1 harris41 182: }
183:
184: =pod
185:
186: =head1 MANUAL PROCEDURE
187:
1.7 harris41 188: There are 10 steps to manually recreating what this script performs
189: automatically.
1.1 harris41 190:
191: You need to decide on three pieces of information
192: to create a domain coordinator.
193:
194: * USERNAME (kermit, albert, joe, etc)
1.6 harris41 195: * DOMAIN (should be the same as lonDefDomain in /etc/httpd/conf/loncapa.conf)
1.1 harris41 196: * PASSWORD (don't tell me)
197:
198: The examples in these instructions will be based
199: on three example pieces of information:
200:
201: * USERNAME=dc103
202: * DOMAIN=103
203: * PASSWORD=sesame
204:
205: You will also need to know your "root" password
206: and your "www" password.
207:
208: =over 4
209:
210: =item 1.
211:
212: login as root on your Linux system
213: [prompt %] su
214:
215: =cut
216:
217: # ------------------------------------------------------------ So, are we root?
218:
1.7 harris41 219: if ($< != 0) { # Am I root?
1.1 harris41 220: die 'You must be root in order to generate a domain coordinator.'."\n";
221: }
222:
223: =pod
224:
225: =item 2 (as root). add the user
226:
227: Command: [prompt %] /usr/sbin/useradd USERNAME
228: Example: [prompt %] /usr/sbin/useradd dc103
229:
230: =cut
231:
1.11 raeburn 232: # ----------------------------------------------------------- /usr/sbin/groupadd
233: # -- Add group
234: $username=~s/\W//g; # an extra filter, just to be sure
235:
236: print "adding group: $username \n";
237: my $status = system('/usr/sbin/groupadd', $username);
238: if ($status) {
239: die "Error. Something went wrong with the addition of group ".
240: "\"$username\".\n";
241: }
242: my $gid = getgrnam($username);
243:
1.1 harris41 244: # ----------------------------------------------------------- /usr/sbin/useradd
1.11 raeburn 245: # -- Add user
1.1 harris41 246:
1.11 raeburn 247: print "adding user: $username \n";
248: my $status = system('/usr/sbin/useradd','-c','LON-CAPA user','-g',$gid,$username);
249: if ($status) {
250: system("/usr/sbin/groupdel $username");
251: die "Error. Something went wrong with the addition of user ".
252: "\"$username\".\n";
253: }
254:
255: print "Done adding user\n";
256: # Make www a member of that user group.
257: my $groups=`/usr/bin/groups www`;
258: # untaint
259: my ($safegroups)=($groups=~/:\s*([\s\w]+)/);
260: $groups=$safegroups;
261: chomp $groups; $groups=~s/^\S+\s+\:\s+//;
262: my @grouplist=split(/\s+/,$groups);
263: my @ugrouplist=grep {!/www|$username/} @grouplist;
264: my $gl=join(',',(@ugrouplist,$username));
265: print "Putting www in user's group\n";
266: if (system('/usr/sbin/usermod','-G',$gl,'www')) {
267: die "Error. Could not make www a member of the group ".
268: "\"$username\".\n";
269: }
270:
271: # Check if home directory exists for user
272: # If not, create one.
273: if (!-e "/home/$username") {
274: if (!mkdir("/home/$username",0710)) {
275: print "Error. Could not add home directory for ".
276: "\"$username\".\n";
277: }
278: }
1.1 harris41 279:
1.11 raeburn 280: if (-d "/home/$username") {
281: system('/bin/chown',"$username:$username","/home/$username");
282: system('/bin/chmod','-R','0660',"/home/$username");
283: system('/bin/chmod','0710',"/home/$username");
284: }
1.1 harris41 285: =pod
286:
287: =item 3 (as root). enter in a password
288:
289: Command: [prompt %] passwd USERNAME
290: New UNIX password: PASSWORD
291: Retype new UNIX passwd: PASSWORD
292: Example: [prompt %] passwd dc103
293: New UNIX password: sesame
294: Retype new UNIX passwd: sesame
295:
296: =cut
297:
1.7 harris41 298: # Process password (taint-check, then pass to the UNIX passwd command).
299: $username =~ s/\W//g; # an extra filter, just to be sure
300: $pbad = 0;
1.1 harris41 301: foreach (split(//,$passwd)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}}
302: if ($pbad) {
1.7 harris41 303: die('Password must consist of standard ASCII characters'."\n");
1.1 harris41 304: }
1.7 harris41 305: open(OUT,"|passwd --stdin $username");
306: print(OUT $passwd."\n");
307: close(OUT);
1.1 harris41 308:
309: =pod
310:
311: =cut
312:
313: =pod
314:
315: =item 4. login as user=www
316:
317: Command: [prompt %] su www
318: Password: WWWPASSWORD
319:
320: =item 5. (as www). cd /home/httpd/lonUsers
321:
322: =item 6. (as www) Create user directory for your new user.
323:
324: Let U equal first letter of USERNAME
325: Let S equal second letter of USERNAME
326: Let E equal third letter of USERNAME
327: Command: [prompt %] install -d DOMAIN/U/S/E/USERNAME
1.7 harris41 328:
329: Here are three examples of the commands that would be needed
330: for different domain coordinator names (dc103, morphy, or ng):
331:
332: Example #1 (dc103): [prompt %] install -d 103/d/c/1/dc103
333: Example #2 (morphy): [prompt %] install -d 103/m/o/r/morphy
334: Example #3 (ng): [prompt %] install -d 103/n/g/_/ng
1.1 harris41 335:
336: =cut
337:
1.7 harris41 338: # Generate the user directory.
339: `install -o www -g www -d $udpath`; # Must be writeable by httpd process.
1.1 harris41 340:
341: =pod
342:
343: =item 7. (as www) Enter the newly created user directory.
344:
345: Command: [prompt %] cd DOMAIN/U/S/E/USERNAME
346: Example: [prompt %] cd 103/d/c/1/dc103
347:
348: =item 8. (as www). Set your password mechanism to 'unix'
349:
350: Command: [prompt %] echo "unix:" > passwd
351:
352: =cut
353:
1.7 harris41 354: # UNIX (/etc/passwd) style authentication is asserted for domain coordinators.
355: open(OUT, ">$udpath/passwd");
356: print(OUT 'unix:'."\n");
357: close(OUT);
358: `chown www:www $udpath/passwd`; # Must be writeable by httpd process.
1.1 harris41 359:
360: =pod
361:
362: =item 9. (as www). Run CVS:loncapa/doc/rolesmanip.pl:
363:
364: Command: [prompt %] perl rolesmanip.pl DOMAIN USERNAME
365: Example: [prompt %] perl rolesmanip.pl 103 dc103
366:
367: =cut
368:
1.7 harris41 369: use GDBM_File; # A simplistic key-value pairing database.
1.1 harris41 370:
1.10 albertel 371: my $rolesref=&LONCAPA::locking_hash_tie("$udpath/roles.db",&GDBM_WRCREAT());
372: if (!$rolesref) {
373: die('unable to tie roles db: '."$udpath/roles.db");
374: }
375: $rolesref->{'/'.$domain.'/_dc'}='dc'; # Set the domain coordinator role.
1.7 harris41 376: open(OUT, ">$udpath/roles.hist"); # roles.hist is the synchronous plain text.
1.10 albertel 377: foreach my $key (keys(%{$rolesref})) {
378: print(OUT $key.' : '.$rolesref->{$key}."\n");
379: }
1.7 harris41 380: close(OUT);
1.10 albertel 381: &LONCAPA::locking_hash_untie($rolesref);
382:
1.1 harris41 383:
1.7 harris41 384: `chown www:www $udpath/roles.hist`; # Must be writeable by httpd process.
385: `chown www:www $udpath/roles.db`; # Must be writeable by httpd process.
1.1 harris41 386:
387: =pod
388:
389: =item 10.
390:
391: You may further define the domain coordinator user (i.e. dc103)
392: by going to http://MACHINENAME/adm/createuser.
393:
394: =cut
395:
1.7 harris41 396: # Output success message, and inform sysadmin about how to further proceed.
397: print("$username is now a domain coordinator\n"); # Output success message.
398: my $hostname=`hostname`; chomp($hostname); # Read in hostname.
399: print("http://$hostname/adm/createuser will allow you to further define".
400: " this user.\n"); # Output a suggested URL.
1.1 harris41 401:
402: =pod
403:
1.2 harris41 404: =head1 AUTHOR
1.1 harris41 405:
1.7 harris41 406: Written to help the LON-CAPA project.
1.1 harris41 407:
408: =cut
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to make_domain_coordinator.pl CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / build