Hello pedro,
> I am running a successfull ltsp based cyber cafe for a
> while now, and am preparing the system to be handled
> by employees, well now that Ive seen a few job
> applications, I am worried I cant just give root
> access to any moron who can barely read, and I dont
> want to risk the system giving the employee the power
> to DELETE users, all I want is to let them add, and
> that it.
> I made some tests today; I added userdrake that comes
> with my mandrake 9.1 as one GDM more session and found
> it asks for the password, but there is also a non-root
> button, where any user can see the complete user list,
> something I dont want them to see, so it did not turn
> out to be a good option
> anybody have any other methods I can test?
> btw, I also need to change passwords for clients who
> forgot them
I will throw in my 0,02 Euro and describe a solution that I would
probably choose. No guarantee though, just a bit script-fiddling!
Let's assume all users shall be in the "users" group, with home
directory being set to /home/<username>.
Admins are in group "admin" (at least as secondary group).
Get sudo installed on the server.
run "visudo" and include these lines:
---- START
User_Alias ADMIN = %admin
Runas_Alias ROOTROOT = root, root
Cmnd_Alias USERMANAGE = /usr/local/bin/userman
ADMIN ALL=NOPASSWD:USERMANAGE
---- STOP
Users of group "admin" will be able to execute that file:
Then create /usr/local/bin/userman
----
#!/usr/bin/perl
my $a = shift;
my $b = shift;
my $c = $b;
$a = join ( "", split ( /[^A-Za-z0-9-_]/, $a ) );
$b = join ( "", split ( /[^A-Za-z0-9-_]/, $b ) );
if ( ( $c ne $b ) || ( $b =~ /^[^A-Za-z]/ ) ) {
print "Usernames must only contain letters, digits, the dash - and the
underscore _\n";
print "It must begin with a letter.\n";
exit;
}
#print "[$a] [$b]\n";
if ( $a eq "user-new" ) {
if ( $b =~ /^$/ ) {
print "Specify username: Example: 'user-new smith'\n"; exit;
}
system ( "useradd -d /home/".$b." -g users -m ".$b );
system ( "passwd ".$b );
exit;
}
if ( $a eq "user-pw" ) {
if ( $b =~ /^$/ ) {
print "Specify username: Example: 'user-pw smith'\n"; exit;
}
system ( "passwd ".$b );
exit;
}
print "Wrong argument\n"; exit;
----
chmod 700 /usr/local/bin/userman
chown root /usr/local/bin/userman
Create /usr/local/bin/user-new
----
#!/bin/sh
sudo userman user-new $1
----
chmod 750 /usr/local/bin/user-new
chown root.admin /usr/local/bin/user-new
Create /usr/local/bin/user-pw
----
#!/bin/sh
sudo userman user-pw $1
----
chmod 750 /usr/local/bin/user-pw
chown root.admin /usr/local/bin/user-pw
Now, "admin"s can add users with "user-new" and change password with
"user-pw". Hopefully nothing else.
Best regards,
Anselm Martin Hoffmeister
Stockholm Projekt Computer-Service
<[EMAIL PROTECTED]>
-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
