On Wed, Aug 18, 1999 at 11:05:20PM -0700, Coda wrote:
>
> Hi. I'd like to be able to incorporate username, uid, password, and
> access assignments for coda users into some perl scripts that I currently
> use to make administration on my system easy (your basic adduser, deluser,
> password change kind of scripts)
>
> what is the best way to add coda users, delete coda users, change
> coda passwords, and modify the acls of volumes, by way of a perl script?
>
> -- Jonathan
Hi Jonathan,
I saw that Clement already followed up, but here is the sequence I use:
#!/bin/sh
# assuming the 5.2.x version of pdbtool
# a coda-client installed on the SCM.
USER=$1
USERID=$2
#########################################################
# Add user and add the user to the appropriate groups
pdbtool << EOF
aui $USER $USERID # Add user with userid
ag -221 $USERID # Add userid to groupid
EOF
# Activate the user in the auth2 database
au -h $SCM nu << EOF
jaharkes # Administrator name
...... # Administrators password
$USER # New user id
random # New user's password
# Empty info line (not used afaik)
EOF
# the following stuff needs to be run on a Coda client (the SCM could
# also run this client)
# Create a new volume for this user
createvol_rep u.$USER E0000157 /vicepa << EOF
y # yes, we want backups
Wed # We still have some space on wednesday
EOF
# Mount the user's volume
cfs mkm /coda/usr/$USER u.$USER # create mountpoint for the new volume
cfs sa /coda/usr/$USER sa $USER all # give the user access to his volume
echo "done"
exit
#########################################################
# In 5.3.x I would use pdbtool something like:
pdbtool aui $USER $USERID
for group in System:coda Braam:Developers ; do
groupid=`pdbtool l System:coda | cut -d' ' -f 4`
pdbtool ag $groupid $USERID
done
Ofcourse, there are so many things that can go wrong in this sequence.
Especially in the 'cfs mkm/cfs sa' phases, since the new user/volume
information is not alway promptly propagated (f.i. a server's
updateclnt, or the SCM's updatesrv might have crashed).
So I normally just do it by hand. I also don't have 100's of users to
add ;). Looking at this sequence, Some tools could be improved:
pdbtool:
- add a user _name_ to a _named_ group. The best solution would
probably be to `generalize' the processing of id-numbers, by allowing
names to be entered in places we currently expect an id. Whenever the
id is not a numeric value, assume it is a name, and perform a lookup.
au:
- Accept on the commandline:
au nu <adminname> <username> <userpassword> [<userinfo>]
And only query for the administrator's password. This way the
password doesn't need to be stored in the script.
createvol_rep:
- Accept a dumpday on the commandline. If dayname is None, no backups,
and when not specified query like we do now.
Jan
