WLUS development perspective
!
Some feature requests seem to make it necessary to split the
existing WLUS code up further and seem to point into the same
general direction.
These feature requests are
- a progress display for mass-producing users (e.g. fileimport)
- admins group support (required for large scale deployment)
The progress display seems to be only cleanly implementable by
forking off a process and getting a stream of data back that then
would be displayed successively.
The admins group support would require some operations which
require root permission. For example the process of creating a
user would require chown (of the newly created directory) and
disabeling a user would at lest require a chmod (of the users
homedir). Because it would be petty bad to run webmin modules
with root permissions (aka suid root) it is necessary to permit
some commands with sudo. Optimally sudo access would be used
restricted and only access to those commands are allowed that
will be necessary to perform a given operation. This again calls
for specific helper-applications (like for example create_user)
which are executable by admins group members and only have sudo
permission for specific priviliged commands (in the case of
create_user "chown").
These helper applications would not provide a point of
serialisation for write access to the ldap server and thus would
not be suitable to avoid race conditions. (There could be any
number of such helper applications running at the same time.)
This protection against races could be implemented in an extra
step by adding locking entries in the ldap directory for the
entries that are in limbo.
ideas, suggestions?
Reply to: