[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug #23053

Jim <jim@laney.edu> writes:

> First...
> If you need to call another executable (which you _must_ in this case), you
> should use exec; you are absolutely right on the money when you say you don't
> want to use system. You are asking, pretty much over and over, "can I directly
> edit /etc/passwd, shadow, group, etc?" and the reply is "no" :) 

Yes... I understand why now, sorry about all this...

> What if _common_ methods were provided which the shadow passwd suite would 
> actually use to do the edits? Make them really robust and REALLY fast, and
> make them accessible from perl.

I have had time to think about mine and James points during the weekend, and
I have now a little more understanding of the problem, and my own underlying
points... One's that I had not fully clear to me at the time (Friday).

This is what my code manage, which useradd does not:

	1. Sort passwd/shadow/group (in {user|group}{name|ID} order).
	2. Keep NIS entry last.
	3. Change NIS entries (in NIS database).

Point 1 might not seem important, but if you, like me, have _ALLOT_ of users,
it's a quite relevant issue... (at least to me), it makes the whole file[s]
more readable and understandable (read Jim's note about the 1700 users... 
been there...)

Point 3 is what I consider the most important, and which bugs me the most...
every f-n time I add/remove/change the passwd/shadow/group file I have to do
a make in /var/yp... (and usually I forget, with some grief to the user...)

How about making a library for these functions, which {user|group}add (and
my program, via perl) can use _INSTEAD_ of having them hard coded in useradd?

IE. _MOVE_ the functions into a {dynamic|static} library, which belong to
    the passwd package, which is used by any program that want to access
    the user/group database's...

That way all can be happy... (and I don't have to do a _MAJOR_ rewrite of
xAdmin... :)

> Since the data structure for login authentication should be allowed to change,
> Only One Interface For Changing Them should be provided, so that any interface
> ON TOP OF that can be created.

Two set of libraries, passwd-lib, passwd-pam-lib (and perhaps passwd-md5-lib).

This lib can then be used by xlock/xdm et all (pam'able).

> I know that the shadow passwd suite can be compiled to allow the use of db
> files instead of text files. Upon presenting this idea on IRC, one of you
> (James Troup, I believe) said: nononononononono... if you do that, you can't
> edit them by hand.

A third library, 'passwd-[g]dbm-lib'.

___________     Debian GNU/Linux  Unix _IS_ user friendly - it's just
___  /___(_)__________  _____  __ selective about who its friends are
__  / __  /__  __ \  / / /_  |/_/
_  /___  / _  / / / /_/ /__>  < Turbo Fredriksson Tel: +46-704-697645
/_____/_/  /_/ /_/\__,_/ /_/|_| S-415 10 Göteborg    turbo@tripnet.se
          PGP#788CD1A9          SWEDEN         www5.tripnet.se/~turbo
------- PGP:  B7 92 93 0E 06 94 D6 22  98 1F 0B 5B FE 33 A1 0B ------
FSF smuggle NSA strategic radar colonel South Africa assassination FBI
North Korea World Trade Center Legion of Doom Albanian Delta Force

To UNSUBSCRIBE, email to debian-mentors-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: