[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/server/source savannahusers.html
From: |
Karl Berry |
Subject: |
www/server/source savannahusers.html |
Date: |
Fri, 16 Sep 2011 23:03:55 +0000 |
CVSROOT: /web/www
Module name: www
Changes by: Karl Berry <karl> 11/09/16 23:03:55
Removed files:
server/source : savannahusers.html
Log message:
bears no relationship to current reality
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/server/source/savannahusers.html?cvsroot=www&r1=1.8&r2=0
Patches:
Index: savannahusers.html
===================================================================
RCS file: savannahusers.html
diff -N savannahusers.html
--- savannahusers.html 8 Mar 2008 15:26:03 -0000 1.8
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,430 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML><head><TITLE>Manpage of SAVANNAHUSERS</TITLE>
- <meta http-equiv="Content-Type" content=
- "text/html; charset=utf-8">
-<STYLE TYPE="text/css">
-DIV.section {margin-left:2cm}
-</STYLE>
-</head><BODY bgcolor="#ffffff">
-<H1>SAVANNAHUSERS</H1>
-Section: User Contributed Perl Documentation (1)<BR>Updated: perl v5.6.1<BR><A
HREF="#index">Index</A>
-<BR><A HREF="http:/cgi-bin/man2html">Return to Main Contents</A>
-<HR>
-
-<A NAME="lbAB"> </A>
-<H2>NAME</H2>
-
-savannahusers - manage shell accounts with savannah.gnu.org
-<A NAME="lbAC"> </A>
-<H2>SYNOPSIS</H2>
-
-<A NAME="ixAAC"></A>
-
-
-<PRE>
- savannahusers [--help] [--verbose] [--fake]
- [--firstuid=<number>] [--lastuid=<number>]
- [--reuse] [--user=<login>]
- [--allow-conflicts] [--www] [--ssh=<prog>] --file
<file.xml>
-
-
-</PRE>
-
-
-<A NAME="lbAD"> </A>
-<H2>DESCRIPTION</H2>
-
-<A NAME="ixAAD"></A>
-It is convenient to use Savannah (savannah.gnu.org) to manage accounts
-on a machine that is completly unrelated to Savannah itself. For
-instance, the project <A
HREF="http://savannah.gnu.org/projects/fsffr/">http://savannah.gnu.org/projects/fsffr/</A>
lists
-all the users who should have a shell account on the
-france.fsfeurope.org machine.
-<P>
-
-A cron job on the target machine (france.fsfeurope.org in this case)
-can fetch the list of users from Savannah and update the password
-files accordingly. Adding a user to the machine can then simply be
-done by adding the user as a developer of the project.
-<P>
-
-By default savannahusers only use a limited range of uid (61000 to
-62000) to avoid interferences with existing users.
-<A NAME="lbAE"> </A>
-<H2>PRELIMINARY STEPS</H2>
-
-<A NAME="ixAAE"></A>
-You should do the following before using the savannahusers on the
-xxx.gnu.org machine.
-
-<BR>
-
-
-
-
-<DL COMPACT>
-<DT>create a Savannah project<DD>
-
-<A NAME="ixAAF"></A>
-You should first login savannah.gnu.org, register a new project named
-gnuxxx. The only thing required is to explain the following in the
-project description:
-
-
-<P>
-
-
-
-
-<PRE>
- Manage accounts on xxx.gnu.org. Each member of the
- project has an ssh account and can login with her
- ssh protocol 1 public key. Automated.
-
-
-</PRE>
-
-
-
-<BR>
-
-
-
-
-<DT>create a saccount user<DD>
-
-<A NAME="ixAAG"></A>
-The saccount user is needed in order to avoid using the environment
-of the root user since it's potentialy hazardous for security.
-
-
-<P>
-
-
-
-
-<PRE>
- useradd -m -p '*' -c 'Savannah Account Creation' -d /home/saccount saccount
-
-
-</PRE>
-
-
-
-<BR>
-
-
-
-
-<DT>add saccount to sudoers<DD>
-
-<A NAME="ixAAH"></A>
-The only action this user needs to do with root permissions is to
-run the savannahuser script. This can be done by adding a line
-in the sudoer file.
-
-
-<P>
-
-
-
-
-<PRE>
- saccount ALL=(root) NOPASSWD: /usr/bin/savannahusers
-
-
-</PRE>
-
-
-
-<BR>
-
-
-
-
-<DT>send saccount ssh public of xxx.gnu.org<DD>
-
-<A NAME="ixAAI"></A>
-The ssh public key of root on xxx.gnu.org will needed to be registered
-in the authorized_keys file of the xmlbase user on savannah.gnu.org.
-
-
-<P>
-
-
-
-
-<PRE>
- ssh-keygen or ssh-keygen1
-
-
-</PRE>
-
-
-Do <TT>"not"</TT> set the passphrase. Only type return when asked
for one.
-
-
-<P>
-
-
-Send it to <A HREF="mailto:address@hidden">address@hidden</A>, saying that
it's for the project
-gnuxxx. Once it is added, you should be able to run:
-
-
-<P>
-
-
-
-
-<PRE>
- rsync --rsh=ssh <A HREF="mailto:address@hidden">address@hidden</A>: .
-
-
-</PRE>
-
-
-as saccount. This will download a file with account information for the
-xxx.gnu.org machine, extracted from the member list of the
-<A
HREF="http://savannah.gnu.org/projects/gnuxxx/">http://savannah.gnu.org/projects/gnuxxx/</A>
project.
-</DL>
-<P>
-
-Once these steps are complete, you should be able to install and run
-savannahusers properly. Before actually doing something, run it a few
-times using --fake to make sure it does what you expect. When you're
-satisfied install the cron job and forget about it.
-<A NAME="lbAF"> </A>
-<H2>OPTIONS</H2>
-
-<A NAME="ixAAJ"></A>
-
-<BR>
-
-
-
-
-<DL COMPACT>
-<DT>--www<DD>
-
-<A NAME="ixAAK"></A>
-All user have access to www account. This account must already exists.
-The ssh public keys of all the users known by savannahusers are inserted
-in the authorized_key files of this account. All users will be able to
-login as user www.
-
-<BR>
-
-
-
-
-<DT>--user=<login><DD>
-
-<A NAME="ixAAL"></A>
-Run rsync as <login> user instead of root. The ssh protocol 1 key
-of the <login> user will be used and should be known to Savannah.
-
-<BR>
-
-
-
-
-<DT>--reuse<DD>
-
-<A NAME="ixAAM"></A>
-Instead of fetching the account descriptions file with rsync, reuse
-the file (see --file) that is in the temporary directory on the target
-machine. When the program terminates the file is not deleted.
-
-<BR>
-
-
-
-
-<DT>--file=<file.xml><DD>
-
-<A NAME="ixAAN"></A>
-The <FONT SIZE="-1">XML</FONT> account information filename. This is the
filename created
-by the rsync --rsh=ssh address@hidden: . command. The name
-of the file is not decided by the target machine. When the program
-terminates the file is deleted. It is placed in the temporary
-directory.
-
-<BR>
-
-
-
-
-<DT>--ssh=<prog> (default ssh)<DD>
-
-<A NAME="ixAAO"></A>
-The name of the ssh program to use. For instance --ssh=ssh1.
-
-<BR>
-
-
-
-
-<DT>--allow-conflicts<DD>
-
-<A NAME="ixAAP"></A>
-Only send a warning if a login name conflict occurs. A name conflict
-occurs when a login name is already in use with a uid outside the
-range of uid managed by savannah users. The savannahusers script
-assumes that this user was created independantly by someone with root
-access on the target machine. As a consequence, savannahusers will
-refuse to create it (or update it) even if the same login name was
-registered in the Savannah project. The default behaviour is to abort,
-with the --allow-conflicts a warning is sent, and the login name is ignored
-by savannahusers.
-
-<BR>
-
-
-
-
-<DT>--firstuid=<number> (default 61000)<DD>
-
-<A NAME="ixAAQ"></A>
-The low bound of the uid range managed by savannahusers.
-
-<BR>
-
-
-
-
-<DT>--lastuid=<number> (default 62000)<DD>
-
-<A NAME="ixAAR"></A>
-The high bound of the uid range managed by savannahusers.
-
-<BR>
-
-
-
-
-<DT>--fake<DD>
-
-<A NAME="ixAAS"></A>
-print actions and do nothing
-
-<BR>
-
-
-
-
-<DT>--help<DD>
-
-<A NAME="ixAAT"></A>
-print a short usage message.
-
-<BR>
-
-
-
-
-<DT>--verbose<DD>
-
-<A NAME="ixAAU"></A>
-print debugging messages on the stderr file descriptor.
-</DL>
-<A NAME="lbAG"> </A>
-<H2>CRON</H2>
-
-<A NAME="ixAAV"></A>
-Here is a sample cron job that can be stored in the file
-/etc/cron.d/savannahusers:
-<P>
-
-
-
-<PRE>
- MAILTO=<A HREF="mailto:address@hidden">address@hidden</A>
- #
- # Update accounts from Savannah project fsffr
- # <A
HREF="http://savannah.gnu.org/projects/fsffr/">http://savannah.gnu.org/projects/fsffr/</A>
- # <A
HREF="http://savannah.gnu.org/savannah.html#Account%20Management">http://savannah.gnu.org/savannah.html#Account%20Management</A>
- #
- 37 20 * * * saccount ( date ; sudo /usr/bin/savannahusers \
- --file accounts-fsffr.xml --user saccount --www \
- ) >> /var/log/savannahusers.log 2>&1 < /dev/null
-
-
-</PRE>
-
-
-Before installing this cron job you should create the savannahusers.log
-file and make sure it is owned by the saccount user.
-<P>
-
-
-
-<PRE>
- touch /var/log/savannahusers.log
- chown saccount /var/log/savannahusers.log
-
-
-</PRE>
-
-
-<A NAME="lbAH"> </A>
-<H2>LOGROTATE</H2>
-
-<A NAME="ixAAW"></A>
-Here is a sample logrotate specification that can be stored in
-the file /etc/logrotate.d/savannahusers:
-<P>
-
-
-
-<PRE>
- /var/log/savannahusers.log {
- rotate 30
- weekly
- compress
- copytruncate
- missingok
- }
-
-
-</PRE>
-
-
-<A NAME="lbAI"> </A>
-<H2>BUGS</H2>
-
-<A NAME="ixAAX"></A>
-Accented names are output in <FONT SIZE="-1">UTF-8</FONT>. getpwent just
discard them. Should
-either be unaccented using Text-Unaccent.
-<A NAME="lbAJ"> </A>
-<H2>AUTHOR</H2>
-
-<A NAME="ixAAY"></A>
-Loic Dachary (<A HREF="mailto:address@hidden">address@hidden</A>)
-<A NAME="lbAK"> </A>
-<H2>SEE ALSO</H2>
-
-<A NAME="ixAAZ"></A>
-<I><A HREF="http:/cgi-bin/man2html?useradd+1">useradd</A></I>(1).
-
-<HR>
-<A NAME="index"> </A><H2>Index</H2>
-<DL>
-<DT><A HREF="#lbAB">NAME</A><DD>
-<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
-<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
-<DT><A HREF="#lbAE">PRELIMINARY STEPS</A><DD>
-<DT><A HREF="#lbAF">OPTIONS</A><DD>
-<DT><A HREF="#lbAG">CRON</A><DD>
-<DT><A HREF="#lbAH">LOGROTATE</A><DD>
-<DT><A HREF="#lbAI">BUGS</A><DD>
-<DT><A HREF="#lbAJ">AUTHOR</A><DD>
-<DT><A HREF="#lbAK">SEE ALSO</A><DD>
-</DL>
-<HR>
-This document was created by
-<A HREF="http:/cgi-bin/man2html">man2html</A>,
-using the manual pages.<BR>
-Updated: $Date: 2008/03/08 15:26:03 $
-<HR>
-</BODY>
-</HTML>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- www/server/source savannahusers.html,
Karl Berry <=