|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: complexity estimate
From: Horst von Brand (vonbrand
sleipnir.valparaiso.cl)Date: Sat May 13 2000 - 20:33:16 CDT
- Next message: Jim Dennis: "08 mis-parsed as octal?"
- Previous message: Larry Snyder: "Re: complexity estimate"
- Maybe reply: Horst von Brand: "Re: complexity estimate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Antonomasia <antnotatla.demon.co.uk> said:
> I've been asked to write a program to the following description:
> to be run by non-root admin users
> it adds user accounts to the box
> the username is selected by the person running the program
> the new UIDs are in a given range
> the above two values are checked for uniqueness before processing
> the new GID is fixed
> the home directory is made according to a set pattern
>
> there will be a separate program for setting the passwords
> it is only for one version of Unix
> no NIS is involved
> it should not delete accounts
>
> Gaps in the spec are to be filled from the imagination of the programmer;
> in fact the 3 last non-features mentioned above only became explicit
> when I asked.
>
> I'd like to collect a few answers from the experts off list and
> I'll summarise probably next week.
>
> 1) On a scale of
> trivial, easy, straightforward, challenging,
> mindbending or forget it
> how do you rate this task?
Easy.
> 2) Would you consider a (bourne or korn) shell script in a suid C wrapper?
I'd do it in Perl, myself (there you can get at the account data easily, do
random system calls, and string manipulation is ridiculously easy). But
plain C shouldn't be _too_ hard. I don't think a shell is up to the task,
but I might be surprised. Are the data supposed to be given interactively
or on the command line? Perhaps GUI? How about the password for the
account? Answers to the above can make a _big_ difference in development
time...
> 3) How many lines of C would you expect to use ?
>
> 4) How long for 1 programmer to do the whole lot fit to deliver ?
In Perl, I did something similar (no checking of the caller, though. For
that, you could reuse f.ex. sudo) in something like a page of code, in a
couple of hours. It read in a file with full names in fixed fields plus
random other data and gave a file with collisions in the generated logins
(a few each time, better handled by hand), a shell script to run that
created the accounts' homes and placed the dotfiles there, a file to be
pasted into /etc/passwd, and a file with account names, full names and
(generated) passwords (I was wary of editing /etc/passwd directly, and
didn't want to go and create accounts withount somebody checking first).
> Needless to say I have views on Q1 and Q2 and should soon have definite
> answers for the others. I also have my (skilled, technical) supervisor's
> view of Q1 and Q2 and it would be interesting to see where we fit with
> list members on these estimates.
Parting shot: Try to reuse what you have. Use an all-purpose wrapper (like
sudo) for checking, see if your system has an adduser or similar script.
With that, your chore could be reduced to a 5-line script plus wrapper
setup. And it is probably more secure that whatever you might come up with
firsthand. Moreover, it'll benefit from bug fixes in the wrapper and the
usermanagement utility over time, without your intervention. Best of
possible outcomes ;-)
-- Horst von Brand vonbrand
- Next message: Jim Dennis: "08 mis-parsed as octal?"
- Previous message: Larry Snyder: "Re: complexity estimate"
- Maybe reply: Horst von Brand: "Re: complexity estimate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]