[Adduser-devel] Rewriting adduser

Brian M. Carlson sandals at crustytoothpaste.ath.cx
Sun Jul 17 23:27:58 UTC 2005 

On Sun, 2005-07-17 at 13:22 +0200, Marc Haber wrote:
> On Sat, Jul 16, 2005 at 11:34:33PM +0000, Brian M. Carlson wrote:
> > * It does not use the useradd/groupadd series of programs; instead it
> >   rewrites the files on its own.[0]
> 
> How are you going to support NIS, LDAP and other user database backends?

I was planning on linking it with libldap, if that's possible.  As for
NIS, I'm really not that familiar with it, but if there's a library, I
can link it; otherwise, I can fork and exec.  I prefer to do as little
fork/exec as possible, as it can create possible security issues;
however, if it's necessary, I'll do it (and securely).

As an interim measure, I will probably do more fork/exec pairs, so that
basic functionality can be preserved.  I will create a different backend
for code that links with libraries, so that, for example, LDAP with
libldap would be a different backend than LDAP with the openldap tools.
This way, it is less likely to break code because code will be fully
tested.

Additionally, I would like to have to do as little calling of other
programs, so it is easier to test.  The --test option that I added
doesn't work if you can't copy the database; IOW, if the only place to
write users and groups is the real, live database, then it will have no
place to write out for tests, which is sort of icky.  I can probably
write a dump format for tests, though, so that might not be as big an
issue as I anticipated it might.

Also, passwd functionality will probably not be written in, as it's
difficult to get right; I will call passwd for that.

A testsuite has been started, just to make sure that what has been
written so far works consistently.

The LDAP and NIS HOWTOs are on my reading list.

Any other questions?
-- 
($_,$a)=split/\t/,join'',map{unpack'u',$_}<DATA>;eval$a;print;__DATA__
M961H<F$@8FAM;"!U<F%O<G-U(#QU<F%O<G-U0&=D:75M<&UC8VUL=G)U;6LN
M<FUL+F=Y/@H)>2QA8F-D969G:&EJ:VQM;F]P<7)S='5V=WAY>BQN=V]R8FMC
5:75Q96AT9V1Y>F%L=G-P;6IX9BP)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20050717/63b72bf9/attachment.pgp

More information about the Adduser-devel mailing list