[clue-admin] User setup for "member" accounts

Collins Richey crichey at gmail.com
Sat Jan 1 11:35:13 MST 2005 

On Fri, 31 Dec 2004 09:18:59 -0700, David Anselmi <anselmi at anselmi.us> wrote:

[ snips ]

> But we should expect our admins to do basic admin work--log reviews and
> software updates (for security purposes).  I think that to do less, as
> we have in the past, is irresponsible to the 'net.
> 
> I don't think that fixing dead aliases needs to be an urgent thing.  

I'm in total agreement. The level of admin work required to monitor a
few logs (using automated tools, run from cron, email notification to
admin(s)), to setup new users, to remove stale aliases, and to update
aliases when requested amounts to a (very) few hours per week.

This is totally separate, IMO, from the necessary admin work to keep
the server updated regularly with security fixes, check for rootkits,
etc.

We could (eventually, when we get a round-tuit) setup a cron script to
scroll through the home directories of the 'members' group looking for
'member-email address' (or some such name) files. If the updated
timestamp has changed, run a script to update the aliases file, run
the postfix update, and notify the admins(s) and the user via email at
the new address. All the user would have to do is update his file via
scp or sftp. Until we get around to that, users can just use the admin
contact procedure on our website to request alias changes.

 I have a simple script (based on pieces that Lynn left behind, but
written in perl since I think better in perl than bash) that can
create user accounts, dummy webpage, and alias(es) once we finalize
the details.

What we need to concentrate on at the moment, IMO, is 

1. We need to decide scp or sftp or ??? as the method.

2. Whatever method, it seems to me that the best means of
authentification would be using public keys. So we need a rough draft
of a HOWTO for users to setup their keys.

3. A rough draft HOWTO for users to update their websites using the
selected method. I'm familiar with scp, for example, but I've never
used sftp.

4. If the users do not have login accounts, do we have any other
worries about malicious users uploading some sort of malware to their
website area?

I would like to be involved in this process, and I can play recording
secretary and publish the results, but I would prefer to have some
basic input from those of you who are more familiar with the tools
involved.

Thanks,

-- 
 Collins

More information about the clue-admin mailing list