On 1/2/06, Collins Richey <crichey at gmail.com> wrote:
> FYI,
>
> I have completed the following:
Sweet!
> 1. add_member script to create a new user with home directory in /tux2
> and a shell to permit sftp only. The new id is setup with a
> public_html with an initial index.html. A .forward file is created
> with the email address. The account has no password and is not usable
> until a public key is added.
>
> 2. Member data is captured in a permanent CSV file with
>
> <fname>,<initial>,<lname>,<userid>,<email>
Can you document on our wiki the file location. Who is able to run the
script? (hopefully only root, but admins should be able to run it via
'sudo').
> 3. I've verified that I can transmit a public key to the new user and
> use sftp to access the account.
Are we still planning on you being the public key admin for the users? This
was the plan the last time we talked about it. If so, will a user just email
your key?
Should we publish those keys in a CLUE key server (mythical phase 2) - just
wondering... but it would make it easy to allow secure communications between
members.
> A few details remain to be worked out:
>
> 1. What needs to be done to enable the user to have mail forwarded
> using a clue email address? I don't have a clue about that.
I've never used the .forward file, but postfix *should* read .forward file (or
the postfix equivalent) and forward it on. Your script should set their
forwarding email address.
I think the advantage is that the user can [re]set their forwarding address.
If we are not going to allow users to change their forwarding address without
telling us, then, we need to:
1. change a file /etc/postfix/aliases (I need to confirm this location on CLUE
server) by adding their userid and forwarded email address in this format:
userid: me at example.com
2. run the 'postalias' command to refresh the binary alias map file
(regenerates aliases.db from aliases).
You can see that the 'alias' method requires an admin (or a script or web
page) that allows the users to change their forwarding address in the alias
file w/o having root access.
> 2. To enable use of the webpage, httpd.conf will need to be updated
> with an additional direcotyr set, ie
>
> <Directory /tux2/*/public_html>
> ...
> </Directory>
Is this a one-time change or per-user? It looks one-time and so either Jed or
I can change it and restart the web server.
> 3. What else have I missed?
1. Lynn D. wanted to automatically add new users to the 'clue-members' email
list. I'll dig up the mailman command for this and send it to you, but it is
definitely scriptable. The intent was to notify people of members-only type
events (like a summer BBQ).
2. We should talk about the current list of members. Some have paid
recently, others paid 2 years ago. I was saying all along that we would
'grandfather' current members since Lynn never implemented the script that
you just worked out. But, some people who paid may not be around anymore.
I'm not sure what to do about those folks who are MIA and how long do we stop
the grandfather and ask current members to repay?
Or should we keep things simple and say: here's our 2006 membership drive -
everyone has to sign up again. I'm liking this idea as I type it. What do
you guys think?
3. Should we offer jabber access to members only? It's another 'benefit' of
membership - something we were always needing. I'll check on the user admin
for jabber and let you know how we should set up accounts.
4. With the new membership drive, we'll have to check people in at the
meeting for door prize tickets (something Lynn used to do). You and I can
work out the logistics for the Feb meeting - I have the tickets.
5. Do we have a members page on the web site? If not, we should explain the
benefits, how to get a membership, upload public key, how to set email
forward, setup jabber, etc.
> 4. Do we want to setup such accounts for officers and admin users as
> well? The script allows for overriding the generated userid, if we
> choose to do that.
Yes we should and a lot of us already have accounts.
> 5. I will modify the script to transmit a request for the public key,
> etc., once all the other details are worked out.
>
> If you want to look at the results, checkout user 'junk'. It was setup
> via the new procedure.
>
> Assuming that we can resolved the additional details, do you want to
> announce this at the upcoming meeting and start collecting new
> subscriptions? I will prepare signup sheets to be filled out by the
> new members.
Yep and see #2 and #4 above (my responses).
> Additional thoughts after rereading the wiki entry:
>
> 1. We were promissing name tags and id cards. IANAP (I am not a
> printer). If that is still desired, we need another volunteer who has
> the necessary printing skills.
Doug Corwine and Lynn Danielson were the printing gurus. I'll check with them
on what they were doing. Maybe I can print - just got a new color printer
from Santa. The idea was that a member would have his card at the meeting
and we would give him a name tag for the meeting (so we can learn everyone's
name). At the end of the meeting, we would collect name tags for next time.
So, members keep their membership card, we keep name tags.
> 2. I've never worked with, nor do I understand, disk quotas. Someone
> needs to implement that.
A quota is a kernel level restriction that restricts a user to a certain
amount of filesystem use. In our case, I think it's 20 MB per member.
If all of the members are in the same group (say 'members' then we can assign
a quota to the group, which is simpler. There are two one-time setup steps:
1. We need to check the /etc/fstab to make sure that /tux2 partition is
mounted with the quota option.
2. Use the 'edquota' command to set a group-level quota:
http://www.tldp.org/HOWTO/Quota-4.html#ss4.2
This can be automated with your script.
Then for each new user (from your script), run the 'quota' command to enable
their group-level quota.
> 3. The /tux2 partition currently has 2.2G free space. Will that be enough?
Maybe not, but we initially estimated 20 MB per user with up to 100 users. We
can always buy another huge drive for $100.
Collins - I appreciate you working on this task! It will be most excellent
for you to announce it at the Jan meetings.
Jeff
_______________________________________________
CLUE-admin mailing list
CLUE-admin at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-admin