|Website Maintenance Via CVS HOW-TO|
|<<< Previous||Server Setup|
Now that the basic setup is complete some user accounts can be added. Users will have very limited access to the system. Specifically they will be able to:
Checkout files from the repository via cvs
Access their personal webpages via windows filesharing
Change their passwords
Other than that they should have no access to the server. This is accomplished in a fairly straightforward way. As an example I will add a new user. His name is Mark Spence and he is working with someone else on developing a page for the Associate Director of the program. This little shell script will add him as a user:
#!/bin/bash BASEDIR=/home/www/files/home REL_PATH=../../../../../usr/bin # Relative path from BASEDIR to programs to be linked in read -p "New Username: " NEW_USER cat /etc/passwd | sed -e "s/:.*//g" | grep $NEW_USER > /dev/null && echo "Username $NEW_USER already present in /etc/passwd" && exit 1 [ -d $BASEDIR/$NEW_USER ] && echo "$BASEDIR/$NEW_USER already exists" && exit 1 read -p "User's Full Name: " FULLNAME read -p "User's NT Id: " NT_ID useradd -g www -G cvsread -d "$BASEDIR/$NEW_USER" -s /bin/rbash -c "$FULLNAME" -M -n $NEW_USER smbadduser "$NEW_USER:$NT_ID" mkdir $BASEDIR/$NEW_USER cd $BASEDIR/$NEW_USER ln -s $REL_PATH/passwd ln -s $REL_PATH/smbpasswd ln -s $REL_PATH/cvs ln -s $REL_PATH/quota ln -s $REL_PATH/du echo "# .bash_profile" > .bash_profile echo "# $FULLNAME ($NEW_USER) added " $(date +"%A, %Y %B %d, %T (%-I:%M:%S %p)") >> .bash_profile echo export PATH=. >> .bash_profile mkdir www chown -R $NEW_USER:www . chmod -R a-w . chattr +i . .bash_profile
You might not have rbash set up on your system. If you don't, just create a symlink to bash named rbash. This is a restricted shell and the user is not allowed to change directories or set the environment variables SHELL, PATH, ENV, or BASH_ENV. Also they can't run commands with a / in them, so setting their path to . and not allowing them to own their home directory fairly effectively limits them to only running the programs symlinked into their home directory (passwd, smbpasswd and cvs).
Because the path is set to . the user cannot be allowed to write to her home directory, else she might put a new shell there and execute it. Also the directory and bash profile are set to immutable because even though they don't have access to the chmod command via a shell they can still change permissions via the windows filesharing. This box is intended only as a webserver and not for any other type of storage. There will be another computer running where they can have user accounts to learn on.
I am also imposing 150mb quotas on everyone which ought to be more than enough for most anything they would like to do.
And the input looks something like:
Disk quotas for user mspence (uid 517): Filesystem blocks soft hard inodes soft hard /dev/hdb4 16 150000 150000 7 0 0
Conveniently enough this information is also available via the windows explorer properties if his home directory is mapped via smb.
This creates a basic account for him. To add a branch in the main webroot for them do:
cvs -d /home/www/files/cvs checkout -l websites/honors.tntech.edu mkdir rita_barnes cvs add rita_barnes/
This directory will not show up on the server immediately because the way that the repository is updated prunes empty directories. In order for this directory to be available for Mark to update it needs to be owned by his group:
groupadd www-rita_barnes usermod -G $(id -G mspence | sed -e "s/ /,/g"),www-rita_barnes mspence chown :www-rita_barnes /home/www/files/cvs/websites/honors.tntech.edu/rita_barnes
Once I get a password to Mark Spence he should now be able to log in via ssh and make changes to that part of the repository. A simple session either from another Linux box or from cygwin might look like:
export CVS_RSH=ssh cvs -d ":ext:firstname.lastname@example.org:/home/www/files/cvs/" checkout websites/honors.tntech.edu/rita_barnes cd websites/honors.tntech.edu/rita_barnes/ echo "hi" > test.txt cvs add test.txt cvs commit -m "Testing adding a file" test.txt lynx http://www.honors.tntech.edu/rita_barnes/test.txt
This same basic process is available from any platform that has a cvs client and a ssh client.