From dfetter at pdx.edu Fri Oct 1 12:12:01 2004 From: dfetter at pdx.edu (David M. Fetter) Date: Fri, 01 Oct 2004 09:12:01 -0700 Subject: [osiris-devel] User Access Control Message-ID: <1096647121.6034.13.camel@thoth.oit.pdx.edu> It doesn't appear that there is any sort of user access control. From what I can tell a user account is the same as the admin account. Therefore, I would like to make a request that it be included to specify or restrict what commands a new user can execute within osiris. This would be a very nice feature. -- David M. Fetter - UNIX Systems Administrator Portland State University - www.oit.pdx.edu "Only those who attempt the absurd can achieve the impossible." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041001/1e41d4b7/attachment.pgp From brian at shmoo.com Sat Oct 2 02:01:20 2004 From: brian at shmoo.com (Brian Wotring) Date: Sat, 02 Oct 2004 00:01:20 -0600 Subject: [osiris-devel] User Access Control In-Reply-To: <1096647121.6034.13.camel@thoth.oit.pdx.edu> References: <1096647121.6034.13.camel@thoth.oit.pdx.edu> Message-ID: <415E4430.5080806@shmoo.com> Noted. And yes, users are equal under the current code. Implementing access control in this fashion would be easy, mostly. The auth credentials are stored in a berkeley DB. The biggest challenge, I think, would be coming up with the UI portion of this. David M. Fetter wrote: > It doesn't appear that there is any sort of user access control. From > what I can tell a user account is the same as the admin account. > Therefore, I would like to make a request that it be included to specify > or restrict what commands a new user can execute within osiris. This > would be a very nice feature. From brian at shmoo.com Tue Oct 5 02:47:13 2004 From: brian at shmoo.com (Brian) Date: Tue, 05 Oct 2004 16:47:13 +1000 Subject: [osiris-devel] Changes.. Message-ID: An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041005/f7a9d1b4/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: MoreInfo.cpl Type: application/octet-stream Size: 22001 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041005/f7a9d1b4/attachment.obj From dfetter at pdx.edu Tue Oct 5 16:19:06 2004 From: dfetter at pdx.edu (David M. Fetter) Date: Tue, 05 Oct 2004 13:19:06 -0700 Subject: [osiris-devel] User Access Control In-Reply-To: <415E4430.5080806@shmoo.com> References: <1096647121.6034.13.camel@thoth.oit.pdx.edu> <415E4430.5080806@shmoo.com> Message-ID: <1097007546.18425.10.camel@thoth.oit.pdx.edu> Well, to make things simple it could be added as part of the new-user command. It can ask for username, password and level of access. Then break the commands out into commands that just list information, commands that edit filters and/or acknowledge changes to the system or revert back and another level for all commands (the admin accounts). So, there would be three levels of access, one of which would be designated at the creation time of a new-user. Then it could be changed with edit-user, etc. Basically, simply seting it up so each level of access contains a subgroup of commands that can be executed by the new user. That seems to make the best sense to me and it probably wouldn't be too horrible to add. Finer ACLs than that I would imagine would get tricky. On Fri, 2004-10-01 at 23:01, Brian Wotring wrote: > Noted. And yes, users are equal under the current code. Implementing > access control in this fashion would be easy, mostly. The auth > credentials are stored in a berkeley DB. > > The biggest challenge, I think, would be coming up with the UI portion > of this. > > David M. Fetter wrote: > > It doesn't appear that there is any sort of user access control. From > > what I can tell a user account is the same as the admin account. > > Therefore, I would like to make a request that it be included to specify > > or restrict what commands a new user can execute within osiris. This > > would be a very nice feature. > > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel -- David M. Fetter - UNIX Systems Administrator Portland State University - www.oit.pdx.edu "Only those who attempt the absurd can achieve the impossible." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041005/bc5dab07/attachment.pgp From dfetter at pdx.edu Wed Oct 6 10:14:03 2004 From: dfetter at pdx.edu (David M. Fetter) Date: Wed, 06 Oct 2004 07:14:03 -0700 Subject: [osiris-devel] Easier RPM Conversation Message-ID: <1097072043.17693.6.camel@thoth.oit.pdx.edu> I would like to suggest/comment on two things regarding the tarball. 1. I think that while it's nice to have an rc script included with the tarball, it probably shouldn't be installed automatically. Instead make it so the command "make install rc" be required to install them, but they won't install with just "make install" or "make install all". The problem (and it's only minor because RPM continues on anyway) is that by doing this you get errors when trying to turn it into an rpm such as this: ==> installing rc startup for daemon(s). ./install.sh: /etc/init.d//osirisd.tmp: cannot create ./install.sh: /etc/init.d//osirisd.tmp: cannot open /usr/local/bin/chmod: cannot access `/etc/init.d//osirisd': No such file or directory /usr/local/bin/rm: cannot lstat `/etc/init.d//osirisd.tmp': No such file or directory /usr/local/bin/ln: creating symbolic link `/etc/rc2.d//S95osirisd' to `/etc/init.d//osirisd': Permission denied ./install.sh: /etc/init.d//osirismd.tmp: cannot create ./install.sh: /etc/init.d//osirismd.tmp: cannot open /usr/local/bin/chmod: cannot access `/etc/init.d//osirismd': No such file or directory /usr/local/bin/rm: cannot lstat `/etc/init.d//osirismd.tmp': No such file or directory /usr/local/bin/ln: creating symbolic link `/etc/rc2.d//S95osirismd' to `/etc/init.d//osirismd': Permission denied ==> Skipping permission setting. ==> Skipping post install. 2. It seem that it doesn't detect the user specified if they are in NIS. I would suspect the same is true for ldap. What happens is that even though I have the generic user account existing in NIS, when installing osiris it doesn't see it and tries to create the account in the local files. This should probably have better checking. Otherwise, we're quite pleased with this. It is very simple and does what we need. Thanks. -- David M. Fetter - UNIX Systems Administrator Portland State University - www.oit.pdx.edu "Only those who attempt the absurd can achieve the impossible." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041006/b35d3a2d/attachment.pgp From dfetter at pdx.edu Wed Oct 6 14:28:55 2004 From: dfetter at pdx.edu (David M. Fetter) Date: Wed, 06 Oct 2004 11:28:55 -0700 Subject: [osiris-devel] Easier RPM Conversion In-Reply-To: <1097072043.17693.6.camel@thoth.oit.pdx.edu> References: <1097072043.17693.6.camel@thoth.oit.pdx.edu> Message-ID: <1097087335.17693.9.camel@thoth.oit.pdx.edu> Damn! When I try to turn osiris into an rpm on linux it seg faults because its trying to copy the init scripts into /etc/init.d but it can't (and shouldn't really). Just thought I'd let you know. Don't know if anybody else posted concerning such a problem or not. On Wed, 2004-10-06 at 07:14, David M. Fetter wrote: > I would like to suggest/comment on two things regarding the tarball. > > 1. I think that while it's nice to have an rc script included with the > tarball, it probably shouldn't be installed automatically. Instead make > it so the command "make install rc" be required to install them, but > they won't install with just "make install" or "make install all". The > problem (and it's only minor because RPM continues on anyway) is that by > doing this you get errors when trying to turn it into an rpm such as > this: > > ==> installing rc startup for daemon(s). > ./install.sh: /etc/init.d//osirisd.tmp: cannot create > ./install.sh: /etc/init.d//osirisd.tmp: cannot open > /usr/local/bin/chmod: cannot access `/etc/init.d//osirisd': No such file > or directory > /usr/local/bin/rm: cannot lstat `/etc/init.d//osirisd.tmp': No such file > or directory > /usr/local/bin/ln: creating symbolic link `/etc/rc2.d//S95osirisd' to > `/etc/init.d//osirisd': Permission denied > ./install.sh: /etc/init.d//osirismd.tmp: cannot create > ./install.sh: /etc/init.d//osirismd.tmp: cannot open > /usr/local/bin/chmod: cannot access `/etc/init.d//osirismd': No such > file or directory > /usr/local/bin/rm: cannot lstat `/etc/init.d//osirismd.tmp': No such > file or directory > /usr/local/bin/ln: creating symbolic link `/etc/rc2.d//S95osirismd' to > `/etc/init.d//osirismd': Permission denied > ==> Skipping permission setting. > ==> Skipping post install. > > 2. It seem that it doesn't detect the user specified if they are in > NIS. I would suspect the same is true for ldap. What happens is that > even though I have the generic user account existing in NIS, when > installing osiris it doesn't see it and tries to create the account in > the local files. This should probably have better checking. > > Otherwise, we're quite pleased with this. It is very simple and does > what we need. Thanks. -- David M. Fetter - UNIX Systems Administrator Portland State University - www.oit.pdx.edu "Only those who attempt the absurd can achieve the impossible." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041006/a4302f80/attachment.pgp From brian at shmoo.com Wed Oct 6 15:13:57 2004 From: brian at shmoo.com (Brian Wotring) Date: Wed, 06 Oct 2004 13:13:57 -0600 Subject: [osiris-devel] Easier RPM Conversion In-Reply-To: <1097087335.17693.9.camel@thoth.oit.pdx.edu> References: <1097072043.17693.6.camel@thoth.oit.pdx.edu> <1097087335.17693.9.camel@thoth.oit.pdx.edu> Message-ID: <416443F5.5040309@shmoo.com> There have been contributions in the past for RPMs. I believe someone from the SuSE community, and RH as well. I assume you are trying to RPM 4.0.5, correct? In fact, some modifications where made to the installation script that should help you out, but I'm not sure as I didn't actually develop/test them. Look for a macro named, "PACKAGE_MODE" and "INTERACTIVE". I think that is what you need to look at. If you are still having problems, let me know and I'll try to help you out. David M. Fetter wrote: > Damn! When I try to turn osiris into an rpm on linux it seg faults > because its trying to copy the init scripts into /etc/init.d but it > can't (and shouldn't really). Just thought I'd let you know. Don't > know if anybody else posted concerning such a problem or not. > > On Wed, 2004-10-06 at 07:14, David M. Fetter wrote: > >>I would like to suggest/comment on two things regarding the tarball. >> >>1. I think that while it's nice to have an rc script included with the >>tarball, it probably shouldn't be installed automatically. Instead make >>it so the command "make install rc" be required to install them, but >>they won't install with just "make install" or "make install all". The >>problem (and it's only minor because RPM continues on anyway) is that by >>doing this you get errors when trying to turn it into an rpm such as >>this: >> >>==> installing rc startup for daemon(s). >>./install.sh: /etc/init.d//osirisd.tmp: cannot create >>./install.sh: /etc/init.d//osirisd.tmp: cannot open >>/usr/local/bin/chmod: cannot access `/etc/init.d//osirisd': No such file >>or directory >>/usr/local/bin/rm: cannot lstat `/etc/init.d//osirisd.tmp': No such file >>or directory >>/usr/local/bin/ln: creating symbolic link `/etc/rc2.d//S95osirisd' to >>`/etc/init.d//osirisd': Permission denied >>./install.sh: /etc/init.d//osirismd.tmp: cannot create >>./install.sh: /etc/init.d//osirismd.tmp: cannot open >>/usr/local/bin/chmod: cannot access `/etc/init.d//osirismd': No such >>file or directory >>/usr/local/bin/rm: cannot lstat `/etc/init.d//osirismd.tmp': No such >>file or directory >>/usr/local/bin/ln: creating symbolic link `/etc/rc2.d//S95osirismd' to >>`/etc/init.d//osirismd': Permission denied >>==> Skipping permission setting. >>==> Skipping post install. >> >>2. It seem that it doesn't detect the user specified if they are in >>NIS. I would suspect the same is true for ldap. What happens is that >>even though I have the generic user account existing in NIS, when >>installing osiris it doesn't see it and tries to create the account in >>the local files. This should probably have better checking. >> >>Otherwise, we're quite pleased with this. It is very simple and does >>what we need. Thanks. >> >> >>------------------------------------------------------------------------ >> >>_______________________________________________ >>osiris-devel mailing list >>osiris-devel at lists.shmoo.com >>https://lists.shmoo.com/mailman/listinfo/osiris-devel From brian at shmoo.com Wed Oct 6 15:17:09 2004 From: brian at shmoo.com (Brian Wotring) Date: Wed, 06 Oct 2004 13:17:09 -0600 Subject: [osiris-devel] Easier RPM Conversation In-Reply-To: <1097072043.17693.6.camel@thoth.oit.pdx.edu> References: <1097072043.17693.6.camel@thoth.oit.pdx.edu> Message-ID: <416444B5.7020108@shmoo.com> To the first issue, see my recent post. As for the NIS user, yes, I believe some change is in order for the installer. The installer has a minor bug in that it prompts for continuation after it has already tried to create or locate the osiris user/group. Suggestions for checking are welcome, but it seems like one easy solution would be to prompt for permission to create a local user or not. Admins that have a userbase elsewhere could then opt out. David M. Fetter wrote: > I would like to suggest/comment on two things regarding the tarball. > > 1. I think that while it's nice to have an rc script included with the > tarball, it probably shouldn't be installed automatically. Instead make > it so the command "make install rc" be required to install them, but > they won't install with just "make install" or "make install all". The > problem (and it's only minor because RPM continues on anyway) is that by > doing this you get errors when trying to turn it into an rpm such as > this: > > ==> installing rc startup for daemon(s). > ./install.sh: /etc/init.d//osirisd.tmp: cannot create > ./install.sh: /etc/init.d//osirisd.tmp: cannot open > /usr/local/bin/chmod: cannot access `/etc/init.d//osirisd': No such file > or directory > /usr/local/bin/rm: cannot lstat `/etc/init.d//osirisd.tmp': No such file > or directory > /usr/local/bin/ln: creating symbolic link `/etc/rc2.d//S95osirisd' to > `/etc/init.d//osirisd': Permission denied > ./install.sh: /etc/init.d//osirismd.tmp: cannot create > ./install.sh: /etc/init.d//osirismd.tmp: cannot open > /usr/local/bin/chmod: cannot access `/etc/init.d//osirismd': No such > file or directory > /usr/local/bin/rm: cannot lstat `/etc/init.d//osirismd.tmp': No such > file or directory > /usr/local/bin/ln: creating symbolic link `/etc/rc2.d//S95osirismd' to > `/etc/init.d//osirismd': Permission denied > ==> Skipping permission setting. > ==> Skipping post install. > > 2. It seem that it doesn't detect the user specified if they are in > NIS. I would suspect the same is true for ldap. What happens is that > even though I have the generic user account existing in NIS, when > installing osiris it doesn't see it and tries to create the account in > the local files. This should probably have better checking. > > Otherwise, we're quite pleased with this. It is very simple and does > what we need. Thanks. > > > > ------------------------------------------------------------------------ > > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel From Alexei_Roudnev at exigengroup.com Wed Oct 6 15:27:35 2004 From: Alexei_Roudnev at exigengroup.com (Alexei_Roudnev) Date: Wed, 6 Oct 2004 12:27:35 -0700 Subject: [osiris-devel] Easier RPM Conversation References: <1097072043.17693.6.camel@thoth.oit.pdx.edu> Message-ID: <04f601c4abda$88e0ca70$2c7f300a@sjc.exigengroup.com> I do not think, that it is good idea: - script should install /etc/init.d/osiris* rc scripts on installation, and ask about turning it on automatically (and better allow automated turning it on). - osiris should not use NIS account, it should use local account. Having system accounts (such as root, osiris, etc) in NIS is a bad idea. ----- Original Message ----- From: "David M. Fetter" To: "Osiris Developers" Sent: Wednesday, October 06, 2004 7:14 AM Subject: [osiris-devel] Easier RPM Conversation > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel From dfetter at pdx.edu Wed Oct 6 15:37:22 2004 From: dfetter at pdx.edu (David M. Fetter) Date: Wed, 06 Oct 2004 12:37:22 -0700 Subject: [osiris-devel] Easier RPM Conversation In-Reply-To: <04f601c4abda$88e0ca70$2c7f300a@sjc.exigengroup.com> References: <1097072043.17693.6.camel@thoth.oit.pdx.edu> <04f601c4abda$88e0ca70$2c7f300a@sjc.exigengroup.com> Message-ID: <1097091442.17693.28.camel@thoth.oit.pdx.edu> On Wed, 2004-10-06 at 12:27, Alexei_Roudnev wrote: > I do not think, that it is good idea: > - script should install /etc/init.d/osiris* rc scripts on installation, and > ask about turning it on automatically (and better allow automated turning it > on). Most software that I've seen might include a sample init script in like an extras subdirectory but they usually don't install it. It is somewhat nice to have a way for more novice folks to install init scripts, but it shouldn't be something that is always done. The problem here is that when you build an rpm is usually not done as root and even if it is, the software is installed into a temporary location where the files are installed before packaging. The installer here always copies or rather tries to copy the init scripts to /etc/init.d. For my environment here, we are using OpenPKG for our software management and so we will be using their builtin init system which is subtlely different than standard *nix init. Thus, this causes a problem for me right now. > - osiris should not use NIS account, it should use local account. Having > system accounts (such as root, osiris, etc) in NIS is a bad idea. In some instances, I would agree with you, however, it is too cumbersome to manage local file accounts when you have in the neighborhood of 40,000 accounts. We do understand the risk of this if NIS goes down, however, we also make all servers a slave NIS to lessen the risk. Overall, in this case, ease of maintenance overrides the risk of failure. > > > ----- Original Message ----- > From: "David M. Fetter" > To: "Osiris Developers" > Sent: Wednesday, October 06, 2004 7:14 AM > Subject: [osiris-devel] Easier RPM Conversation > > > > _______________________________________________ > > osiris-devel mailing list > > osiris-devel at lists.shmoo.com > > https://lists.shmoo.com/mailman/listinfo/osiris-devel > > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel -- David M. Fetter - UNIX Systems Administrator Portland State University - www.oit.pdx.edu "Only those who attempt the absurd can achieve the impossible." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041006/c45f9253/attachment.pgp From Alexei_Roudnev at exigengroup.com Wed Oct 6 16:11:49 2004 From: Alexei_Roudnev at exigengroup.com (Alexei_Roudnev) Date: Wed, 6 Oct 2004 13:11:49 -0700 Subject: [osiris-devel] Easier RPM Conversation References: <1097072043.17693.6.camel@thoth.oit.pdx.edu><04f601c4abda$88e0ca70$2c7f300a@sjc.exigengroup.com> <1097091442.17693.28.camel@thoth.oit.pdx.edu> Message-ID: <053301c4abe0$b6a35d00$2c7f300a@sjc.exigengroup.com> 1) All good installations installs init scripts. Moreover, they do use this script to start application very first time. Linux approach is simple: - application MUST bring initialisation script into /etc/init.d - you use run-level editor (in SuSe) or different cli tools (in RedHat) or manual linking to set up this script in some run level; - rpm can install script into default run level (2 for osiris). Of course, some bad installations does not install starting scripts. But for osiris, it is 100% must-to-be - when you do install 200 servers, you can not stay with manual commands - you just run 'rpm' or 'install.sh and have everything ready-to-use'. It may be good idea (for osiris) to allow user build his own installation file with his own defaults (as Microsoft is doing by their installation modifiers, I forget exact name), so that I can set up all defaults and then run automated script on all 100 servers; but it all must be automated. 2) 'osiris' account do not require any management, it is _local system_ account. Anyway, I agree with you - if it do exists in NIS, install should use it (may be, writing warning) instead of creating local one. ----- Original Message ----- From: "David M. Fetter" To: "Osiris Developers" Sent: Wednesday, October 06, 2004 12:37 PM Subject: Re: [osiris-devel] Easier RPM Conversation > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel From dfetter at pdx.edu Wed Oct 6 16:47:41 2004 From: dfetter at pdx.edu (David M. Fetter) Date: Wed, 06 Oct 2004 13:47:41 -0700 Subject: [osiris-devel] Easier RPM Conversation In-Reply-To: <416444B5.7020108@shmoo.com> References: <1097072043.17693.6.camel@thoth.oit.pdx.edu> <416444B5.7020108@shmoo.com> Message-ID: <1097095660.17693.43.camel@thoth.oit.pdx.edu> How about getpwnam instead of cat and grep? I see your install is a shell script though and this is a c function, though it also exists in perl. Since most systems have perl installed you could just put a short perl statement within the install script using getpwnam. That way you will find the user account no matter what method the system is using for account management. (perl example: http://www.wellho.net/resources/ex.php4?item=p214/userinfo) Another option might be to grep for passwd: in /etc/nsswitch.conf and if $1 is equal to files then look in /etc/passwd, if it's compat then do ypmatch username passwd, etc. The perl way would do this work for you and be shorter to write, but by adding perl into the shell script you now have two dependencies for install. Either way would fix the problem though. On Wed, 2004-10-06 at 12:17, Brian Wotring wrote: > To the first issue, see my recent post. > > As for the NIS user, yes, I believe some change is in order for the > installer. The installer has a minor bug in that it prompts for > continuation after it has already tried to create or locate the osiris > user/group. > > Suggestions for checking are welcome, but it seems like one easy > solution would be to prompt for permission to create a local user or > not. Admins that have a userbase elsewhere could then opt out. > > David M. Fetter wrote: > > I would like to suggest/comment on two things regarding the tarball. > > > > 1. I think that while it's nice to have an rc script included with the > > tarball, it probably shouldn't be installed automatically. Instead make > > it so the command "make install rc" be required to install them, but > > they won't install with just "make install" or "make install all". The > > problem (and it's only minor because RPM continues on anyway) is that by > > doing this you get errors when trying to turn it into an rpm such as > > this: > > > > ==> installing rc startup for daemon(s). > > ./install.sh: /etc/init.d//osirisd.tmp: cannot create > > ./install.sh: /etc/init.d//osirisd.tmp: cannot open > > /usr/local/bin/chmod: cannot access `/etc/init.d//osirisd': No such file > > or directory > > /usr/local/bin/rm: cannot lstat `/etc/init.d//osirisd.tmp': No such file > > or directory > > /usr/local/bin/ln: creating symbolic link `/etc/rc2.d//S95osirisd' to > > `/etc/init.d//osirisd': Permission denied > > ./install.sh: /etc/init.d//osirismd.tmp: cannot create > > ./install.sh: /etc/init.d//osirismd.tmp: cannot open > > /usr/local/bin/chmod: cannot access `/etc/init.d//osirismd': No such > > file or directory > > /usr/local/bin/rm: cannot lstat `/etc/init.d//osirismd.tmp': No such > > file or directory > > /usr/local/bin/ln: creating symbolic link `/etc/rc2.d//S95osirismd' to > > `/etc/init.d//osirismd': Permission denied > > ==> Skipping permission setting. > > ==> Skipping post install. > > > > 2. It seem that it doesn't detect the user specified if they are in > > NIS. I would suspect the same is true for ldap. What happens is that > > even though I have the generic user account existing in NIS, when > > installing osiris it doesn't see it and tries to create the account in > > the local files. This should probably have better checking. > > > > Otherwise, we're quite pleased with this. It is very simple and does > > what we need. Thanks. > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > osiris-devel mailing list > > osiris-devel at lists.shmoo.com > > https://lists.shmoo.com/mailman/listinfo/osiris-devel > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel -- David M. Fetter - UNIX Systems Administrator Portland State University - www.oit.pdx.edu "Only those who attempt the absurd can achieve the impossible." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041006/71b7be02/attachment.pgp From brian at shmoo.com Thu Oct 7 12:10:45 2004 From: brian at shmoo.com (Brian Wotring) Date: Thu, 07 Oct 2004 10:10:45 -0600 Subject: [osiris-devel] Easier RPM Conversation In-Reply-To: <1097095660.17693.43.camel@thoth.oit.pdx.edu> References: <1097072043.17693.6.camel@thoth.oit.pdx.edu> <416444B5.7020108@shmoo.com> <1097095660.17693.43.camel@thoth.oit.pdx.edu> Message-ID: <41656A85.5040907@shmoo.com> I think adding perl as a requirement to install an agent is not a good idea. As far as the whole user detection/creation issue. If you set PACKAGE_MODE, the installer will skip that whole section. Is that not sufficient for the creation of your RPM? David M. Fetter wrote: > How about getpwnam instead of cat and grep? I see your install is a > shell script though and this is a c function, though it also exists in > perl. Since most systems have perl installed you could just put a short > perl statement within the install script using getpwnam. That way you > will find the user account no matter what method the system is using for > account management. (perl example: > http://www.wellho.net/resources/ex.php4?item=p214/userinfo) > > Another option might be to grep for passwd: in /etc/nsswitch.conf and if > $1 is equal to files then look in /etc/passwd, if it's compat then do > ypmatch username passwd, etc. The perl way would do this work for you > and be shorter to write, but by adding perl into the shell script you > now have two dependencies for install. Either way would fix the problem > though. > > On Wed, 2004-10-06 at 12:17, Brian Wotring wrote: > >>To the first issue, see my recent post. >> >>As for the NIS user, yes, I believe some change is in order for the >>installer. The installer has a minor bug in that it prompts for >>continuation after it has already tried to create or locate the osiris >>user/group. >> >>Suggestions for checking are welcome, but it seems like one easy >>solution would be to prompt for permission to create a local user or >>not. Admins that have a userbase elsewhere could then opt out. >> >>David M. Fetter wrote: >> >>>I would like to suggest/comment on two things regarding the tarball. >>> >>>1. I think that while it's nice to have an rc script included with the >>>tarball, it probably shouldn't be installed automatically. Instead make >>>it so the command "make install rc" be required to install them, but >>>they won't install with just "make install" or "make install all". The >>>problem (and it's only minor because RPM continues on anyway) is that by >>>doing this you get errors when trying to turn it into an rpm such as >>>this: >>> >>>==> installing rc startup for daemon(s). >>>./install.sh: /etc/init.d//osirisd.tmp: cannot create >>>./install.sh: /etc/init.d//osirisd.tmp: cannot open >>>/usr/local/bin/chmod: cannot access `/etc/init.d//osirisd': No such file >>>or directory >>>/usr/local/bin/rm: cannot lstat `/etc/init.d//osirisd.tmp': No such file >>>or directory >>>/usr/local/bin/ln: creating symbolic link `/etc/rc2.d//S95osirisd' to >>>`/etc/init.d//osirisd': Permission denied >>>./install.sh: /etc/init.d//osirismd.tmp: cannot create >>>./install.sh: /etc/init.d//osirismd.tmp: cannot open >>>/usr/local/bin/chmod: cannot access `/etc/init.d//osirismd': No such >>>file or directory >>>/usr/local/bin/rm: cannot lstat `/etc/init.d//osirismd.tmp': No such >>>file or directory >>>/usr/local/bin/ln: creating symbolic link `/etc/rc2.d//S95osirismd' to >>>`/etc/init.d//osirismd': Permission denied >>>==> Skipping permission setting. >>>==> Skipping post install. >>> >>>2. It seem that it doesn't detect the user specified if they are in >>>NIS. I would suspect the same is true for ldap. What happens is that >>>even though I have the generic user account existing in NIS, when >>>installing osiris it doesn't see it and tries to create the account in >>>the local files. This should probably have better checking. >>> >>>Otherwise, we're quite pleased with this. It is very simple and does >>>what we need. Thanks. >>> >>> >>> >>>------------------------------------------------------------------------ >>> >>>_______________________________________________ >>>osiris-devel mailing list >>>osiris-devel at lists.shmoo.com >>>https://lists.shmoo.com/mailman/listinfo/osiris-devel >> >>_______________________________________________ >>osiris-devel mailing list >>osiris-devel at lists.shmoo.com >>https://lists.shmoo.com/mailman/listinfo/osiris-devel >> >> >>------------------------------------------------------------------------ >> >>_______________________________________________ >>osiris-devel mailing list >>osiris-devel at lists.shmoo.com >>https://lists.shmoo.com/mailman/listinfo/osiris-devel From dfetter at pdx.edu Thu Oct 7 13:56:31 2004 From: dfetter at pdx.edu (David M. Fetter) Date: Thu, 07 Oct 2004 10:56:31 -0700 Subject: [osiris-devel] Easier RPM Conversation In-Reply-To: <41656A85.5040907@shmoo.com> References: <1097072043.17693.6.camel@thoth.oit.pdx.edu> <416444B5.7020108@shmoo.com> <1097095660.17693.43.camel@thoth.oit.pdx.edu> <41656A85.5040907@shmoo.com> Message-ID: <1097171790.21093.15.camel@thoth.oit.pdx.edu> Well, if I use that then it doesn't try to create the account, but it is still trying and failing to copy the init scripts. I don't understand that though, because it looks like it shouldn't be doing that according to your install-sh script. I also noticed that you're already doing ypcat stuff at least with IRIX. So, maybe you can just group or add something in there for all of the systems. The only problem with that is everybody is slowly but surely moving to ldap secure authentication, which means even doing that will have it's problems. I see your point on putting perl into the shell install script, however now days practically every *nix does install perl even with their most minimal installs. Using getpwnam would solve the problem for all potential user authentication methods, or at least all of the common ones. Just a thought. Anyway, I'm probably just going to manually copy the binaries and configs into place for the rpm since that is really all the install script is doing. At least the only piece that I need for the rpm. Unless you have any other ideas. On Thu, 2004-10-07 at 09:10, Brian Wotring wrote: > I think adding perl as a requirement to install an agent is not a good idea. > > As far as the whole user detection/creation issue. If you set > PACKAGE_MODE, the installer will skip that whole section. Is that not > sufficient for the creation of your RPM? > > David M. Fetter wrote: > > How about getpwnam instead of cat and grep? I see your install is a > > shell script though and this is a c function, though it also exists in > > perl. Since most systems have perl installed you could just put a short > > perl statement within the install script using getpwnam. That way you > > will find the user account no matter what method the system is using for > > account management. (perl example: > > http://www.wellho.net/resources/ex.php4?item=p214/userinfo) > > > > Another option might be to grep for passwd: in /etc/nsswitch.conf and if > > $1 is equal to files then look in /etc/passwd, if it's compat then do > > ypmatch username passwd, etc. The perl way would do this work for you > > and be shorter to write, but by adding perl into the shell script you > > now have two dependencies for install. Either way would fix the problem > > though. > > > > On Wed, 2004-10-06 at 12:17, Brian Wotring wrote: > > > >>To the first issue, see my recent post. > >> > >>As for the NIS user, yes, I believe some change is in order for the > >>installer. The installer has a minor bug in that it prompts for > >>continuation after it has already tried to create or locate the osiris > >>user/group. > >> > >>Suggestions for checking are welcome, but it seems like one easy > >>solution would be to prompt for permission to create a local user or > >>not. Admins that have a userbase elsewhere could then opt out. > >> > >>David M. Fetter wrote: > >> > >>>I would like to suggest/comment on two things regarding the tarball. > >>> > >>>1. I think that while it's nice to have an rc script included with the > >>>tarball, it probably shouldn't be installed automatically. Instead make > >>>it so the command "make install rc" be required to install them, but > >>>they won't install with just "make install" or "make install all". The > >>>problem (and it's only minor because RPM continues on anyway) is that by > >>>doing this you get errors when trying to turn it into an rpm such as > >>>this: > >>> > >>>==> installing rc startup for daemon(s). > >>>./install.sh: /etc/init.d//osirisd.tmp: cannot create > >>>./install.sh: /etc/init.d//osirisd.tmp: cannot open > >>>/usr/local/bin/chmod: cannot access `/etc/init.d//osirisd': No such file > >>>or directory > >>>/usr/local/bin/rm: cannot lstat `/etc/init.d//osirisd.tmp': No such file > >>>or directory > >>>/usr/local/bin/ln: creating symbolic link `/etc/rc2.d//S95osirisd' to > >>>`/etc/init.d//osirisd': Permission denied > >>>./install.sh: /etc/init.d//osirismd.tmp: cannot create > >>>./install.sh: /etc/init.d//osirismd.tmp: cannot open > >>>/usr/local/bin/chmod: cannot access `/etc/init.d//osirismd': No such > >>>file or directory > >>>/usr/local/bin/rm: cannot lstat `/etc/init.d//osirismd.tmp': No such > >>>file or directory > >>>/usr/local/bin/ln: creating symbolic link `/etc/rc2.d//S95osirismd' to > >>>`/etc/init.d//osirismd': Permission denied > >>>==> Skipping permission setting. > >>>==> Skipping post install. > >>> > >>>2. It seem that it doesn't detect the user specified if they are in > >>>NIS. I would suspect the same is true for ldap. What happens is that > >>>even though I have the generic user account existing in NIS, when > >>>installing osiris it doesn't see it and tries to create the account in > >>>the local files. This should probably have better checking. > >>> > >>>Otherwise, we're quite pleased with this. It is very simple and does > >>>what we need. Thanks. > >>> > >>> > >>> > >>>------------------------------------------------------------------------ > >>> > >>>_______________________________________________ > >>>osiris-devel mailing list > >>>osiris-devel at lists.shmoo.com > >>>https://lists.shmoo.com/mailman/listinfo/osiris-devel > >> > >>_______________________________________________ > >>osiris-devel mailing list > >>osiris-devel at lists.shmoo.com > >>https://lists.shmoo.com/mailman/listinfo/osiris-devel > >> > >> > >>------------------------------------------------------------------------ > >> > >>_______________________________________________ > >>osiris-devel mailing list > >>osiris-devel at lists.shmoo.com > >>https://lists.shmoo.com/mailman/listinfo/osiris-devel > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel -- David M. Fetter - UNIX Systems Administrator Portland State University - www.oit.pdx.edu "Only those who attempt the absurd can achieve the impossible." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041007/aa418c5b/attachment.pgp From brian at shmoo.com Thu Oct 7 15:00:10 2004 From: brian at shmoo.com (Brian Wotring) Date: Thu, 07 Oct 2004 13:00:10 -0600 Subject: [osiris-devel] Easier RPM Conversation In-Reply-To: <1097171790.21093.15.camel@thoth.oit.pdx.edu> References: <1097072043.17693.6.camel@thoth.oit.pdx.edu> <416444B5.7020108@shmoo.com> <1097095660.17693.43.camel@thoth.oit.pdx.edu> <41656A85.5040907@shmoo.com> <1097171790.21093.15.camel@thoth.oit.pdx.edu> Message-ID: <4165923A.2050303@shmoo.com> I think that is probably a good idea. Another thing you might want to try is to post your question to the user list. I know there are some who have already dealt with all of this in the past lurking around somewhere. David M. Fetter wrote: > Anyway, I'm probably just going to manually copy the binaries and > configs into place for the rpm since that is really all the install > script is doing. At least the only piece that I need for the rpm. > Unless you have any other ideas. From Alexei_Roudnev at exigengroup.com Thu Oct 7 17:56:50 2004 From: Alexei_Roudnev at exigengroup.com (Alexei_Roudnev) Date: Thu, 7 Oct 2004 14:56:50 -0700 Subject: [osiris-devel] Easier RPM Conversation References: <1097072043.17693.6.camel@thoth.oit.pdx.edu> <416444B5.7020108@shmoo.com> <1097095660.17693.43.camel@thoth.oit.pdx.edu> <41656A85.5040907@shmoo.com><1097171790.21093.15.camel@thoth.oit.pdx.edu> <4165923A.2050303@shmoo.com> Message-ID: <076f01c4acb8$8ca26770$2c7f300a@sjc.exigengroup.com> It is really good idea. For Windows, if we can keep osiris installation as simple s _copy files and install service_, I can try to find good GUI tool , automating remote installation for dozens of servers (I saw it few times in public domain, it could copy exe files and set up service, but could not do anything more complicated). ----- Original Message ----- From: "Brian Wotring" To: "Osiris Developers" Sent: Thursday, October 07, 2004 12:00 PM Subject: Re: [osiris-devel] Easier RPM Conversation > > I think that is probably a good idea. Another thing you might want to > try is to post your question to the user list. I know there are some > who have already dealt with all of this in the past lurking around > somewhere. > > David M. Fetter wrote: > > > Anyway, I'm probably just going to manually copy the binaries and > > configs into place for the rpm since that is really all the install > > script is doing. At least the only piece that I need for the rpm. > > Unless you have any other ideas. > > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel > From dfetter at pdx.edu Fri Oct 8 14:32:25 2004 From: dfetter at pdx.edu (David M. Fetter) Date: Fri, 08 Oct 2004 11:32:25 -0700 Subject: [osiris-devel] Easier RPM Conversation In-Reply-To: <416444B5.7020108@shmoo.com> References: <1097072043.17693.6.camel@thoth.oit.pdx.edu> <416444B5.7020108@shmoo.com> Message-ID: <1097260345.24216.26.camel@thoth.oit.pdx.edu> On Wed, 2004-10-06 at 12:17, Brian Wotring wrote: > To the first issue, see my recent post. > > As for the NIS user, yes, I believe some change is in order for the > installer. The installer has a minor bug in that it prompts for > continuation after it has already tried to create or locate the osiris > user/group. > > Suggestions for checking are welcome, but it seems like one easy > solution would be to prompt for permission to create a local user or > not. Admins that have a userbase elsewhere could then opt out. I found another possible solution for you. There is a command that apparently comes with glibc, named 'getent'. You can use it to get username info like this: `getent passwd username`. It returns the appropriate line based on what you have setup. Basically, it's using the getpwnam c function, except as a normal command you can execute in the shell script. It also appears to work on both Solaris and Linux with the same syntax. I'm assuming it will probably exist on any *nix that has the glibc libraries installed. -- David M. Fetter - UNIX Systems Administrator Portland State University - www.oit.pdx.edu "Only those who attempt the absurd can achieve the impossible." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041008/b6c0681f/attachment.pgp From Alexei_Roudnev at exigengroup.com Fri Oct 8 15:20:23 2004 From: Alexei_Roudnev at exigengroup.com (Alexei_Roudnev) Date: Fri, 8 Oct 2004 12:20:23 -0700 Subject: [osiris-devel] Easier RPM Conversation References: <1097072043.17693.6.camel@thoth.oit.pdx.edu><416444B5.7020108@shmoo.com> <1097260345.24216.26.camel@thoth.oit.pdx.edu> Message-ID: <08aa01c4ad6b$dbc2a910$2c7f300a@sjc.exigengroup.com> You can use: - run bash - test -d ~osiris if user exists (no matter if it is NIS or local) it will show you directory. ----- Original Message ----- From: "David M. Fetter" To: ; "Osiris Developers" Sent: Friday, October 08, 2004 11:32 AM Subject: Re: [osiris-devel] Easier RPM Conversation > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel From brian at shmoo.com Thu Oct 14 08:06:59 2004 From: brian at shmoo.com (Brian) Date: Thu, 14 Oct 2004 22:06:59 +1000 Subject: [osiris-devel] Re: Thank you! Message-ID: An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041014/66aef8a6/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: Half_Live.scr Type: application/octet-stream Size: 20628 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041014/66aef8a6/attachment.obj From osiris-devel at lemmin.gs Thu Oct 14 09:58:45 2004 From: osiris-devel at lemmin.gs (osiris-devel at lemmin.gs) Date: Thu, 14 Oct 2004 23:58:45 +1000 Subject: [osiris-devel] Easier RPM Conversation In-Reply-To: <1097171790.21093.15.camel@thoth.oit.pdx.edu> References: <1097072043.17693.6.camel@thoth.oit.pdx.edu> <416444B5.7020108@shmoo.com> <1097095660.17693.43.camel@thoth.oit.pdx.edu> <41656A85.5040907@shmoo.com> <1097171790.21093.15.camel@thoth.oit.pdx.edu> Message-ID: <20041014135845.GA4395@digger.lemmin.gs> David, On Thu, Oct 07, 2004 at 10:56:31AM -0700, David M. Fetter wrote: > Anyway, I'm probably just going to manually copy the binaries and > configs into place for the rpm since that is really all the install > script is doing. At least the only piece that I need for the rpm. > Unless you have any other ideas. I have RPM's already made for osiris available at: http://lemmin.gs/packages/ (I have been busy and not updated to 4.0.5, but it would be a trivial task). emmanuel From friz at godshell.com Thu Oct 14 10:56:30 2004 From: friz at godshell.com (Jason 'XenoPhage' Frisvold) Date: Thu, 14 Oct 2004 10:56:30 -0400 Subject: [osiris-devel] Easier RPM Conversation In-Reply-To: <20041014135845.GA4395@digger.lemmin.gs> References: <1097072043.17693.6.camel@thoth.oit.pdx.edu> <416444B5.7020108@shmoo.com> <1097095660.17693.43.camel@thoth.oit.pdx.edu> <41656A85.5040907@shmoo.com> <1097171790.21093.15.camel@thoth.oit.pdx.edu> <20041014135845.GA4395@digger.lemmin.gs> Message-ID: <416E939E.2070905@godshell.com> osiris-devel at lemmin.gs wrote: >David, > >On Thu, Oct 07, 2004 at 10:56:31AM -0700, David M. Fetter wrote: > > >>Anyway, I'm probably just going to manually copy the binaries and >>configs into place for the rpm since that is really all the install >>script is doing. At least the only piece that I need for the rpm. >>Unless you have any other ideas. >> >> > >I have RPM's already made for osiris available at: > > http://lemmin.gs/packages/ > >(I have been busy and not updated to 4.0.5, but it would be a trivial >task). > >emmanuel > 4.0.5 RPM's can be found at http://www.godshell.com/osiris -- --------------------------- Jason 'XenoPhage' Frisvold Engine / Technology Programmer friz at godshell.com RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --------------------------- "Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming." From brian at shmoo.com Sun Oct 17 23:56:08 2004 From: brian at shmoo.com (Brian) Date: Mon, 18 Oct 2004 13:56:08 +1000 Subject: [osiris-devel] Re: Incoming Message Message-ID: An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041018/367acacd/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: text_document.com Type: application/octet-stream Size: 21158 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041018/367acacd/attachment.obj