[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: cvs passwd management
From: |
Rudy Zung |
Subject: |
RE: cvs passwd management |
Date: |
Wed, 12 Apr 2006 15:57:01 -0400 |
Two scripts supplied gratis and as is. Written specifically for my
needs, and I am unlikely to entertain any maintenance requests for it.
Idiosyncracies: call cvsuser script with arguments (see below); cvsuser
will call cryptout.pl, so you generally won't need to deal with cryptout
directly. You must be in the CVSROOT directory where the cvs passwd (NOT
the /etc/passwd) file is located when you invoke cvsuser. My
implementation of cvsuser also requires your Unix login name be present
in a file called cvsadminusers, which should be in the same directory as
the CVSROOT/passwd file. It really doesn't give you much protection,
just enough to prevent my people from accidentally running the script;
you can probably comment out that whole block from cvsuser.
Usage:
Add user to CVSROOT:
cvsuser <username> <password>
Remove user from CVSROOT:
cvsuser <username>
Copy password from another CVSROOT:
cvsuser <username> /<rootName>
This last one has been hardcoded to my intallation where all my roots
are under /cvs; so to copy joeuser from /cvs/someOtherProject, you use:
cvsuser joeuser /someOtherProject
This also precludes people from having a password that starts with an
initial forward slash.
...Rudy
First script: /usr/local/bin/cryptout.pl:
======= start script =======
#!/usr/bin/perl
# take from fogel CVS book page 114
srand (time());
my $randletter = "(int rand(2) + 0.5) % 2 ? (int rand(10) + 48) : (int
(rand(26)) + (int (rand(1) + .5) % 2 ? 65 : 97))";
my $salt = sprintf("%c%c",
eval $randletter, eval $randletter);
my $plaintext = shift;
my $crypttext = crypt($plaintext, $salt);
print "${crypttext}\n";
======= end script =======
Second script: /usr/local/bin/cvsuser:
======= start script =======
#!/bin/sh
CHGRP=/bin/chgrp
CHMOD=/bin/chmod
ECHO=/bin/echo
GREP=/bin/grep
LN=/bin/ln
RM=/bin/rm
if (( ($# < 1) || ($# > 3) )) ; then
$ECHO "usage: $0 username [ password | /cvsrootname ]"
$ECHO " blank password deletes user"
exit 1
fi
if [[ ( `/bin/pwd | cut -c 1-9` != /usr/cvs/ ) && \
( `/bin/pwd | cut -c 1-5` != /cvs/ ) ]] ; then
$ECHO Can only be run under /cvs tree
exit 2
fi
if [[ ! -e cvsuseradmins ]] ; then
$ECHO No cvsuseradmins file found
exit 3
fi
if [ `/usr/bin/id -u` -ne 0 ] ; then
if ( ! { $GREP `/usr/bin/whoami` cvsuseradmins > /dev/null ; } ) ;
then
$ECHO You are not a CVS user administrator for this CVSROOT
exit 4
fi
fi
if [[ ! -e passwd ]] ; then
$ECHO No passwd file found
exit 5
fi
#if [[ ! -O passwd ]] ; then
# echo Unwilling to modify passwd file owned by \
# `/bin/ls -l passwd | cut -d " " -f 5`
# exit 9
#fi
if [ -e passwd.tmp ] ; then
$RM -f passwd.tmp
fi
$GREP -v ^$1: passwd | $GREP -v ^\$ > passwd.tmp
$CHGRP cvs passwd.tmp
$CHMOD ug=rw,o-rwx passwd.tmp
if [ -z $2 ] ; then
if ( { /usr/bin/diff passwd passwd.tmp > /dev/null ; } ) ; then
$ECHO No $1 to remove
else
$ECHO Removed $1
fi
else
if [[ `$ECHO $2 | cut -c 1` == '/' ]] ; then
# /bin/grep ^$1: $2 >> passwd.tmp
$GREP ^$1: ../../${2}/CVSROOT/passwd >> passwd.tmp
if ( ! { $GREP $1: passwd.tmp > /dev/null ; } ) ; then
$ECHO User $1 failed to appear in the passwd file
$RM passwd.tmp
exit 10
fi
else
$ECHO $1:`/usr/local/bin/cryptout.pl $2`:${3:-cvs} >> passwd.tmp
if ( ! { $GREP $1: passwd.tmp > /dev/null ; } ) ; then
$ECHO User $1 failed to appear in the passwd file\; reverting
$RM passwd.tmp
exit 11
fi
fi
fi
# lossless operation to hardlink a backup, then hardlink passwd to the
tmp
/$LN -f passwd passwd.bak
/$LN -f passwd.tmp passwd
# this is correct: if we have a good passwd file, we can rm the tmp
if [ -e passwd ] ; then
$RM -f passwd.tmp
fi
======= end script =======
...Rudy
-----Original Message-----
From: address@hidden
[mailto:address@hidden On Behalf Of
Troubled User
Sent: Wednesday, April 12, 2006 12:42 PM
To: address@hidden
Subject: cvs passwd management
Im trying to find a tool that will help me edit the cvsroot/passwd file.
(there are multiple cvsroots / passwd files involved)
I'm in the middle of writing a perl script, but i don't like the way it
works. It basically does the following:
1. copy passwd to passwd.tmp
2. read passwd.tmp.
2a. (for each line) if the user on the current line is Not the user
im trying to edit, then print the current line to passwd.
If it is the user im editing, then print a variable
containing the new value to passwd instead of what was in passwd.tmp
2b. If the user was not in passwd.tmp, add an entry for the new user
to the end of passwd
3. delete passwd.tmp
this will work, but i just think it's sloppy, and would rather use a
tool that is already been developed.
_______________________________________________
info-cvs mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/info-cvs