Replace nybruker.pl #154

Open
opened 2024-08-31 18:16:15 +02:00 by felixalb · 6 comments
Owner

We should improve our "register new users"-workflow, by abstracting away some of the technical details.
Several active / old members, including board members, are afraid of the current system, and there are a few traps to go in if you don't pay attention.
A new script can correctly set the uid/gid every time, not ask 100 questions about policies and lifetimes, etc.

A separate form to request membership has also been requested, to make the process more traceable and asynchronous than having to sit down with an admin. This, however, opens up a problem regarding the initial password of the user?

We should improve our "register new users"-workflow, by abstracting away some of the technical details. Several active / old members, including board members, are afraid of the current system, and there are a few traps to go in if you don't pay attention. A new script can correctly set the uid/gid every time, not ask 100 questions about policies and lifetimes, etc. A separate form to request membership has also been requested, to make the process more traceable and asynchronous than having to sit down with an admin. This, however, opens up a problem regarding the initial password of the user?
felixalb added the
salt
security
enhancement
labels 2024-08-31 18:16:15 +02:00
felixalb added this to the Kanban project 2024-08-31 18:16:19 +02:00
Owner

Would we like to keep the script as a perl script for old times sake, or do we just purge it completely and create a new system?

Would we like to keep the script as a perl script for old times sake, or do we just purge it completely and create a new system?
Author
Owner

Would we like to keep the script as a perl script for old times sake, or do we just purge it completely and create a new system?

Registering a new user, like the script does it, is just running add in kadmin and append a line to passwd, so the script is just old code that helps you select a uid and map username->realname. It is really short and simple, will always be accessible at 7ac17cd62f/standard/passwd/nybruker.pl, and we could reimplement it in python in 5 minutes without looking at the old one, so I don't think preserving it is any issue at all.

> Would we like to keep the script as a perl script for old times sake, or do we just purge it completely and create a new system? Registering a new user, like the script does it, is just running `add` in kadmin and append a line to passwd, so the script is just old code that helps you select a uid and map username->realname. It is really short and simple, will always be accessible at https://git.pvv.ntnu.no/Drift/salt/src/commit/7ac17cd62f7a04b18dd089d382648ed487bd1ba4/standard/passwd/nybruker.pl, and we could reimplement it in python in 5 minutes without looking at the old one, so I don't think preserving it is any issue at all.
Owner

The new script could do various quality of life things, like

  • setting a sane gid
  • populate their home dir
    • ~/pvv-photos
    • ~/web-docs
    • ~/public_gopher
    • ~/.forward.example
    • ~/.procmailrc
  • asking which groups/committees to add the user to (drift, prosjekter, nix-trusted, docker, wheel?)
  • select preferred shell
The new script could do various quality of life things, like * setting a sane gid * populate their home dir * `~/pvv-photos` * `~/web-docs` * `~/public_gopher` * `~/.forward.example` * `~/.procmailrc` * asking which groups/committees to add the user to (drift, prosjekter, nix-trusted, docker, wheel?) * select preferred shell
Owner

skel at home:

skel at home:
Owner
  • add wiki permissions to user
  • add user to gitea groups
* add wiki permissions to user * add user to gitea groups
Author
Owner

Also, we could ask for their discord username and give them the member role automagically :)

Also, we could ask for their discord username and give them the member role automagically :)
Sign in to join this conversation.
No Milestone
No project
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Drift/issues#154
No description provided.