Replace nybruker.pl #154

New Issue

Open

opened 2024-08-31 18:16:15 +02:00 by felixalb · 6 comments

felixalb commented 2024-08-31 18:16:15 +02:00

Owner

Copy Link

We should improve our "register new users"-workflow, by abstracting away some of the technical details.
Several active / old members, including board members, are afraid of the current system, and there are a few traps to go in if you don't pay attention.
A new script can correctly set the uid/gid every time, not ask 100 questions about policies and lifetimes, etc.

A separate form to request membership has also been requested, to make the process more traceable and asynchronous than having to sit down with an admin. This, however, opens up a problem regarding the initial password of the user?

We should improve our "register new users"-workflow, by abstracting away some of the technical details. Several active / old members, including board members, are afraid of the current system, and there are a few traps to go in if you don't pay attention. A new script can correctly set the uid/gid every time, not ask 100 questions about policies and lifetimes, etc. A separate form to request membership has also been requested, to make the process more traceable and asynchronous than having to sit down with an admin. This, however, opens up a problem regarding the initial password of the user?

felixalb added the saltsecurityenhancement labels 2024-08-31 18:16:15 +02:00

felixalb added this to the Kanban project 2024-08-31 18:16:19 +02:00

oysteikt commented 2024-08-31 21:39:58 +02:00

Owner

Copy Link

Would we like to keep the script as a perl script for old times sake, or do we just purge it completely and create a new system?

Would we like to keep the script as a perl script for old times sake, or do we just purge it completely and create a new system?

felixalb commented 2024-09-01 21:29:31 +02:00

Author

Owner

Copy Link

Would we like to keep the script as a perl script for old times sake, or do we just purge it completely and create a new system?

Registering a new user, like the script does it, is just running add in kadmin and append a line to passwd, so the script is just old code that helps you select a uid and map username->realname. It is really short and simple, will always be accessible at 7ac17cd62f/standard/passwd/nybruker.pl, and we could reimplement it in python in 5 minutes without looking at the old one, so I don't think preserving it is any issue at all.

> Would we like to keep the script as a perl script for old times sake, or do we just purge it completely and create a new system? Registering a new user, like the script does it, is just running `add` in kadmin and append a line to passwd, so the script is just old code that helps you select a uid and map username->realname. It is really short and simple, will always be accessible at https://git.pvv.ntnu.no/Drift/salt/src/commit/7ac17cd62f7a04b18dd089d382648ed487bd1ba4/standard/passwd/nybruker.pl, and we could reimplement it in python in 5 minutes without looking at the old one, so I don't think preserving it is any issue at all.

pederbs commented 2024-09-02 20:50:40 +02:00

Owner

Copy Link

The new script could do various quality of life things, like

• setting a sane gid
• populate their home dir
  • ~/pvv-photos
  • ~/web-docs
  • ~/public_gopher
  • ~/.forward.example
  • ~/.procmailrc
• asking which groups/committees to add the user to (drift, prosjekter, nix-trusted, docker, wheel?)
• select preferred shell

The new script could do various quality of life things, like * setting a sane gid * populate their home dir * `~/pvv-photos` * `~/web-docs` * `~/public_gopher` * `~/.forward.example` * `~/.procmailrc` * asking which groups/committees to add the user to (drift, prosjekter, nix-trusted, docker, wheel?) * select preferred shell

danio commented 2024-09-02 20:51:28 +02:00

Owner

Copy Link

skel at home:

skel at home:

pederbs commented 2024-09-02 20:56:12 +02:00

Owner

Copy Link

• add wiki permissions to user
• add user to gitea groups

* add wiki permissions to user * add user to gitea groups

felixalb commented 2024-09-03 08:21:24 +02:00

Author

Owner

Copy Link

Also, we could ask for their discord username and give them the member role automagically :)

Also, we could ask for their discord username and give them the member role automagically :)

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

No results found.

Labels

Clear labels

dns

Involves modifications to dvask

exploration

See the galaxy!

gitea

mail

epost nord

new stuff

Adds a new service / new functionality

services

Everything regarding selfhosted services

software

Everything regarding homebrewn software

art

The issue needs someone to be creative

backup

big

No, not bug, **big** - this is gonna take a while

blocked

This issue/PR depends on one or more other issues/PRs

bug

Something is not working, and it's not the shield hero

crash report

Report an oopsie

disputed

kranglefanter

documentation

Documentation changes required

duplicate

This issue or pull request already exists

enhancement

New feature

good first issue

Get your hands dirty with a new project here

logging

networking

TTM4100

nixos

Requires changes to our nixos setup

question

More information is needed

salt

Requires changes to our salt setup

security

Skommel

servers n' hardware

Regards hardware, servers or VMs

wontfix

This won't be fixed

No Label enhancement salt security

Milestone

No items

No Milestone

Projects

Clear projects

No project Kanban

Assignees

Clear assignees

adriangl albertba alfhj bjornoka chrisfjo chrivi danio davidk dungby eirikwit felixalb frero jonmro jovre karolds knuta krisleri larshhan oysteikt pederbs root torsteno yorinad

No Assignees

4 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Drift/issues#154