[Freeipa-devel] command-line arguments
Rob Crittenden
rcritten at redhat.com
Fri Sep 7 14:19:13 UTC 2007
Simo Sorce wrote:
> On Fri, 2007-09-07 at 09:10 -0400, Rob Crittenden wrote:
>> The command-line tools now are more like beefy unit tests. Some of them
>> are very simple so probably don't require a lot more work, but others
>> do, particularly the ones to add and modify users.
>>
>> What attributes do we want to allow and/or require? I picked more or
>> less at random when writing it originally, using luseradd as a loose model.
>>
>> Currently it requires first name, lats name and uid. Optional are gecos
>> and home directory.
>
> Requiring First and Last names kills service users which have none, I'd
> make that optional
>
>> The main questions I have, some of which apply to adding a user in
>> general, are:
>>
>> - Will we allow the password to be set?
> Why not? You would have to go another step to set it if you don't allow
> it here.
Right, I'm just not sure how once I have the password, to set it in
Kerberos. What do I need to call to get the right things set?
>> - Should adding a user create a user-specific group?
> I'd say no, users are created which are members of the default users
> group or another specified existing group.
Ok. So optionally prompt for group. The current XML-RPC side add user
code has a default group, how configurable should that be? Should the
group name go into /etc/ipa/ipa.conf?
>> - Can we set the shell?
> We need a default of some sort, but I guess we should be able to set it.
Ok, should the default be configurable? And what should the default be,
/bin/sh?
>> - Can we override the uidNumber?
> IMO, we shouldn't, is there any reason why an admin should specify an
> uidNumber on creation ?
I dunno, it's why I asked :-)
>> - Do we create any directories?
> IMO, no, where would you create them? the tool may even run on a PDA on
> the other side of the world at some point, and usually it runs on the
> admin workstation anyway.
> Should we instead configure pam_mkhomedir by default ?
Right, I couldn't see how we'd create anything but I figure that
*something* would need to.
>> And for the tools in general, do we want an interactive mode?
>
> IMO, yes.
Ok. The libuser commands seem to have an interactive mode but they don't
seem to work on F7 for me:
# luseradd --interactive foo
#
# grep foo /etc/passwd
foo:x:502:502:foo:/home/foo:/bin/bash
Not very interactive :-)
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070907/e7d3cee4/attachment.bin>
More information about the Freeipa-devel
mailing list