[Freeipa-devel] command-line arguments

Rob Crittenden rcritten at redhat.com
Fri Sep 7 14:19:13 UTC 2007


Simo Sorce wrote:
> On Fri, 2007-09-07 at 09:10 -0400, Rob Crittenden wrote:
>> The command-line tools now are more like beefy unit tests. Some of them 
>> are very simple so probably don't require a lot more work, but others 
>> do, particularly the ones to add and modify users.
>>
>> What attributes do we want to allow and/or require? I picked more or 
>> less at random when writing it originally, using luseradd as a loose model.
>>
>> Currently it requires first name, lats name and uid. Optional are gecos 
>> and home directory.
> 
> Requiring First and Last names kills service users which have none, I'd
> make that optional
> 
>> The main questions I have, some of which apply to adding a user in 
>> general, are:
>>
>> - Will we allow the password to be set?
> Why not? You would have to go another step to set it if you don't allow
> it here.

Right, I'm just not sure how once I have the password, to set it in 
Kerberos. What do I need to call to get the right things set?

>> - Should adding a user create a user-specific group?
> I'd say no, users are created which are members of the default users
> group or another specified existing group.

Ok. So optionally prompt for group. The current XML-RPC side add user 
code has a default group, how configurable should that be? Should the 
group name go into /etc/ipa/ipa.conf?

>> - Can we set the shell?
> We need a default of some sort, but I guess we should be able to set it.

Ok, should the default be configurable? And what should the default be, 
/bin/sh?

>> - Can we override the uidNumber?
> IMO, we shouldn't, is there any reason why an admin should specify an
> uidNumber on creation ?

I dunno, it's why I asked :-)

>> - Do we create any directories?
> IMO, no, where would you create them? the tool may even run on a PDA on
> the other side of the world at some point, and usually it runs on the
> admin workstation anyway.
> Should we instead configure pam_mkhomedir by default ?

Right, I couldn't see how we'd create anything but I figure that 
*something* would need to.

>> And for the tools in general, do we want an interactive mode?
> 
> IMO, yes.

Ok. The libuser commands seem to have an interactive mode but they don't 
seem to work on F7 for me:

# luseradd --interactive foo
#
# grep foo /etc/passwd
foo:x:502:502:foo:/home/foo:/bin/bash

Not very interactive :-)

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070907/e7d3cee4/attachment.bin>


More information about the Freeipa-devel mailing list