[nycbug-talk] ipad remote storage question
Isaac Levy
ike at blackskyresearch.net
Thu May 19 09:39:24 EDT 2011
On May 18, 2011, at 7:50 PM, Marc Spitzer wrote:
> On Wed, May 18, 2011 at 7:47 PM, Joe Dunn <me at joedunn.com> wrote:
>> I'm not sure but wouldn't this is a good use for cfengine
>>
>> have a ipad_users (array of users) in a slist and then have that dump into a
>> ipad_users.conf which is included in apache.
>>
>> When you have the next batch of users just add them to that list and it will
>> generate automagically.
>>
>> There is probably a better, cleaner way but this comes to find as a
>> solution.
>>
>> Joe
>
> hmm had not thought of that, will look into it.
>
> marc
Thinking out loud, in 2 parts:
Part 1:
--
htpasswd will create files with lines like the following:
marc:$11111blahblahhash0000000000
joe:$11111blahblahhash0000000000
A single file, 400 + users no big deal.
I like standalone files- they work even when distributed auth does not, (and can be generated from LDAP via script/cron/trigger even.)
Could be tied to some other mgmt tool- whatever can pass the textual data.
htpasswd has a man page, which you can point the next guy at, etc...
Part 2:
--
Then, the htpasswd file can be used to generate the <location></location> stanzas, htpasswd util can be used to remove user logins, etc...
htpasswd files are easy to parse from a shell script/template, when a new user is added/removed:
(stole confs from a google hit, dunno if they work, but the shell script should)
http://www.serverwatch.com/tutorials/article.php/10825_2176771_2/Enabling-WebDAV-on-Apache.htm
--
#!/bin/sh
# one could use sed and a template config to be cleaner,
# but this is a simple email thought for Marc so I'll
# be silly and just do inline junk.
DAVUSERCONF='/path/to/apache_includes'
echo '' > $DAVUSERCONF
# clears the file lazy style, then,
for i in `cat /path/to/htpass_file | awk 'BEGIN { FS = ":" } {print $1}'` ; do
echo "<Location /path/to/userdirs/$i>" >> $DAVUSERCONF
echo ' DAV On' >> $DAVUSERCONF
echo ' AuthType Basic' >> $DAVUSERCONF
echo ' AuthName "WebDAV Restricted"' >> $DAVUSERCONF
echo ' AuthUserFile /path/to/htpass_file' >> $DAVUSERCONF
echo ' <LimitExcept GET HEAD OPTIONS>' >> $DAVUSERCONF
echo ' Require user webdav' >> $DAVUSERCONF
echo ' </LimitExcept>' >> $DAVUSERCONF
echo '</Location>' >> $DAVUSERCONF
done
/path/to/apachectl graceful
--
Run that however you want- only when adding/removing users, from some periodic job or straight cron, whatever floats your boat.
Hope the jist is conveyed- not sure if this appeals to you, but it does keep the user management tied to a single file- the htpass. Perhaps a few 15 line shell scripts to maintain...
Best,
.ike
PS, a version I'd run from cron, (assuming cron failures email someone useful or log/notify), which will exit neatly on failure, using my favorite 3 lines:
--
#!/bin/sh
shout() { echo "$0: $*" >&2; }
barf() { shout "$*"; exit 100; }
safe() { "$@" || barf "cannot $*"; }
# one could use sed and a template config to be cleaner,
# but this is a simple email thought for Marc so I'll
# be silly and just do inline junk.
DAVUSERCONF='/path/to/apache_includes'
safe mkdir -p $DAVUSERCONF
printf '' > $DAVUSERCONF
# clears the file lazy style, then,
for i in `safe cat /path/to/htpass_file | awk 'BEGIN { FS = ":" } {print $1}'` ; do
echo "<Location /path/to/userdirs/$i>" >> $DAVUSERCONF
echo ' DAV On' >> $DAVUSERCONF
echo ' AuthType Basic' >> $DAVUSERCONF
echo ' AuthName "WebDAV Restricted"' >> $DAVUSERCONF
echo ' AuthUserFile /path/to/htpass_file' >> $DAVUSERCONF
echo ' <LimitExcept GET HEAD OPTIONS>' >> $DAVUSERCONF
echo ' Require user webdav' >> $DAVUSERCONF
echo ' </LimitExcept>' >> $DAVUSERCONF
echo '</Location>' >> $DAVUSERCONF
done
safe /path/to/apachectl graceful
exit 0
--
More information about the talk
mailing list