<br><br><div class="gmail_quote">On Thu, May 19, 2011 at 9:39 AM, Isaac Levy <span dir="ltr"><<a href="mailto:ike@blackskyresearch.net">ike@blackskyresearch.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On May 18, 2011, at 7:50 PM, Marc Spitzer wrote:<br>
<br>
> On Wed, May 18, 2011 at 7:47 PM, Joe Dunn <<a href="mailto:me@joedunn.com">me@joedunn.com</a>> wrote:<br>
>> I'm not sure but wouldn't this is a good use for cfengine<br>
>><br>
>> have a ipad_users (array of users) in a slist and then have that dump into a<br>
>> ipad_users.conf which is included in apache.<br>
>><br>
>> When you have the next batch of users just add them to that list and it will<br>
>> generate automagically.<br>
>><br>
>> There is probably a better, cleaner way but this comes to find as a<br>
>> solution.<br>
>><br>
>> Joe<br>
><br>
> hmm had not thought of that, will look into it.<br>
><br>
> marc<br>
<br>
<br>
Thinking out loud, in 2 parts:<br>
<br>
Part 1:<br>
--<br>
htpasswd will create files with lines like the following:<br>
<br>
marc:$11111blahblahhash0000000000<br>
joe:$11111blahblahhash0000000000<br>
<br>
A single file, 400 + users no big deal.<br>
I like standalone files- they work even when distributed auth does not, (and can be generated from LDAP via script/cron/trigger even.)<br>
<br>
Could be tied to some other mgmt tool- whatever can pass the textual data.<br>
htpasswd has a man page, which you can point the next guy at, etc...<br>
<br>
<br>
<br>
Part 2:<br>
--<br>
Then, the htpasswd file can be used to generate the <location></location> stanzas, htpasswd util can be used to remove user logins, etc...<br>
<br>
htpasswd files are easy to parse from a shell script/template, when a new user is added/removed:<br>
<br>
(stole confs from a google hit, dunno if they work, but the shell script should)<br>
<a href="http://www.serverwatch.com/tutorials/article.php/10825_2176771_2/Enabling-WebDAV-on-Apache.htm" target="_blank">http://www.serverwatch.com/tutorials/article.php/10825_2176771_2/Enabling-WebDAV-on-Apache.htm</a><br>
<br>
--<br>
#!/bin/sh<br>
<br>
# one could use sed and a template config to be cleaner,<br>
# but this is a simple email thought for Marc so I'll<br>
# be silly and just do inline junk.<br>
<br>
DAVUSERCONF='/path/to/apache_includes'<br>
<br>
echo '' > $DAVUSERCONF<br>
# clears the file lazy style, then,<br>
<br>
for i in `cat /path/to/htpass_file | awk 'BEGIN { FS = ":" } {print $1}'` ; do<br>
<br>
echo "<Location /path/to/userdirs/$i>" >> $DAVUSERCONF<br>
echo ' DAV On' >> $DAVUSERCONF<br>
echo ' AuthType Basic' >> $DAVUSERCONF<br>
echo ' AuthName "WebDAV Restricted"' >> $DAVUSERCONF<br>
echo ' AuthUserFile /path/to/htpass_file' >> $DAVUSERCONF<br>
echo ' <LimitExcept GET HEAD OPTIONS>' >> $DAVUSERCONF<br>
echo ' Require user webdav' >> $DAVUSERCONF<br>
echo ' </LimitExcept>' >> $DAVUSERCONF<br>
echo '</Location>' >> $DAVUSERCONF<br>
<br>
done<br>
<br>
/path/to/apachectl graceful<br>
<br>
--<br>
<br>
Run that however you want- only when adding/removing users, from some periodic job or straight cron, whatever floats your boat.<br>
<br>
Hope the jist is conveyed- not sure if this appeals to you, but it does keep the user management tied to a single file- the htpass. Perhaps a few 15 line shell scripts to maintain...<br>
<br>
Best,<br>
.ike<br>
<br>
<br>
<br>
<br>
<br>
<br>
PS, a version I'd run from cron, (assuming cron failures email someone useful or log/notify), which will exit neatly on failure, using my favorite 3 lines:<br>
--<br>
#!/bin/sh<br>
<br>
shout() { echo "$0: $*" >&2; }<br>
barf() { shout "$*"; exit 100; }<br>
safe() { "$@" || barf "cannot $*"; }<br>
<br>
# one could use sed and a template config to be cleaner,<br>
# but this is a simple email thought for Marc so I'll<br>
# be silly and just do inline junk.<br>
<br>
DAVUSERCONF='/path/to/apache_includes'<br>
safe mkdir -p $DAVUSERCONF<br>
<br>
printf '' > $DAVUSERCONF<br>
# clears the file lazy style, then,<br>
<br>
for i in `safe cat /path/to/htpass_file | awk 'BEGIN { FS = ":" } {print $1}'` ; do<br>
<br>
echo "<Location /path/to/userdirs/$i>" >> $DAVUSERCONF<br>
echo ' DAV On' >> $DAVUSERCONF<br>
echo ' AuthType Basic' >> $DAVUSERCONF<br>
echo ' AuthName "WebDAV Restricted"' >> $DAVUSERCONF<br>
echo ' AuthUserFile /path/to/htpass_file' >> $DAVUSERCONF<br>
echo ' <LimitExcept GET HEAD OPTIONS>' >> $DAVUSERCONF<br>
echo ' Require user webdav' >> $DAVUSERCONF<br>
echo ' </LimitExcept>' >> $DAVUSERCONF<br>
echo '</Location>' >> $DAVUSERCONF<br>
<br>
done<br>
<br>
safe /path/to/apachectl graceful<br>
<br>
exit 0<br>
<font color="#888888"><br>
--<br>
<br>
<br>
<br>
_______________________________________________<br>
talk mailing list<br>
<a href="mailto:talk@lists.nycbug.org">talk@lists.nycbug.org</a><br>
<a href="http://lists.nycbug.org/mailman/listinfo/talk" target="_blank">http://lists.nycbug.org/mailman/listinfo/talk</a><br>
</font></blockquote></div><br>I have a similar script when I want to create SVN repo's for each smaller project I run at <a href="http://www.jointhegrid.com">www.jointhegrid.com</a>. Not exactly what you want but neat anyway.<br>
<br>
<a href="http://www.edwardcapriolo.com/roller/edwardcapriolo/entry/svn_creation_script">http://www.edwardcapriolo.com/roller/edwardcapriolo/entry/svn_creation_script</a>
<br><br>Edward<br>