[peruser] Wishlist

Sean Gabriel Heacock gabriel at telana.com
Fri Feb 25 15:14:46 MST 2005


Thanks to everyone who's signed up so far.  I'm excited to finally have
a list set up to talk about this project.

If you've had problems getting it working, first try the latest patch -
I just put it up on http://www.telana.com/peruser.php.  It's exactly a
one character change from r7, but peruser won't work without it (unless
you happen to have ExtendedStatus On in your httpd.conf).  Thanks to
Steve Amerige for the patch.

I think a lot of bugs in peruser are due to things like that, where they
happen to work on my setup because of how I configured apache.  One
outstanding issue is that some people are getting "0.0.0.0" for all
remote IPs - I'm not seeing that issue so it might be a similar deal.

Also, if anyone has any feature requests, let's hear them.

Here's one of mine: in setting up mailman, you have to tell it what
group it expects to be run as, through the web interface.  Under my
peruser setup, each user runs as its own user and group, so I had to
patch mailman to instead only check if the current user was in the
"mailman" group, and not insist that "mailman" be their primary group. 
So now I can give a user access to mailman by adding them to the mailman
group.  But I'd like to be able to configure peruser to put a user in
the mailman group without changing system configs (I don't want them to
be in the mailman group in the shell, for example).

Right now, in peruser, you assign the user and group, but the
supplemental groups are set up automatically from /etc/group (via the
initgroups() function).  This is not really the right way to do this -
either we should just specify the user, and allow the primary and
supplemental groups to be set automatically, or they should all be
specified in the configuration.  We could also do both (set up groups
automatically if they're not specified in the configs)

This would involve a change to the configuration directives; instead of
ServerEnvironment it would be something like this:

<VirtualHost ...>
  SetUser username
  SetGroup groupname
  SetSupplementalGroups www,mailman
</VirtualHost>

Unfortunately this makes it difficult to match up with a "Processor"
directive... but I'd like to get rid of that completely, if at all
possible.

Sorry if this was rambling and confusing, I'm just thinking out loud.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/




More information about the Peruser mailing list