Re: Webmin user creation.

[Joe C. <jo...@sw...>]

Jamie Cameron wrote:

> Joe Cooper wrote:
> 
>> Ok, I'm getting better at figuring out what needs to go into a
>> hash...but not good enough to figure out how the Webmin Users
>> &create_user function works.
>> 
>> I've gathered, I think, almost everything I need in the %user hash when
>> calling &foreign_call("acl", "create_user", \%user).  But I'm having
>> issues with the ACLs for the modules, mainly because I can't figure out
>> how to print the modules array within the hash so I can see what it
>> looks like.
>> 
>> So, how do I generate a correct array of modules to be added for my new
>> user?  As in the previous system user generation query, I'm creating the
>> user from nothing but the name and a template.
> 
> 
> Basically, the create_user function takes a reference to a hash \%user that
> contains the following important keys
> 
> name -	  The user's login name
> pass -	  The crypt() encrypted password
> modules - A reference to an array of modules that the user will have access to

Ok.  I think I've got it.  And modules are just listed as elements in 
the array: 'apache', 'sendmail', etc.  (Without the quotes.)  Correct?

 
>> Each user will have permission to edit their own virtual host in Apache,
>> aliases and read mail in Sendmail, and a few other modules (like
>> documentation, log analyses tools, etc.).
>> 
>> I'm kind of stumped also, about how to do specific module level ACL
>> stuff.  Like limiting the user to only their own virtual host and
>> aliases, and such.  I've located the save_acl.cgi stuff, and kind of
>> understand what's happening, but a pointer or two would be much appreciated.
> 
> Detailed module acls are controlled by the username.acl file in each module's
> subdirectory under /etc/webmin. This file is just a list of name=value pairs,
> the exact meaning of which are not really documented anywhere :)  They are
> set by the acl_security.pl script in each module's directory, and
> usually loaded into the %access array by the &get_module_acl function called by
> module CGI programs and interpreted to allow or deny access to certain functions.
> 
> You can get an idea how this works by setting some detailed acls manually and
> then looking at the values in the username.acl file ..

Ok.  This I can handle too, I think.  I'll get the user creation 
happening, and then tackle the ACLs.  Will query further if I get lost.

Thanks, Jamie.
                                   --
                      Joe Cooper <jo...@sw...>
                  Affordable Web Caching Proxy Appliances
                         http://www.swelltech.com