|
|
|
@ -11,9 +11,7 @@ First of all, we talk about the following files and folders: |
|
|
|
.htpasswd |
|
|
|
.htpasswd |
|
|
|
README |
|
|
|
README |
|
|
|
authz |
|
|
|
authz |
|
|
|
cpi |
|
|
|
JaneDoe |
|
|
|
elab-users.py |
|
|
|
|
|
|
|
old-scripts-backup |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
** WARNING: ** |
|
|
|
** WARNING: ** |
|
|
|
In this list, there is one hidden files: `.htpasswd`. This file is hidden on |
|
|
|
In this list, there is one hidden files: `.htpasswd`. This file is hidden on |
|
|
|
@ -25,70 +23,62 @@ purpose, so ** don't mess with it **. |
|
|
|
|
|
|
|
|
|
|
|
`authz`: defines the access controll list, so who has access to what |
|
|
|
`authz`: defines the access controll list, so who has access to what |
|
|
|
|
|
|
|
|
|
|
|
`cpi`: folder that holds the svn repository itself |
|
|
|
`JaneDoe`: folder that holds one svn repository for a user |
|
|
|
|
|
|
|
|
|
|
|
`elab-users.py`: usermanagement script |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
`old-scripts-backup`: contains the old scripts to add a user for backup reasons |
|
|
|
Usermanagement with `elab-users` |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Usermanagement with `elab-users.py` |
|
|
|
|
|
|
|
----------------------------------- |
|
|
|
----------------------------------- |
|
|
|
|
|
|
|
|
|
|
|
** HINT: ** To run this scipt first change to the directory with |
|
|
|
** HINT: ** To run this scipt if the service was deployed to dokku, use this |
|
|
|
`cd /var/www/svn` and prepend every command with `./` |
|
|
|
command structure `dokku run svn elab-users [command] [name]` |
|
|
|
(e.g. `./elab-users.py --help`). |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The script `elab-users.py` provides some options to add and delete users, |
|
|
|
The script `elab-users` provides some options to add and delete users, |
|
|
|
show access information from users and their elab journals. If the scprit |
|
|
|
show access information from users and their elab journals. If the scprit |
|
|
|
is called with the `--help` option, the folowing help message is displayed: |
|
|
|
is called with the `--help` option, the folowing help message is displayed: |
|
|
|
|
|
|
|
|
|
|
|
Usage: elab-users.py [option] name |
|
|
|
usage: elab-users [-h] [command] [name] |
|
|
|
|
|
|
|
|
|
|
|
shows and manipulates svn access rights |
|
|
|
positional arguments: |
|
|
|
|
|
|
|
command one of the commands: [user, group, add, restricted, retire, password] |
|
|
|
|
|
|
|
name user or group to perform the command on |
|
|
|
|
|
|
|
|
|
|
|
Options: |
|
|
|
optional arguments: |
|
|
|
-h, --help show this help message and exit |
|
|
|
-h, --help show this help message and exit |
|
|
|
-g, --groupinfo display users in a group |
|
|
|
|
|
|
|
-a, --add add a regular user |
|
|
|
|
|
|
|
-r, --restricted add a restricted user |
|
|
|
|
|
|
|
-m, --move move a user to alumni |
|
|
|
|
|
|
|
-p, --password reset a user password |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
to grant a restricted user access to another folder, you have to carefully |
|
|
|
To grant a restricted user access to another folder, you have to carefully |
|
|
|
edit the authz file |
|
|
|
edit the authz file |
|
|
|
|
|
|
|
|
|
|
|
the following combinations are possible: |
|
|
|
The following combinations are possible: |
|
|
|
|
|
|
|
|
|
|
|
* `elab-users.py`: will show a list of all groups and their users |
|
|
|
* `elab-users`: will show a list of all groups and their users |
|
|
|
* `elab-users.py UserName`: shows the access rights of the user and their labjournal |
|
|
|
* `elab-users UserName`: shows the access rights of the user and their lab journal |
|
|
|
* `elab-users.py -g GroupName`: shows a list of all group members |
|
|
|
* `elab-users group GroupName`: shows a list of all group members |
|
|
|
* `elab-users.py -a UserName`: adds a regular user, creates svn folders and sets a random password |
|
|
|
* `elab-users add UserName`: adds a regular user, creates svn folders and sets a random password |
|
|
|
* `elab-users.py -a UserName`: adds a restricted user, creates svn folders and sets a random password |
|
|
|
* `elab-users restricted UserName`: adds a restricted user, creates svn folders and sets a random password |
|
|
|
* `elab-users.py -m UserName`: moves an existing user to the alumni group, removes his password |
|
|
|
* `elab-users retire UserName`: moves an existing user to the alumni group, removes his password |
|
|
|
* `elab-users.py -p UserName`: resets the password for an existing user to a new random one |
|
|
|
* `elab-users password UserName`: resets the password for an existing user to a new random one |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Grant read writes to restricted users |
|
|
|
Grant read writes to restricted users |
|
|
|
------------------------------------- |
|
|
|
------------------------------------- |
|
|
|
|
|
|
|
|
|
|
|
As noted in the help message of `elab-users.py`, if a restriced user should have |
|
|
|
As noted before, if a restriced user should have read access to another |
|
|
|
read access to another labjournal, the `authz` file has to be edited manually. |
|
|
|
lab journal, the `authz` file has to be edited manually. Here are two examples |
|
|
|
Here are two examples that grant the user 'UrmilShah' read access to |
|
|
|
that grant the user 'JaneDoe' read access to two different lab journals: |
|
|
|
two different lab journals: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
... snip ... |
|
|
|
... snip ... |
|
|
|
|
|
|
|
|
|
|
|
[cpi:/AndreasEvers] |
|
|
|
[JohnSmith:/] |
|
|
|
@restricted = |
|
|
|
@restricted = |
|
|
|
UrmilShah = r |
|
|
|
JaneDoe = r |
|
|
|
|
|
|
|
|
|
|
|
... snip ... |
|
|
|
... snip ... |
|
|
|
|
|
|
|
|
|
|
|
[cpi:/HolgerFrey] |
|
|
|
[MaxMustermann:/] |
|
|
|
@restricted = |
|
|
|
@restricted = |
|
|
|
UrmilShah = r |
|
|
|
JaneDoe = r |
|
|
|
HolgerFrey = rw |
|
|
|
MaxMustermann = rw |
|
|
|
|
|
|
|
|
|
|
|
... snip ... |
|
|
|
... snip ... |
|
|
|
|
|
|
|
|
|
|
|
|
