Python Scripting Tutorial, Part two
Here is my second part of the hands on tutorial on basic python script. It works in an interactive mode just like adduser on a linux system, only
it sets a very strong random password (using a little utility called pwgen - you can install it from /usr/ports/sysutils/pwgen2) for the user, gives you
the ability of making a system user, a ftp user or both. My pure-ftpd is based on MySQL table auth. It also makes a public_html for the user and
build a virtual host for the user. Check the script out because I think it is pretty straightforward. Tweak it a bit so you can use it as your own.
On the next tutorial we'll the users a mail with the password and also add them to an LDAP directory.
PS: I'm aware that some things could be done more easily by using hefty tricks, but hey, I aimed for easy understanding.
#/usr/local/bin/python
import os
import getopt
import sys
import MySQLdb
# Where should i write the vhost details?
VHOSTS_CONFIG = "/usr/local/etc/apache22/extra/httpd-vhosts.conf"
# Init the variables
user_flag = -1
ftp_flag = -1
# MySQL authentification variables
mysql_user = "user"
mysql_pass = "password"
mysql_host = "localhost"
mysql_database = "pureftpd"
# The usage() function that gets used when we call the script with the -h option
def usage():
print """
Usage: sudo python create_python.py : create a user in the system.
You can create a ftp user only, a system user or both.
It also adds the corresponding vhost to the configuration and builds the
home directory. If run with no arguments it will go into interactive mode.
create_user.py [-h]
-h print this help
"""
# Parse the command line arguments
# Basicly this looks for the -h argument only but could be
# easily extended to something else
o, a = getopt.getopt(sys.argv[1:], 'h')
opts = {}
for k,v in o:
opts[k] = v
if opts.has_key('-h'):
usage();
sys.exit(0)
# Check to see if we're running as superuser
uid = `os.getuid()`
if uid != "0":
print "You must be superuser in order to run this program"
sys.exit(1)
# Make a system user?
user_input = raw_input("Do you want to add a system user [n/Y]: ")
if user_input.lower() == "y":
user_flag = 1
if user_input.lower() == "n":
user_flag = 0
else:
user_flag = 1
# Make a ftp user?
ftp_input = raw_input("Do you want to add a ftp user [n/Y]: ")
if ftp_input.lower() == "y":
ftp_flag = 1
if ftp_input.lower() == "n":
ftp_flag = 0
else:
ftp_flag = 1
# If you do not want a system user or a ftp user then ... you don't want anything
if ftp_flag == 0 and user_flag == 0:
print "Come back when you know what you want"
sys.exit()
# How do you want to name your user?
user_name = raw_input("Username: ")
# Try to figure out the shell or input another shell
# something like /usr/local/bin/rssh
if user_flag == 1:
user_shell = raw_input("Shell [/usr/local/bin/bash]: ")
# Make /usr/local/bin/bash the default shell if the user presses enter
if user_shell == "":
user_shell = "/usr/local/bin/bash"
# Basicly we have to types of accounts
# Those that are the system users with ssh account and those with only ftp access
# System users have the /home/user directory
# whilst the ftp users have /home/ftpusers/user
if user_flag == 1:
home = "/home/" + user_name
else:
home = "/home/ftpusers/" + user_name
# But if you want you can input another directory as the home directory
# We are making this script a little more interactive
home_dir = raw_input("Home directory [" + home + "]: ")
if home_dir == "":
home_dir = home
# We generate a new random password. This is based on the pwgen port
# Please install it before if you don't have it:
# cd /usr/ports/sysutils/pwgen2 && sudo make search install
newpassword = os.popen("pwgen -s -n -B -c 12 1").readline().split()[-1]
if user_flag == 1:
# Add the new user using the randomly generated password earlier
# This command enters:
# echo pass | pw user add -d /home/user -m -s /usr/local/bin/bash -n user -g users -h 0
# -d - home directory
# -m - builds the home directory if it doesn't exist
# -s - the shell to user
# -n - the name of the user
# -g - the original group for the user
# -h 0 - get the password from stdin
cmd = "echo " + newpassword + " | pw user add -d " + home_dir + " -m -s " + user_shell + " -n " + user_name + " -g users -h 0"
os.system(cmd)
# Save the new password somewhere as you don't want an inactive account or manually input another pasword
f = open("/root/accounts", "a+")
line = user_name + " " + newpassword + " " + `user_flag` + " " + `ftp_flag` + "\n"
f.write(line)
f.close()
print "Details have been saved to /root/accounts. Please mail the information to the user and then delete the file"
# Make the /home/user/public_html directory so the user can have his own web server
# at the http://host/~user address
os.mkdir(home_dir + "/public_html")
# Change the vhost configuration to a new entry so
# http://host/~user is mapped as http://user.host/
# This is much more professional in my opinion
f = open(VHOSTS_CONFIG, "a")
vhost = """<VirtualHost *:80>
ServerAdmin email@mail.com
DocumentRoot """ + home_dir + """/public_html
ServerName """ + user_name + """.host
ErrorLog /var/log/httpd/""" + user_name + """-error_log
CustomLog /var/log/httpd/""" + user_name + """-access_log combined
</VirtualHost>
"""
f.write(vhost)
f.close()
# Restart the Apache Webserver
os.system("apachectl graceful")
# For the ftp users only you should manage their accounts using the system account ftpusers
if user_flag == 0 and ftp_flag == 1:
group = "ftpusers"
uid = "ftpusers"
else:
uid = user_name
group = "users"
# Add the ftp user to the existing MySQL table (I do MySQL auth to my ftp server)
# with the same use so if you give ftp access to a system user he can login with
# the same password You should only give a user access to the system with no ftp
# access if you want him to make transactions only with ssh (through scp)
if ftp_flag == 1:
# Open the MySQL database
db = MySQLdb.connect(mysql_host,mysql_user,mysql_pass,mysql_database)
# Make a cursor (a pointer to that database)
cursor = db.cursor()
# Execute an insert query
cursor.execute("INSERT INTO `pureftpd`.`users` (`User`, `Password`, `Uid`, `Gid`, `Dir`, `QuotaSize`) VALUES (\'%s', MD5(\'%s\'), \'%s\', \'%s\', \'%s\', \'%s\');" % (user_name,newpassword,uid,group,home_dir,100))
cursor.close()
if ftp_flag == 1 and user_flag == 0:
os.mkdir(home_dir)
Powered by ScribeFire.
1 comment:
Looking forward to the seeing how to interact with LDAP.
Post a Comment