Identity and password management using Python on Linux
Sam Penrose
spenrose at well.com
Sun Jan 7 15:52:20 EST 2001
We write web applications in Python, which we host on Linux boxes. We're
growing fast, and need to automate some system administration tasks.
We'd like to use Python for this, if possible, rather than shell
scripting or Perl. We have two problems involving Linux' handling of
identity to which the solutions using Python are not clear.
1) We need parts of our websites to be writable by both the client and
non-Linux-savvy members of our own staff using rather clueless GUI FTP
tools. We'd like to give them a CGI script they can call after saving a
file that will reset its permissions to 664, with the correct owner
(client) and group (client+us). Our CGIs run as nobody (called by
Apache); typically we would switch to root in the shell to make those
changes. How can we do this through CGI?
2) We'd like to give our main sys admin a front end for rotating
passwords that will speed the following process:
i. Log on to a server as root over SSH, preferably by demanding a
password rather than using keys.
ii. For each shell account on the server, prompt for the new
password twice and change it. When the shell accounts are done, we'll do
the MySQL accounts (easy) and the htaccess passwords, which I assume is
easy.
iii. Log on to the next server and repeat ii., until all the servers
are done. (We currently have about 15 servers with 5-10 necessary
accounts per; we anticipate doubling the # of machines over the next few
months).
I assume the front end for 2) will be a shell, but don't know how to
pass commands to a local shell that will be snarfed up by Python and
passed to a remote shell.
Any help appreciated...
More information about the Python-list
mailing list