[Tutor] multi-user program question

Michael P. Reilly arcege@shore.net
Tue, 20 Mar 2001 08:21:59 -0500 (EST) 

> This is not really a python question in the strict sense; if this is the
> wrong place to ask, just say so.
> 
> I'm going to be writing a python script for use by several (~15) people
> here at work. It will allow users to request paid time off (vacations,
> personal days, etc.). Before getting too far into it, I'm trying to work
> out a couple questions. 
> 
> I'm working on UNIX, and want to use the filesystem to store info about
> the user's personal info (passwords, usernames, etc.), and their pto
> request info.
> 
> What I'm thinking right now is that I want to make a /home/pto/
> directory, then make a password file within there, or in /etc/pto, then
> add user directories inside /home/pto/ to hold pto request info. I've
> got root access to the UNIX box, but don't want to use that for
> anything. I've been thinking about just going in and creating the pto
> dir manually, then using it to store all that info, but there are a
> couple problems with that approach, too.
> 
> These are the things I'm trying to figure out:
> 
> * what is the best way to store the pto request info? Creating a home
> dir requires root access, so I want to find an alternative to that.

I suggest creating the "pto home" directory (it just needs to be one
directory where the data will be stored) with group-writable
permissions.  Give all fifteen users access to the group, then allow
files to be updated with those permissions.  The users don't need to be
root, and you can get some level of security by controlling the
permissions (I do suggest creating a "pto" account to own things).

> * if using a pto home dir turns out to be the best way to go, how can I
> run a script as user pto? A friend of mine says he runs perl scripts
> this way, but I cannot figure out how (and he's not around). 

You can't do that in perl, or in Python.  You need a setuid program
to change a user.  This is something in the operating system, not a
language (cf. chmod(2).  But if you set up the permissions correctly,
you shouldn't need setuid at all.

> * if I use the /home/pto/<user>/ directory scheme, how can I arrange so
> that an admin (my boss) can still view all that info but users cannot
> view each other's info? There will only be one admin account, who will
> add and delete users, accept/decline pto requests, etc. So he needs to
> be able to view all user info.

Deirdre gave the suggestion of using a database.  You may not need to
go to the level of mysql or postgres, but that gives you the security
that you will want - users can insert rows in a table but not read
them, and manager can access those rows (read, delete, change, etc.).

If you are really concerned you could create your own data server, but
if you were going to do that, then I'd suggest installing MySQL.  SQL
can be a little tricky if you aren't used to it (what should the table
look like, how to get security correct, etc.); if you want to get this
going faster than you can pick up SQL, think about your own server for
added security.

But if you have the data files set up correctly then this shouldn't
be a big deal.  It depends on how much you are concerned with different
levels of security.

> I am inclined to think that these sort of issues have come up and been
> resolved by others, and am curious about any good ideas anyone has. I've
> got my own ideas, but so far nothing that feels quite right. 

I have a product called crd-mail that does a lot of what you describe
above.  It is a multi-user, multi-host, call-tracking system,
originally written in Bourne shell.  It handles all the locking
problems that you'll have when multiple users on different machines try
to access a database.  I ported it to Python sometime ago, but that
version has never made it out of my hands.  Let me know if you would
like to see some of relevant.

In short, anything that requires a level of security (e.g. anything
dealing with payroll) need to be designed carefully.  Make sure you
have all your requirements layed out first.  There are a lot of design
choices you could use, which one depends more on the project's
requirements.  For example, do you want/need a web interface (a web
interface doesn't necessarily mean IE/Netscape, you could use Python's
httplib from a command-line interface)?  Will there be a command-line
interface? GUI (Tkinter, GTK, wxPython)?  All these will affect how the
data is handled, and can affect how the data is secured.

Good luck,
  -Arcege

PS: My crd-mail product does not have an open licensed because of past
usage.  So I cannot simply publish it on the net, unfortunately.

-- 
------------------------------------------------------------------------
| Michael P. Reilly, Release Manager  | Email: arcege@shore.net        |
| Salem, Mass. USA  01970             |                                |
------------------------------------------------------------------------