建構真值表以自動同步大量創建使用者帳號與維護
大江東去浪淘盡 ...
在歷經一番實證之後,發現這樣一個駕馭多程式共用一組帳密的驗算規則。亦即,建構真值表以自動同步大量創建使用者帳號與維護 ,或者說建構真值表實以自動修正新增刪除多元使用者帳號。
Issue
out-of-contro behaviors of with Samba/FTP user account managed user account when Add/delete/modify it at run time.
Problem Description
when add/delete/modify a user account the below problems surely cause wrong behavior at run time:
1. the user account still work when deleting it.
2. residual accounts left in /etc/smbpasswd, or /etc/passwd, especially apply modified account name in a reverse way.
3. the passwords are active or inactive abnormally when experiencing add / delete / modify to password files.
4. the user name mutually share both samba and ftp simultaneously.
Idea/Method
Use a Account Logic Table to manage automatically the changes to SAMBA users and to FTP users by table logic rules
to adaptively new/delete/modify consistently.
This can reach the effects:
(1)reduce code size and complexity and stabilize of function without any porting or adding extrea application/commands:
busybox command, samba command/configuration, for example.
(2)remove the wrong of asynchronous cases of sharing both samba and ftp users adaptatively because it may cause to an unstable state.
ALT Design
By a analytical way,
In Case of Samba :
A Samba user has 4 footprints (uci,passwd,smbpasswd,reuse) of instance in real world which co-work each other to construct the ALT with 7 logic validity to process 4 Use Cases.
In Case of FTP:
A FTP user has 3 footprints (uci,passwd,reuse) of instance in real world which co-work each other to construct the ALT with 7 logic validity to process 4 Use Cases.
Use footprint of instance of Samba and FTP users there are in the
1. password files
/etc/passwd (Samba,FTP)
/etc/smbpasswd (samba)
2. uci variables for samba (Samba,FTP)
3. uci variables for vsftpd (Samba,FTP)
in those asynchrous cases when the two mutual group of accounts are different, there can be the below
user cases at run time when user do add/delete/modify
1.Add,
2.Delete,
3.Share folder,
4.Confirm delete
Use login shell assigned to grouped accounts for searching from their footprints to construct 3 bit-filed of (uci,passwd,reuse),
this need the keys to distinguish,
i.e.
- samba login shell,
- ftp login shell
- mutual login shell
Then there are 4 use cases apply on (samba user, mutual user, ftp user) by the "login shell" keys,
i.e. Add,delete,canshare,confirm on the sequence of user-mutual-user way with the "login shell" keys.
and moreover, we shall think of and handle the behavior in a paired way at one time insteaf of user,mutual respectively.
Analyze the Use Cases of all users account behaviors at run time by logic scenario and categorize into 8 rules:
# A user has the same name for ftp and samba accounts with any password
# A user has 4 footprints of instance in real world which co-work each other to construct the loigc (secenario).
# ------------------------------------------------------------------------------------
# Account Logic Table
# -----------------------------+-------------------------------------------+----------
# uci passwd reuse | Add delete canshare confirm | logic
# -----------------------------+-------------------------------------------+----------
# 0 0 0 | x o x x | 0
# 0 0 1 | x o x x | 1
# 0 1 0 | x o x o | 2
# 0 1 1 | x o x o | 3
# 1 0 0 | o x o x | 4
# 1 0 1 | o x o x | 5
# 1 1 0 | o o o x | 6
# 1 1 1 | o o o x | 7
# -----------------------------+-------------------------------------------+----------
Note:
don’t care – X
managed case -- O
Note:
The logic argorithm of those improvement come into two simplified logic statement,
1. ensure the validity of users with the ALT rules before create/delete/modify it to adopt action properly.
2. ensure the validity of mapping set of (users,mutual) with the ALT rules before create and share it per the logic tabl.
Firstly validate a User, thus the shell scripts codes can take accurately effects stably without side effect.
沒有留言:
張貼留言