FAUS 1.4.4 review

by rbytes.net on

FAUS is a Perl CGI to permit user administration through a Web interface. Samba already has a good web interface for administratio

License: GPL (GNU General Public License)
File size: 0K
Developer: FAUS Team
0 stars award from rbytes.net

FAUS is a Perl CGI to permit user administration through a Web interface.

Samba already has a good web interface for administration known as SWAT. The problem with SWAT is that you can add user just to Samba system, not in the Unix user database (/etc/passwd). To use SWAT you have to type root password to get access for it's features, but SWAT itself does not provides any mean of encryptation to protect the password against sniffers.

You can use others tools to provide such encryptation as SSH or SSL, but the process is not flexyble or easy to setup.

FAUS does not require user root to perform any task in user database: it will use the SUDO program to give the correct rights to the user the webserver is running to (for Apache, it is normally "apache" or "nobody"). FAUS will call thought Perl scripts to call the shell commands "useradd", "userdel" and "smbpasswd".

These scripts will check for bad user entry and make sure that only the options that are really necessary to FAUS facilities will be used. For example, is not possible to add a user with a valid shell using FAUS. All users added by it?s interface will have a "/dev/false" as a shell. So on, sudoers file will give root privileges for webserver user to run these Perl scripts.

FAUS is shipped with the Perl CGI, the Perl scripts and a sample of sudoers file (named as sudoers.example) to show a good example of how to setup a sudoers file to have FAUS working.

Here are some key features of "FAUS":
FAUS will manage users both to UNIX and Samba system if just one command;
FAUS does not uses root or a suid program to perform operations into /etc/passwd or smbpasswd files: FAUS will use Sudo to give the rights to the Apache user to run some scripts as root. These scripts have limited actions, and will not allow operations that could compromisse the system;
It's possible to use different forms of authentication when using Apache, since the webserver has several authentication modules, and is allways possible to run the connection with SSL;
Multilanguage support: all messages, log information can be costumized with a simples text fiel containing HTML code. FAUS supports, right now, English and Portuguese languages;
Log support: all operations are logged in /var/log/httpd/errors.log (or another location) in the same way as other Apache messages;

a webserver
As FAUS was developed to work together meanly with UNIX systems, I suggest the use of Apache as the webserver. FAUS does not provides any type of encryptation or authentication: you should provide these things with the webserver. Apache can support many types of authentication and the use of SSL for traffic encryptation.
Sudo is a program that permits one user to have superuser (root) rights when running certains programs without using the "su" command. Sudo is very maleable for configuring and it permits a good combination of parameters that the user must match before giving root rights.
Yes, for sure you must have Samba in the same machine because FAUS needs to have access to the smbpasswd and passwd: FAUS will not work in another machine.

What's New in This Release:
A setup shell script was included for Debian GNU/Linux.
All scripts were changed to exclude the use of commands like useradd, userdel, and passwd and were improved to use parameters and show a help message when the parameters are not used correctly.
The faus.conf configuration file was changed to include a multiple groups directive and deprecate the smbpasswd path name.
A new Perl module (FAUS::Helper) is used to share common configuration and functions between the scripts.
chansmb now changes passwords with both smbpasswd and /etc/shadow.

FAUS 1.4.4 search tags