Sourceforge offers a shell account to all users with a project. It uses a dump from the database to generate /etc/shadow, /etc/passwd and /etc/group. This has two big drawbacks: first you have to wait for the next cron job for any changes to your password etc. and this implies a lock every 6 hour (on SourceForge) on three critical files of the system. This is not very important for VA since they have a lot of powerful machines but for a "one machine Sourceforge" this is critical.
We suggest that you use the nss-mysql library which can authenticate groups or users directly from your MySQL database. We recommend that you use the tarball that you can find at http://zoy.org/~guillaum/SF/.
We suppose that you have created a users group. We'll assume that its PID is 100.Now Untar the archive and run
configure --enable-default_home=SF_ROOT/home/users --enable-default_gid=100
Now type make, su and make install.
Generate two random passwords for two MySQL users. And edit guide/db_perms.sh and run it to give the correct rights to them.
# This is an example configuration file for nss-mysql library # You CANNOT put 2 assignments on the same line. # This is the user configuration part users.host = inet:localhost:3306; # db host users.where_clause = user.unix_status = 'A'; # fully qualifed where clause users.database = sourceforge; users.db_user = nssmysql; users.db_password = password; users.table = user; users.user_column = user_name; users.password_column = password; # not used if you have enabled the shadow support users.userid_column = user_id; users.uid_column = unix_uid; users.gid_column = gid; # not used if you have run configure --with-default_gid=GID users.realname_column = realname; users.shell_column = shell; users.default_gid = 100; # GID of users default group users.default_home = /sfroot/home; # used only if you have run configure --with-default_home=DIR # This is the groups configuration part # This is only used if you have enabled the group support groups.host = localhost; groups.where_clause = groups.status = 'A'; #fully qualified where clause groups.database = sourceforge; groups.db_user = nssmysql; groups.db_password = password; groups.group_info_table = groups; groups.group_name_column = unix_group_name; groups.groupid_column = group_id; groups.members_table = user_group; groups.member_userid_column = user_id; groups.member_groupid_column = group_id; # At this time, we do not support a GID column. We use # the following trick to choose a GID : gid = group_id + first_gid. # You should not set first_gid to less than 1000 groups.first_gid = 2000;
# This is an example configuration file for nss-mysql library # You CANNOT put 2 assignments on the same line. # This file must be readable ONLY FOR ROOT # This is only used if you have enabled the shadow support # Read the SHADOW file for more information shadow.host = inet:localhost:3306; # db host shadow.where_clause = user.unix_status = 'A'; # fully qualifed where clause shadow.database = sourceforge; shadow.db_user = shadow; shadow.db_password = password; shadow.table = user; shadow.user_column = user_name; shadow.password_column = unix_pw;
You just have to modify your nsswitch.conf to add the "mysql" service to passwd, group and shadow.
# /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files mysql group: files mysql shadow: files mysql hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis