Description

FAUS means "Ferramenta de Administração de Usuários do Samba" (User Administration Tool for Samba, in English) and is a Perl CGI to permit user administration though a web interface.

Samba already has a good web interface for administration known as SWAT. The problem with SWAT is that you can add user just to Samba system, not in the Unix user database (/etc/passwd). To use SWAT you have to type root password to get access for it's features, but SWAT itself does not provides any mean of encryption to protect the password against sniffers. You can use others tools to provide such encryption as SSH or SSL, but the process is not flexyble or easy to setup.

FAUS does not require root privileges to perform any task: it will use the SUDO program to give the correct rights to the user the webserver is running to (for Apache, it is normally "apache" or "nobody"). FAUS will use Sudo to execute Perl scripts to that substitutes programs as "useradd", "userdel" and "smbpasswd". These scripts will check for bad user entry and make sure that only the options that are really necessary to FAUS will be used. For example, is not possible to add a user with a valid shell using FAUS. All users added by it's interface will have a "/dev/false" as a shell.

FAUS is shipped with the Perl CGI, the Perl scripts and a sample of sudoers file (named as sudoers.example) to show a good example of how to setup a sudoers file to have FAUS working.

Features

FAUS has the following features:

  1. FAUS will manage users both from UNIX and Samba systems for each given command;
  2. FAUS does not use root or a suid program to perform operations: FAUS will use Sudo to give the rights to the Apache user to run some scripts as root. These scripts have limited features and will not allow operations that could compromisse the system;
  3. It's possible to use different forms of authentication when using Apache, since the webserver has several authentication modules and it is always possible to SSL;
  4. Multilanguage support: all messages, log information can be costumized with a simples text field containing HTML code;
  5. Log support: all operations are logged in /var/log/httpd/errors.log (or another location) in the same way as other Apache messages;

Future enhancements

New features to be included into FAUS:

  • user list upload: this will permite mass operation, like adding 50 users at once into the system
  • graphics to show the relation beetween users that are enable/disable.
  • Javascript controls into the form to make answers faster than from the CGI itself (but the CGI will keep checking for errors anyway)
  • include FastCGI option to make FAUS faster to load.

Requirements:

  • a webserver
As FAUS was developed to work together meanly with UNIX systems, I suggest the use of Apache, but any webserver with support to CGI will do. FAUS does not provides any type of encryption or authentication: you should look for those features with the webserver. Apache can support many types of authentication and the use of SSL for traffic encryption. For much more information about and documentation, check the Apache website at http://www.apache.org.
  • Sudo
Sudo is a program that permits one user to have superuser (root) rights when running certains programs without using the "su" command. Sudo is very maleable for configuring and it permits a good combination of parameters that the user must match before giving root rights. You'll find more information about Sudo at http://www.sudo.ws/sudo.
  • Samba
Yes, for sure you must have Samba in the same machine because FAUS needs to have access to the Samba database: FAUS will not work in another machine. You can reach Samba website visiting http://www.samba.org.
Beware that FAUS supports only the smbpasswd and tdbsam backends. LDAP is not supported.
Considering the backend, FAUS was developed to work in sites where Samba doesn't have more then 250 users: for a setup with a number higher than this using FAUS is not recomended.
This issue is due the fact that the development team of Samba strongly recomends that Samba with a database higher than 250 users should be setup with a LDAP server (ldapsam) as database rather than using smbpasswd or tdbsam.
There is NO intention to make FAUS support ldapsam: there are already good tools over GPL license that offers this facility and are in stable versions. If you need ldapsam facilities, look for graphical tools in the "Gui Tools" sections in Samba website for more information.

Configuration

The FAUS complete documentation can be found here. It is available in HTML and PDF and in several languages.

Screenshots

Some screenshots from FAUS in action!

Download

You can download FAUS by going to http://sourceforge.net/projects/faus.

BE CAREFUL!
FAUS is still beta software. Do not run it in a production system, or at least make a backup from smbpasswd and passwd from your system before trying it.
You have been warned...

Acknowledgements

I would like to thanks Ivan Alejandro Mirón Amador (mad_smart (at) hotmail.com) for the FAUS Spanish translation.

Thanks also to Derliz Diaz (ddiaz (at) grupoied.com) for translating the FAUS manual to Spanish.

The FAUS logo design was created and gently given by Alessandra Fustinoni Camargo (aleflcamargo (at) terra.com.br). Thanks Alê!

I would like to thank you all the people to sent me emails reporting bugs and suggestions to make FAUS a better tool.

Contact

If you find a bug or have a good idea about FAUS, please let us know by FAUS mailing list.
Programming Republic of Perl SourceForge Logo Valid HTML 4.01!