Description

FAUS means "Ferramenta de Administração de Usuários do Samba" (User Administration Tool for Samba, in English) and is a Perl CGI to permit user administration though a web interface.

Samba already has a good web interface for administration known as SWAT. The problem with SWAT is that you can add user just to Samba system, not in the Unix user database (/etc/passwd). To use SWAT you have to type root password to get access for it's features, but SWAT itself does not provides any mean of encryptation to protect the password against sniffers. You can use others tools to provide such encryptation as SSH or SSL, but the process is not flexyble or easy to setup.

FAUS does not require user root to perform any task in user database: it will use the SUDO program to give the correct rights to the user the webserver is running to (for Apache, it is normally "apache" or "nobody"). FAUS will call thought Perl scripts to call the shell commands "useradd", "userdel" and "smbpasswd". These scripts will check for bad user entry and make sure that only the options that are really necessary to FAUS facilities will be used. For example, is not possible to add a user with a valid shell using FAUS. All users added by it´s interface will have a "/dev/false" as a shell. So on, sudoers file will give root privileges for webserver user to run these Perl scripts.

FAUS is shipped with the Perl CGI, the Perl scripts and a sample of sudoers file (named as sudoers.example) to show a good example of how to setup a sudoers file to have FAUS working.

Features

At this point FAUS has the following features:

  1. FAUS will manage users both to UNIX and Samba system if just one command;
  2. FAUS does not uses root or a suid program to perform operations into /etc/passwd or smbpasswd files: FAUS will use Sudo to give the rights to the Apache user to run some scripts as root. These scripts have limited actions, and will not allow operations that could compromisse the system;
  3. It's possible to use different forms of authentication when using Apache, since the webserver has several authentication modules, and is allways possible to run the connection with SSL;
  4. Multilanguage support: all messages, log information can be costumized with a simples text fiel containing HTML code. FAUS supports, right now, English and Portuguese languages;
  5. Log support: all operations are logged in /var/log/httpd/errors.log (or another location) in the same way as other Apache messages;

Future enhancements

New facilities to be inclued into FAUS:

  • user list upload: this will permite mass operation, like adding 50 users at once into the system
  • graphics to show relation beetween users that are enable/disable.
  • Javascript controls into the form to make answers faster than from the CGI itself (but the CGI will keep checking for errors anyway)
  • include FastCGI option to make FAUS faster to load.

Requirements:

  • a webserver
As FAUS was developed to work together meanly with UNIX systems, I suggest the use of Apache as the webserver. FAUS does not provides any type of encryptation or authentication: you should provide these things with the webserver. Apache can support many types of authentication and the use of SSL for traffic encryptation. For much more information about and documentation, check the Apache website at http://www.apache.org.
  • Sudo
Sudo is a program that permits one user to have superuser (root) rights when running certains programs without using the "su" command. Sudo is very maleable for configuring and it permits a good combination of parameters that the user must match before giving root rights. You'll find more information about Sudo at http://www.sudo.ws/sudo.
  • Samba
Yes, for sure you must have Samba in the same machine because FAUS needs to have access to the smbpasswd and passwd: FAUS will not work in another machine. You can reach Samba website visiting http://www.samba.org.

FAUS was developed to work in sites where Samba doesn't have more then 250 users: for a setup with a number higher than this using FAUS is not recomended.

 This issue is due the fact that the development team of Samba strongly recomends that Samba with a database higher than 250 users should be setup with a LDAP server (ldapsam) as database rather than using smbpasswd or tdbsam. Nowadays FAUS supports smbpasswd as user database and in future versions will also support tdbsam.

 There is NO intention to make FAUS support ldapsam: there are already good tools over GPL license that offers this facility and are in stable versions. If you need ldapsam facilities, look for graphical tools in the "Gui Tools" sections in Samba website for more information.

Configuration

The FAUS complete documentation can be found here. It is available in HTML and PDF and in several languages.

Screenshots

Some screenshots from FAUS in action!

Download

You can download FAUS by going to http://sourceforge.net/projects/faus.

BE CAREFUL!
FAUS is still beta software. Do not run it in a production system, or at least make a backup from smbpasswd and passwd from your system before trying it.
You have been warned... If you use PGP, you can check for my signature in FAUS packages released here.

Acknowledgements


I would like to say thanks to Ivan Alejandro Mirón Amador (mad_smart (at) hotmail.com) for the FAUS Spanish translation.

Thanks also to Derliz Diaz (ddiaz (at) grupoied.com) for translating the FAUS manual to Spanish.

The FAUS logo design was created and gently given by Alessandra Fustinoni Camargo (aleflcamargo (at) terra.com.br). Thanks Alê!

I would like to thank you all the people to sent me emails reporting bugs and suggestions to make FAUS a better tool.

Contact

If you find a bug or have a good idea about FAUS, please let us know by FAUS mailing list

.
Programming Republic of Perl SourceForge Logo Valid HTML 4.01!