[00:48] <joerg> hi
[01:14] <sbalneav> Eveving all
[01:20] <joerg> sbalneav, found an answer? :D
[01:21] <joerg> I am not even sure if I remember correctly what I asked you ^^
[01:25] <sbalneav> Eurhg, sitting in a cafe after a full day of "Team Training" at work, waiting for my sons piano lesson to end.
[01:25] <sbalneav> hold on...
[01:27] <sbalneav> Yeah, the mail thing.  Well, at then end of the day, a mail sever's gotta have a drop box to deliver to.
[01:27] <sbalneav> usually, that can be handled by procmail
[01:27] <sbalneav> and procmail can call external programs
[01:27] <sbalneav> so
[01:28] <sbalneav> it wouldnt be to hard to set up a "school-newspaper" alias that delivers to a pipe
[01:29] <sbalneav> the pipe's a program that looks up your group mappings in ldap via your custom schema
[01:29] <sbalneav> and outputs a list of actual dropboxes to deliver to
[01:29] <sbalneav> or, if it's a web only group
[01:30] <sbalneav> could post the message via inserting into whatever your backend is.  Postgresql for ex.
[01:30] <sbalneav> so I think that one could be worked around.
[01:30] <joerg> yeah, it is postgres of course :)
[01:30] <joerg> ok, that sounds great
[01:30] <joerg> haven't really looked at procmail and stuff yet
[01:30] <sbalneav> I mean, what you're wanting to do isn't MUCH different from a mailing list.
[01:30] <joerg> I just wonder: do I need users? :)
[01:31] <sbalneav> all that differes is the back end.
[01:31] <joerg> I mean real posixAccounts?
[01:31] <sbalneav> No
[01:31] <joerg> if the school does not use LTSP?
[01:31] <sbalneav> not so long as you provide a custom back end delivery program
[01:31] <joerg> but the mailserver needs accounts, doesn't it?
[01:31] <sbalneav> which is pretty easy
[01:31] <sbalneav> Well, the mailserver can get it's accounts from ldap
[01:31] <joerg> hmm
[01:32] <joerg> yeah, and that don't need to be posixAccoutns?
[01:32] <sbalneav> No, you can usually specify whatever you want your filter to be.
[01:32] <joerg> and how does auth work? the user doesn't have a shadowPassword attribute then?!
[01:33] <joerg> for the password as well?
[01:33] <sbalneav> So long as you're not logging into unix itself, no.
[01:33] <sbalneav> shadowPassword et al. are needed by pam
[01:33] <joerg> yeah
[01:33] <sbalneav> if you're not doing pam logins, you can "roll your own"
[01:34] <sbalneav> I know with postfix, which is what we use, you can set up completely arbitrary user lookup mechanisms
[01:34] <sbalneav> via the filters
[01:34] <joerg> cool
[01:34] <joerg> but maybe posix account is not that bad?!
[01:35] <joerg> I mean, if people have their accounts already that will be posixAccounts I guess
[01:35] <sbalneav> right
[01:35] <joerg> so if I build it on top of possixAccount to be compatible with existing stuff....
[01:35] <joerg> and tell them not to use pam_ldap if they don't need it...
[01:35] <sbalneav> yeah, that would give you the widest dispesion
[01:35] <joerg> that should be fine, shouldn't it?
[01:36] <sbalneav> dispersion
[01:36] <sbalneav> yeah, that would work fine
[01:36] <joerg> yeah. I just remember what you said ages ago
[01:36] <joerg> when we were discussing about creating users in a webbased frontend.
[01:36] <joerg> which is absolutely needed for our setup.
[01:36] <sbalneav> right, you want to make it as easy as you can for th widest audience.
[01:36] <joerg> because 199 of 200 schools don't have the know how and resources to run ltsp or learn how to do that via ssh
[01:37] <joerg> and if I do it like this: web based user management for posixAccounts which can be turned off
[01:37] <joerg> and is not recommended if you have "real users" with pam_ldap / nss?
[01:38] <joerg> because 499 of 500 schools will only want to use the web based stuff
[01:38] <joerg> and the mailserver maybe
[01:38] <joerg> to fetch their mail
[01:39] <joerg> no, not even that
[01:39] <joerg> but the webmail app will need to talk to a mailserver on behalf of the user
[01:39] <joerg> that's our experience
[01:40] <joerg> the current configuration (which is highly insecure, I know) has: webbased access, ftp access to home and group dirs, imap(s) to mailserver, samba to home and group dirs
[01:40] <joerg> and maybe 5 out of thousand uses all these services.
[01:43] <sbalneav> I know samba for sure's pretty dependent upon the posixAcccount model
[01:43] <sbalneav> imap's dependent upon the model.
[02:24] <joerg> sbalneav, hmm....but samba needs real users I think.
[02:24] <joerg> sbalneav, I mean for filesystem access for example.
[02:25] <joerg> that would be my next question
[02:25] <joerg> how can a user that is not a unix user access the filesystem?
[02:26] <joerg> the webapp can store it in the DB - what files belong to what user
[02:26] <joerg> and what permissions are set
[03:31] <Ahmuck-Sr> hrm, i've forgotten what i needed to make a folder under home writeable by all
[03:32] <Ahmuck-Sr> nm, i just chmod the directory
[12:27] <mgariepy> good morning all
[22:25] <reynolds> can anyone tell me how to give my students read write permission to a shared folder on their desktop? right now whenever on user creates a file its locked to other users.
[22:26] <sbalneav> You'll need a group to which all the students belong to, i.e. "students"
[22:26] <sbalneav> Then create the directory owned root, with group ownership students
[22:27] <sbalneav> then, set the setgid bit on the dir with chmod 2770 dir
[22:27] <reynolds> ok ill try that. thanks
[22:27] <sbalneav> then when they create files in the directory, they'll be owned by the group.
[22:27] <sbalneav> Heading home for the day, back on later tonight.
[23:56] <lightnin1> hey highvoltage
[23:58] <lightnin1> nixternal?
[23:58] <highvoltage> hey lightnin1
[23:59] <lightnin1> Hey - I'm sitting here with Mako. We just uploaded a fixes for scratch.  Any chance of making it in? http://revu.ubuntuwire.com/p/scratch