FAUS is a Perl CGI to permit user administration through a Web interface.
Samba already has a good web interface for administration known as SWAT. The problem with SWAT is that you can add user just to Samba system, not in the Unix user database (/etc/passwd). To use SWAT you have to type root password to get access for it's features, but SWAT itself does not provides any mean of encryptation to protect the password against sniffers.
You can use others tools to provide such encryptation as SSH or SSL, but the process is not flexyble or easy to setup.
FAUS does not require user root to perform any task in user database: it will use the SUDO program to give the correct rights to the user the webserver is running to (for Apache, it is normally "apache" or "nobody"). FAUS will call thought Perl scripts to call the shell commands "useradd", "userdel" and "smbpasswd".
These scripts will check for bad user entry and make sure that only the options that are really necessary to FAUS facilities will be used. For example, is not possible to add a user with a valid shell using FAUS. All users added by itīs interface will have a "/dev/false" as a shell. So on, sudoers file will give root privileges for webserver user to run these Perl scripts.
FAUS is shipped with the Perl CGI, the Perl scripts and a sample of sudoers file (named as sudoers.example) to show a good example of how to setup a sudoers file to have FAUS working.
Here are some key features of "FAUS":
· FAUS will manage users both to UNIX and Samba system if just one command;
· FAUS does not uses root or a suid program to perform operations into /etc/passwd or smbpasswd files: FAUS will use Sudo to give the rights to the Apache user to run some scripts as root. These scripts have limited actions, and will not allow operations that could compromisse the system;
· It's possible to use different forms of authentication when using Apache, since the webserver has several authentication modules, and is allways possible to run the connection with SSL;
· Multilanguage support: all messages, log information can be costumized with a simples text fiel containing HTML code. FAUS supports, right now, English and Portuguese languages;
· Log support: all operations are logged in /var/log/httpd/errors.log (or another location) in the same way as other Apache messages;
· As FAUS was developed to work together meanly with UNIX systems, I suggest the use of Apache as the webserver. FAUS does not provides any type of encryptation or authentication: you should provide these things with the webserver. Apache can support many types of authentication and the use of SSL for traffic encryptation.
· Sudo is a program that permits one user to have superuser (root) rights when running certains programs without using the "su" command. Sudo is very maleable for configuring and it permits a good combination of parameters that the user must match before giving root rights.
· Yes, for sure you must have Samba in the same machine because FAUS needs to have access to the smbpasswd and passwd: FAUS will not work in another machine.
What's New in This Release:
· Since version 1.4.2, FAUS supports Samba 3.x with the tbdsam backend.
· FAUS was switched back to use the smbpasswd and pdbedit programs.
· Now it's possible to change the username.
· Samba 2.x is not supported anymore because getpassfile uses pdbedit to fetch data.