Okay, i've been mulling about an idea ever since I got works new FTP server up and running.

Currently, here's how it works:

I have the ftp server running with virtual users as a security precaution, this is running pure-ftpd on top of OpenBSD. At the moment all user management is done by me, so creation, modifying etc. All me.

I've had an idea to both make my life a bit more simpler and possibly offload the work to someone else. I have seen in the past that upon login on a console a bash script (or some kind of shell script) can run upon immediate login.

My plan is to create an interactive script that can create, modify and delete users purely from simple selections, for example this would appear upon connection:

Welcome to the bla FTP server, please make your selection:

1) Create user
2) Modify user
3) Delete user
4) Logout


Upon entering a number and pressing enter it goes through further menus to do this like change passwords, entering user names etc. (essentially the script passes the commands like "pure-pw useradd %username% -u ftpuser -d %homedir%")

Here's my plan as I see it, I need to do the following:


Figure out how to do automatic login (http://www.unixwiz.net/techtips/putty-openssh.html) via putty with public/private key authentication (this is especially important if I offload the work to someone else)
Create a (super?)user specifically for this task, I don't want it to have full root capabilities. Just enough for pure-ftpd.
Learn a command line scripting language
Figure out how to get it to launch the script immediately upon connection (set the script as the shell?)
Disable users ability to ctrl-c out, if they ctrl-c I don't want it going to the command line but to immediately logout. In other words no shell access.


I'm open to suggestions on how to approach this. Any ideas on what I should be reading up on?

I believe I have now got the auto-login with putty figured out. By leaving out the pass phrase (from puttygen) I can get it to auto-login with putty.

This is a very base OpenBSD 4.3 install, all i've got installed is pure-ftpd and nano. (I cannot stand ed, vi or any of the other remember 27 million key combinations programs)

I posted this to bsdforums before realising it was a walking corpse intent on spewing spam.

Whoever you entrust this to, why is it so difficult for them to just use the useradd/groupadd commands to get the work done?

Of course you could you can have the account of said person execute a script on login (place execution of script into their .profile) but again, why can't they just use the tools in place?

Maybe if you want things to be that easy you could just install webmin and have them web-gui their way to adding/modding/deleting users... have you been exposed to webmin?

Whoever you entrust this to, why is it so difficult for them to just use the useradd/groupadd commands to get the work done?

Of course you could you can have the account of said person execute a script on login (place execution of script into their .profile) but again, why can't they just use the tools in place?

Maybe if you want things to be that easy you could just install webmin and have them web-gui their way to adding/modding/deleting users... have you been exposed to webmin?

The exact reason why i'm wanting to make this simple is because the persons I may offload this to have zero unix experience and have enough problems using windows let alone OpenBSD. I'm the only computer guy at the company, my plan is rather than it constantly being customer -> account handler -> me I want the account handlers able to create users. Asking people who have problems using windows to use the command line is asking for trouble.

Yes, i've used webmin quite a bit on Linux. But the FTP machine is a production server and frankly I don't trust it because of its security history.

Anyway, i'm wanting to keep to the official packages and keep the ftp server installation as minimal as possible for maintenance and security reasons. (webmin isn't an official package)

Short of time,
throwing in some ideas here:

- automatic script at start (and exit at shutdown): this is done via
/etc/rc.local
good practice to kill open processes in
/etc/rc.shutdown

- public/private key identification via PuTTY/ssh. You could then use stock
sftp instead of pure-ftpd.
For a client side GUI, check gftp

- adding users: /etc/passwd can easily become un-manageable if there is a large amount of users to create. Better check for (stock) ldap, yp (Yellow Pages).

IMVHO :)

----
edit:
as OpenBSD has no trap command in the default,
must try to figure out how to catch the ctrl+c in a loop,
or use BASH.

Ok so the OP is stating that because those "junior admins" that he may unleash on the box may not have the capabilities to learn and properly run the proper commands for proper administration, the OP wants to not only learn how to place the right configuration-setting script in place for the said "junior admin", but also know how to properly write the proposed script by learning a scripting language.

I will say this, and while this sounds a little harsh it's not meant to be (just cutting to the chase as they say), you are underestimating the difference between teaching someone how to do a minimal amount of proper user-configuration-administration, and learning how to program. I think, while you may be decent as some forms of shell scripting, learning something like PERL to the degree that you will need to learn it to effectuate the type of script you desire is harder than you think. Worse, it does nothing for your organization in terms of teaching them proper administration skills- it horse-blinds them into your one-off script. If the script breaks or you aren't available, your organization is left scratching it's collective head.

In an hour of properly pre-documented training, you can teach said "junior admins" to do what you want them to do, and skip the whole "learning a language" part and get on with your life. Then, if you are still interested in learning to program (let's say in PERL, which would be perfect for the task you state) you can go and do that and have a nice sample task with which to help teach yourself. And then you won't be (to use another cliche) be putting the cart before the horse.

If you are not thinking that this advice is good for you, that's fine. I would then suggest that after learning a scripting language and creating the superscriptiness you desire, you place said launching of script into the .profile of the user account that the junior admin will use to get this work done... whenever the admin logs in, the script executes. But again, teaching them I think is a better path for all involved.

I've had an idea to both make my life a bit more simpler and possibly offload the work to someone else. I have seen in the past that upon login on a console a bash script (or some kind of shell script) can run upon immediate login.

My plan is to create an interactive script that can create, modify and delete users purely from simple selections, for example this would appear upon connection:

you can create a shell script that does this and replace the login shell for the user(s) with this script in /etc/passwd.
here's an outline of what it might look like:
#!/bin/sh

trap ':' INT QUIT TSTP

printf 'Welcome to the bla FTP server, please make your selection:\n'
while true ; do
cat << END

1) Create user
2) Modify user
3) Delete user
4) Logout
END
printf 'Choice? '
read ch
case $ch in
1) printf 'Enter username to create: '
read user
# command to create $user
[ $? -eq 0 ] && printf "User \"$user\" was created Successfully.\n"
;;
2) # like above
;;
3) # like above
;;
4) exit
;;
esac
done

note: this is only for the convinience of parametric users and not security.