Submit Password Manager
Configuration Script
Requirements And Installation

The File Submission System Logo

Submit Password Manager

The subwpass program is an administrative utility to set web access passwords for the submit system. It can also set Unix permissions on home directories to allow use of the submit system (see below). Subwpass will generally be called by the root user, though other users may use it to set their own passwords. The web-based interface to create and manage assignments may only be used by accounts which have a password set.

The command line takes flags to specify an operation, followed by a list of user names to apply those operations to. The flags -i, -p, -P, -r and -d specify a password operation, while the flags -I, -x, -g, -X and -G options specify an operation for setting Unix permissions on the home directories. You may specify at most one from each group. If no operations are specified, the program assumes -i.

The operations are applied to the users listed on the command line, or additional users provided by the -a or -A options. The -A option adds all users. If the the UID limits (UID_MIN and/or UID_MAX) configuration parameters are set (as by default), only users with UIDs in range are added. The -a option is like -A, but includes only users which have no password set already, so it enables web access for users lacking it.

Password Operations

If any of the password options are specified, the passwords of the listed users are changed. If the -d option is used, the listed user's passwords are removed, disabling their web access. If any of -i, -p, -P or -r are specified, the password is set in the manner as follows:

A separate password is queried interactively for each user in the list. This is done in the usual style with a prompt, character echo turned off, and a confirmation.
-p password
Each user is assigned the (same) password password.
A single line is read from standard input and assigned as the password for each user. This is intended to read from a pipe, and is read without prompting, turning off echo, or verifying. Only one password is read, and it is given to each user.
Each user is assigned an individual, randomly-chosen password. The names and passwords are written in plain text to a file. The file name is PASSLOG, but this can be changed using the -o flag. The random passwords are constructed from a string of letters (usually sort-of pronounceable), a punctuation character, and a small number. The space of possible passwords seems to be around 40 trillion. I have no idea if that is good or bad.

Unix Permissions

The submit system creates and accesses files under the home directory of each instructor who uses the system. For this to work, the permissions on home directories must allow the web server process to access these files. If your web server maps ~ URLs to public_html, or some other directory under each user's home area, then you have already solved this problem. If not, subwpass can modify the Unix permissions on home directories to open them for you, by these options:

This adds global search permission to the home directory for each listed user which is not already accessible. This is equivalent to performing chmod o+x homedir on the indicated home directory.
For any user home directory which is not already open, the -g option changes the group ownership to the group under which the web server runs, then then adds group directory search permission.
This is the same as -x, but is performed whether or not the directory appears open to begin with.
This is the same as -g, but likewise performed unconditionally.

Note that neither the -x or -g options will make any changes if the directory appears to be already open. Subwpass decides it's open if it looks like one of those two things has been done to it: it either has global directory search, or has group ownership of the server process group and group search permission.

If subwpass sets a password for a user which it judges not open, and no option to set permissions is given, it will issue a warning message. You can suppress this check using the -I option. If you are running on a Unix which uses ACLs, you may have already opened your home directories in a way which subwpass cannot recognize. In this case, -I may be just what you were looking for.


subwpass smith jones scott

This queries and sets new passwords for the three users listed.

subwpass -p Daylight -x foo bar

This sets users foo and bar to each have password Daylight, and adds global search permission to each of their home directories if needed.

subwpass -r -g -o passlist.txt -a

For each user that does not have a submit system password, we will set a random one. The list of chosen passwords will be written in plain text to the file passlist.txt. If that user's account is not open to the web process, we'll open it using group permissions.