07:44:07 <bibek> oh really? oh why would it silently let me [change] it to that.

We should -probably- check if a shell exists before we set users up to fail in authentication.

When sudo hashbangctl is run, Pip/setuptools gets mad and spits out

Traceback (most recent call last):
  File "/usr/local/bin/hashbangctl", line 4, in <module>
    __import__('pkg_resources').require('hashbangctl==0.2')
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2876, in <module>
    working_set = WorkingSet._build_master()
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 449, in _build_master
    ws.require(__requires__)
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 745, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 639, in resolve
    raise DistributionNotFound(req)
pkg_resources.DistributionNotFound: hashbangctl==0.2

@KellerFuchs started to diagnose:

2016-03-04 21:00:39     KellerFuchs     Oh fsck, I think I know
2016-03-04 21:00:50     KellerFuchs     pip is a pip of shit that installs in /tmp
2016-03-04 21:00:55     KellerFuchs     and /tmp got compartmented

I'm proposing an idea for a new version of the hashbangctl program.
Multiple clients, one server.
Clients write to server, server interfaces with the system as root. Clients won't need sudo permissions.

Thoughts?
( lrvick also suggested to make hashbangctl upgrade it's runtime user level to root, thoughts on this too? )

One can easily import public keys from a github username via their JSON api like so:

https://api.github.com/users/lrvick/keys

Providing a "import keys from github" could greatly simplify the process of enabling multi-key users to be able to log in from all their usual systems.

All current command sin the menu should be able to be accessed via sub-commands. Then the program can operate in "wizard" mode or "I know exactly what I am doing and I want to script this" mode.

Importing my pubkey from github and then saving changes results in a TypeError:

Traceback (most recent call last):
  File "/usr/local/bin/hashbangctl", line 186, in <module>
  File "/usr/local/bin/hashbangctl", line 86, in ldap_sync
  File "/usr/local/lib/python2.7/dist-packages/provisor/provisor.py", line 271, in modify_user
  File "/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 401, in modify_s
  File "/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 398, in modify
  File "/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 370, in modify_ext
  File "/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
TypeError: ('expected a string in the list', u'[MY PUBLIC KEY]')

hashbangctl.conf can't be stored in shell-etc because it contains a secret.

Maybe this isn't that big of a deal because who cares about that file anyway, right?

But nonetheless, I'd like to see all admin-tools type stuff store all the secrets in a way that allows uses to have maximum visibility into /etc.

For many years, users on many *nix boxen have been able to read all the files in /etc that weren't explicitly verboten by permissions. With a little work, we might be able to get back to that.

Using the Github public key import feature, I had 17 public keys for my user account. I tried to SSH back in and was given failure notices. After SSH-ing back in as root, then su singlerider, I tried to delete the numerous (and I thought perhaps duplicated) Public keys. To my horror, I was unable to, due to:

https://github.com/hashbang/hashbangctl/blob/master/bin/hashbangctl#L176

expecting a single string character to extract with ord(). I had to go to [email protected] -p 8893
and execute commands resembling:

docker exec -i slapd ldapmodify -D "cn=admin,dc=hashbang,dc=sh" -w $ldap_password << EOF
dn: uid=singlerider,ou=People,dc=hashbang,dc=sh
changetype: modify
delete: sshPublicKey
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyzIDwTLWC1PuciL09yUS/kSsM2+VGOBmiNyk3OOONDrcM04EFIjW8RzH5wsa2ERzlL2c4z+esQwlosvCg8yzJEdo3KE2d4J52CciufuKplc+nRSXsb2d6cul5iZUhzgou14bRTN0xmLlZUZeKM1jyGqpkthOhBRid+0GpLAlXReUnu+MVHSreeqtgVswmaP1RdvTPLW11enyCWW0IxfKp7RUWrDKANEQ5+aUXzY95dxwQJxbw1Rh2IbPIugaG3pPklt4cKRLYHyf30C/HlBvyy9Fm7AHnYtjNOA8OVL1MI7Pf5sW0VXXY0HnlBSd+5RItETUXl5xupmEwKHdyLadD79prHg/Z++65xAJEYF1C+BVlIqiMXrUEdPwx4VnH61KpBAicY+W5V/YJeMeeqlI9clgynPwkiPman9TGNNdXPz7Z3Q11KHHbFBFOPlkR9TGWLLy2ex+rRejhTQJlI29hbN+4wuiVs7oLursP66VEDPTNuX1aRFJwrU1JJHL3I8ipl5B5cn6NNgN8vqUBUzjMbSyRico0h9jaC4ytwpZOMtFjEeq4t0JIYXkyXjihy7sV7/sF8EaB81dTGtlcps6cZ+homdY8l/94g5Qa2/5BBFh1ZxCwkqlsgZPI5rHA1Te7sr6WuF4niUhuSGBYufmNBT1W6fk3RDeR0W2IgL7HFQ== cardno:000605649986
EOF

one-by-one, ensuring hashbangctl was NOT open on my account, as that locks its state when I run the above command.

Another interesting side-effect was that, with greater than 9 public keys, a user is unable to log in to hashbang via ssh.