My long-term project: Licorn®

By on 16 January 2013, in Blog, Development

There is currently no reference nor project on my website. This could frighten some visitors. Though you can find a bit in my resume, I will start by prosing about the biggest: Licorn® (development website, documentation website). I’ve been leading its development for 7 years now.

Licorn® is a toolsuite aimed at helping system administrators manage Ubuntu servers. It covers users and groups, but more important: shared resources. Sharing files and directories has always been a pain in computing history in all-sized organizations. There are loads of issues, either ACLs-related (FS permissions), workflows-related (moderation/re-read) or even mess-related (“ where is my file? ”). Licorn® addresses all of them via its fool-proof unique group concept (7 years of productions on 150+ server helps proving this). A group will have members (R/W access), responsibles (R/W+) and guests (R/O) (more info). And that’s all. quite simple, isn’t it?

With this approach, I can create as many groups as needed to address many different sharing scenarii. I personaly manage my web and development servers this way, de-facto solving the www-data permissions confinment or giving R/O accesses to Git repositories guests. With Samba installed you get a full heterogenous-network handling stack: Licorn® manages Samba profiles, handles netlogon scripts, etc. Idem with an Apple calendarserver: users and groups automatically get their calendar for free, with plug’n’use R/O delegation.

And there is more: Licorn® itself is easily managed via a Django/jQuery modern web interface. It has a heavily-extendable architecture via plugins (named “ extensions ”). Local Licorn® servers can cooperate, and are remotely monitorable in the MyLicorn® infrastructure (beta). All of this installable via .DEB packages.

Developer/Sysadmin advertisement: implementation internals are done in the pure Unix “ KISS ” way: standard unix users and groups (either shadow or OpenLDAP), and posix1e ACLs. You can use cp, rm, nautilus or the Finder on Licorn® group shares. No magic, no zopedb, no wheel re-implementation. Pure Python. Home-grown lightweight event-loop. Massively parallel architecture. Pyro RPC. Remote debugging console. GNU GPLv2.

Parts of development have been sponsored by ADEME (french equivalent of EPA in the US) in 2010-2011, allowing to create a truly flexible and rich internal infrastructure in the Licorn® daemon to run on low-resource servers and clients and bring in more new features more easily (gory details in the 2010-2011 annual report, in french). Now there’s laptop support, cut-down client-mode on remotely-managed Ubuntu desktops, and more.

This blog entry could be 10 pages long. You get the point: I love Licorn®. I hope you will.