Very cool -
thanks for trashing any security left.
Note that when the user runs that script, the plaintext password is stored at least in his shell's history file if it's used. It's also in plaintext on the screen, and if somebody is monitoring the user commands, it's visible there. So anyway after that the user would need to run passwd and change the password, which is all the same if he just ran useradd (the real useradd) and passwd after that..
If there were no reasons to use passwd, there would be a ready script/program that allowed you do things this way. It's just not sane to type your password in plaintext as a command parameter. When you use passwd and it asks for your password, it doesn't get recorded to shell history, and nothing is printed on screen, so even if somebody was watching your screen, the password would not get revealed -- unless your keyboard was tracked, in which case you're in serious trouble.
So do NOT use the above method in any case - if you want it easy rather than secure, go do Windows.
The way to go (as root - nobody else should be able to add users to the system, so use sudo if you have it):
Code:
useradd -g group -G group -d homedir -s shell username
-g is for initial group, and -G for supplementary groups. Ok, useradd does allow you to use -p passwd, but it expects an encrypted password rather than plaintext, and this is a lot easier to do with passwd anyway, so you'll not be using this. You should tell which shell to use, because if you don't, it might lead to trouble - in some situations if shell is not set, nothing is done. In the simplest case a launched terminal won't give a command line because it doesn't know which shell it should use. An example:
Code:
useradd -d /home/juanctes -s /bin/bash juanctes
passwd juanctes
Easy as that, and though nothing is perfectly secure, this is a lot better than running a simple shell script which doesn't test what values you put in, and doesn't mind you giving it your password in plaintext. Such a shellscript is not only insecure for the user, but can also be misused pretty harshly.
The admin (root) of the system must know the basics like how useradd and passwd works, or otherwise I wouldn't like to be using the system. And if the admin does know these things, a script like the one posted above is out of the question; nobody else than root should be able to add users, for the minimum security, and therefore useradd can well be used. If there is a need to automate the process, a script can be written that does use useradd and passwd - or calculate encrypted passwords and feed them in, but if that's done, it should be done so that you don't accidentally show all the password stuff to the rest of the world.
Think before you do.