LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 02-02-2008, 06:37 AM   #1
juanctes
Member
 
Registered: Dec 2004
Location: Argentina, corrientes (far from buenos aires, to the north)
Distribution: Ubuntu :(
Posts: 74

Rep: Reputation: 15
add user account with pass from script


Hi, I have been looking for this and couldn't find an answer so I think this might help someone in the future.
here it is:
# cat /usr/local/bin/adduser.sh

Code:
#!/bin/bash
if [ $# -ne 4 ] ; then
    echo "USAGE: useradd <homeDir> <userName> <groupName> <literalPassword>"
    exit -1
fi
useradd -m -d $1 -g $3 -p `/usr/local/bin/crypt.php $4` $2
AND

# cat /usr/local/bin/crypt.php

PHP Code:
#!/usr/bin/php
<?php
$pass
=$argv[1];
echo 
crypt($pass);
?>
then you can login with this new user account and literlpassword
the crypt() php's function returns the same encrypted pass as passwd command.
you can automate this by modifying it or caling from an other script's loop.

Hope it'll be usefull for someone.
pd: I have seen many posts that tell you to use an option of passwd that mine does not

have 'echo "password" | passwd --stdin "password"'
that is: --stdin

Last edited by juanctes; 02-02-2008 at 06:40 AM. Reason: pd:
 
Old 02-03-2008, 09:10 AM   #2
carltm
Member
 
Registered: Jan 2007
Location: Canton, MI
Distribution: CentOS, SuSE, Red Hat, Debian, etc.
Posts: 697

Rep: Reputation: 93
Very cool. Thanks for posting this.
 
Old 02-03-2008, 10:13 AM   #3
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
Very cool - thanks for trashing any security left.

Note that when the user runs that script, the plaintext password is stored at least in his shell's history file if it's used. It's also in plaintext on the screen, and if somebody is monitoring the user commands, it's visible there. So anyway after that the user would need to run passwd and change the password, which is all the same if he just ran useradd (the real useradd) and passwd after that..

If there were no reasons to use passwd, there would be a ready script/program that allowed you do things this way. It's just not sane to type your password in plaintext as a command parameter. When you use passwd and it asks for your password, it doesn't get recorded to shell history, and nothing is printed on screen, so even if somebody was watching your screen, the password would not get revealed -- unless your keyboard was tracked, in which case you're in serious trouble.

So do NOT use the above method in any case - if you want it easy rather than secure, go do Windows.

The way to go (as root - nobody else should be able to add users to the system, so use sudo if you have it):
Code:
useradd -g group -G group -d homedir -s shell username
-g is for initial group, and -G for supplementary groups. Ok, useradd does allow you to use -p passwd, but it expects an encrypted password rather than plaintext, and this is a lot easier to do with passwd anyway, so you'll not be using this. You should tell which shell to use, because if you don't, it might lead to trouble - in some situations if shell is not set, nothing is done. In the simplest case a launched terminal won't give a command line because it doesn't know which shell it should use. An example:
Code:
useradd -d /home/juanctes -s /bin/bash juanctes
passwd juanctes
Easy as that, and though nothing is perfectly secure, this is a lot better than running a simple shell script which doesn't test what values you put in, and doesn't mind you giving it your password in plaintext. Such a shellscript is not only insecure for the user, but can also be misused pretty harshly.

The admin (root) of the system must know the basics like how useradd and passwd works, or otherwise I wouldn't like to be using the system. And if the admin does know these things, a script like the one posted above is out of the question; nobody else than root should be able to add users, for the minimum security, and therefore useradd can well be used. If there is a need to automate the process, a script can be written that does use useradd and passwd - or calculate encrypted passwords and feed them in, but if that's done, it should be done so that you don't accidentally show all the password stuff to the rest of the world.

Think before you do.

Last edited by b0uncer; 02-03-2008 at 10:23 AM.
 
Old 02-03-2008, 01:50 PM   #4
juanctes
Member
 
Registered: Dec 2004
Location: Argentina, corrientes (far from buenos aires, to the north)
Distribution: Ubuntu :(
Posts: 74

Original Poster
Rep: Reputation: 15
Thumbs up thanks b0uncer

I know that every issued command is recorded in .bash_history.. And I know that this isn't a secure way to create accounts. But i needed this functionality and couldn't find it..
For academic reasons I need a java EE program to create an account in the system every time the "Admin" of the program creates a user , so that this user can receive eMail and the system should show the inbox by login in to the imapd with this user account.
this is not intended to be "secure". I apologize if someone thought that this could be used in production environment.
Thanks for the security lesson I have a question now...
If someone can access your .bash_history then you are already peaced-off don't you?
and, how would you manage if you HAVE to do it automatically and pass a given password already encrypted to the -p option?
*********
it would be nice:
a java method that outputs the same as php`s crypt function. But don't know if it exist.
in that case no plain text password would be revealed
Found something, don't know if it will work.
JCrypt is the solution.
JCrypt.txt
and more variants:
http://www.dynamic.net.au/christos/crypt/
yep now i can say it works! (JCrypt) i gave the output of system.out.println(JCrypt("","QWE")); as the parameter for the -p option to a new user that I added using "adduser" and then i could log in to this account with "QWE" as pass

Last edited by juanctes; 02-03-2008 at 02:58 PM. Reason: it would be nice: && JCrypt && now i can say:
 
  


Reply

Tags
useradd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to program shell script to automate mass user account creation? EsAsher Linux - General 2 06-30-2007 08:41 AM
how i add user name and pass to enter my site lion_heart_300 Fedora 4 02-11-2007 08:28 PM
samba - add user script - User account does not exist itzamecwp Linux - Server 2 01-18-2007 10:52 PM
add user script? ezra143 Linux - Software 2 10-21-2003 11:21 PM
add my user account to the root group konabumm Linux - Newbie 2 08-01-2003 11:44 AM


All times are GMT -5. The time now is 05:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration