creating multiple users

naumz · 10-05-2007, 08:08 AM

Hi. I would like to create multiple users at one go. I read up on the command newusers and tried to use it. but the problem was, the created users could not login as they had no login profiles created in their home directories. I mean, the created user directories were blank. No bash profiles in them, nothing. So i suppose i could copy all these default files from a user created manually and start working or is there a better way?

In the first case, how can i copy the files to multiple directories? The home directories do not have anything common in their name except that they are all in the same directory.

Thank you very much for your help.

matthewg42 · 10-05-2007, 08:37 AM

I think the useradd command will do what you want. Using the various command line options to do different things. See the manual page for more details.

naumz · 10-05-2007, 08:43 AM

no, the useradd command can add only one user at a time. And moreover the password has to specified in an encrypted form with the -p option. I want to create a whole batch of users (200+) at a go. When i use the newusers command for it with the syntax given in the man pages, i end up creating all the users, but none of them have login shells. It displays the shell in the etc/passwd file but when i try to login as any of the thus created users, it gives me an error saying that no login shell found. What could be the error here?

And abt the copying thing, i tried copying all the files (hidden and all) from a working user to one of these users' home directories but that didnt work either. So i guess I am now looking for some way to add hundreds of users at a time. I do not know much about scripting so i can't code them myself. Any help would be appreciated.

Thanks again.

matthewg42 · 10-05-2007, 10:07 AM

Write a file containing the list of user names and other details (e.g. comment, shell, skeleton directory and so on).

Write a shell script which iterates over this list. For each line it should also call makepasswd with the --crypt-md5 or --crypt option as appropriate for your system, saving the unencrypted password in a file with the username, which is cut up and given to users by whatever means you do that. Make sure the permissions on this file are such that only the root user can read or write it!

useradd should be called with the appropriate values and with the encrypted password value.

As long as you user the shell-internal echo command (note this is "print" if you use ksh, "echo" if you use bash), the un-encrypted password will not be visible in the process list.

I'm sure there are pre-written tools for this sort of thing, but it's good to know how to do it yourself.

A very simple version might look like this. Only the username, group and name are provided in the lilst of user file, which is called "userdata":

Code:

user1 users User One
user2 users User Two
user3 users User Three

And the script to process this would be something like this:

Code:

#!/bin/bash

IFS=" "

# Check the user_passwords file does not exist, fail if it does
if [ -a user_passwords ]; then
    echo "user_passwords file already exists, but should not"; 
    exit 1
else
    # create empty user_passwords file and make permissions safe
    touch user_passwords
    chmod 600 user_passwords
fi

# read data from userdata and make accounts accordingly.
while read user group comment; do
    makepasswd --crypt-md5 | while read pass passenc; do
        echo "user = $user   password = $pass" >> user_passwords
        echo "" >> user_passwords
        useradd -m -g $group -c "$comment" -p "$passenc" $user
    done
done < userdata

And run the program as root to make the accounts and create user_passwords which contains the information you will ultimately give to the users.

Make sure you run this program in a directory which is owned by root, else the owner of the directory might be able to remove, rename or otherwise mess with the user_passwords file. It's best done in root's home directory, and that is best set so only root can see inside it.

I hope that helps.

Also, please note that I have never actually done this operation myself (except just now as a test). I'm sure there are other ways to do it, and maybe a seasoned sysadmin will say my method is not good for some reason. Ho hum.

naumz · 10-05-2007, 04:29 PM

thanks a lot. p.s. i don't care what any sysad says! btw, i was just experimenting and found another alternative. there's a chpasswd command to change passowrds in bulk and that can be used after creating users without passwords.

matthewg42 · 10-05-2007, 05:36 PM

Quote:

Originally Posted by naumz

thanks a lot. p.s. i don't care what any sysad says! btw, i was just experimenting and found another alternative. there's a chpasswd command to change passowrds in bulk and that can be used after creating users without passwords.

Hey hey - I either never knew about it or forgot about it, probably the former... It's a good day when one finds out about new thing.