Script to add users
I want to write a script that would create users for me. This script would take the username and password as arguments.
The problem is that I need to switch to the root to execute this. I want to programatically acheive this. If I use "su" in the script, it prompts for the password. I want to avoid that. Any user should be able to run this script and add users. Switching to root should be handled by the script. Can somebody help? Thanks ssudhi |
The most common way to do that is to have the script run with SetUID permissions. Then whenever the script is executed by any user it will run with the permisssions of the owner of the file, here, root. You will not need to use "su" in the script with this method. To change the permissions on your script to SetUID, navigate to the directory where the script is located and run the following as root:
# chmod 4755 <script_name> When you create the script, make root the owner and the above should work. Create the script as an ordinary user and get it working the way you want. Then change the owner with: # chown root <script_name> After that, run the chmod command above. In the above, "755" gives the owner read and execute permissions and the "4" in front sets the SetUID flag. This will prevent alteration of the script once it's set up and running properly. If you subsequently want to edit the script, you'll have to reset the permissions as root with "chmod 777"(i.e. rwx permissions), edit the script and set it back with "chmod 4755". CAUTION: The above stikes me as an insecure practice. Ordinary users should not normally be given the ability to add users and running SetUID should be used sparingly since ordinary users are running an executable with root privileges. It is preferable to using "su" which would require that the root password be inputted automatically from a text file containing the root password and that text file would have to be readable by ordinary users, an obviously very insecure practice. |
Thanks for the reply.
I tried what you suggested but have not been succesful yet since I got the following error. "useradd: unable to lock password file" Any clue? Thanks ssudhi |
I just wrote this for my UNIX administration class. I figured it might help get you started, I've only tested it on a "root only system" as I'm not even going to start adding and removing users on my main box for obvious security reasons.
It's kind of ugly, but it seems to work ok. :code:admin - lets users add and modify users clear # show the menu clear tput cup 10 20 tput rmso echo "Please choose form the following options:" tput rmso tput cup 12 25 echo " 1 List all account information" tput cup 13 25 echo " 2 Add a user" tput cup 14 30 echo " 3 Remove a user" tput cup 15 30 echo " 4 Change a user's password" tput cup 16 30 echo " 5 Add a new group" tput cup 17 30 echo " 6 Remove a group" tput cup 18 30 tput cup 19 25 echo -n "Selection:" read choice # determine which choice was selected case $choice in [1]) # list all users cd /etc cat passwd ;; # add a user [2]) echo "Add a user" echo "What is the user name of the new user?" read username echo "Please specify a group name" read group name useradd -g "$fullname" $username $group name ;; # remove a user [3]) echo "Remove a user" echo "What is the username of the user you would like to remove?" read username userdel -r $username ;; # change a users password [4]) echo "Type the username" read username passwd $username ;; # add a new group [5]) echo "Please type the new group's id" read group id groupadd -r $group id ;; # remove a group [6]) echo "Please type the group id of the group to be removed" read group id groupdel $group id ;; esac EDIT: I just tried it on SUSE 9.0 (not signed in as root) box and the useradd is working. All I issued was chmod ugo+x addrmo and then I ran it. |
All times are GMT -5. The time now is 01:39 PM. |