Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I created a shell script which will add users and set a default password for each user created. I set a SUID sticky bit on the file so that a selected unpreviliged user can add users using this script. But, it did not work. it says that it was unable to lock the passwd file. I am pasting the code of the script as here under. the name is addusers.sh
------------------------------------------------------------------------------------------------------------------------------
echo -n "enter the starting login id : "
read beg
echo -n "enter the ending login id : "
read final
fend=`date +"%d%m%y"`
i=$beg
rm -f "users$fend"
touch "users$fend"
while [ $i -le $final ];
do
if [ $i -lt 10 ]; then
useradd "j2ee00$i"
chown -R "j2ee00$i:j2ee00$i" "/home/j2ee00$i"
echo "j2ee00$i:elmaqedu" >> "users$fend"
fi
if [ $i -ge 10 ] && [ $i -lt 100 ]; then
useradd "j2ee0$i"
chown -R "j2ee0$i:j2ee0$i" "/home/j2ee0$i"
echo "j2ee0$i:elmaqedu" >> "users$fend"
fi
if [ $i -ge 100 ] && [ $i -lt 1000 ]; then
useradd "j2ee$i"
chown -R "j2ee$i:j2ee$i" "/home/j2ee$i"
echo "j2ee$i:elmaqedu" >> "users$fend"
fi
i=$[ $i + 1 ]
done
chpasswd < "users$fend"
-------------------------------------------------------------------------------------------------------------------------
I then set the sticky bit using the chmod command. ls -l of the same file is as here under :-
Then I copied this file and put it in an unpreviliged user's home directory and also copied the /usr/sbin/useradd and /usr/sbin/chpasswd commands to /usr/local/bin. Both these files had execute permissions for everyone. I then login as the unpreviliged user and execute the above script. It accepts the starting and ending login ids but then says that it cannot lock the password file and exits. Is this not supposed to work? because I have set a sticky bit on the executable file and so, it has to run with the file owner's credentials? Please clarify.
Generally speaking, scripts can NOT be set uid. This is a security precaution (generally, shell scripts do not parse user input quite so strenuously). If you want to do this, you might want to look into the 'sudo' package.
just made it work. in my script, i was using useradd, chown & chpasswd. I just had to copy these to the /bin directory and then set SUIDs on these 3 as well. it all went fine. An unpreviliged user can create users after all, if delegated. Further, since the script is written by root, there should not be any problem as the script would only do what the root wanted it to do.
I would recommend that you read through the sudoers file.
You can allow certain users to run specific commands. Also, you can set it up so that they use their own password, or no password. That way you wouldn't need to give these users the root password.
There is a commented line in the sudoers file to allow regular users to mount the cdrom. You could base an entry on that line, but instead of ALL you would first define a group and give that group the rights to execute the script as root.
Also, using "sudo" adds accountability, because it's use is logged.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.