LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 07-17-2009, 12:03 AM   #1
potsed
LQ Newbie
 
Registered: Jul 2009
Posts: 4

Rep: Reputation: 0
useradd password not allowing ftp


Hi,

I have an ubuntu virtual server (Hardy) with ProFTPD 1.3.1 Server (Debian) installed and running correctly, however when i add a new user using the command:

Code:
# useradd -m -d /home/ftp/ -p password username
I cannot ftp into the account, it says i have an incorrect password. I need to be able to use the -p switch as otherwise i would have to give public users access to the passwd command which is obviously a great security risk. using useradd poses a lot less risk!

If i do use the passwd command then everything works as expected

Please can somebody help!
 
Old 07-17-2009, 12:38 AM   #2
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 771
Blog Entries: 6

Rep: Reputation: 75
I got another way to settle your case


first open /etc/shells and add one line

/usr/bin/passwd

now adduser as normal point to desire home path
but shell user as /usr/bin/passwd

the advantage,
1)user can have ftp home login
2)user able to change pass login with ssh
- because when user ssh to the system , system only ask for
- to change password , with no others facility

cheers
 
Old 07-17-2009, 02:19 AM   #3
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,013

Rep: Reputation: 83
The -p option for useradd is for passing an encrypted password.

This means that you should be typing something like:

Code:
useradd -p $1$easthgaGA$tes2b4426436y username
Rather than:
Code:
useradd -p mypassword username
To create an encrypted password, you can use mkpasswd or write your own in perl using a call to crypt.

Are you scripting the user creation? If not, is it that much work to run passwd as a second phase to the user creation?
 
Old 07-17-2009, 02:25 AM   #4
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,013

Rep: Reputation: 83
Example script using crypt in perl:

Code:
#!/usr/bin/perl

use strict;

my $SALT='$1$FSE8ha32RarD$';
open(USERLIST, "userlist") or die "Failed to open userlist file\n";

while(<USERLIST>){
   my($user, $pass, $other)=split(/ /, $_);

   my $enc_pass=crypt($pass, $SALT);

  # system("/etc/sbin/useradd -p $enc_pass $user");
   print("/etc/sbin/useradd -p $enc_pass $user\n");
}
This was to create multiple users from a Text file, but could easily be modified for your own use.
 
Old 07-17-2009, 02:27 AM   #5
potsed
LQ Newbie
 
Registered: Jul 2009
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by routers View Post
I got another way to settle your case


first open /etc/shells and add one line

/usr/bin/passwd

now adduser as normal point to desire home path
but shell user as /usr/bin/passwd

the advantage,
1)user can have ftp home login
2)user able to change pass login with ssh
- because when user ssh to the system , system only ask for
- to change password , with no others facility

cheers
Thanks for the reply routers and i would do as you suggest if it were possible, however the users who this is being aimed at will not want to or be able to ssh into the server at all, it is only for ftp access! The form is filled out on a web page, checked and verified, then they are given an ftp only account. Since it is a web app php/apache has to run the command, the security holes of allowing php/apache to have access to passwd is too great, whereas allowing it to create a new user as long as all info is properly screened is a lot less so. Hence the reason i need to get the --password switch to work on the useradd command!

If you or anybody else could help me understand why the --password switch does not work as it should (afaik). As far as i understand the man pages, the password switch is supposed to enable the account using that password, but it seems to be ignoring it completely and using the default setting of disabling the account until passwd is used!

Thanks again for your help so far.
 
Old 07-17-2009, 02:37 AM   #6
potsed
LQ Newbie
 
Registered: Jul 2009
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Disillusionist View Post
The -p option for useradd is for passing an encrypted password.

This means that you should be typing something like:

Code:
useradd -p $1$easthgaGA$tes2b4426436y username
Rather than:
Code:
useradd -p mypassword username
Thanks a lot Disillusionist i will try this solution next, and thanks for the sample code!

Quote:
Are you scripting the user creation? If not, is it that much work to run passwd as a second phase to the user creation?
As i replied to Router, the issue is that this is running as a web app php/apache and the security implications of allowing the webserver run passwd is just too great. I am able to give sudo access to the webserver for specific commands, but i don't want to give it that one as some malicious person of ill intent / granny with a keyboard could change root passwords etc.
 
Old 07-29-2009, 07:54 PM   #7
potsed
LQ Newbie
 
Registered: Jul 2009
Posts: 4

Original Poster
Rep: Reputation: 0
Thanks

The encryption worked in this so thanks to all that replied and helped.
 
  


Reply

Tags
commandline, shell, useradd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Locking out a user when password expires, but allowing them to change their password kaplan71 Linux - Security 5 06-27-2008 07:12 PM
useradd -p <encrypted password> jeewiz Linux - Newbie 1 01-19-2007 08:17 AM
useradd without shadow password twallstr Linux - Software 1 09-08-2005 02:14 PM
Password Problems With useradd Jude Lucien Debian 4 08-18-2005 10:44 AM
set logon password without useradd? ldp Linux - Security 2 01-22-2005 07:12 PM


All times are GMT -5. The time now is 08:06 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration