LinuxQuestions.org
Page 1 of 3 1 23
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Bulk user add script (https://www.linuxquestions.org/questions/linux-server-73/bulk-user-add-script-693777/)

haariseshu 12-29-2008 10:58 PM
Bulk user add script
 
Hi Guys,
I'm running postfix mail server. It's using /etc/passwd auth. Everything is working charm and currently I'm in a need to add users in bulk around 2000. It's not possible to add all the users by typing commands. With the users list I have append the useradd command and made a simple script. All the users have added. But now the problem is to set password for those password. I can use the same formula I used to add the users. But in passwd -p option requires the encrypted password. If I can able to set any common password means it's also fine. But user name is different.

Anybody know how to achieve this with script or any easy method?

Thanks a lot in Advance...

--
Hari.

kenneho 12-30-2008 04:02 AM
I belive you should be able to use that "passwd" alternative you mentioned. Just create a user X with a password "secret" or something. Copy the encrypted string for user X from /etc/shadow, and use that string as input to the "passwd" or "usermod" command.

Disillusionist 12-30-2008 06:27 AM
You need to use something like crypt to create the encrypted password.

Example perl script:
Code:
#!/usr/bin/perl
use strict;

my $SALT="FEWge%r~aNjg3q4$%£";
my $user="testuser1";
my $pass="Testing";
my $encrypted=crypt($pass, $SALT);

system("useradd -p $encrypted -m $user");
Obviously, I am not suggesting that you use such an easy password, or even the same password for each account.

Also you probably should change the salt, but keep in complex.

kenneho 12-30-2008 06:45 AM
Quote:
Originally Posted by Disillusionist (Post 3391430)
You need to use something like crypt to create the encrypted password.
Do you know if there are any (bash) shell commands equivalent to this?

rweaver 12-30-2008 08:37 AM
Quote:
Originally Posted by kenneho (Post 3391442)
Do you know if there are any (bash) shell commands equivalent to this?
Sure, mkpasswd... a script to do what the original poster asked from a csv file would look like this...

new-user.sh
Code:
#!/bin/bash
for i in `cat unpw.csv`; do
  UN=`echo $i | cut -f1 -d','`
  PW=`echo $i | cut -f2 -d','`
  ENCPW=`echo $PW | mkpasswd -s`
  echo useradd -p $ENCPW -m $UN
done
unpw.csv
Code:
user1,password1
user2,password2
user3,password3
You might want to add --hash=md5 or something similar to mkpasswd to get a better encryption scheme than the default.

It currently will echo what it will output to the system when you run it... to do the process for real remove the echo.

Good luck.

archtoad6 12-30-2008 09:31 AM
Also look at newusers to do any future job like this, & apg to generate passwords.

rweaver 12-30-2008 03:47 PM
Quote:
Originally Posted by archtoad6 (Post 3391604)
Also look at newusers to do any future job like this, & apg to generate passwords.
I forgot about newusers, been ages since I used it. apg is ok but not a default application on many servers. mkpasswd IS installed by default typically.

p_s_shah 12-31-2008 06:54 AM
Two alternates I know!!
 
1. Using Shell script
Code:
echo $PASS | passwd $USER --stdin
2. Using Perl
Code:
#!/usr/bin/perl
use Unix::PasswdFile;

$pw = new Unix::PasswdFile "/etc/passwd";
$pw->passwd("monk", $pw->encpass("My-New-Password"));
$pw->commit();
undef $pw;

kenneho 01-02-2009 02:09 AM
Quote:
Originally Posted by rweaver (Post 3391546)
Code:
#!/bin/bash
for i in `cat unpw.csv`; do
  UN=`echo $i | cut -f1 -d','`
  PW=`echo $i | cut -f2 -d','`
  ENCPW=`echo $PW | mkpasswd -s`
  echo useradd -p $ENCPW -m $UN
done
I actually have mkpasswd installed on one of my servers, and as far as I can see (I may of course be wrong) it produces only unenctrypted passwords. What I would like is to be able to create encrypted passwords but not having to do this by creating a users first and using the passwd command. Any suggestions?

Disillusionist 01-02-2009 04:46 AM
As already suggested by ArchToad6 look at newusers.

Create a file containing the users to be created, in my example this is called userlist:
Code:
user1:Passwd1::1000:Test User 1:/home/user1:/bin/bash
user2:Passwd2::1000:Test User 2:/home/user2:/bin/bash
Then use newusers command (as root):
Code:
newusers userlist
Obviously, choose different passwords ;)

passwords are limited to maximum 8 characters (everything after that is ignored)

As userlist contains unencrypted passwords, you must take steps to protect this file (or delete it once it's been used).

EDIT:-

Incidently, I tried mkpasswd and it works for me:
Code:
echo Password|mkpasswd -s
gave me:
Quote:
6s/SJs4imX6Yw

Disillusionist 01-02-2009 05:36 AM
Alternative bash script:

Code:
#!/bin/bash
awk -F"," '{print $1, $2}' unpw.csv|while read UN PW
do
  ENCPW=$(echo $PW|mkpasswd -s)
  echo useradd -p $ENCPW -m $UN
done

kenneho 01-02-2009 05:50 AM
Quote:
Originally Posted by Disillusionist (Post 3394288)
As already suggested by ArchToad6 look at newusers.

Create a file containing the users to be created, in my example this is called userlist:
Code:
user1:Passwd1::1000:Test User 1:/home/user1:/bin/bash
user2:Passwd2::1000:Test User 2:/home/user2:/bin/bash
Then use newusers command (as root):
Code:
newusers userlist
Obviously, choose different passwords ;)

passwords are limited to maximum 8 characters (everything after that is ignored)

As userlist contains unencrypted passwords, you must take steps to protect this file (or delete it once it's been used).

EDIT:-

Incidently, I tried mkpasswd and it works for me:
Code:
echo Password|mkpasswd -s
gave me:
Thanks for your reply. I'm not really in need of newusers, as I'm only interested in creating a hashed password and not necessarily a new user.

To me it seems like mkpasswd only creates a random password, not a encrypted password:
Code:
[root@server ]# echo Password|mkpasswd
7p%awJN9o
An encrypted password, at least for use in the /etc/shadow file, should be prefixed with a "$1$".

An interesting observation is that I don't have an "-s" option available:
Code:
[root@server ]# echo Password|mkpasswd -s
can't use empty string as operand of "+"
    while executing
"if {$minnum + $minlower + $minupper + $minspecial > $length} {
        puts "impossible to generate $length-character password\
                with $minnum numbers, $minl..."
    (file "/usr/bin/mkpasswd" line 74)

Disillusionist 01-02-2009 07:12 AM
Quote:
Originally Posted by kenneho (Post 3394359)
To me it seems like mkpasswd only creates a random password, not a encrypted password:
Code:
[root@server ]# echo Password|mkpasswd
7p%awJN9o
mkpasswd uses a random SALT when one is not provided. If you provide a salt then it gets the same results time after time.

Try:
Code:
mkpasswd Password Sm

Quote:
Originally Posted by kenneho (Post 3394359)
An encrypted password, at least for use in the /etc/shadow file, should be prefixed with a "$1$".
The encrypted password in the /etc/shadow file does not have to begin "$1$", however, the algorithm that the passwd command uses creates an encrypted password starting "$1$". Passwords that do not start "$1$" will still work.

EDIT:- removed my first question as I realise it did not originate from the OP

kenneho 01-02-2009 07:23 AM
Quote:
Originally Posted by Disillusionist (Post 3394430)
I thought your original post stated "Currently I'm in a need to add users in bulk around 2000" ...

What are you intending to use the hashed password for?
I'm not the one who started the thread - I posted my first question in the middle of the thread. It's not easy keeping track of who posted what. :) To sum up my question: I'd like to encrypt passwords without having to actually add the clear text password to "passwd".

Anyway, I've come accross cases where I need to create an encrypted password for a user, and to accomplish this I've had to run the clear text password through "passwd <someuser>" to get the hashed password. I've had to use this approach on the few servers we've got that doesn't use LDAP.

Quote:
mkpasswd uses a random SALT when one is not provided. If you provide a salt then it gets the same results time after time.

Try:
Code:
mkpasswd Password Sm
The encrypted password in the /etc/shadow file does not have to begin "$1$", however, the algorithm that the passwd command uses creates an encrypted password starting "$1$". Passwords that do not start "$1$" will still work.
Thanks for the info on passwd and "$1$" - didn't know that omitting "$1$" would work.

Disillusionist 01-02-2009 08:01 AM
Quote:
Originally Posted by kenneho (Post 3394443)
I'm not the one who started the thread
Sorry, I realised my mistake whilst you were composing your reply.

Quote:
To sum up my question: I'd like to encrypt passwords without having to actually add the clear text password to "passwd".
You could use usermod -p $ENCPW $UN so long as you have a valid encrypted password but you're going to need to create that encrypted password somewhere.

Quote:
Thanks for the info on passwd and "$1$" - didn't know that omitting "$1$" would work.
You can't just remove the begining of the encrypted password. What I was trying to say was that the encrypted password created by the passwd command starts $1$ but if you create an encrypted password (either using crypt as in my perl sample, or through mkpasswd) that will still be valid.


All times are GMT -5. The time now is 09:25 PM.
Page 1 of 3 1 23
Show 50 post(s) from this thread on one page