[SOLVED] I can't make 'useradd' work

lucmove · 05-10-2010, 02:49 PM

Code:

useradd -u 8001 -g luc -p mypassword -s /usr/bin/bash -d /home/luc luc

Open another terminal:

Code:

luc[159-0]test> ssh luc@61.62.63.64
luc@61.62.63.64's password:
Permission denied, please try again.
luc@61.62.63.64's password:
Permission denied, please try again.
luc@61.62.63.64's password:
Permission denied (publickey,password,keyboard-interactive).

Try again:
# userdel luc
# adduser
(answer all the questions...)

Jump back to the other terminal... Try SSH login... Success!

'adduser' works, 'useradd' doesn't. Why? I have read the man pages several times and can't find the error in my command line.

I have a similar problem with groupadd

This fails:
groupadd -g 8001 staff

This works:
groupadd staff

why?!

TIA

acid_kewpie · 05-10-2010, 02:52 PM

-p takes an encrypted password, not a plaintext passwd. It needs to be the exact md5 / sha hash that goes into /etc/shadow.

lucmove · 05-10-2010, 09:09 PM

Do you know how I can obtain that hash? I really wish I could automate this entire procedure...

'man useradd' says that -p specifies "the encrypted password, as returned by crypt(3)." There is no 'crypt' command or package, neither on Ubuntu nor on Slackware. I assume some other package or library provides that command, but the man page won't say what it is. That would be too helpful for a man page, which must be against the rules or something.

custangro · 05-10-2010, 09:24 PM

Quote:

Originally Posted by lucmove

Do you know how I can obtain that hash? I really wish I could automate this entire procedure...

'man useradd' says that -p specifies "the encrypted password, as returned by crypt(3)." There is no 'crypt' command or package, neither on Ubuntu nor on Slackware. I assume some other package or library provides that command, but the man page won't say what it is. That would be too helpful for a man page, which must be against the rules or something.

mcrypt is the Linux version of crypt ...

You can also do...

Code:

root@host# echo "password" ¦ md5sum

To get the hash...there is also a sha1sum command as well

lucmove · 05-11-2010, 09:11 PM

Well, I'm trying to get by on my own but haven't made much progress. To wit:

- I created the account with adduser, which works, then I checked what the encrypted password is in /etc/shadow. Then I ran echo "password" ¦ md5sum like you suggested. In fact, I tried that long before I got your reply. The output of that command does not match the encrypted password in /etc/shadow. I didn't try just md5sum, I also tried it with shasum, sha1sum, and all the other sha[1-9]*sum commands I have here, for good measure. None of those output the same encrypted password I have in /etc/shadow.

- I downloaded the mcrypt package, so now I have the mcrypt command. But I can't figure out how to use it to obtain the same encrypted password I can use in /etc/shadow. Mcrypt, in good Linux tradition, makes the whole task at hand a lot more difficult than it could have been. It refuses to output to the terminal so I can see the darn output and compare with the encrypted password I already have. So I redirect it to a file, which turns out to be binary and gets all garbled with 'cat'.

Can someone please enlighten me? This is getting really tiresome. I just want to use one damn option in one damn command, I am sick of going through all this trouble because of one line in my 80-line script.

TIA

bgeddy · 05-11-2010, 09:56 PM

I'm not sure about getting the crypt() result of a password but how about a workaround. Just create your user without supplying the password then add a line to the script to change the password like this :

Code:

useradd -u 8001 -g luc -s /usr/bin/bash -d /home/luc luc
echo "luc:mypassword" | chpasswd

That will do the same as your original one liner adding the user and adding the password.

custangro · 05-11-2010, 10:12 PM

Quote:

Originally Posted by lucmove

Well, I'm trying to get by on my own but haven't made much progress. To wit:

- I created the account with adduser, which works, then I checked what the encrypted password is in /etc/shadow. Then I ran echo "password" ¦ md5sum like you suggested. In fact, I tried that long before I got your reply. The output of that command does not match the encrypted password in /etc/shadow. I didn't try just md5sum, I also tried it with shasum, sha1sum, and all the other sha[1-9]*sum commands I have here, for good measure. None of those output the same encrypted password I have in /etc/shadow.

- I downloaded the mcrypt package, so now I have the mcrypt command. But I can't figure out how to use it to obtain the same encrypted password I can use in /etc/shadow. Mcrypt, in good Linux tradition, makes the whole task at hand a lot more difficult than it could have been. It refuses to output to the terminal so I can see the darn output and compare with the encrypted password I already have. So I redirect it to a file, which turns out to be binary and gets all garbled with 'cat'.

Can someone please enlighten me? This is getting really tiresome. I just want to use one damn option in one damn command, I am sick of going through all this trouble because of one line in my 80-line script.

TIA

instead of trying to pass the -p to the useradd command...why don't you add one more line to your 80 line script?

Code:

echo "password" ¦ passwd --stdin username

Just a thought

Richard Cranium · 05-11-2010, 11:44 PM

Quote:

Originally Posted by lucmove

Well, I'm trying to get by on my own but haven't made much progress. To wit:

- I created the account with adduser, which works, then I checked what the encrypted password is in /etc/shadow. Then I ran echo "password" ¦ md5sum like you suggested. In fact, I tried that long before I got your reply. The output of that command does not match the encrypted password in /etc/shadow. I didn't try just md5sum, I also tried it with shasum, sha1sum, and all the other sha[1-9]*sum commands I have here, for good measure. None of those output the same encrypted password I have in /etc/shadow.

- I downloaded the mcrypt package, so now I have the mcrypt command. But I can't figure out how to use it to obtain the same encrypted password I can use in /etc/shadow. Mcrypt, in good Linux tradition, makes the whole task at hand a lot more difficult than it could have been. It refuses to output to the terminal so I can see the darn output and compare with the encrypted password I already have. So I redirect it to a file, which turns out to be binary and gets all garbled with 'cat'.

Can someone please enlighten me? This is getting really tiresome. I just want to use one damn option in one damn command, I am sick of going through all this trouble because of one line in my 80-line script.

TIA

"man 3 crypt" tells you how the password is generated. It isn't an md5 hash of the input string.

bgeddy · 05-12-2010, 09:55 AM

Quote:

Do you know how I can obtain that hash? I really wish I could automate this entire procedure...

I have been looking into the crypt function and have made a little python script that takes the password as a command line argument and returns the encrypted password. Here it is:-

Code:

#!/usr/bin/python
import sys,crypt,random,string
def salt(chars = string.letters + string.digits):
        return random.choice(chars) + random.choice(chars)

if len(sys.argv) != 2:
        print "Error in command line"
        exit(1)
print crypt.crypt(sys.argv[1],salt())

If you create a script file with this, for example tpwd.py, and make it executable you may run your original one liner to add a user, (from the directory tpwd.py is in), like this :

Code:

useradd -u 8001 -g luc -p $(./tpwd.py mypassword) -s /usr/bin/bash -d /home/luc luc

and the user will be created with the supplied password.

acid_kewpie · 05-12-2010, 10:50 AM

well you can use the chpasswd tool to do this seperately, which does take in a plain text password. You can also feed chpasswd a single file / stdin stream of user:password lines and it'll do them all in one go.