Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am looking to add user via web page with the following code can anyone give me some example php code to add a user to a linux system, example bash script below
Code:
#!/bin/bash
clear
# Script to add a user to this Linux system
if [ $(id -u) -eq 0 ]; then # check if user is root
read -p "Enter User Name : " username
while [ -z $username ]|| egrep "^$username" /etc/passwd 1>/dev/null;
do
echo -ne "Either user exists or you entered a blank, enter username again: ";read -e username
done
password=`</dev/urandom tr -dc A-Za-z0-9 | head -c8`
echo -ne "\nPlease Enter your User ID Number: ";read -ern5 uid
while [[ ! $uid =~ ^[0-9]+$ ]]||egrep $uid /etc/passwd >/dev/null; do
echo -ne "Please re-enter your uid positive intergers only: ";read -ern5 uid
done
read -p "Enter a Comment : " comment
commentstatic="Internal SFTP Account"
read -p "Enter Users Home Directory : " homedir
while [ ! -d "$homedir" ];
do
echo -ne "\n$homedir Directory Not Found! Please re-enter: "; read homedir
done
pass=$(perl -e 'print crypt($ARGV[0], "password")' $password) # passing the password entered
echo ""
shell=/bin/bash # case statment for shell selection.
useradd -u $uid -p $pass -c "$comment $commentstatic" -d $homedir -s $shell $username
echo "Setting security on users home directory"
chown $username:ftp $homedir # security settings for both shells
chmod 775 $homedir
echo -e "$username" '\t' "$homedir" >> /etc/security/chroot.conf
clear
echo -e "\n\tThis users login details is as follows: \n"
echo -e "\n\tUsername is: $username \n"
echo -e "\tPassword is: $password \n"
echo -e "\tUser's ID Number is: $uid \n"
echo -e "\tComment is: $comment $commentstatic \n"
echo -e "\tUsers Home Directory is: $homedir \n"
echo -e "\tUsers Shell is: $shell \n"
fi
STOPM=`date -u "+%s"`
RUNTIMEM=`expr $STOPM - $STARTM`
if (($RUNTIMEM>59)); then
TTIMEM=`printf "%dm%ds\n" $((RUNTIMEM/60%60)) $((RUNTIMEM%60))`
else
TTIMEM=`printf "%ds\n" $((RUNTIMEM))`
fi
echo -e "\tExecuting "script function" took: $TTIMEM\n"
The problem can be done... depending on the system (and configuration) you are using.
RH/Fedora isolate the web server even more for security purposes, and adding users to the system is one of the problems.
Using the web for this is not secure (too many easy things that could go wrong and leave your system wide open).
It can be done... but there is a significant difficulty in changing from the apache account (and limited privileges) to a higher privilege (root) to be allowed to add the user. All CGI scripts run as the apache user, and any switching to root will be granted to any use of the apache UID, so all web pages suddenly become vulnerable to attack.
To do it, you have to configure sudo to allow the apache UID to use it without a password (if if a password still used, then apache has to have the password in plaintext...). After that, the php code only has to collect the information, then invoke sudo to pass the parameters.
1) have the user change their password but I want to use a linux "/dev/urandom" to generate it and change it with no interaction from me or helpdesk ticket
Are they using a login via ssh?
Or is it just a browser login?
Well they could login via ssh or sftp so I want for them to change their own password, i.e.
1) they forgot their password then they can make request to change it, get a webpage link, click on it and change their password without any interaction from me and it will delete it and and get the password from "/dev/urandom" set it and display it back to them securely but also I want it logged somewhere or maybe somekind of approval maybe from help desk
Well they could login via ssh or sftp so I want for them to change their own password, i.e.
1) they forgot their password then they can make request to change it, get a webpage link, click on it and change their password without any interaction from me and it will delete it and and get the password from "/dev/urandom" set it and display it back to them securely but also I want it logged somewhere or maybe somekind of approval maybe from help desk
If approval from help desk is required (not unreasonable), then why use a web page other than to generate a random string?
So how are you going to authenticate the web page? And you do get the irony of "display it back to them securely" right? A displayed password is not a secure password.
And practice shows that random passwords will get written down.
Also, if you have a number of remote users why not use kerberos? - Then you can specifically authorize the user support personnel with the ability to change passwords. You also get the advantage that no passwords ever cross the network (other than when specifically changing the password - and that only happens between the user/help desk and the KDC).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.