I want to write a script that would create users for me. This script would take the username and password as arguments.

The problem is that I need to switch to the root to execute this. I want to programatically acheive this. If I use "su" in the script, it prompts for the password. I want to avoid that.

Any user should be able to run this script and add users. Switching to root should be handled by the script.

Can somebody help?

Thanks

ssudhi

The most common way to do that is to have the script run with SetUID permissions. Then whenever the script is executed by any user it will run with the permisssions of the owner of the file, here, root. You will not need to use "su" in the script with this method. To change the permissions on your script to SetUID, navigate to the directory where the script is located and run the following as root:

# chmod 4755 <script_name>

When you create the script, make root the owner and the above should work. Create the script as an ordinary user and get it working the way you want. Then change the owner with:

# chown root <script_name>

After that, run the chmod command above. In the above, "755" gives the owner read and execute permissions and the "4" in front sets the SetUID flag. This will prevent alteration of the script once it's set up and running properly. If you subsequently want to edit the script, you'll have to reset the permissions as root with "chmod 777"(i.e. rwx permissions), edit the script and set it back with "chmod 4755".

CAUTION: The above stikes me as an insecure practice. Ordinary users should not normally be given the ability to add users and running SetUID should be used sparingly since ordinary users are running an executable with root privileges. It is preferable to using "su" which would require that the root password be inputted automatically from a text file containing the root password and that text file would have to be readable by ordinary users, an obviously very insecure practice.

Thanks for the reply.

I tried what you suggested but have not been succesful yet since I got the following error.

"useradd: unable to lock password file"

Any clue?

Thanks
ssudhi

I just wrote this for my UNIX administration class. I figured it might help get you started, I've only tested it on a "root only system" as I'm not even going to start adding and removing users on my main box for obvious security reasons.

It's kind of ugly, but it seems to work ok.

:code:admin - lets users add and modify users

clear
# show the menu
clear

tput cup 10 20
tput rmso
echo "Please choose form the following options:"
tput rmso
tput cup 12 25
echo " 1 List all account information"
tput cup 13 25
echo " 2 Add a user"
tput cup 14 30
echo " 3 Remove a user"
tput cup 15 30
echo " 4 Change a user's password"
tput cup 16 30
echo " 5 Add a new group"
tput cup 17 30
echo " 6 Remove a group"
tput cup 18 30
tput cup 19 25

echo -n "Selection:"
read choice

# determine which choice was selected
case $choice in
[1])
# list all users
cd /etc
cat passwd

;;

# add a user
[2]) echo "Add a user"
echo "What is the user name of the new user?"
read username
echo "Please specify a group name"
read group name
useradd -g "$fullname" $username $group name

;;

# remove a user
[3]) echo "Remove a user"
echo "What is the username of the user you would like to remove?"
read username

userdel -r $username

;;

# change a users password
[4])
echo "Type the username"
read username

passwd $username

;;

# add a new group
[5])
echo "Please type the new group's id"
read group id

groupadd -r $group id

;;

# remove a group
[6])
echo "Please type the group id of the group to be removed"
read group id

groupdel $group id

;;



esac

EDIT: I just tried it on SUSE 9.0 (not signed in as root) box and the useradd is working. All I issued was chmod ugo+x addrmo and then I ran it.