Useradd Shell Script

nova_9* · 02-11-2010, 10:37 AM

Hello,

I'm somewhat new to shell scripting and could use some assistance. I'm trying to write a script that will point to a text file with a list of 10 usernames and add the first 5 users to the system with shell "/bin/bash" and the second 5 users to the system without the ability to log in.
The OS is Red Hat Enterprise 5.4

This is what I have so far:
#!/bin/bash
##############ADD NEW USER##############
NEW_USERS="/root/userlist.txt"
HOME_BASE="/home/"
#
cat ${NEW_USERS} | \
while read USER PASSWORD GROUP
do
useradd -g ${GROUP} -p ${PASSWORD} -m -d ${HOME_BASE}${USER} ${USER}
done

It will add user, but they are unable to login and the /etc/shadow password field is not encrypted. If I change their passwords via the GUI, they can login and the password will then be encrypted.
An example from the text file the script looks to is:
#USER PASSWORD GROUP
user1 password1 users
Any help would be greatly appreciated.

Thank you

mishkind · 02-11-2010, 10:50 AM

Hi,

Check the man page for useradd to see if you can create a user with disabled password. if that does not help, you can create the users with something like "/dev/null" in the shell field. You also create your own script that will print some message to the user and then log him out. In this case,make sure to trap the signals to that process (so that the user wont be able to ctrl-c etc.).

rnturn · 02-11-2010, 02:26 PM

Quote:

Originally Posted by mishkind

You also create your own script that will print some message to the user and then log him out. In this case,make sure to trap the signals to that process (so that the user wont be able to ctrl-c etc.).

Be sure and add your script to /etc/shells. If it's listed there, I believe you can use it as part of the useradd command. If it's not there, you'll likely get an error about an invalid shell. (Not sure if this is true on Linux but I had something similar happen on a commercial UNIX system until I edited /etc/shells.)

I've used these sort of "shells" for accounts that I wanted to have, say, FTP access but no interactive use. (I included logging the iteractive attempts and the hostnames or IP addresses they came from so one could see who was trying to abuse the account.)

--
Rick

cantab · 02-11-2010, 02:48 PM

I think RHEL has "/sbin/nologin" or something similar, that will produce a message and spit the user back out again.

chrism01 · 02-11-2010, 05:01 PM

Use /sbin/nologin; don't mess with /etc/shells.

nova_9* · 02-16-2010, 02:11 PM

Thank you to all who replied. Adding the /sbin/nologin to the script worked to prevent those users from logging on (presented with a pop-up indicating so). Seems like those who I didn't use /sbin/nologin with, were also unable to login until I changed their password after running the script. I also noticed when creating users this way, the password doesn't appear to be encrypted in the /etc/shadow file. There might be another switch I'm missing.

Thanks

worm5252 · 02-16-2010, 02:22 PM

try using --password instead of -p

nova_9* · 02-16-2010, 03:11 PM

I tried using --password and it produced the same result.

bathory · 02-16-2010, 03:28 PM

Hi,

You can use the command

Code:

newusers

that does exactly what you want to do.

Regards

forrestt · 02-16-2010, 04:11 PM

From "man useradd":

Code:

-p, --password PASSWORD
           The encrypted password, as returned by crypt(3). The default is to disable the password.

What you are doing is storing the password as the hash value of the password which will never match any password. Useradd wants the password as it would appear if it were already encrypted. Try this instead:

Code:

#!/bin/bash
##############ADD NEW USER##############
NEW_USERS="/root/userlist.txt"
HOME_BASE="/home/"

cat ${NEW_USERS} | \
while read USER PASSWORD GROUP ; do
        useradd -g ${GROUP} -p LOCK -m -d ${HOME_BASE}${USER} ${USER}
        echo ${PASSWORD} | passwd --stdin ${USER}
done

HTH

Forrest

nova_9* · 02-19-2010, 04:02 PM

I'll give it a try.

Thanks