SUSE / openSUSEThis Forum is for the discussion of Suse Linux.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I'm trying to script the adding of new users to a suse10 system using perl. Unfortunately the encryption in the /etc/shadow file is not as I expected. Encrypting the password with crypt doesn't work but adding the user/password with passwd or yast does. Below is a snippet of my /etc/shadow
User fred was added interactively using yast and works fine for my purpose. User albert was added via my script using crypt and doesn't work. Seemingly, I'm using the wrong encryption system. Can anyone tell me whats happening and perhaps point me in the right direction.
ps the perl module Passwd::Linux produces identical results to my homemade effort.
Yes. I installed whois and then ran mkpasswd from the command line. The two users in my example both have an identically short password (I think they are both 8 chars). mkpasswd produced similar output to the albert (crypt) example.
I don't have any trouble adding users or setting the encrypted shadow password. My problem is that the users I create don't work with vsftpd whereas the ones created with yast or the bash "passwd" do. I can create a user with a short password as you did but vsftpd then rejects that users login. If I then change that users password with "passwd" I get a long encrypted string in my shadow file and vsftpd then accepts it. I'm missing something somewhere and I thought perhaps it was that suse10 handled passwords differently or there is an extra process involved somewhere that I'm unaware of.
albert:eve.6xZHiDams:13216:0:99999:7::: - my perl created user, like yours (vsftpd rejects login)
Now I change the password at the commandline with passwd command and in my shadow file I get :- albert:$2a$10$2b2P978zQUmQMC68mSQNmelcrDC6AmsD/qFiAyEC8676p1Kp4sCcq:13216:0:99999:7::: - (vsftpd now accepts login).
Both encrypted strings refer to the same password which in this case is "letmein".
It looks to me like suse10 have strengthened the password encryption cos I'm pretty sure that my users would be OK on other systems. As you say, it works, as in we get a user that looks perfectly valid .... but it doesn't actually work.
As you suggest, I'll re-check my code....
Checked my code and your suggestion does work!
I can get a login with an encrypted password generated with mkpasswd but not using crypt or the perl linux password module.
Thanks again, again.
Last edited by fluffyvoidbunny; 03-09-2006 at 01:51 PM.
My problem is that the users I create don't work with vsftpd
Oh! this information is new. I did not know you are talking about vsftpd until your last post
Ok. Starting again. Did you have nscd running ? nscd is a cache for /etc/passwd and /etc/shadow.
May be you need to reload it. "rcnscd reload". Create a user using your script and reload nscd. try to get log on in the system using ftp.
Sorry, I didn't want to expand the question too much cos its like asking you to do my job for me which is not a reasonable request. Anyway after re-examining my code as you suggested I found my error and you had solved the problem in your first post. The solution in perl is a 3 liner ...
my $new_user = "fred_flintstone";
my $password = "letmein";
my $passwd_crypted = `mkpasswd $password wT`; # crypt $password, 'Wn' ; #`mkpasswd $password wT`;
my $new_user_home = "/home/" . $new_user;
my $shell = "/bin/false"; #"/bin/bash/"; #for redhat '/sbin/nologin';
system "useradd $new_user -p $passwd_crypted -d $new_user_home -g my_group -G '' -s $shell";
system "chown $new_user $new_user_home";
This adds new users with a vsftp home dir, allows ftp logins but disables terminal logins. For some reason my perl crypt didnt seem to work which led me to think (wrongly) that the short encrypted passwords were the problem. mkpasswd sorted that. Also I didn't know I had a "nscd" - and it is running. I'll watch that in future.
Thankyou very much for your help.
Last edited by fluffyvoidbunny; 03-10-2006 at 03:27 AM.