Anyone have pointers (or examples) of a script that can be used to create new users and set their password at the same time? I need something I can call like so:
script USERNAME PASSWORD
...and have it return 1 or 0 for failure or success.
This is going to be used by another application with the arguments USERNAME and PASSWORD passed to it. And this will also be running through sudo (from some protected area.)
On Wed, 2007-04-25 at 18:38 -0600, Ashley M. Kirchner wrote:
Anyone have pointers (or examples) of a script that can be used to
create new users and set their password at the same time? I need something I can call like so:
script USERNAME PASSWORD ...and have it return 1 or 0 for failure or success.
You can't use "useradd" as it already stands?
Tim wrote:
On Wed, 2007-04-25 at 18:38 -0600, Ashley M. Kirchner wrote:
Anyone have pointers (or examples) of a script that can be used to
create new users and set their password at the same time? I need something I can call like so:
script USERNAME PASSWORD ...and have it return 1 or 0 for failure or success.
You can't use "useradd" as it already stands?
I think the problem is the password. Splitting the script in to parts:
1. useradd .... $1 ....... 2. password --stdin <<"EOF" $2 EOF
so if you call
script <USERNAME> "<PASSWORD>"
the password should be set correctly.
Joachim Backes wrote:
I think the problem is the password. Splitting the script in to parts:
- useradd .... $1 .......
- password --stdin <<"EOF"
$2 EOF
so if you call
script <USERNAME> "<PASSWORD>"
the password should be set correctly.
Actually, one can use the useradd command to create the user and set the password at the same time - you just have to remember to crypt() the password string before passing it to useradd.
On Thu, 2007-04-26 at 07:35 +0200, Joachim Backes wrote:
Tim wrote:
On Wed, 2007-04-25 at 18:38 -0600, Ashley M. Kirchner wrote:
Anyone have pointers (or examples) of a script that can be used to
create new users and set their password at the same time? I need something I can call like so:
script USERNAME PASSWORD ...and have it return 1 or 0 for failure or success.
You can't use "useradd" as it already stands?
I think the problem is the password. Splitting the script in to parts:
- useradd .... $1 .......
- password --stdin <<"EOF"
$2 EOF
so if you call
script <USERNAME> "<PASSWORD>"
the password should be set correctly.
The problem as I see it is to generate passwds automatically. There used to be a program mkpasswd that did that but I can't find that now. -- ======================================================================= "One size fits all": Doesn't fit anyone. ======================================================================= Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@sbcglobal.net
On Thu, 2007-04-26 at 15:05 -0500, Aaron Konstam wrote:
On Thu, 2007-04-26 at 07:35 +0200, Joachim Backes wrote:
Tim wrote:
On Wed, 2007-04-25 at 18:38 -0600, Ashley M. Kirchner wrote:
Anyone have pointers (or examples) of a script that can be used to
create new users and set their password at the same time? I need something I can call like so:
script USERNAME PASSWORD ...and have it return 1 or 0 for failure or success.
You can't use "useradd" as it already stands?
I think the problem is the password. Splitting the script in to parts:
- useradd .... $1 .......
- password --stdin <<"EOF"
$2 EOF
so if you call
script <USERNAME> "<PASSWORD>"
the password should be set correctly.
The problem as I see it is to generate passwds automatically. There used to be a program mkpasswd that did that but I can't find that now.
Well I spoke to soon. mkpasswd is part of the expect package and it generates passwds that will make your script much simpler.
-- ======================================================================= I'm sorry, but my karma just ran over your dogma. ======================================================================= Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@sbcglobal.net
Aaron Konstam:
The problem as I see it is to generate passwds automatically. There used to be a program mkpasswd that did that but I can't find that now.
Well I spoke to soon. mkpasswd is part of the expect package and it generates passwds that will make your script much simpler.
Does it do the same job as crypt? (Giving you the encrypted password for the plain text one that you supply.)
On Fri, 2007-04-27 at 08:12 -0400, David C. Chipman wrote:
Hi Tim,
Where would I find the crypt command? Thanks, -David Chipman
Even if you found the crypt command you wold have to know how passwds are encrypted in Linux to use it. mkpasswd already knows all that.
Aaron Konstam wrote:
Even if you found the crypt command you wold have to know how passwds are encrypted in Linux to use it. mkpasswd already knows all that.
man crypt - tells you all about it.
On Fri, 2007-04-27 at 12:57 +0930, Tim wrote:
Aaron Konstam:
The problem as I see it is to generate passwds automatically. There used to be a program mkpasswd that did that but I can't find that now.
Well I spoke to soon. mkpasswd is part of the expect package and it generates passwds that will make your script much simpler.
Does it do the same job as crypt? (Giving you the encrypted password for the plain text one that you supply.)
No it produces a passwd that can be assigned to a user and also is output to stdout so it can be captured and sent to the user, So: mkpasswd jones Vg65og43
Jones gets the passwd displayed. The program also has arguments that control the characteristics of the passwd. mkpasswd is in the expect package.
Aaron Konstam wrote:
The problem as I see it is to generate passwds automatically. There used to be a program mkpasswd that did that but I can't find that now.
In my case, I had the password and username, I just needed to pass them. With the help from another list, I ended up with this. Since I was going to pass both the username and password to this script, I just wrote one bash shell script that took both values and processed them accordingly:
cat useradd.sh
#!/bin/sh # # This has been simplified. Adjust to your own needs. username=$1 password=$2 USHELL=/bin/bash
crypt=`/path/to/crypt.pl $password`
/usr/sbin/useradd -d "/home/$username" -p "$crypt" -s $USHELL "$username";
And the crypt.pl script looks like this:
cat crypt.pl
#!/usr/bin/perl use Crypt::Passwd; my $salt = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]; print unix_std_crypt($ARGV[0], "$1$$salt$");
And while I could've done the whole thing in one perl script, by splitting them into two pieces, it allows me to re-use the crypt.pl part in other scripts.
On 4/25/07, Ashley M. Kirchner ashley@pcraft.com wrote:
Anyone have pointers (or examples) of a script that can be used to
create new users and set their password at the same time? I need something I can call like so:
script USERNAME PASSWORD ...and have it return 1 or 0 for failure or success. This is going to be used by another application with the arguments
USERNAME and PASSWORD passed to it. And this will also be running through sudo (from some protected area.)
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Here is one I did up to create a bunch of accounts when running a class. It creates user1, user2, user3, user4, etc.. with corresponding password being the same as the username.
for (( i=1; i<21; i++)); do /usr/sbin/useradd user$i && echo "user$i" | passwd --stdin user$i || echo "unable to add user$i"; done
I have this in a script but it is written such that you can do it at the command line. You could clean it up to behave a bit more like you want it. I have a second script as follows to remove the accounts and their home directory when done:
for (( i=1; i<21; i++)); do /usr/sbin/userdel -r user$i; done
and of course you could change the for loop counter to suite your needs.
If you want to use a list of names from a file (each entry separated by a space or newline) you could write the script as follows:
for i in $(cat users); do /usr/sbin/adduser $i && echo "$i" | passwd --stdin $i;done
Where users is the text file containing the list of users you want to add.
Or you could simply supply the names on the command line as follows:
for i in john mary paul; do /usr/sbin/useradd $i && echo "$i" | passwd --stdin $i;done
In both these examples the password is the same as the username. If you wanted to assign a password from a file along with the username, then you could either incorporate the hash command from perl (not comfortable enough to help you on that without some digging), or create a file with usernames (called users.txt in this script) and a second with passwords (called pass.txt i this script and it associates first username in users.txt to first password in pass.txt, etc) and use the following script:
declare -ar USERNAMES=($(cat users.txt)) declare -ar PASSWORDS=($(cat pass.txt)) declare -ir NUM_OF_USERS=${#usernames[@]}
for (( i=0; i<$NUM_OF_USERS; i++ ));do /usr/sbin/useradd ${USERNAMES[$i]} && echo "${PASSWORDS[$i]}" | passwd --stdin ${USERNAMES[$i]} && echo Successfully added user ${USERNAMES[$i]} || echo "unable to add ${USERNAMES[$i]}"; done
There are other ways you could do this (use one file with username, password on each line and then parse out each line).
I tried to keep it as simple as possible (both because I don't have time to code a more complex script right now and it's not that bad an idea to keep usernames and passwords separate - if you wanted more security you could convert the passwords to their proper crypted values and put that in a file and then have the script use those values instead, possibly inserting them into the shadow file via the script. Of course I'm assuming you would assign a default password for each user which you would require them to change anyhow.
Hope this helps.
Jacques B
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ashley M. Kirchner a écrit :
Anyone have pointers (or examples) of a script that can be used to create new users and set their password at the same time? I need something I can call like so:
script USERNAME PASSWORD
not exactly, here a script I have done to had user from a list, you can adapt it to fit your needs. This script create users with temporary crypted password, add them to the mail server and crate an elementary web page... Choose what you want (sorry for comments in French!):
#!/bin/bash
cat < list-of-users | while true do read ligne if [ "$ligne" = "" ]; then break; fi echo "lecture de la ligne --->" $ligne set -- $ligne PRENOM=$1 PRENOM2=$2 NOM=$3 LOGIN=$4 COURRIER=$5 LIEU=$6 GROUP=$7 PASSWD=`echo $PRENOM | cut -c1``echo $NOM | cut -c1`2005 # echo prenom=$PRENOM, prenom2=$PRENOM2 nom=$NOM login=$LOGIN passwd=$PASSWD courrier=$COURRIER lieu=$LIEU # #creation des utilisateurs CRYPTPASSWORD=`/usr/sbin/slappasswd -h {MD5} -c '$1$%.8s' -s $PASSWD | cut -d "}" -f2` /usr/sbin/adduser -s /usr/bin/rssh -p $CRYPTPASSWORD -g $GROUP $LOGIN echo "$COURRIER, \$LOGIN" > /home/$LOGIN/.forward # #courrier mkdir /home/$LOGIN/mail/ cp /root/.subscriptions /home/$LOGIN/mail/ echo "$PRENOM2.$LOGIN: $LOGIN" >> /etc/mail/aliases echo "$LOGIN: $PRENOM2.$LOGIN" >> /etc/mail/revaliases # #page web mkdir /home/$LOGIN/public_html cat << xxFINxx > /home/$LOGIN/public_html/index.html <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> <html> <head> <title>$PRENOM $NOM</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="MSSmartTagsPreventParsing" content="TRUE">
<!-- <link rel="stylesheet" href="styles/style.css" type="text/css"> -->
<style type="text/css"> body {font-family: verdana, arial, sans-serif ; margin-left : 1em ; margin-right : 1em ; margin-top : 1em ; margin-bottom : 1em ; } a:link, a:visited { font: 12px verdana, arial, sans-serif; font-weight: bold; text-decoration: none; color:#555555; } a:hover { font-weight: bold; text-decoration: none; color: #000; background: #6C0202; }
</style>
</head>
<body> <table border="0" rules="none"> <tr bgcolor="#6C0202" width="100%"> <th> <img src="mylogo.png" alt="logo mylogo"> </th> <th width="100%"> </th> </tr> </table>
<h1>$PRENOM $NOM</h1>
<h4>$LIEU</h4>
<h4>Courriel : <a href="mailto:$PRENOM2.$LOGIN@yourmailserver.net">$PRENOM2.$LOGIN@yourmailserver.net</a></h4>
<hr>
<p></p>
</body> </html> xxFINxx # cp /root/mylogo.png /home/$LOGIN/public_html/ chown -R $LOGIN.$GROUP /home/$LOGIN chmod 711 /home/$LOGIN chmod 600 /home/$LOGIN/.forward chmod 644 /home/$LOGIN/public_html/* chmod 711 /home/$LOGIN/public_html/ chmod 700 /home/$LOGIN/mail/ chmod 600 /home/$LOGIN/mail/.subscriptions done
cd /etc/mail/
/usr/bin/newaliases /usr/sbin/sendmail -bi -oA/etc/mail/revaliases
echo $?
<-----------------end script
The list is a simple text file with one line per user like this:
John john Doe doe jd@hismail.com lieu name-of-group
- -- François Patte UFR de mathématiques et informatique Université René Descartes http://www.math-info.univ-paris5.fr/~patte
not exactly, here a script I have done to had user from a list, you can adapt it to fit your needs. This script create users with temporary crypted password, add them to the mail server and crate an elementary web page... Choose what you want (sorry for comments in French!):
<snip> - --
Fran�ois Patte UFR de math�matiques et informatique Universit� Ren� Descartes http://www.math-info.univ-paris5.fr/~patte
Très beau script. Je ne l'ai pas regardé de trop près encore, mais je vois des points que je n'ai pas couverts dans le mien. (english: Very nice script. I haven't looked at it closely yet, but I see points that I didnèt cover in mine).
In re-reading the original request, I notice that we kind of got caught up in nice scripts, but really the OP seems to simply want to be able to do newuser {username} {password}.
In its simplest form it would be:
/usr/sbin/useradd $1 && echo "$2" | passwd --stdin $1 && echo Successfully added user $1 || echo "unable to add $1"
If you are the only user of this script and know the format then you are ok with that. But to make it a proper script with error checking you'd incorporate getops to read the parameters on the command line (and even allow you to do -u username -p password in whichever order you'd like).
This would be much better: ------------------------------------------------------------------------------------------------------ #!/bin/bash
USERNAME="" PASSWORD="" MISSING_PARM=1 # exit status if parameter missing HELP_ME=2 # exit status if person used the help switch TOO_MANY_PARMS=3 # Too many parameters
clear
usage="Usage: $0 -u <username> -p <password>"
if [ $# -gt 4 ] then echo "Too many parameters!" echo $usage exit $TOO_MANY_PARMS fi # checking for any command line options
while getopts "u:p:" opt; do case $opt in u ) USERNAME=$OPTARG ;; p ) PASSWORD=$OPTARG ;; h | ? | -help ) echo $usage exit $HELP_ME ;; esac done
if [ "$USERNAME" = "" ] || [ "$PASSWORD" = "" ] then echo "You must provide a username and a password." echo $usage exit $MISSING_PARM fi
/usr/sbin/useradd $USERNAME && echo "$PASSWORD" | passwd --stdin $USERNAME && echo Successfully added user $USERNAME || echo "Unable to add $USERNAME"
exit 0 # normal exit --------------------------------------------------------------------------------------------------------
With the above script using getops, you can use either: ./scriptname -u username -p password or ./scriptname -p password -u username
Keep in mind that scripting can be tricky. A space here or one missing there can potentially make a difference between a command working or not working. The /usr/sbin command goes on one line up to th end of: echo "Unable to add $USERNAME". Depending on your screen width while reading the e-mail it may not appear as one line.
And notice the various exit codes that you can use to cause another script to react based on the exit code from this one.
Jacques B.