Using pw adduser to set password in a script
Jez Hancock
jez.hancock at munk.nu
Tue Jul 1 01:38:54 PDT 2003
Hi Uwe,
Thanks for the reply.
On Tue, Jul 01, 2003 at 09:25:28AM +0200, Uwe Doering wrote:
> Here is what I use:
>
> echo 'password' | \
> pw useradd -q -h 0 -n user -g group -s shell -d /home/user \
o
> -c 'comment' -m
>
> Note that feeding the password to 'pw' via the command line (with
> 'echo') is a security problem if you have untrusted users on that
> machine, since they can see the password in the process list (with 'ps').
Aha.
> A better approach for automating account creation is to first store the
> password (generated or given) in a file (with secure permissions, of
> course) and then feed 'pw' from that file:
>
> pw useradd -q -h 0 -n user -g group -s shell -d /home/user \
> -c 'comment' -m < /path/to/file
> rm -f /path/to/file
ah :) Cheers for that :)
The way I ended up doing it in PHP was:
/*
To add a user on FreeBSD:
echo "password" | pw adduser -q -u user -g group \
-s shell -d /home/user -c comment -h -
adds the user 'user' with primary group 'group',
shell 'shell', home dir '/home/user' with a comment 'comment'
This is pretty dodgy - the password is listed in ps output...
To do this from PHP though, we use popen to create a stream to the
command:
pw adduser -q -u user -g group \
-s shell -d /home/user -c comment -h 0
and then write the password to the file pointer created
by popen. This effectively adds the user to the passwd database
whilst at same time setting the password.
This saves listing the password in 'ps' listings.
*/
// adduser command:
$pw_cmd = $cfg['prog']['uadd']." ".$data["username"]
." -g g".$data["id"]
." -s $shell "
." -d ".$data["root"]
." -c ".$data["name"]
." -h 0";
// Open a uni-directional stream to the command:
$fp=popen($pw_cmd, "w");
// Execute the command, passing the $data["password"] to it:
fwrite($fp, $data["password"]);
// Close the pipe:
fclose($fp);
Which seems to be working just as required :)
Many thanks for the reply though, I probably would have gone with your
method had I not stumbled across the one I used above :)
Cheers,
Jez
More information about the freebsd-questions
mailing list