Unix/Linux Go Back    


Security Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.

Mass account creation

Security


Tags
aix, password, solaris

Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 12-19-2014
rbatte1 rbatte1 is offline Forum Staff  
Root armed
 
Join Date: Jun 2007
Last Activity: 25 May 2017, 7:38 AM EDT
Location: Lancashire, UK
Posts: 3,102
Thanks: 1,301
Thanked 590 Times in 534 Posts
Mass account creation

By the company winning business from another outsource provider, I've suddenly inherited towards 300 servers and all accounts are local.

One of the immediate tasks is to set up all the OS, DB, and app support staff on all of the servers operating systems. I've slapped together a crude script for the RHEL servers that needs a little tweaking dependant on the release and it reads an input file that contains the user ids, what to put in the comments, groups etc. It also reads the password I've set in the file and uses chpasswd to push that in without me keying them (twice) for each user on each server.

All well and good, but now the servers being looked at are AIX 6 & Solaris 8 I think - it reports as 5.8 on uname (I'm only certified on Solaris 2.6 Linux) and haven't had one for many years. Do either of these have a similar function to chpasswd that I can exploit with a script with? There is no expect though. I do recall that there is the crypt on Solaris that I could possibly use somehow.

The only other option I can think of is to set them all up on one server, then copy the encrypted password to all the others, but then I'd have to directly edit /etc/shadow or /etc/security/passwd and I'd prefer not to. If I have to do so, then naturally it will be against a copy that I can then switch in.

On Solaris, I've found putspent, but that requires C-code wrapping around it and I have almost nil experience.

Any pointers welcome. I'm happy to do the leg work if it's a rather terse tool - preferably not in C, but I will take any help I can get!



Thanks, in advance,
Robin
Sponsored Links
    #2  
Old Unix and Linux 12-19-2014
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 26 May 2017, 4:17 PM EDT
Location: Saskatchewan
Posts: 22,183
Thanks: 1,092
Thanked 4,174 Times in 3,861 Posts
Worst case, I think you could kludge something with ssh -t -t.

Of course, /etc/shadow and /etc/passwd are text files, nothing but file permissions stops you from just appending values if you happen to know them. I don't think it's that dangerous if you know what you're doing and you sanity-check for collisions.
Sponsored Links
    #3  
Old Unix and Linux 12-19-2014
bitlord bitlord is offline
Registered User
 
Join Date: Mar 2010
Last Activity: 20 May 2016, 11:47 AM EDT
Posts: 339
Thanks: 12
Thanked 44 Times in 40 Posts
rbattle1,
To create accounts on most Linux and Solaris servers use the useradd command. I would not edit the /etc/passwd or /etc/shadow files to create the accounts. You can use the exact same command to create accounts on the RHEL and Solaris regardless of version. I have no experience with AIX.

On one server I have the user set their password with the passwd command. I then copy their hash or the whole line form that server's shadow file to the rest.

You should not need to use the -t option with the SSH command.

Make sure you use the same UID for the user access all the servers.

I hope this helps
    #4  
Old Unix and Linux 12-19-2014
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 26 May 2017, 4:17 PM EDT
Location: Saskatchewan
Posts: 22,183
Thanks: 1,092
Thanked 4,174 Times in 3,861 Posts
Quote:
Originally Posted by bitlord View Post
You should not need to use the -t option with the SSH command.
ssh -t -t is a revolting kludge to force-feed generated text into programs which demand a terminal, like passwd often does. The -t -t forces it to always allocate a terminal, even when run from a script, even when run noninteractively, when it otherwise wouldn't bother.

It's kind of a last resort, since it's even uglier than expect, but even on the same machine it can sometimes be useful.
The Following User Says Thank You to Corona688 For This Useful Post:
rbatte1 (12-22-2014)
Sponsored Links
    #5  
Old Unix and Linux 12-19-2014
bitlord bitlord is offline
Registered User
 
Join Date: Mar 2010
Last Activity: 20 May 2016, 11:47 AM EDT
Posts: 339
Thanks: 12
Thanked 44 Times in 40 Posts
Corna688,
I have used ssh with -t before, but I have never used -t twice (ssh -t -t). I will have to test it out on some of my scripts. To get around the need for a terminal, I usually just call a script on the remote server.
Sponsored Links
    #6  
Old Unix and Linux 12-19-2014
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 26 May 2017, 4:17 PM EDT
Location: Saskatchewan
Posts: 22,183
Thanks: 1,092
Thanked 4,174 Times in 3,861 Posts
Quote:
Originally Posted by bitlord View Post
Corna688,
I have used ssh with -t before, but I have never used -t twice (ssh -t -t).
ssh will ignore a single '-t' when ssh itself lacks a terminal. -t -t forces it to allocate a terminal no matter what.
Sponsored Links
    #7  
Old Unix and Linux 12-22-2014
rbatte1 rbatte1 is offline Forum Staff  
Root armed
 
Join Date: Jun 2007
Last Activity: 25 May 2017, 7:38 AM EDT
Location: Lancashire, UK
Posts: 3,102
Thanks: 1,301
Thanked 590 Times in 534 Posts
You have my thanks for the input.

For clarity, the users will be added with normal tools, i.e. useradd so I'm not creating the whole user account by appending lines to /etc/passwd etc., but it's the setting of passwords where I'm falling down. I will have a try with the ssh suggestion, but if it gets too messy I will edit /etc/shadow and put in the encrypted passwords from one done manually.



Robin
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Account creation Sudo enabled vilves UNIX for Dummies Questions & Answers 1 06-06-2006 10:35 AM
how to find creation time of an account? sukumar UNIX for Advanced & Expert Users 1 05-31-2006 10:31 AM
Account creation date Hayez UNIX for Dummies Questions & Answers 2 08-02-2005 02:44 AM
Mass directory creation? AeroEngy UNIX for Dummies Questions & Answers 6 07-21-2005 12:57 PM
Account creation trouble seaghan Forum Support Area for Unregistered Users & Account Problems 2 04-22-2005 12:15 PM



All times are GMT -4. The time now is 05:58 AM.