Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Bash shell script for user creation in solaris
Top Forums Shell Programming and Scripting Bash shell script for user creation in solaris Post 302680933 by Smiling Dragon on Thursday 2nd of August 2012 12:32:08 PM
Old 08-02-2012
That command will add them to /etc/shadow, but they will have no password assigned (ie cannot log in). Typically there's no easy way to script password changes as the command is interactive, but you can play round with echo'ing the desired password into "passwd ${USERNAME}" or setting the password manually once on some box, reading it out of the shadow file, then having your script do a sed command to replace "^${USERNAME}:*LK*:" with "${USERNAME}:${ENCRYPTEDPASSWORD}:".
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

user creation using shell script for JSP

hello friends, I have problem. We want to create user from jsp(browser based) on our linux server. How we can do that ? or How do we create a user with shell programming by taking arguments and checking with the existing users and if the user exist it should display the message the user exists... (1 Reply)
Discussion started by: jarkvarma
1 Replies

2. UNIX for Dummies Questions & Answers

Solaris 9 NIS user creation issue

Helloo to all... what is the correct way to assign a password to a new NIS user on a NIS master server? When I the following: useradd -s /bin/bash -d /export/home/username -m username The user get created fine but when I try to assign a password I get: #passwd username... (0 Replies)
Discussion started by: GLJ@USC
0 Replies

3. Solaris

User Creation in Sun Solaris

Hi, I want to create a user who has right to change only root user password, (1 Reply)
Discussion started by: manoj.solaris
1 Replies

4. Shell Programming and Scripting

Help in Shell scripting to modify the User Creation script in oracle database.

Hi, I have several users to create on my test Oracle database taking the scripts from the Production Oracle database. I have a separate text file where I have user-id and passwords maintained. I need help in writing a shell script to go thru the user creation scripts and replace VALUES... (1 Reply)
Discussion started by: rparavastu
1 Replies

5. Solaris

Creation Date of Solaris User

Hi, I am using Solaris 10. How could I find when a solaris user was created? thanks and regards (4 Replies)
Discussion started by: fahdmirza
4 Replies

6. Shell Programming and Scripting

User creation script

Hi Gems.. I am working out on project of creating a mass user on 100 server. Please help me with script where i can create an user id of new 80 user using shell script Thanks in advance. Indrajit Bhagat (1 Reply)
Discussion started by: indrajit_renu
1 Replies

7. Shell Programming and Scripting

Bash script to Automate the Virtual Host creation process!!

Hi all, This is my sample code in /etc/httpd/conf.d/applications.conf file currently we are creating subdomain mannually for every new subdomain. I want to automate this process througs bash script , how its possible. <VirtualHost *:80> ServerName google.com ServerAlias google.com... (5 Replies)
Discussion started by: anishkumarv
5 Replies

8. UNIX for Advanced & Expert Users

Can we Automate the User creation and setting password through a script in solaris 10

Hi, I am using Solaris 10 OS and Bash shell.Is there any way can we automate User creation and setting passwords through a script or any freeware tool. Advance thanks for your response. (1 Reply)
Discussion started by: muraliinfy04
1 Replies

9. Windows & DOS: Issues & Discussions

Problems With User Creation Script

Hello everyone, I've been attempting to make a program which creates user accounts from a file which contains the usernames required. It also checks if the directory of the username exists in the C:\Users directory and then is going to give the option to delete the directory, or rename it, this... (1 Reply)
Discussion started by: charlieabee
1 Replies

10. Shell Programming and Scripting

Shell script for user account Creation

Hi Folks, I had a request to create the user request. Between, I just write a script a create, Update Geos, and update the password. My script as below: The error message, what I am getting is all the users are updated with the same Goes value.. #!/bin/bash for i in `cat users.txt`;do... (2 Replies)
Discussion started by: gsiva
2 Replies

LEARN ABOUT PLAN9

rbac

rbac(5)                                                 Standards, Environments, and Macros                                                rbac(5)

NAME

       rbac - role-based access control

DESCRIPTION

       The  addition  of  role-based  access control (RBAC) to the Solaris operating environment gives developers the opportunity to deliver fine-
       grained security in new and modified applications. RBAC is an alternative to the all-or-nothing security model  of  traditional  superuser-
       based systems. With RBAC, an administrator can assign privileged functions to specific user accounts (or special accounts called roles).

       There are two ways to give applications privileges:

       1.  Administrators can assign special attributes such as setUID to application binaries (executable files).

       2.  Administrators can assign special attributes such as setUID to applications using execution profiles.

       Special  attribute assignment along with the theory behind RBAC is discussed in detail in "Role Based Access Control" chapter of the System
       Administration Guide: Security Services. This chapter describes what authorizations are and how to code for them.

   Authorizations
       An authorization is a unique string that represents a user's right to perform some operation or class of operations. Authorization  defini-
       tions are stored in a database called auth_attr(4). For programming authorization checks, only the authorization name is significant.

       Some typical values in an auth_attr database are shown below.

       solaris.jobs.:::Cron and At Jobs::help=JobHeader.html
       solaris.jobs.grant:::Delegate Cron & At Administration::help=JobsGrant.html
       solaris.jobs.admin:::Manage All Jobs::help=AuthJobsAdmin.html
       solaris.jobs.user:::Cron & At User::help=JobsUser.html

       Authorization  name strings ending with the grant suffix are special authorizations that give a user the ability to delegate authorizations
       with the same prefix and functional area to other users.

   Creating Authorization Checks
       To check authorizations, use the chkauthattr(3SECDB) library function, which verifies whether or not a user has a given authorization.  The
       synopsis is:

       int chkauthattr(const char *authname, const char *username);

       The chkauthattr() function checks the policy.conf(4), user_attr(4), and prof_attr(4) databases in order for a match to the given authoriza-
       tion.

       If you are modifying existing code that tests for root UID, you should find the test in the code and  replace  it  with  the  chkauthattr()
       function.  A  typical  root  UID check is shown in the first code segment below. An authorization check replacing it is shown in the second
       code segment; it uses the solaris.jobs.admin authorization and a variable called real_login representing the user.

       Example 1: Standard root check

       ruid = getuid();

       if ((eflag || lflag || rflag) && argc == 1) {
               if ((pwp = getpwnam(*argv)) == NULL)
                       crabort(INVALIDUSER);

               if (ruid != 0) {
                       if (pwp->pw_uid != ruid)
                               crabort(NOTROOT);
                       else
                               pp = getuser(ruid);
               } else
                       pp = *argv++;
       } else {

       Example 2: Authorization check

       ruid = getuid();
       if ((pwp = getpwuid(ruid)) == NULL)
               crabort(INVALIDUSER);

       strcpy(real_login, pwp->pw_name);

       if ((eflag || lflag || rflag) && argc == 1) {
               if ((pwp = getpwnam(*argv)) == NULL)
                       crabort(INVALIDUSER);

               if (!chkauthattr("solaris.jobs.admin", real_login)) {
                       if (pwp->pw_uid != ruid)
                               crabort(NOTROOT);
                       else
                               pp = getuser(ruid);
               } else
                       pp = *argv++;
       } else {

       For new applications, find an appropriate location for the test and use chkauthattr() as shown above.  Typically  the  authorization  check
       makes  an access decision based on the identity of the calling user to determine if a privileged action (for example, a system call) should
       be taken on behalf of that user.

       Applications that perform a test to restrict who can perform their security-relevant functionality are generally setuid to  root.  Programs
       that  were  written prior to RBAC and that are only available to the root user may not have such checks. In most cases, the kernel requires
       an effective user ID of root to override policy enforcement. Therefore, authorization checking is most useful in programs that  are  setuid
       to root.

       For instance, if you want to write a program that allows authorized users to set the system date, the command must be run with an effective
       user ID of root. Typically, this means that the file modes for the file would be -rwsr-xr-x with root ownership.

       Use caution, though, when making programs setuid to root. For example, the effective UID should be set to the real UID as early as possible
       in  the  program's  initialization  function. The effective UID can then be set back to root after the authorization check is performed and
       before the system call is made. On return from the system call, the effective UID should be set back to the real UID again to adhere to the
       principle of least privilege.

       Another  consideration  is  that LD_LIBRARY path is ignored for setuid programs (see SECURITY section in ld.so.1(1)) and that shell scripts
       must be modified to work properly when the effective and real UIDs are different. For example, the -p flag in Bourne shell is  required  to
       avoid resetting the effective UID back to the real UID.

       Using  an  effective  UID  of  root instead of the real UID requires extra care when writing shell scripts. For example, many shell scripts
       check to see if the user is root before executing their functionality. With RBAC, these shell scripts may be running with the effective UID
       of root and with a real UID of a user or role. Thus, the shell script should check euid instead of uid. For example,

       WHO=`id | cut -f1 -d" "`
       if [ ! "$WHO" = "uid=0(root)" ]
       then
              echo "$PROG: ERROR: you must be super-user to run this script."
              exit 1
       fi

       should be changed to

       WHO=`/usr/xpg4/bin/id -n -u`
       if [ ! "$WHO" = "root" ]
       then
              echo "$PROG: ERROR: you are not authorized to run this script."
              exit 1
       fi

       Authorizations can be explicitly checked in shell scripts by checking the output of the auths(1) utility. For example,

       for auth in `auths | tr , " "` NOTFOUND
       do
           [ "$auth" = "solaris.date" ] && break       # authorization found
       done

       if [ "$auth" != "solaris.date" ]
       then
           echo >&2 "$PROG: ERROR: you are not authorized to set the date"
           exit 1
       fi

SEE ALSO

       ld.so.1(1), chkauthattr(3SECDB), auth_attr(4), policy.conf(4), prof_attr(4), user_attr(4)

       System Administration Guide: Security Services

SunOS 5.10                                                          15 Jul 2003                                                            rbac(5)
All times are GMT -4. The time now is 04:42 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy