Mass account creation


 
Thread Tools Search this Thread
Special Forums Cybersecurity Mass account creation
# 1  
Old 12-19-2014
Mass account creation

By the company winning business from another outsource provider, I've suddenly inherited towards 300 servers and all accounts are local.

One of the immediate tasks is to set up all the OS, DB, and app support staff on all of the servers operating systems. I've slapped together a crude script for the RHEL servers that needs a little tweaking dependant on the release and it reads an input file that contains the user ids, what to put in the comments, groups etc. It also reads the password I've set in the file and uses chpasswd to push that in without me keying them (twice) for each user on each server.

All well and good, but now the servers being looked at are AIX 6 & Solaris 8 I think - it reports as 5.8 on uname (I'm only certified on Solaris 2.6 Smilie) and haven't had one for many years. Do either of these have a similar function to chpasswd that I can exploit with a script with? There is no expect though. I do recall that there is the crypt on Solaris that I could possibly use somehow.

The only other option I can think of is to set them all up on one server, then copy the encrypted password to all the others, but then I'd have to directly edit /etc/shadow or /etc/security/passwd and I'd prefer not to. If I have to do so, then naturally it will be against a copy that I can then switch in.

On Solaris, I've found putspent, but that requires C-code wrapping around it and I have almost nil experience.

Any pointers welcome. I'm happy to do the leg work if it's a rather terse tool - preferably not in C, but I will take any help I can get!



Thanks, in advance,
Robin
# 2  
Old 12-19-2014
Worst case, I think you could kludge something with ssh -t -t.

Of course, /etc/shadow and /etc/passwd are text files, nothing but file permissions stops you from just appending values if you happen to know them. I don't think it's that dangerous if you know what you're doing and you sanity-check for collisions.
# 3  
Old 12-19-2014
rbattle1,
To create accounts on most Linux and Solaris servers use the useradd command. I would not edit the /etc/passwd or /etc/shadow files to create the accounts. You can use the exact same command to create accounts on the RHEL and Solaris regardless of version. I have no experience with AIX.

On one server I have the user set their password with the passwd command. I then copy their hash or the whole line form that server's shadow file to the rest.

You should not need to use the -t option with the SSH command.

Make sure you use the same UID for the user access all the servers.

I hope this helps
# 4  
Old 12-19-2014
Quote:
Originally Posted by bitlord
You should not need to use the -t option with the SSH command.
ssh -t -t is a revolting kludge to force-feed generated text into programs which demand a terminal, like passwd often does. The -t -t forces it to always allocate a terminal, even when run from a script, even when run noninteractively, when it otherwise wouldn't bother.

It's kind of a last resort, since it's even uglier than expect, but even on the same machine it can sometimes be useful.
This User Gave Thanks to Corona688 For This Post:
# 5  
Old 12-19-2014
Corna688,
I have used ssh with -t before, but I have never used -t twice (ssh -t -t). I will have to test it out on some of my scripts. To get around the need for a terminal, I usually just call a script on the remote server.
# 6  
Old 12-19-2014
Quote:
Originally Posted by bitlord
Corna688,
I have used ssh with -t before, but I have never used -t twice (ssh -t -t).
ssh will ignore a single '-t' when ssh itself lacks a terminal. -t -t forces it to allocate a terminal no matter what.
# 7  
Old 12-22-2014
You have my thanks for the input.

For clarity, the users will be added with normal tools, i.e. useradd so I'm not creating the whole user account by appending lines to /etc/passwd etc., but it's the setting of passwords where I'm falling down. I will have a try with the ssh suggestion, but if it gets too messy I will edit /etc/shadow and put in the encrypted passwords from one done manually.



Robin
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Shell script for user account Creation

Hi Folks, I had a request to create the user request. Between, I just write a script a create, Update Geos, and update the password. My script as below: The error message, what I am getting is all the users are updated with the same Goes value.. #!/bin/bash for i in `cat users.txt`;do... (2 Replies)
Discussion started by: gsiva
2 Replies

2. How to Post in the The UNIX and Linux Forums

Simultaneously try to execute commands after connecting to remote account to one account

I have made password less connection to my remote account. and i tried to execute commands at a time. but i am unable to execute the commands. ssh $ACCOUNT_DETAILS@$HOST_DETAILS cd ~/JEE/*/logs/ (1 Reply)
Discussion started by: kishored005
1 Replies

3. AIX

VI questions : mass changes, mass delete and external insert

Is it possible in VI to do a global change but take the search patterns and the replacement patterns from an external file ? I have cases where I can have 100,200 or 300+ global changes to do. All the new records are inside a file and I must VI a work file to change all of them. Also, can... (1 Reply)
Discussion started by: Browser_ice
1 Replies

4. UNIX for Dummies Questions & Answers

Account creation Sudo enabled

Hi, how to create account with the following be cron enabled only accessible via sudo (1 Reply)
Discussion started by: vilves
1 Replies

5. UNIX for Advanced & Expert Users

how to find creation time of an account?

Hi all, I want to know the time when a perticular user is created, atleat in which year it is created. Could any one help me in this issue. Thanks in advance. Regards, M.Sukumar (1 Reply)
Discussion started by: sukumar
1 Replies

6. UNIX for Dummies Questions & Answers

user account creation date

hi, i tried searching the forum for a thread about this, but came up empty handed. is there a way to pull a list of all user accounts, with the associated creation date? thanks in advance! (2 Replies)
Discussion started by: lilweezy
2 Replies

7. UNIX for Dummies Questions & Answers

Account creation date

Hi All, Is there a simple and obvious way to see when an account was created.An account has come to my attention in /etc/passwd and a last on it shows having never logged in and the home directory looks to be a couple of years old. Just wondering if I'm over looking anything obvious. ... (2 Replies)
Discussion started by: Hayez
2 Replies

8. UNIX for Dummies Questions & Answers

Mass directory creation?

I have a couple thousand data files that all have to have there own directory named exactly the same as the file name. Then the file needs to be moved to that directory. For example files test1.mat, test2.mat, test3.mat in directory X need to have directories test1, test2, test3 created... (6 Replies)
Discussion started by: AeroEngy
6 Replies

9. Forum Support Area for Unregistered Users & Account Problems

Account creation trouble

I created an account a while back, but never received any confirmation, so I could never get the full access... :( I logged back in today, but I'd forgotten what I'd used for username... anyway, I entered my email address and it said that I would receive my login information, which I... (2 Replies)
Discussion started by: seaghan
2 Replies
Login or Register to Ask a Question