tweetiepooh has asked for the wisdom of the Perl Monks concerning the following question:

Trying to write a tool to allow managers to create accounts for staff in their area. To do this I started with some simple playing, ssh to the NIS server, create user and set password. It's the latter that caused problems as the passwd command over ssh is not so easy to manipulate and that's what I need some pointers to.

One idea I've had but not tried is to Net::Telnet to localhost and use that as a sort of "pipe". Hopefully that will give a flow control that will allow manipulation of passwd responces.

This must be the sort of task someone's hit before.

Replies are listed 'Best First'.
Re: Running a remote passwd command.
by thor (Priest) on Jan 11, 2006 at 12:52 UTC
    I second the call for the Expect module. I've personally tackled the problem that you're trying to solve. passwd looks to have a real tty behind it for security reasons. Expect fakes that well enough.

    thor

    The only easy day was yesterday

[reply]
Re: Running a remote passwd command.
by marto (Cardinal) on Jan 11, 2006 at 12:23 UTC
[reply]
Re: Running a remote passwd command.
by blm (Hermit) on Jan 11, 2006 at 12:23 UTC
[reply]
Re: Running a remote passwd command.
by DungeonKeeper (Novice) on Jan 11, 2006 at 12:59 UTC
    If NIS is running, then passwd would theoretically function locally but use the NIS database. The issue therefore becomes enabling the non-priveleged user to do a privileged action. The C way of doing this is to write a program that:

    - performs a setuid or setruid system call to become root

    - performs further system calls, e.g. setpwinfo if Solaris, to set the password

    and then set the sticky bit of the resulting executable to enable the setruid for the O/S.

    I don't see a way to convert the setruid part into perl - I think instead you'd need to make it a linked-in C subroutine -- it is practically a one-liner in C anyway. Passwd::Solaris and Passwd:Linux provide the replacement for actually setting the password. PAR can create the required executable whose sticky bit should be set immediately after installation (e.g. in the manager's home) as before (setting the sticky bit of a perl script will probably be insufficient). See also PAR Tutorial. Alternative ways to make an executable from perl are perlcc and Perl2Exe.

    Everything but the troll

[reply]

      The module Passwd::Linux does work fine but the problem is the module doesn't setup all the flags in the /etc/shadow. If this is not an issue for you than just use it.

      Another inconvenience with this module is that doesn't have an function to generate the password hash so you will need to make it yourself.


      Alceu Rodrigues de Freitas Junior
      --------------------------------------
      glasswalk3r@yahoo.com.br
      http://www.imortais.cjb.net
      "You have enemies? Good. That means you've stood up for something, sometime in your life." - Sir Winston Churchill
[reply]

Back to Seekers of Perl Wisdom