in reply to How do I add a new Unix user?

I have two opening remarks to make:

  1. Very carefully! ;-)
  2. You haven't really given enough information for an intelligent answer.

One of the variables involved here is weather or not you are running in a shadow'ed environment or not. This will slightly change the methodology. The basic steps of adding an account to a Unix (or Linux) box are as follows:

Now that I have given you a short course on how to generate a unix account, you should be able to use the above guide to write your script. Really... it isn't all that hard... 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Peter L. Berghold --- Peter@Berghold.Net
"Those who fail to learn from history are condemned to repeat it."

Replies are listed 'Best First'.
Re: Re: How do I add a new Unix user?
by Beatnik (Parson) on May 24, 2001 at 01:12 UTC
    Some comments:
    • Users personal name is optional; it's a comment field.
    • Default password????
    • if they still use crypt, they should be sho^H^H^H locked up...
    • ++ on the drink beer
    My opinion at adding users: use useradd/adduser since it can automatically do most tasks (like autoguessing UID to use, creating homedir with /etc/skel, add *optional* personal name, encode the password correctly {even if it is crypt'ed}, set the correct permissions, etc). Don't roll your own !

    If you're not used to doing stuff like that (let me repeat *if you're not used to doing stuff like that*) don't do it on a live box...

    my $0.02

    Greetz
    Beatnik
    ... Quidquid perl dictum sit, altum viditur.
[reply]

      There are a few good reasons I can think of for writing your own script for generating accounts on a Unix box.

      • In one environment where I did create a custom script for doing this I had a requirement that clericals were going to be adding in new accounts.

        To accomplish this I created a CGI that asked a few questions and used business rules to create the account.

      • As in above if there are policies that you want to enforce that an adduser command has not been set up to deal with. For instance, spreading user accounts across multiple servers, putting users home directories across multiple mount points based on initials, etc. etc.
      • In one case I administred a system where the adduser command was capricious, cantankerous, and downright unreliable.

      Peter L. BergholdSchooner Technology Consulting, Inc.
      Peter@Berghold.Netwww.berghold.net
[reply]
        My entire point was that you should call adduser from a Perl script (since it's glue), as this is perlmonks :)
        IIRC you can pass a parameter to adduser where to create the homedir... You can have your perl code create mount points, spread it on different servers, etc.
        I doubt you'll be able to mimic the adduser behaviour with a few lines of Perl. Each platform probably has a somewhat tweaked version of adduser. If you can't guarantee the reliability of some system tools, you shouldn't have 'clericals' adding user accounts in the first place.

        Greetz
        Beatnik
        ... Quidquid perl dictum sit, altum viditur.
[reply]
Re: Re: How do I add a new Unix user?
by jynx (Priest) on May 25, 2001 at 00:11 UTC

    You missed some things:
         What is your site's policy on how to create user account names?
     Is there a server that has user uid/gid information already that 
+you can query?
        (Is it secure enough to do so?)
     After writing their passwd/shadow, do you need to push yp?
     Do you have to set quotas after creating accounts?
     Do your skel files look like <local.*> or just <.*>?
     Do you want to be nice and touch /etc/mail/<username> (and set ow
+ner/perms)?
     What kind of beer was that?  :-)

    [download]
    Really, if you're going to think of everything, don't forget the details. One of the problems with creating a script to add users is that you have to have site policy down cold so that you don't violate anything. It would be bad to be seen as having favorites because you created someone's account differently. Management doesn't take kindly to such things usually.

    My original post here didn't state what was involved because i'm of the general disposition that anyone who has to ask what is involved shouldn't be writing the scripts. This is not meant as offense, it's just that they won't have as much understanding for what needs to happen and what policies to uphold (and which to bend). It doesn't seem all that hard, but if you want to be truly lazy, automate as much as possible...

    Hope This Helps,
    jynx

[reply]
[d/l]

In Section Seekers of Perl Wisdom