Date: Tue, 01 Jul 2003 09:25:28 +0200 From: Uwe Doering <gemini@geminix.org> To: Jez Hancock <jez.hancock@munk.nu> Cc: FreeBSD questions List <freebsd-questions@freebsd.org> Subject: Re: Using pw adduser to set password in a script Message-ID: <3F013768.8070407@geminix.org> In-Reply-To: <20030701061249.GA98559@users.munk.nu> References: <20030701061249.GA98559@users.munk.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
Jez Hancock wrote:
> I'm attempting to use pw adduser to add a new user to the system and
> would like confirmation that the following is the correct way to set
> the user's password at the same time:
>
> echo "password" | \
> pw adduser -q -h - -u user -g group -s shell -d /home/user -c comment
>
> Can anyone also tell me the security implications of doing this, given
> that the command is executed from a within a script (actually php but
> this is more-or-less irrelevant)?
> [...]
Here is what I use:
echo 'password' | \
pw useradd -q -h 0 -n user -g group -s shell -d /home/user \
-c 'comment' -m
Note that feeding the password to 'pw' via the command line (with
'echo') is a security problem if you have untrusted users on that
machine, since they can see the password in the process list (with 'ps').
A better approach for automating account creation is to first store the
password (generated or given) in a file (with secure permissions, of
course) and then feed 'pw' from that file:
pw useradd -q -h 0 -n user -g group -s shell -d /home/user \
-c 'comment' -m < /path/to/file
rm -f /path/to/file
Hope that helps.
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini@geminix.org | http://www.escapebox.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F013768.8070407>