From owner-freebsd-questions@FreeBSD.ORG Tue Jul 1 01:38:54 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 745A437B401 for ; Tue, 1 Jul 2003 01:38:54 -0700 (PDT) Received: from munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id BADA443FD7 for ; Tue, 1 Jul 2003 01:38:53 -0700 (PDT) (envelope-from munk@munk.nu) Received: from munk by munk.nu with local (Exim 4.20) id 19XGf7-0000Nc-19 for freebsd-questions@freebsd.org; Tue, 01 Jul 2003 09:38:53 +0100 Date: Tue, 1 Jul 2003 09:38:53 +0100 From: Jez Hancock To: FreeBSD questions List Message-ID: <20030701083852.GA1211@users.munk.nu> Mail-Followup-To: FreeBSD questions List References: <20030701061249.GA98559@users.munk.nu> <3F013768.8070407@geminix.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F013768.8070407@geminix.org> User-Agent: Mutt/1.4.1i Sender: User Munk Subject: Re: Using pw adduser to set password in a script X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jul 2003 08:38:54 -0000 Hi Uwe, Thanks for the reply. On Tue, Jul 01, 2003 at 09:25:28AM +0200, Uwe Doering wrote: > Here is what I use: > > echo 'password' | \ > pw useradd -q -h 0 -n user -g group -s shell -d /home/user \ o > -c 'comment' -m > > Note that feeding the password to 'pw' via the command line (with > 'echo') is a security problem if you have untrusted users on that > machine, since they can see the password in the process list (with 'ps'). Aha. > A better approach for automating account creation is to first store the > password (generated or given) in a file (with secure permissions, of > course) and then feed 'pw' from that file: > > pw useradd -q -h 0 -n user -g group -s shell -d /home/user \ > -c 'comment' -m < /path/to/file > rm -f /path/to/file ah :) Cheers for that :) The way I ended up doing it in PHP was: /* To add a user on FreeBSD: echo "password" | pw adduser -q -u user -g group \ -s shell -d /home/user -c comment -h - adds the user 'user' with primary group 'group', shell 'shell', home dir '/home/user' with a comment 'comment' This is pretty dodgy - the password is listed in ps output... To do this from PHP though, we use popen to create a stream to the command: pw adduser -q -u user -g group \ -s shell -d /home/user -c comment -h 0 and then write the password to the file pointer created by popen. This effectively adds the user to the passwd database whilst at same time setting the password. This saves listing the password in 'ps' listings. */ // adduser command: $pw_cmd = $cfg['prog']['uadd']." ".$data["username"] ." -g g".$data["id"] ." -s $shell " ." -d ".$data["root"] ." -c ".$data["name"] ." -h 0"; // Open a uni-directional stream to the command: $fp=popen($pw_cmd, "w"); // Execute the command, passing the $data["password"] to it: fwrite($fp, $data["password"]); // Close the pipe: fclose($fp); Which seems to be working just as required :) Many thanks for the reply though, I probably would have gone with your method had I not stumbled across the one I used above :) Cheers, Jez