LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author]

  From: Daniel Callan <dcallan@dataline.net.au>
  To  : linuxsa@linuxsa.org.au
  Date: Mon, 15 Mar 1999 14:10:10 +1000

Re: /etc/passwd

Hi Daryl,

At 13:57 15/03/99 +1030, Daryl wrote:
>I'm in the planning stages of writing a C program that I am going to set up
>as a CGI script and set it up so that I can add, delete and modify users on
>my RH5.2 system using a web interface and forms. As I see it, I have two
>options for doing this. Getting my program to directly open the /etc/passwd
>file and make the modifications, or get my program to call the useradd,
>userdel or usermod programs as required and pass the arguments to that to
>make the changes.

I have set up a similar system for our ISP servers and having tried
both methods (successfully), I would definately suggest calling the
existing "useradd, usermod, chfn, userdel" commands from the perl/C
cgi script (which will need root-suid CGI wrappers either way you do it).

The problem with directly writing to the /etc/passwd & /etc/shadow
files is that you have to do all the work that the aforementioned
commands were specifically written to do, ie: you have work out the
next avail UID and roll the "passwd-" & "shadow-" versions of the files,
lock the files so that nothing else writes/reads them while you have them
open, etc, etc.
Generally it's just messy, and all possible runtime errors become
major tradgedies if they stuff the passwd files.

Alternatively, you can just write a script that pulls the inputs
from the www form and then runs the following code:
(encryption section included)

/********************* ADDUSER SECTION ***************************/
strcpy(pw, password_text); /* copy cleartext password to pw string */
strcpy(salt,rsalt()); 
salt[2] = '\0';

sprintf(command, "/usr/sbin/useradd -c\"%s,,,\" -g %s -p%s -m -s %s %s"
,real_name, newuser_group, crypt(pw,salt), newuser_shell, newuser_username);

result = system(command);
/*****************************************************************/

The only real prerequisite for this code is that your version of shadow
suite is new enough for "useradd/usermod" to support the -P (encrypted
passwd) option.

>My problem with the first option is that I have no idea how the passwords
>are stored in the file, i.e. the "encryption" algorithm. 
>
I think the details of this are in the man pages for the shadow suite.

Hope this helps,
-Daniel

_____________________________________________________
Daniel Callan              |      Dataline Networks |
dcallan@dataline.net.au    |      Qld, Australia    |
Systems Engineer           |      PH:  07 3356 1444 |
-----------------------------------------------------

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

Index: [thread] [date] [subject] [author]

Return to the LinuxSA Mailing List Information Page