topic Re: Automate user creation in Operating System - HP-UX

Automate user creation

Mohammed Ali_6 — Tue, 19 Apr 2005 18:05:36 GMT

Is it possible to write an useradd script that will take input from an an existing passwd file? I am trying to replicate the users I have on one box to another seven boxes with the same user info. The script should be something like:

cat /etc/passwd | while read LINE
do
useradd option option
done

Not sure how to parse the passwd file to get the uid, gid, home etc.

Thanks in advance,

Ali

Re: Automate user creation

Biswajit Tripathy — Tue, 19 Apr 2005 18:18:20 GMT

awk -F: should work fine for getting uid, gid, home etc.
Something like

cat /etc/passwd | while read LINE
do
echo $LINE | awk -F: '{print $3, $4, $6}' | \
read -r gid uid home
useradd option option
do

- Biswajit

Re: Automate user creation

Rajeev Shukla — Tue, 19 Apr 2005 20:27:39 GMT

If the requirement is to replicate the users, why not copy the /etc/passwd and /etc/group files accross to another system excluding the system logins like root, adm, lp etc..

And if the systems are trusted then copy the /tcb files or other option is to untrust the system first and then coppy passwd and group files.

Cheers
Rajeev

Re: Automate user creation

Mohammed Ali_6 — Tue, 19 Apr 2005 21:09:55 GMT

Rajeev,

The systems are trusted; So copying the password file and the /tcb directory to the other systems should do the trick? What about the user's password, would that be the same on the target server?

Thanks,
Ali

Re: Automate user creation

Rajeev Shukla — Tue, 19 Apr 2005 21:28:11 GMT

Yes Mohammed, If the systems are trusted copying the /etc/passwd, /etc/group and /tcb will do the trick.
The users password are stored in /tcb/files/auth so all the password will remain as it was on the old system.

Cheers
Rajeev

Re: Automate user creation

lawrenzo — Tue, 19 Apr 2005 22:59:32 GMT

Here is a bit of a " Curve ball"

Instead of replicating the accounts on the other servers have you though about configuring NIS / NIS +

This allows one account on the nis master and with the correct config you can have access to any other serve rin that domain.

We use that here in one of our networks and it works well.

HTH

Re: Automate user creation

Mohammed Ali_6 — Tue, 19 Apr 2005 23:25:08 GMT

Thanks for the NIS suggestion. I am also for a centralized authentication server, but unfortunately NIS is against our corporate policy (don't ask me why, I don't get it either). We are however in the process of implementing a customized LDAP solution to authenticate against Active Directory. But until that completes, I gotta do this manually :(

Re: Automate user creation

Rajeev Shukla — Tue, 19 Apr 2005 23:40:00 GMT

To have all the password on all the servers synced you can actually write a script which we have done.
This script simply runs from /etc/profile and copies the /tcb/files/auth/?/ to all the servers when he logs in. This way you can keep the password in sync on all the trusted systems till you work on ldap or NIS solution

Cheers
Rajeev

Re: Automate user creation

Bill Hassell — Wed, 20 Apr 2005 00:09:56 GMT

A note about NIS. The main reason it is a security risk is that it transmits plaintext passwords (and other data) over the network. NIS+ encrypts the data but it is not backward compatible and many systems cannot use NIS+. Most shops that need a central authentication method are using LDAP. Locally, the questions about NIS are not important if your users connect using telnet or 'r' commands such as remsh, rcp, rexec, or rlogin.