topic Re: user creation in Operating System - HP-UX

user creation

Dakka — Thu, 11 Apr 2002 09:51:46 GMT

How can create a new unix user from C code process:
- the function to use
- the security problems.

Re: user creation

harry d brown jr — Thu, 11 Apr 2002 09:58:15 GMT

do a system() call passing parameters to useradd - see man pages.

I would not recommend any other method, because if you toast the passwd file, you toast your system.

live free or die
harry

Re: user creation

John Carr_2 — Thu, 11 Apr 2002 10:04:39 GMT

Hi

make sure you make a backup of the /etc/passwd file before you do anything at all.

just in case !!!

cheers
John.

Re: user creation

Dakka — Thu, 11 Apr 2002 10:23:18 GMT

what about the permission ?
useradd should be executed by root. What to do if the process isnot root owner.

Re: user creation

Ralph Grothe — Thu, 11 Apr 2002 10:29:27 GMT

Probably the easiest way would be - as mentioned by others - to do a system() syscall for the SysV-common useradd command.
However, if you so desire, basically it's more or less just updating the right files (mainly /etc/passwd, but caveat trusted system shadow files etc.), creating the home directories for the new accounts, changing ownership and permission bits accordingly, and providing them with a bunch of dot files from e.g. /etc/skel.
For instance a FreeBSD system provides a Perl script called adduser which exactly does these things, so it's not much different implementing these steps in C.
Just get hold of the adduser script to get an idea.

Re: user creation

harry d brown jr — Thu, 11 Apr 2002 10:34:53 GMT

The danger of writing your own "user creation" program, is that you HAVE NO ROOM for ERROR. If you toast the /etc/passwd file, yuou can kiss your system goodbye.

Use the useradd command via system(). Make YOUR "c" program a root setuid program.

Like this:

chown root:bin myuseracctprog
chmod 4555 myuseracctprog

BTW, make sure you send emails to the system's admin's so they know who is doing what, and when they are doing it.

live free or die
harry

Re: user creation

Roger Baptiste — Thu, 11 Apr 2002 10:49:33 GMT

hi,

You can use execve system call and pass the parameters /usr/sbin/useradd and its arguments to the system call. You can make this a setuserid script , such that non-root user can run it.

But, be sure it is offbounds from regular users.

HTH
raj

Re: user creation

David Lodge — Thu, 11 Apr 2002 11:03:41 GMT

Strictly the way to do this from C is to use the standard posix libraries and the HP extensions from trusted systems, eg:

#include
#include

...

/* Is the system trusted? */
int trusted=iscomsec(void);

int create_user(char *name, char *pw, uid_t uid, gid_t gid,char *gecos, char *dir, char *shell)
{
passwd new_pwd;
FILE *pwd_file;
/* security checks go here, eg uid != 0 */
pwd_file=fopen("/etc/passwd","rw");

strcpy(new_pwd.pw_name,name);
strcpy(new_pwd.pw_passwd,pw);
/* ad nauseum */
if (trusted)
{
... add trusted defaults here
}

putpwent(new_pwd, pwd_file);
if (trusted) putprpwent(newpr_pwd);
}

The above is *very* cut down and misses out a lot, especially in checks...

Have a look at the following man pages:
* putpwent
* getpwent
* iscomsec
* putprpwent
* getprpwent

Be warned though; you have to be anal about the uid and gid settings, I'd advise banning *anything* under 100.

You could also use execv to run a useradd command, but again you will needed to anally check the input...

dave