HPE Community
Operating System - HP-UX
1833694 Members
3576 Online
110062 Solutions
New Discussion

Automated User Addtions

 
Brian Atkins
Advisor

‎12-01-2000 09:17 AM

‎12-01-2000 09:17 AM

Automated User Addtions

Greetings,
A while ago, a friend and fellow techie told me about a process by which he added new users by the following method:

1. Request is sent via email to his account in a specific format.
2. The email is forwarded to a "system" account.
3. A nightly cron job used to message to add the user and the default password copied to an encrypted file.

Does anyone have experience doing this?
Would it be considered a major no-no when it comes to security?
0 Kudos
Reply
3 REPLIES 3
Victor BERRIDGE
Honored Contributor

‎12-01-2000 09:27 AM

‎12-01-2000 09:27 AM

Re: Automated User Addtions

Well you could use useradd cmd or write your own batch shell script to automate, but then I prefer knowing who is on the machines by giving to the new users their login names I choose (yes even when there are several hundreds...) because it never misses I can remember the names (you know the deja vu feeling) it never missed when there is a name that doesnt inspire me I investigate and find out it someone else who created the account...

Best regards

Victor
0 Kudos
Reply
Tim Malnati
Honored Contributor

‎12-01-2000 10:39 AM

‎12-01-2000 10:39 AM

Re: Automated User Addtions

There is little question in my mind that someone could in fact do some creative scripting to accomplish this. I created a similar type thing for maintaining multiple machine coordination without getting into NIS. It didn't use email and nothing was 'totally' automated though. Someone, somewhere, with the appropriate rights had to start the ball rolling. In the case in question, people at the help desk had the access rights to invoke a script that setup a users environment automagically. The system was somewat complex from a standpoint of coordinating application menuing, database engine, and unix group permissions. The bottom line is that there are a variety of securty functions that can be somewhat automated, but the hairs all over me stand up with the idea of anything being processed with something as insecure as email unless you have something like PGP to fully validate the sender.
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎12-02-2000 04:32 AM

‎12-02-2000 04:32 AM

Re: Automated User Addtions

As someone else mentioned, the clever script can do wonderous things. This may be more work than is necessary though.
And yes, this is a security flaw!
Anyone can send the email to $box@host and have their name added.

I think I am a pretty clever scripter, and a script like this would probably take a week to write and test and debug.
Not worth it for a 1 minute job!
As mentioned before, If you have a lot of custom things to do to an ID, script those, but not the whole process.
Pretty scarry to think that anyone could add themselves direct access to my system with an e-mail...

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.