1834419 Members
1957 Online
110067 Solutions
New Discussion

user creation

 
Dakka
Occasional Contributor

user creation

How can create a new unix user from C code process:
- the function to use
- the security problems.

In the wayt to perfect the system
7 REPLIES 7
harry d brown jr
Honored Contributor

Re: user creation

do a system() call passing parameters to useradd - see man pages.

I would not recommend any other method, because if you toast the passwd file, you toast your system.


live free or die
harry
Live Free or Die
John Carr_2
Honored Contributor

Re: user creation

Hi

make sure you make a backup of the /etc/passwd file before you do anything at all.

just in case !!!


cheers
John.
Dakka
Occasional Contributor

Re: user creation

what about the permission ?
useradd should be executed by root. What to do if the process isnot root owner.
In the wayt to perfect the system
Ralph Grothe
Honored Contributor

Re: user creation

Probably the easiest way would be - as mentioned by others - to do a system() syscall for the SysV-common useradd command.
However, if you so desire, basically it's more or less just updating the right files (mainly /etc/passwd, but caveat trusted system shadow files etc.), creating the home directories for the new accounts, changing ownership and permission bits accordingly, and providing them with a bunch of dot files from e.g. /etc/skel.
For instance a FreeBSD system provides a Perl script called adduser which exactly does these things, so it's not much different implementing these steps in C.
Just get hold of the adduser script to get an idea.
Madness, thy name is system administration
harry d brown jr
Honored Contributor

Re: user creation


The danger of writing your own "user creation" program, is that you HAVE NO ROOM for ERROR. If you toast the /etc/passwd file, yuou can kiss your system goodbye.

Use the useradd command via system(). Make YOUR "c" program a root setuid program.

Like this:

chown root:bin myuseracctprog
chmod 4555 myuseracctprog

BTW, make sure you send emails to the system's admin's so they know who is doing what, and when they are doing it.

live free or die
harry
Live Free or Die
Roger Baptiste
Honored Contributor

Re: user creation

hi,

You can use execve system call and pass the parameters /usr/sbin/useradd and its arguments to the system call. You can make this a setuserid script , such that non-root user can run it.

But, be sure it is offbounds from regular users.

HTH
raj
Take it easy.
David Lodge
Trusted Contributor

Re: user creation

Strictly the way to do this from C is to use the standard posix libraries and the HP extensions from trusted systems, eg:

#include
#include

...

/* Is the system trusted? */
int trusted=iscomsec(void);

int create_user(char *name, char *pw, uid_t uid, gid_t gid,char *gecos, char *dir, char *shell)
{
passwd new_pwd;
FILE *pwd_file;
/* security checks go here, eg uid != 0 */
pwd_file=fopen("/etc/passwd","rw");

strcpy(new_pwd.pw_name,name);
strcpy(new_pwd.pw_passwd,pw);
/* ad nauseum */
if (trusted)
{
... add trusted defaults here
}

putpwent(new_pwd, pwd_file);
if (trusted) putprpwent(newpr_pwd);
}

The above is *very* cut down and misses out a lot, especially in checks...

Have a look at the following man pages:
* putpwent
* getpwent
* iscomsec
* putprpwent
* getprpwent

Be warned though; you have to be anal about the uid and gid settings, I'd advise banning *anything* under 100.

You could also use execv to run a useradd command, but again you will needed to anally check the input...

dave