HPE Community
Operating System - HP-UX
1834419 Members
1957 Online
110067 Solutions
New Discussion

user creation

 
Dakka
Occasional Contributor

‎04-11-2002 02:51 AM

‎04-11-2002 02:51 AM

user creation

How can create a new unix user from C code process:
- the function to use
- the security problems.

In the wayt to perfect the system
0 Kudos
Reply
7 REPLIES 7
harry d brown jr
Honored Contributor

‎04-11-2002 02:58 AM

‎04-11-2002 02:58 AM

Re: user creation

do a system() call passing parameters to useradd - see man pages.

I would not recommend any other method, because if you toast the passwd file, you toast your system.


live free or die
harry
Live Free or Die
0 Kudos
Reply
John Carr_2
Honored Contributor

‎04-11-2002 03:04 AM

‎04-11-2002 03:04 AM

Re: user creation

Hi

make sure you make a backup of the /etc/passwd file before you do anything at all.

just in case !!!


cheers
John.
0 Kudos
Reply
Dakka
Occasional Contributor

‎04-11-2002 03:23 AM

‎04-11-2002 03:23 AM

Re: user creation

what about the permission ?
useradd should be executed by root. What to do if the process isnot root owner.
In the wayt to perfect the system
0 Kudos
Reply
Ralph Grothe
Honored Contributor

‎04-11-2002 03:29 AM

‎04-11-2002 03:29 AM

Re: user creation

Probably the easiest way would be - as mentioned by others - to do a system() syscall for the SysV-common useradd command.
However, if you so desire, basically it's more or less just updating the right files (mainly /etc/passwd, but caveat trusted system shadow files etc.), creating the home directories for the new accounts, changing ownership and permission bits accordingly, and providing them with a bunch of dot files from e.g. /etc/skel.
For instance a FreeBSD system provides a Perl script called adduser which exactly does these things, so it's not much different implementing these steps in C.
Just get hold of the adduser script to get an idea.
Madness, thy name is system administration
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎04-11-2002 03:34 AM

‎04-11-2002 03:34 AM

Re: user creation


The danger of writing your own "user creation" program, is that you HAVE NO ROOM for ERROR. If you toast the /etc/passwd file, yuou can kiss your system goodbye.

Use the useradd command via system(). Make YOUR "c" program a root setuid program.

Like this:

chown root:bin myuseracctprog
chmod 4555 myuseracctprog

BTW, make sure you send emails to the system's admin's so they know who is doing what, and when they are doing it.

live free or die
harry
Live Free or Die
0 Kudos
Reply
Roger Baptiste
Honored Contributor

‎04-11-2002 03:49 AM

‎04-11-2002 03:49 AM

Re: user creation

hi,

You can use execve system call and pass the parameters /usr/sbin/useradd and its arguments to the system call. You can make this a setuserid script , such that non-root user can run it.

But, be sure it is offbounds from regular users.

HTH
raj
Take it easy.
0 Kudos
Reply
David Lodge
Trusted Contributor

‎04-11-2002 04:03 AM

‎04-11-2002 04:03 AM

Re: user creation

Strictly the way to do this from C is to use the standard posix libraries and the HP extensions from trusted systems, eg:

#include
#include

...

/* Is the system trusted? */
int trusted=iscomsec(void);

int create_user(char *name, char *pw, uid_t uid, gid_t gid,char *gecos, char *dir, char *shell)
{
passwd new_pwd;
FILE *pwd_file;
/* security checks go here, eg uid != 0 */
pwd_file=fopen("/etc/passwd","rw");

strcpy(new_pwd.pw_name,name);
strcpy(new_pwd.pw_passwd,pw);
/* ad nauseum */
if (trusted)
{
... add trusted defaults here
}

putpwent(new_pwd, pwd_file);
if (trusted) putprpwent(newpr_pwd);
}

The above is *very* cut down and misses out a lot, especially in checks...

Have a look at the following man pages:
* putpwent
* getpwent
* iscomsec
* putprpwent
* getprpwent

Be warned though; you have to be anal about the uid and gid settings, I'd advise banning *anything* under 100.

You could also use execv to run a useradd command, but again you will needed to anally check the input...

dave
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.