shell script

Paul M. Whitney paul.whitney at mac.com
Mon Apr 7 12:17:28 UTC 2008 

In that wrapper script, you could also generate a changeme type password but
also append some unique character to each one such as first and last letter
in the user login or append the UID to the password. However you approach
it, you can still use the convention of creating multiple cookie-cutter
passwords, but also give them "some" uniqueness to "lessen" account
compromise. 

Also, you may want to automatically lock any account that is not used in
some fixed amount of days such as 30/45/60 so something like that. 

Paul M. Whitney
Sr. Systems Engineer
Worldwide Information Network Systems (WINS)
Office: 301.306.6115
Mobile: 410.493.9448
Email: whitneyp at winsnetworks.com
Email2: paul.whitney at mac.com
Pager: 1051178 at skytel.com

-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com]
On Behalf Of Steve Phillips
Sent: Sunday, April 06, 2008 11:14 AM
To: General Red Hat Linux discussion list
Subject: Re: shell script

Cameron Simpson wrote:
> On 05Apr2008 09:46, mark <m.roth2006 at rcn.com> wrote:
> | Anil Saini wrote:
> | > i need a shell script that can create multiple users....
> | > i have already done it with newuser command..and worked fine
> | > is thr any other way to create multiple user accouts and at the same
it will
> | > generate some random password...
> | 
> | Generate a random password? And how will you know what it is to tell the
user?
> 
> By recording it in a file and printing them on little slips of paper, then
> erasing the file? Hand the printouts to each user when they show up?
> Force them to change them.
> 
> | And how many users are you adding at once? I've never added more than
one or
> | two at a time, and my standard new user is set up with a password that
is
> | *required* to be changed at first login... and I give them all the same:
> | changeme. <g>
> 
> This is a better approach indeed.

Actually, its a pretty bad approach.

If you setup 1000 users with this, and I want to steal some accounts, 
all I need to do is login to my account, cat /etc/passwd then login to 
some of the other accounts that have yet to be 'activated' and change 
the passwords myself.

Sure, eventually some users will try to login and then complain they 
can't and the password will be reset - but that creates trouble for the 
admins and overhead that was not necessary. And there will usually be at 
least one or two accounts that are never used, or the student never 
complains about.

> I used to make accounts without passwords (not blank, disabled) and get
> the users to enter a password when they show up the first day.
> 
> However, this kind of thing doesn't work at places like universities
> where 1000 new people show up at session start; then you do need to
> give them all passwords.

You could probably write a wrapper script or a script to generate 
/etc/shadow and /etc/passwd entries and depending on how you wanted your 
users grouped, /etc/group entries as well and then create thir home 
directory, chown it to the newly created user and copy the contents of 
/etc/skel to the new home directory, chowning it in the process.

I did something similar when I had to create a few thousand new users 
based on a student database dump. (csv input)

-- 
Steve.

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list