Please, any good Linux guy can help me here??


1- how would I add a user to linux?

I would like to have a program that will add users for my linux system throu the web! ( I want my own program, no ( webmin and so on ;-) )

I can Add a user by useing useradd program! however to make this a real user, I have to give him/her a password useing passwd!! I can't do this by doing a "run time command" on my Program(CGI). I also can edit the /etc/passwd file but how would I encrypt the password!!

this is the most important question I have!! ;-0 Please Help me out


2- ( it is not important) how would you add an email account without adding a user?
Example: I want to add an email called Matt@Mysite.com without creating a user called Matt?


I hope I can find the answer ;-)

1. To create a user:
/usr/sbin/pw useradd name-of-user -g group-of-user
To set a user's password, pipe it into
/usr/sbin/pw usermod name-of-user -h 0

2. I'd create a user with shell = nologin.

thanks for the reply cperciva

I guess you misunderstood my question! I asked " how to add a user/password programmicly"

I can telnet to the system and use "useradd" to add a user, then use "passwd" to add a password to that user!

now my question was, it is really easy to make a program to add users because all you need is just call "useradd USERNAME" however, you need to add a password to that user! so if you used the command passwd in your program, your program wouldn't know how it will answer the next question which is "enter your password".

my question was, how would I be able to add a user to Linux system throu a program!


2- on the 2nd question, I asked how would I add an email without adding a user! I don't want to add a user at all, just email account.

thanks anyway for your answer

Originally posted by adel
I guess you misunderstood my question! I asked " how to add a user/password programmicly"


No, I understood your question perfectly, and I answered it. In perl:
system("/usr/sbin/pw useradd $username -g $groupname");
open PWPIPE,"|/usr/sbin/pw usermod $username -h 0";
print PWPIPE "$password\n";
close PWPIPE;

thanks cperciva,

but may be I didn't understand your answer :D


anyway, I try to find the program called "pw" and it wasn't there.
I did the following :

find / -name pw

and there wasn't anything in my system by this name! is it something I can download from somewhere else?

Hmm, I keep on forgetting how non-unix linux is. In that case I can't see immediately how to do this in linux... can someone who uses linux help here?

would passwd work??

The easy/simple way to do this, is have a script (Perl, for example, since it was mentioned) get a password from input (or just generate one) and append the password and username, and have it add this newly encrypted password to the user name in the shadow file (I hope you're not using /etc/passwd to house your username and passwords!).

As for the email and how to add an account, it depends on what exactly you want to do, create a POP email, I assume. Do you want it to work in any specific manner? And, mainly, what POP(3?) program are you running? If you still need a solution, send me an email using the email function on this web board (on my post) and if I get some extra time, I'll have you out -- but specific information of exactly what you want to do and how, is most helpful (And I don't mean "how" as in technically, but just how you want it to work).

Originally posted by Tim_Greer
The easy/simple way to do this, is have a script (Perl, for example, since it was mentioned) get a password from input (or just generate one) and append the password and username, and have it add this newly encrypted password to the user name in the shadow file (I hope you're not using /etc/passwd to house your username and passwords!).


For every problem, there is a solution which is simple, easy, and wrong. -- somebody said this but I can't remember who

If you're going to edit the password file directly, you have to worry about file locking, as well as rebuilding the password database once you're done. That's why people use "vipw" rather than just "vi /etc/master.passwd"... vipw does that extra stuff.

Originally posted by cperciva


For every problem, there is a solution which is simple, easy, and wrong. -- somebody said this but I can't remember who

If you're going to edit the password file directly, you have to worry about file locking, as well as rebuilding the password database once you're done. That's why people use "vipw" rather than just "vi /etc/master.passwd"... vipw does that extra stuff.

Pardon? Firstly, I wasn't talking about what I assume you are mentioning -- and saving the original content of the files would not be a problem whatsoever. However, I wasn't really speaking in that manner, but what is "wrong" with appending information to the passwd file anyway? We're not talking about master.passwd, for the sake of the example, as I'm sure you're aware, and it's simply 'shadow' in a Linux system -- unless this person is truly not using PAM and what seems like an ancient policy... and has the basic crypted passwords in their 'passwd' file, which would be odd, since no one's done that for years... and stores this information in passwd.

As for locking, Perl has file locking, as does any other scripting or programming language. You simply have the script copy the shadow file to shadow.%date_format(%example!) after you've read in and replaced the one password you want to set and write the new file and set the permissions appropriately for that file. Also, do checking on the backed up file, compared to the new one, before appending, in case someone else was writing to it between the call and the lock, etc.

Alternatively, and what I was going to suggest anyway, was simply having the Perl (for example) script check the passwd (Yellow pages) file and group file, (yes, locking them, btw), and add to the group number (next one or the 2nd available), append the user's information to passwd, take the input password (or generate one, if they prefer), encrypt it (MD5, if their system supports it, otherwise a 2 char salt) (and again, check to make sure no one has changed the files before hand (while the locking was being done -- you never know! -- Even though you lock is exclusively before reading in the content), by comparing the files, and then to finally append that information to the shadow file and compare again.

This way, no files are being read in, parsed/processed, etc. And are simply being appended to, safely, no permissions needing to be set (not that it would be an issue anyway), and backups created nonetheless (for safety). No real edit involved per se, even though appending, as with any other program surely can go awry, but that's not to worry in this simple implementation, which is completely fail safe and fine practice. I'm not sure that this tool (vipw) will be the solution to their problem/quest anyway, but I believe it's there (located at /usr/sbin/vipw) if they want to use it.

So, otherwise (without this implementation that basically does the same thing, but specifically for their needs) it would require installing 3rd party tools to automate this process (if it's not already there, which I think it has been since RedHat 5.2, for example), which if you have the knowledge you can code a script/program to do the same thing and know the code isn't able to be exploited (just for example, not that the other's could be). If this tool works in the manner they are looking for, then go for it, and be clear about that and make sure it is the right tool for them. I simply just don't see any problem or anything "wrong" with this idea of mine whatsoever, even if I would have ended up reinventing the wheel, so to speak. Maybe I misunderstood your post, or you misunderstood or assumed I meant something else? Nonetheless, thanks for the suggestion, it may serve this user's purpose, but it seemed you were claiming that my idea/solution was somehow flawed or wrong (which it's not), unless I'm wrong?

Sorry Tim, it looks like my my invisible humor tag inserter didn't work. ;)

But to address your points: in order to lock the password file (master.passwd, shadow, whatever you want to call it (personally I prefer master.passwd since it makes it more clear what we're talking about)) you have to lock it the same was as everybody else does -- which varies between operating systems and even between different versions of the same operating system. If you don't follow the global password locking rules, you'll run into problems when someone tries to change their password at the same time as you're adding a user.

We can (hopefully) trust operating systems to handle password database locking in an internally consistant manner, but the moment you try to manipulate those files yourself you can run into problems.

Originally posted by cperciva
Sorry Tim, it looks like my my invisible humor tag inserter didn't work. ;)

But to address your points: in order to lock the password file (master.passwd, shadow, whatever you want to call it (personally I prefer master.passwd since it makes it more clear what we're talking about)) you have to lock it the same was as everybody else does -- which varies between operating systems and even between different versions of the same operating system. If you don't follow the global password locking rules, you'll run into problems when someone tries to change their password at the same time as you're adding a user.

We can (hopefully) trust operating systems to handle password database locking in an internally consistant manner, but the moment you try to manipulate those files yourself you can run into problems.

Sorry, I had edited my post (or was) are you were reading (likely) the original. Perhaps the modified version (if that's not what you replied to?) will be more clear. As for master.passwd and passwd, I was just being clear, so the user knows that file we're talking about, comparing Linux and say, FreeBSD or something. I didn't want them to say "I can't find the file you guy's are talking about!". Yes, I'm aware of and agree about the file locking issues, it's like they say "It's like a traffic light, if one person follows the rules and the other people don't, all bets are off!" :-)
Anyway, I assumed this person would have been in control of this system and likely, there won't be anyone else adding users at the same time... however, if someone was, this solution would work just as well as the tool you mentioned, since it basically does the same thing in that aspect -- assuming that tool does update both files (passwd and shadow). I think I'd have to wait for more specific details from this user, before I know if that tool will accomplish their desired task... so I'll shut up. :-)