Results 1 to 10 of 10
  1. #1
    Join Date
    Oct 2006
    Posts
    98

    Create new linux user - change pass - bash/php

    Hi,

    I'm really new to shell scripting so please help me out in this one.

    I have several vps'es which the primary function is vpn. All vpn client users should have their usernames and passwords stored in each and every vps (replicated data). Right now, I do this by manually entering their usernames and passwords to each vps to make sure they will be able to login in any of the vps'es.

    What I want to do is to create a web ui that would automatically create a linux user with their password on all of the vps'es. Changing password facility will be great too but can come later.

    I am planning to accomplish this with php as I am more familiar with it. I hope someone could point me out to a guide or better post your solutions here. Thanks

  2. #2
    Join Date
    Apr 2008
    Location
    United States, MI
    Posts
    766
    PHP Code:
    <?PHP

    function adduser($username,$password,$server){
      
    shell_exec("ssh root@$server \"adduser $username; echo $password | passwd $username --stdin\"");
    }

    function 
    chpass($username,$password,$server){
      
    shell_exec("ssh root@$server \"echo $password | passwd $username --stdin\"");


    $servers = array('1.1.1.1','1.1.1.2');

    foreach(
    $servers as $server){
      
    adduser('crothers','password',$server);
    }
    Of course modify the ssh lines to include a -i for a key, then key the boxes so there is no SSH login prompt so PHP will run it.
    Steven Crothers
    No BS cloud engineer and Red Hat architect.

  3. #3
    Join Date
    Oct 2006
    Posts
    98
    thank you very much for the code that really is very helpful.

    however, I would just like to add some follow up questions.
    - what if the server ssh port is not 22? could i just specify it in the server array like '1.1.1.1:221'?
    - could you give me an example on how to use the -i?

    I will try this later today and the last task i guess would be to learn how to create a key for ssh

    Really appreciate the help. Thanks.

  4. #4
    Join Date
    Apr 2008
    Location
    United States, MI
    Posts
    766
    For alternative ports, you would either need to:
    a) If all the ports are the same, statically set the port in the SSH line using a -p flag (IE: -p2222).
    b) Add a port to the function variables and pass the port from another array or a multi-dimensional array containing all the login data for each server (a mysql row for example would work).

    As far as the -i, you need to use ssh-keygen to create a key first then set the path:
    http://linux.die.net/man/1/ssh
    http://linux.die.net/man/1/ssh-keygen

    Additional reading:
    http://www.cyberciti.biz/tips/ssh-pu...on-how-to.html
    http://www.guyrutenberg.com/2007/10/...-and-dsa-keys/
    http://www.howtoforge.com/ssh_key_based_logins_putty
    http://www.linuxconfig.org/Passwordless_ssh

    Hopefully that helps.
    Steven Crothers
    No BS cloud engineer and Red Hat architect.

  5. #5
    Join Date
    Apr 2009
    Location
    inside wht
    Posts
    716
    Are you using openvz vps. So there is a simple command to reset the user password
    , use the flag --userpasswd with vzctl
    24x7 PRO-ACTIVE SERVER MANAGEMENT | OUTSOURCED WEB HOSTING SUPPORT
    Now Available The first Support Brand for Startup Hosting Companies

    Sales : sales @ syslint.com | Skype us : SyslintSkype | Call us : (+91)6007799

  6. #6
    Join Date
    Apr 2008
    Location
    United States, MI
    Posts
    766
    Quote Originally Posted by Syslint View Post
    Are you using openvz vps. So there is a simple command to reset the user password
    , use the flag --userpasswd with vzctl
    That's actually a great suggestion, it doesn't solve the user creation but it would help automate the password changes in a far less complex way. So if you have root access to your VPS nodes, that would actually be a better solution long term.
    Steven Crothers
    No BS cloud engineer and Red Hat architect.

  7. #7
    Join Date
    Apr 2009
    Location
    inside wht
    Posts
    716
    Quote Originally Posted by Crothers View Post
    That's actually a great suggestion, it doesn't solve the user creation but it would help automate the password changes in a far less complex way. So if you have root access to your VPS nodes, that would actually be a better solution long term.
    You are wrong I think , it will create user and set the password , if the user doesn't exist .

    For example
    # vzctl exec 1000 grep funuser /etc/passwd
    # vzctl set 1000 --userpasswd funuser:foo --save
    Changing password for user funuser.
    passwd: all authentication tokens updated successfully.
    Saved parameters for CT 581
    # vzctl exec 1000 grep funuser /etc/passwd
    funuser:x:32008:32010::/home/funuser:/bin/bash
    24x7 PRO-ACTIVE SERVER MANAGEMENT | OUTSOURCED WEB HOSTING SUPPORT
    Now Available The first Support Brand for Startup Hosting Companies

    Sales : sales @ syslint.com | Skype us : SyslintSkype | Call us : (+91)6007799

  8. #8
    Join Date
    Apr 2008
    Location
    United States, MI
    Posts
    766
    I stand corrected, I've never used vzctl in such a way. So if he has root access, using vzctl would be a far better solution for what he's looking for.
    Steven Crothers
    No BS cloud engineer and Red Hat architect.

  9. #9
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,842
    So what happens when someone hacks into his website? It's a common enough occurrence through vulnerable scripts, ftp password sniffing or viruses on desktop computers. The usual result is a defacement or spam mailer, but at least the attack is limited to user-level access. With something like this in the account you're instantly handing over root access to the attacker.

    OP: if you're going to let the web script use ssh keys to login as root then at least restrict them to running a single command (some of the docs linked above will probably show you how) but even then it's a risk.

    I'd suggest you do it differently: have a completely separate program running as root - continuously or as a cron job at whatever interval you can accept. Then use some simple limited method of communication between the web script and the root program, eg. the web script drops a file into a specific directory containing the username and password to be created, the root program looks for files in that directory and on finding one, creates the user and deletes the file.
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

  10. #10
    Join Date
    Apr 2008
    Location
    United States, MI
    Posts
    766
    No matter how the implementation is setup, there is going to be a security risk built in. However designing such safeguards should be done by the programmer.

    Of course a sudo style system can be used to do what he's asking, but that was a bit out of scope of the question.
    Steven Crothers
    No BS cloud engineer and Red Hat architect.

Similar Threads

  1. compare two files (linux bash or php)
    By thorin1270 in forum Programming Discussion
    Replies: 2
    Last Post: 02-01-2007, 02:48 PM
  2. how to change Linux pass with PHP ?
    By goolex in forum Programming Discussion
    Replies: 4
    Last Post: 04-03-2006, 02:10 PM
  3. php program to let user create a homepage
    By recklessop in forum Web Design and Content
    Replies: 3
    Last Post: 05-08-2005, 11:04 PM
  4. PHP create ftp user account
    By Canadaka in forum Programming Discussion
    Replies: 1
    Last Post: 11-20-2004, 05:43 AM
  5. how to on linux bash from root run process as diffrent user?
    By nand in forum Hosting Security and Technology
    Replies: 2
    Last Post: 09-05-2004, 11:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •