Results 1 to 10 of 10
-
02-28-2011, 03:39 AM #1WHT Addict
- Join Date
- Oct 2006
- Posts
- 105
Create new linux user - change pass - bash/php
Hi,
I'm really new to shell scripting so please help me out in this one.
I have several vps'es which the primary function is vpn. All vpn client users should have their usernames and passwords stored in each and every vps (replicated data). Right now, I do this by manually entering their usernames and passwords to each vps to make sure they will be able to login in any of the vps'es.
What I want to do is to create a web ui that would automatically create a linux user with their password on all of the vps'es. Changing password facility will be great too but can come later.
I am planning to accomplish this with php as I am more familiar with it. I hope someone could point me out to a guide or better post your solutions here. Thanks
-
02-28-2011, 03:53 AM #2Web Hosting Master
- Join Date
- Apr 2008
- Location
- United States, MI
- Posts
- 769
PHP Code:<?PHP
function adduser($username,$password,$server){
shell_exec("ssh root@$server \"adduser $username; echo $password | passwd $username --stdin\"");
}
function chpass($username,$password,$server){
shell_exec("ssh root@$server \"echo $password | passwd $username --stdin\"");
}
$servers = array('1.1.1.1','1.1.1.2');
foreach($servers as $server){
adduser('crothers','password',$server);
}Steven Crothers
No BS cloud engineer and Red Hat architect.
-
02-28-2011, 04:28 AM #3WHT Addict
- Join Date
- Oct 2006
- Posts
- 105
thank you very much for the code that really is very helpful.
however, I would just like to add some follow up questions.
- what if the server ssh port is not 22? could i just specify it in the server array like '1.1.1.1:221'?
- could you give me an example on how to use the -i?
I will try this later today and the last task i guess would be to learn how to create a key for ssh
Really appreciate the help. Thanks.
-
02-28-2011, 04:41 PM #4Web Hosting Master
- Join Date
- Apr 2008
- Location
- United States, MI
- Posts
- 769
For alternative ports, you would either need to:
a) If all the ports are the same, statically set the port in the SSH line using a -p flag (IE: -p2222).
b) Add a port to the function variables and pass the port from another array or a multi-dimensional array containing all the login data for each server (a mysql row for example would work).
As far as the -i, you need to use ssh-keygen to create a key first then set the path:
http://linux.die.net/man/1/ssh
http://linux.die.net/man/1/ssh-keygen
Additional reading:
http://www.cyberciti.biz/tips/ssh-pu...on-how-to.html
http://www.guyrutenberg.com/2007/10/...-and-dsa-keys/
http://www.howtoforge.com/ssh_key_based_logins_putty
http://www.linuxconfig.org/Passwordless_ssh
Hopefully that helps.Steven Crothers
No BS cloud engineer and Red Hat architect.
-
02-28-2011, 04:48 PM #5Web Hosting Master
- Join Date
- Apr 2009
- Location
- inside wht
- Posts
- 746
Are you using openvz vps. So there is a simple command to reset the user password
, use the flag --userpasswd with vzctl24x7 PROACTIVE SERVER MANAGEMENT | OUTSOURCED WEB HOSTING SUPPORT
Sales : sales @ syslint.com | Call us : (+91)9447607799 | Are you looking for DevOps Admins ?
-
02-28-2011, 05:27 PM #6Web Hosting Master
- Join Date
- Apr 2008
- Location
- United States, MI
- Posts
- 769
Steven Crothers
No BS cloud engineer and Red Hat architect.
-
02-28-2011, 05:44 PM #7Web Hosting Master
- Join Date
- Apr 2009
- Location
- inside wht
- Posts
- 746
You are wrong I think , it will create user and set the password , if the user doesn't exist .
For example
# vzctl exec 1000 grep funuser /etc/passwd
# vzctl set 1000 --userpasswd funuser:foo --save
Changing password for user funuser.
passwd: all authentication tokens updated successfully.
Saved parameters for CT 581
# vzctl exec 1000 grep funuser /etc/passwd
funuser:x:32008:32010::/home/funuser:/bin/bash24x7 PROACTIVE SERVER MANAGEMENT | OUTSOURCED WEB HOSTING SUPPORT
Sales : sales @ syslint.com | Call us : (+91)9447607799 | Are you looking for DevOps Admins ?
-
02-28-2011, 05:53 PM #8Web Hosting Master
- Join Date
- Apr 2008
- Location
- United States, MI
- Posts
- 769
I stand corrected, I've never used vzctl in such a way. So if he has root access, using vzctl would be a far better solution for what he's looking for.
Steven Crothers
No BS cloud engineer and Red Hat architect.
-
03-01-2011, 04:14 AM #9Retired Moderator
- Join Date
- Feb 2005
- Location
- Australia
- Posts
- 5,849
So what happens when someone hacks into his website? It's a common enough occurrence through vulnerable scripts, ftp password sniffing or viruses on desktop computers. The usual result is a defacement or spam mailer, but at least the attack is limited to user-level access. With something like this in the account you're instantly handing over root access to the attacker.
OP: if you're going to let the web script use ssh keys to login as root then at least restrict them to running a single command (some of the docs linked above will probably show you how) but even then it's a risk.
I'd suggest you do it differently: have a completely separate program running as root - continuously or as a cron job at whatever interval you can accept. Then use some simple limited method of communication between the web script and the root program, eg. the web script drops a file into a specific directory containing the username and password to be created, the root program looks for files in that directory and on finding one, creates the user and deletes the file.Chris
"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter
-
03-01-2011, 04:21 AM #10Web Hosting Master
- Join Date
- Apr 2008
- Location
- United States, MI
- Posts
- 769
No matter how the implementation is setup, there is going to be a security risk built in. However designing such safeguards should be done by the programmer.
Of course a sudo style system can be used to do what he's asking, but that was a bit out of scope of the question.Steven Crothers
No BS cloud engineer and Red Hat architect.
Similar Threads
-
compare two files (linux bash or php)
By thorin1270 in forum Programming DiscussionReplies: 2Last Post: 02-01-2007, 02:48 PM -
how to change Linux pass with PHP ?
By goolex in forum Programming DiscussionReplies: 4Last Post: 04-03-2006, 02:10 PM -
php program to let user create a homepage
By recklessop in forum Web Design and ContentReplies: 3Last Post: 05-08-2005, 11:04 PM -
PHP create ftp user account
By Canadaka in forum Programming DiscussionReplies: 1Last Post: 11-20-2004, 05:43 AM -
how to on linux bash from root run process as diffrent user?
By nand in forum Hosting Security and TechnologyReplies: 2Last Post: 09-05-2004, 11:54 PM