|
FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|
|||
"newuser"
I came across the script "newuser" at http://chip.cuccio.us/projects/hacks/, and was considering porting it to my environment.
Question - does anyone forsee a problem with setting this script setuid root, and making it executable only by members of the group "new" (which will be only one - user "new") and setting it as user "new"'s login shell? What I'm trying to accomplish is for someone to be able to log in to my system as user "new" and basically create their own account. Once the script is finished they will then be logged out and can then log in with their new account. As a side note - considering extending it to not allow the user to select a password during this step, but instead use apg to geterate a random password, and require the user to enter a valid email address (which this random password would be sent to). Upon new user creation the password would be expired so as soon as they log in with this random password they will be required to set their own. Thoughts?
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
|||
what's wrong with adduser(8) ?
__________________
"No, that's wrong, Cartman. But don't worry, there are no stupid answers, just stupid people." -- Mr. Garrison Forum Netiquette |
|
|||
Can adduser work as an interactive shell for user "new"? That's the only reason why I want to use this
EDIT: I think I now know what you meant. I am reading adduser source right now. And, look at this: It's BSD licensed. Goodie. I can copy it and make the necessary changes to make it more "new-user friendly" (ie not just ask questions, but give a little info too). Thanks!
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! Last edited by cajunman4life; 3rd June 2008 at 06:08 PM. |
|
||||
adduser is what I usually use, it works well and is effective.
My *personal* opinion, the create there own account thing is a nice idea (especially if there are a lot of users) but if you are going to try setuid to root on it, be careful !!! If doing that, I would use a custom program that restricts what things they can do -- for example blocking them from setting their own user and group ID numbers, allowing them to set their group(s) or restrained to only a few 'safe' groups you choose. The script can always wrap around the pw utility. Stuff like that ;-) Ok, so I am paranoid as much as I am lazy...
__________________
My Journal Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''. |
|
|||
Quote:
Oh - and as far as being paranoid and lazy... both are great qualities of system admins
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
|||
How do you remove a user from a group? I suppose I could use the -G option to
Code:
pw usermod |
|
|||
That command doesn't work, and looking at the man page the -d option is used for specifying a user account's home directory, but that does look like the command I would've used- or I may have used a -x option
|
|
|||
It should be noted, adduser(8) has a companion user-friendly script rmuser(8), good to keep in ones docs directory.
Note; OpenBSD has similar scripts... of the same name, but may not be flag compatible with each other. |
|
|||
Well if it's not the user's primary group, you can simply remove their name from the group name in /etc/group, and force a logout (if they are currently logged in).
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
|||
Thanks, I was aware of that but I just thought there would be a specific command for it; if there isn't such a command then its a rather surprising and silly limitation for FreeBSD in my opinion.
|
|
|||
Quote:
I see no limitation on FreeBSD's part.. |
|
|||
Already read the man page, am aware of /etc/group and as an end user its not my responsibility to write a command that common sense dictates should already exist.
|
|
|||
Tanked,
if FreeBSD developers would "think aforehead for you" all the time, it'll soon cease to be either Free and BSD |
|
|||
There may be a command, but when it comes to removing a user from a group that isn't their primary group, I prefer to edit /etc/group manually. You could use "pw -G" as you mentioned above, but you need to list every group that member should belong to (which could quickly become cumbersome for example if you have a user that belongs to 30 groups and you need to remove him from one).
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
||||
My guess is that FreeBSDs pw and OpenBSDs user/group programs (note, I don't use NetBSD so NetBSD users please forgive any errors!) were made with the assumption that removing a user from a group would be more often done when removing an account then adjusting memberships.
I tend to just edit /etc/group manually as well, the file format I can remember more readily then what program I need to interact with it through ;-)
__________________
My Journal Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''. |
|
|||
The command referenced by BSDKaffee above does indeed appear in the man page, under the "GROUP OPTIONS" section. It took me a while to find it, but I found it.
Now, with all due respect, the both of you have hijacked my thread and we've gone a bit off-topic from the first post.
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
|||
Sorry for the hijack
I swear to God, I must be blind, I genuinely cannot see the man page text that BSDKaffee posted, I've ran a word search in Firefox on the online manual page and I cannot find the text BSDKaffee quoted- can you point out to me the exact wording in the man page? |
|
||||
Well, in all fairness 70-80% of the changes that have happened in the user land since early UNIX, were either by people who wanted to add them or got paid to lol.
__________________
My Journal Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Opera Port - conflicting pkgs in "make install" | IronForge | OpenBSD Packages and Ports | 5 | 29th October 2009 05:10 AM |
Fixed "xinit" after _7 _8, "how" here in case anyones' "X" breaks... using "nvidia" | jb_daefo | Guides | 0 | 5th October 2009 09:31 PM |
"Thanks" and "Edit Tags". | diw | Feedback and Suggestions | 2 | 29th March 2009 12:06 AM |
Newbie-friendly "printing in OpenBSD" guide wanted | Shagbag | OpenBSD Packages and Ports | 5 | 7th July 2008 09:26 PM |