|
FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
"newuser"
I came across the script "newuser" at http://chip.cuccio.us/projects/hacks/, and was considering porting it to my environment.
Question - does anyone forsee a problem with setting this script setuid root, and making it executable only by members of the group "new" (which will be only one - user "new") and setting it as user "new"'s login shell? What I'm trying to accomplish is for someone to be able to log in to my system as user "new" and basically create their own account. Once the script is finished they will then be logged out and can then log in with their new account. As a side note - considering extending it to not allow the user to select a password during this step, but instead use apg to geterate a random password, and require the user to enter a valid email address (which this random password would be sent to). Upon new user creation the password would be expired so as soon as they log in with this random password they will be required to set their own. Thoughts?
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
|||
what's wrong with adduser(8) ?
__________________
"No, that's wrong, Cartman. But don't worry, there are no stupid answers, just stupid people." -- Mr. Garrison Forum Netiquette |
|
|||
Can adduser work as an interactive shell for user "new"? That's the only reason why I want to use this
EDIT: I think I now know what you meant. I am reading adduser source right now. And, look at this: It's BSD licensed. Goodie. I can copy it and make the necessary changes to make it more "new-user friendly" (ie not just ask questions, but give a little info too). Thanks!
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! Last edited by cajunman4life; 3rd June 2008 at 06:08 PM. |
|
||||
adduser is what I usually use, it works well and is effective.
My *personal* opinion, the create there own account thing is a nice idea (especially if there are a lot of users) but if you are going to try setuid to root on it, be careful !!! If doing that, I would use a custom program that restricts what things they can do -- for example blocking them from setting their own user and group ID numbers, allowing them to set their group(s) or restrained to only a few 'safe' groups you choose. The script can always wrap around the pw utility. Stuff like that ;-) Ok, so I am paranoid as much as I am lazy...
__________________
My Journal Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''. |
|
|||
It should be noted, adduser(8) has a companion user-friendly script rmuser(8), good to keep in ones docs directory.
Note; OpenBSD has similar scripts... of the same name, but may not be flag compatible with each other. |
|
|||
Quote:
Oh - and as far as being paranoid and lazy... both are great qualities of system admins
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
|||
How do you remove a user from a group? I suppose I could use the -G option to
Code:
pw usermod |
|
|||
Well if it's not the user's primary group, you can simply remove their name from the group name in /etc/group, and force a logout (if they are currently logged in).
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
|||
Thanks, I was aware of that but I just thought there would be a specific command for it; if there isn't such a command then its a rather surprising and silly limitation for FreeBSD in my opinion.
|
|
|||
There may be a command, but when it comes to removing a user from a group that isn't their primary group, I prefer to edit /etc/group manually. You could use "pw -G" as you mentioned above, but you need to list every group that member should belong to (which could quickly become cumbersome for example if you have a user that belongs to 30 groups and you need to remove him from one).
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
||||
My guess is that FreeBSDs pw and OpenBSDs user/group programs (note, I don't use NetBSD so NetBSD users please forgive any errors!) were made with the assumption that removing a user from a group would be more often done when removing an account then adjusting memberships.
I tend to just edit /etc/group manually as well, the file format I can remember more readily then what program I need to interact with it through ;-)
__________________
My Journal Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''. |
|
|||
Quote:
I see no limitation on FreeBSD's part.. |
|
|||
That command doesn't work, and looking at the man page the -d option is used for specifying a user account's home directory, but that does look like the command I would've used- or I may have used a -x option
|
|
|||
Already read the man page, am aware of /etc/group and as an end user its not my responsibility to write a command that common sense dictates should already exist.
|
|
|||
Tanked,
if FreeBSD developers would "think aforehead for you" all the time, it'll soon cease to be either Free and BSD |
|
|||
I'm not asking anyone to 'think ahead' for me I'm simply saying I shouldn't be forced to write commands that really should already exist, and I don't see the logic in your suggestion that by offering a few more commands for user/group manipulation this would result in FreeBSD no longer being freely available or 'being BSD'.
Anyway, I think we've established that there is no command to remove one specific user from a specific group so editing /etc/group is the way to go. No biggie, case closed. |
|
||||
Quote:
Quote:
|
|
|||
The command certainly does not work, and I cannot find the section of the man page you have provided in the man page on my system or the online man page:
http://www.freebsd.org/cgi/man.cgi?q...SE&format=html If you are seeing this in your man page then I can only assume we are using different FreeBSD versions, here is the out put from uname -a: FreeBSD 7.0-RELEASE-p1 |
|
|||
The command referenced by BSDKaffee above does indeed appear in the man page, under the "GROUP OPTIONS" section. It took me a while to find it, but I found it.
Now, with all due respect, the both of you have hijacked my thread and we've gone a bit off-topic from the first post.
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Opera Port - conflicting pkgs in "make install" | IronForge | OpenBSD Packages and Ports | 5 | 29th October 2009 05:10 AM |
Fixed "xinit" after _7 _8, "how" here in case anyones' "X" breaks... using "nvidia" | jb_daefo | Guides | 0 | 5th October 2009 09:31 PM |
"Thanks" and "Edit Tags". | diw | Feedback and Suggestions | 2 | 29th March 2009 12:06 AM |
Newbie-friendly "printing in OpenBSD" guide wanted | Shagbag | OpenBSD Packages and Ports | 5 | 7th July 2008 09:26 PM |