Linux – How to add a linux user with a random or invalid password from a script

linuxpermissionsSecurityunixuser-management

I want to add a user to the linux system from a script, but I don't want to invent or care for the password. This should be done automatically.

The goal is to generate ssh-keys and this user needs only to login remotely. Or alternatively this user will be use from a sudo user via sudo su - thatuser.

I want to save the hassle inventing and typing some secure password every time I create such a user, and also do this from scripts.

No one should be able to login with password as this user, so my idea is he gets a good random password but nobody knows it.

I could write a script that generates something ramdom but mabye there is something built in? Or just deactivate the password (so that password login is not possible, but ssh login with keys and sudo su - thatuser works fine.

Edit: There are already some answers, great, but I am still not sure how to do it. How would the script look like?

It should behave like adduser and create everything standard (like std. home dir, skeleton copied, group with the same name)

Edit2: In the end and with your the help I found a solution that works and I want to share it. This is a script that I call "adduser-nopasswd" and I put it into /usr/local/sbin (is this a good place?) and it can be executed only by root. It takes one argument, which is the name for the new group and user at the same time:

#!/bin/sh -e
# the -e makes the script exit immediateley if one command fails
NAME=$1
groupadd $NAME
useradd --create-home -d /home/$NAME --shell /bin/bash -g $NAME $NAME

Any comments on this function?

Best Answer

If you do not specify a password to useradd it won't get set (and the user will thus not be able to log in via password). Note that useradd and adduser are two different commands.

The following should create the new user with its own group, create it's home directory (at the default location, as we do not specify any location) and copy skeleton files.

useradd --create-home <user>

Then you just create the directory .ssh in its home directory, chmod it to 0700 (SSH will want this for security), and put the users public key in .ssh/authorized_keys (the private/public key pair should be generated by the user him-/herself, on his/her own computer).

If you want to disable the password of an already existing account you can use the following.

usermod --lock <user>

Related Solutions

Linux – create home directories after create users

This might sound like a silly idea, but if the users aren't actually doing anything, you could do:

cat /etc/passwd | cut -f 1 -d : >/tmp/users.list

Then edit /tmp/users.list to only contain the users you want. Then do:


for i in `cat /tmp/users.list`
do
    userdel $i
    useradd -m $i
done

However, many Redhat based distributions will create you a new home directory when you first login, providing it is specified in /etc/passwd where the directory should be.

To test that, do an "su - " and see if it does "the right thing". If it doesn't, the above script will work quite nicely, I think.

Ubuntu – How to quickly add a lot of users to an Ubuntu server from the command-line

Type "man adduser" at a shell prompt. It will give you documentation on how to use adduser. In general, man will give you documentation on any CLI command.

But you really want to use useradd and not adduser.

In short:

useradd -c "Real Name" -m -g primarygroup -G secondarygroup1,secondarygroup2 username

Oh, and if you want to set the password at the same time, you have to pre-encrypt it. I continually rewrite this little program to do Unix-standard salt encryption:

#include <stdio.h>
#include <unistd.h>

int main(int argc, char *argv[]) {

        char *salt;

        if (argc < 2 || argc > 3) {
                fprintf(stderr, "Usage: %s string [salt]\n", argv[0]);
                exit(1);
        } else {
                if ( argc == 2 ) {
                        salt = argv[1];
                } else {
                        salt = argv[2];
                }
                printf("%s\n", crypt(argv[1], salt));
                exit(0);
        }
}

With this compiled as crypt, you can then add the option:

-p `crypt password`

Ideally, you don't ever want to put passwords in a command line, though, as there are multiple places it can show up (ps output, shell history, etc.), none of which are particularly secure.

Best Answer

Related Solutions

Linux – create home directories after create users

Ubuntu – How to quickly add a lot of users to an Ubuntu server from the command-line

Related Topic