Re: Execl For Adding a User

From: Sachin Doshi (ssdas4eva_at_yahoo.com)
Date: 08/25/04 

Date: 24 Aug 2004 15:14:43 -0700

Joe, I appreciate the response.

As a point of reference, I am trying to give users SFTP only account
on the server. They will be chrooted and not have shell access (thus
no C/C++ compiler).

The user will transmit their password to me using public/private key
SSL. I then use the unix crypt function to encryt their password and
then use that result as an input value in useradd (-p).

I don't think that this is terribly insecure even in a networked
environment since the server only has sftp users ( and root can't
shell in either ).

Appreciate any input,
-Sachin

joe durusau <joe.durusau@lmco.com> wrote in message news:<412B2D96.C25576C6@lmco.com>...
> Sachin Doshi wrote:
>
> > Hi, new to the board - and new to unix programming. I am trying to
> > add a system user within C. Ran into a couple of posts on how to do
> > this. One of the guys suggested forking and then issuing an execl in
> > the child process that runs /usr/sbin/useradd.
> >
> > I did this, and had some interesting results. The first time the code
> > is run within my daemon code, it works fine - the user is added. The
> > daemon continues to run and waits for another request. Then on any
> > subsequent attempts to add a user, I get the error message, "Unable to
> > lock password file." The etc/passwd.lock file does indeed have the
> > PID of the previous child process. Is there a reason that the first
> > execl never released the lock?
> >
> > As a hack to fix this, I started using the system() call to do the
> > same thing and it works fine. I just wanted to make sure that this
> > was safe because I was told that there may be some security issues
> > when using a system() call.
> >
> > --Thanks in advance,
> > Sachin
>
> The larger issue is "How do you propose to set the password of the
> new user?" All of the tricks I know of are horribly insecure. There are
> situations, for instance in schools, that need to add thousands of users
> at once, in which the security issue can be handled by taking the network
> down, loading a program off a CD or some such, then erasing it when the
> mass changes are over. I would suggest that anything on a networked
> machine that adds users is very dangerous, and I would hesitate to allow
> it.
>
> Speaking only for myself,
>
> Joe Durusau

Relevant Pages

  • RE: VMWARE on 2003 Server
    ... VMs on one server, and 1 VM on the other, and they are all talking to each ... Joe ... >>> is a special host network that only the VMs on that host and the host itself ...
    (microsoft.public.windows.server.networking)
  • Re: Dual home DNS w/ AD doesnt work after several hours
    ... Joe asked for help and I offered my suggestions ... > internet at all even though server rebooted. ... > it the program that running in the server through network (Ooopss it's ... for Internet access instead of this dual homed server, ...
    (microsoft.public.win2000.dns)
  • Re: Problem with a XP PC on a workgroup
    ... "Joe Bucar" wrote in message ... > I have a client that has a workgroup for a network that is using a server ...
    (microsoft.public.windowsxp.general)
  • Re: Cannot connect to Internet, JOE SR
    ... Be sure your dial up network is properly setup, ... "Joe Sr." ... I am able to seize the server by I get disconnected from that ... I have Windows XP PRO with an AMD Duran Processor. ...
    (microsoft.public.windowsxp.accessibility)
  • Re: GPOs not being applied
    ... create a new user named Joe in the OU ... create a new GPO and link it to the new OU ... > problem server, and all tests passed. ... >>Derek Melber ...
    (microsoft.public.win2000.group_policy)