Hi Uwe,

Thanks for the reply.

On Tue, Jul 01, 2003 at 09:25:28AM +0200, Uwe Doering wrote:
> Here is what I use:
>   echo 'password' | \
>   pw useradd -q -h 0 -n user -g group -s shell -d /home/user \
>     -c 'comment' -m
> Note that feeding the password to 'pw' via the command line (with 
> 'echo') is a security problem if you have untrusted users on that 
> machine, since they can see the password in the process list (with 'ps').
> A better approach for automating account creation is to first store the 
> password (generated or given) in a file (with secure permissions, of 
> course) and then feed 'pw' from that file:
>   pw useradd -q -h 0 -n user -g group -s shell -d /home/user \
>     -c 'comment' -m < /path/to/file
>   rm -f /path/to/file
ah :)  Cheers for that :)

The way I ended up doing it in PHP was:

        To add a user on FreeBSD:
        echo "password" | pw adduser -q -u user -g group \
        -s shell -d /home/user -c comment -h -

        adds the user 'user' with primary group 'group',
        shell 'shell', home dir '/home/user' with a comment 'comment'

        This is pretty dodgy - the password is listed in ps output...

        To do this from PHP though, we use popen to create a stream to the
        pw adduser -q -u user -g group \
        -s shell -d /home/user -c comment -h 0

        and then write the password to the file pointer created
        by popen.  This effectively adds the user to the passwd database
        whilst at same time setting the password.

        This saves listing the password in 'ps' listings.

// adduser command:
$pw_cmd = $cfg['prog']['uadd']." ".$data["username"]
                ." -g g".$data["id"]
                ." -s $shell "
                ." -d ".$data["root"]
                ." -c ".$data["name"]
                ." -h 0";

// Open a uni-directional stream to the command:
$fp=popen($pw_cmd, "w");

// Execute the command, passing the $data["password"] to it:
fwrite($fp, $data["password"]);

// Close the pipe:

Which seems to be working just as required :)

Many thanks for the reply though, I probably would have gone with your
method had I not stumbled across the one I used above :)

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to