Permitting normal user to create OS accounts

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

Permitting normal user to create OS accounts

Permitting normal user to create OS accounts

2006-04-06 - By Rick Stevens

Back

Reply: 1 2

On Thu, 2006-04-06 at 18:32 +0000, Tech Guy wrote:
>
> Hello,
>
> I have a requirement where the clients should be able to create their
> own accounts (OS accounts) but with a limitation on GROUPID, HOME DIR,
> SHELL, etc means they cannot choose any of them. All of them will be
> predefined. They should only provide the UserID.

useradd uses the defaults in /etc/defaults/useradd, so edit those
accordingly.

> I was thinking of a script which basically calls ???useradd??? predefining
> GROUP, Home dir etc and then making it available using SUDO.

Make sure the script generates a temp file that contains the command
and that there is NO way for a user to append any other options to
the useradd command.

> Is there any better way to do this or is there any tool that I can use
> that allows normal users to create accounts with ofcourse no security
> risks.

Any script you allow a user to run has security risks. What I'd do is
set up a mail account and let users send a message to that account to
create the user. For example:

create-account@(protected)

In your /etc/mail/aliases file, aim that mail account to a script that
parses out the account name and creates it, e.g.:

create-account: |script-to-create-account

That way there's no interactivity between the user wishing to create an
account and the system and you can control the execution environment of
the script to a finer degree.

Just an idea.

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
- Rick Stevens, Senior Systems Engineer rstevens@(protected) -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- We look for things. Things that make us go! -
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --

__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Redhat-install-list mailing list
Redhat-install-list@(protected)
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@(protected)
Subject: unsubscribe