How to automate adduser on FreeBSD?

siegfried · March 14, 2011, 2:52pm

After just posting a query on beginners@perl.org inquiring about the perl API for automating useradd/userdel/usermod on FreeBSD, I got to thinking:

Maybe perl is not the best approach to automating useradd/usermod/userdel.

We have a list of users from a windows system and we want to run a cron job everyday that automates adduser to synchronize the user accounts on our windows systems with our freebsd systems.

What would be the best way to automate usermod/userdel/useradd? perl? bash? bourne? python? ruby? Spawn system process or use an API? Anyone got an example to get me started?

Thanks
siegfried

DGPickett · March 15, 2011, 3:02pm

Well, often tools like a tty, so some sort of expect flavored processing can hide a batch solution. Security is a concern. Is a batch on your tty OK, or do you want to go web or other no-tty batch spinoff?

siegfried · March 16, 2011, 8:14pm

I'm not sure. Let's try "batch on my tty" and see if they complain. Thanks!

frank_rizzo · March 16, 2011, 11:25pm

please rtfm(in a nice way). work smarter not harder. :wall:

ADDUSER(8)              FreeBSD System Manager's Manual             ADDUSER(8)

NAME
     adduser -- command for adding new users

SYNOPSIS
     adduser [-CDENShq] [-G groups] [-L login_class] [-M mode] [-d partition]
             [-f file] [-g login_group] [-k dotdir] [-m message_file]
             [-s shell] [-u uid_start] [-w type]

DESCRIPTION
     The adduser utility is a shell script, implemented around the pw(8) com-
     mand, for adding new users.  It creates passwd/group entries, a home
     directory, copies dotfiles and sends the new user a welcome message.  It
     supports two modes of operation.  It may be used interactively at the
     command line to add one user at a time, or it may be directed to get the
     list of new users from a file and operate in batch mode without requiring
     any user interaction.

siegfried · March 17, 2011, 2:31pm

I talked to my colleague and we would like to solicit help with alternatives to a plain bash script (because of security concerns). You mentioned a web server as one alternative. How would we authenticate against an active directory security group with a freebsd machine that utilizes radius and not LDAP?

How would we actually write the code to add/remove/modify users? Would the web server spawn a shell and do the commands useradd/userdel/usermod commands or is there another way? I've been looking in the perl CPAN API's and I could not find the actual function to add/remove users. One would think that perl packages with names like Provision::Unix::User::FreeBSD or Provision::Unix::User would have functions like add_user or remove_user or modify_user but these don't!

Also: I don't understand what you mean by a "non-tty batch spin-off". Should we be considering these options too?
thanks,
siegfried

DGPickett · March 17, 2011, 2:39pm

It is more how to authenticae securely and then make a good firewall against abuse, limiting what can happen, to how many, how often. Once the message gets throught these architectural walls, you do what it asks whatever way is convenient for you, as speed/volume is not a concern, probably a script with adduser plus any additional goodies you want.