solaris create password in a script and continue

slufoot80 · October 25, 2012, 12:54pm

Below is my code to create a user account but it doesn't take a password automatically. I have to run the password command seperately to do this
What I want to do is to be able to accept the password in a script.
In linux with the "useradd' command you can give the "-p" flag to accept the password

#!/opt/csw/bin/bash 
clear
# Script to add a user to this Linux system
        if [ $(/usr/xpg4/bin/id -u) -eq 0 ]; then                                     # check if user is root

        read -p "Enter Group Name : " groupname                 # Enter group name
        while [ -z $groupname ]|| egrep "^$groupname" /etc/group 1>/dev/null;
        do
        echo -ne "Either group exists or you entered a blank, enter groupname again: ";read -e  groupname
        done

        echo -ne "\nPlease Enter your Group ID Number: ";read -ern3 gid
        while [[ ! $gid =~ ^[0-9]+$ ]]||egrep $gid /etc/group >/dev/null;
        do
        echo -ne "Please re-enter your group id positive intergers only: ";read -ern3 gid
        done

        echo -ne "\nPlease Enter your User ID Number: ";read -ern5 uid
        while [[ ! $uid =~ ^[0-9]+$ ]]||egrep $uid /etc/passwd >/dev/null;
        do
        echo -ne "\nPlease re-enter your uid positive intergers only: ";read -ern5 uid
        done

        echo -ne "\nEnter a Comment : "; read -e comment
        commentstatic="Staging Account"

        echo -ne "\nEnter your Staging FTP directory location.......... "; read -e ftpdir
        while [ ! -d "$ftpdir" ];
        do
        echo -ne "\n$ftpdir Directory Not Found! Please re-enter: "; read ftpdir
        done

        username="s"$groupname                                   #getting username from groupname
        
        /opt/csw/bin/gsed -e '/ftp/s/$/,'"$username"'/' -i /etc/group # this line is to add user to ftp group.........."

        echo -e "\nAdding group $groupname......."                           #Adding group to group file
        groupadd -g $gid $groupname
        echo -e "Finished adding $groupname to group file......."           

        echo -e "\nAdding user to system.........."
        /usr/sbin/useradd -u $uid -g $groupname -c "$comment $commentstatic" -d /forms1/prodenv/$groupname $username
        sleep 2
        echo -e "\nFinished adding $username to password file......."             #Adding user to password file

        echo -e "\nLinking source directory to home directory......."
        cd /forms1/prodenv
        ln -s /stage001/stageenv/$username $groupname   
        echo -e "\nDone linking home directory......"   

        echo -e "\nLinking source storage directory to home storage directory......."
        cd /forms/
        ln -s /stage001/stageenvsa/${username}sa ${groupname}sa 
        echo -e "\nDone linking storage directory......"        

        echo -e "\nSetting security on directories................"
        chown $username:$groupname /stage001/stageenv/$username 
        chown $username:$groupname /stage001/stageenvsa/${username}sa
        chmod 775 /stage001/stageenv/$username
        chmod 775 /stage001/stageenvsa/${username}sa
        echo -e "\nFinished setting security on directories................"

        echo -e "\nSetting up the FTP directory................"
        cd /ftp
        ln -s $ftpdir $username
        echo -e "\nSetting security on FTP directory................"   
        chown $username:ftp $ftpdir
        chmod 775 $ftpdir
        echo -e "\nFinished setting security on FTP directory................"
        
        echo -e "\nSetting up services file................"
        serviceadd=`tail -1 /etc/services | awk '{print $2}'| cut -c 1-5`
        let serviceadd++
        echo -e "$username""trck" "\t$serviceadd/tcp" "\t\t# $comment Staging Svc Account" >> /etc/services
        echo -e "Finished setting up services file................"
        echo ""
        echo ""
        fi

DGPickett · October 25, 2012, 4:21pm

If Solaris is taking the password only by tty, like ssh, you can circumvent it with an 'expect' script or an "ssh -tt" wrapper (stdin of ssh becomes tty of passwd). You can see where it is reading using truss.

jim_mcnamara · October 25, 2012, 4:35pm

Actually, on Solaris, see Rich Teer's 'Solaris System Programming' and chapter 23 on pty's. If you want to understand what you have to do to get scripted passwords
into the passwd program. truss will not help that much. Get a copy of the book, Chapter 23 on pty's, pp. 1011-1016, and copy and compile the pty code. You can use this to automate passwords.

There is a reason NOT to use expect. Or pty. Putting passwords in a file is a really bad idea. So the folks who wrote passwd made it difficult to change or create passwords using a script. And I do not know if there is expect for Solaris.

DGPickett · October 25, 2012, 5:00pm

Yes, these behaviors were created to discourage bad practices.

We assume that administrators know how to protect passwords. New user passwords should be pre-expired to they much be changed, and the accounts should be locked if the password gets too old, saying they never logged in to change ti and it has been laying around out there in an email or voice mail or test message. All passwords should change periodically, and be strong. Carefully controlled facilities likw well configured sudo or pbsu mean no password needs to be shared. Of course, shared ssh keys can be just as bad.