1

Can I automatically create a passworded user with pw adduser on freebsd?

 pw useradd [name] [switches]
        -V etcdir      alternate /etc location
        -C config      configuration file
        -q             quiet operation
  Adding users:
        -n name        login name
        -u uid         user id
        -c comment     user name/comment
        -d directory   home directory
        -e date        account expiry date
        -p date        password expiry date
        -g grp         initial group
        -G grp1,grp2   additional groups
        -m [ -k dir ]  create and set up home
        -M mode        home directory permissions
        -s shell       name of login shell
        -o             duplicate uid ok
        -L class       user class
        -h fd          read password on fd
        -H fd          read encrypted password on fd
        -Y             update NIS maps
        -N             no update
  Setting defaults:
        -V etcdir      alternate /etc location
        -D             set user defaults
        -b dir         default home root dir
        -e period      default expiry period
        -p period      default password change period
        -g group       default group
        -G grp1,grp2   additional groups
        -L class       default user class
        -k dir         default home skeleton
        -M mode        home directory permissions
        -u min,max     set min,max uids
        -i min,max     set min,max gids
        -w method      set default password method
        -s shell       default shell
        -y path        set NIS passwd file path

According to this, I can. But I am not sure how... It seems I need to use a file descriptor but I've not been able to see any example of how to do this. I have a bash script which needs to automatically do this with no user input...

Any ideas?

olive
  • 145
  • 2
  • 8

2 Answers2

3

Here's an example using a file descriptor:

echo password | pw useradd -h 0 user1

Every Unix process typically has three standard file descriptors:

  • stdin (0)
  • stdout (1)
  • stderr (2)

In this case, we're telling pw to read input from fd 0, aka stdin. You may want to review the bash man page, which has all sorts of examples of fancy things you can do with file descriptors and redirection.

Note that there are some security issues with this example -- anyone running the ps command at the right time would be able to see the argument to the echo command. This may or may not be a concern in your environment. You could do this instead:

pw useradd -h 0 user1 <<EOP
password
EOP
larsks
  • 41,276
  • 13
  • 117
  • 170
0

You will need to make sure that your FreeBSD system has the following installed

bash (pkg_add -r bash) expect (pkg_add -r expect)

Below is a script that will auto generate random passwords and automatically apply it to the root account. You can make this a startup script. I would first make the following directories.

  1. From root directory not root's home mkdir .script
  2. Have a normal user account
  3. mkdir /var/log/.rec
  4. chown normaluser:normaluser /var/log/.rec
  5. place the passgen.sh script in to .script that is located in the root file structure

  6. chmod 777 passgen.sh

    !/usr/local/bin/bash

    PASSGEN=head -c 10 /dev/random | uuencode -m - | tr -d '\n' | cut -c 19-32

echo $PASSGEN > /var/log/.rec/encrypted

chown someuser:someuser /var/log/.rec/encrypted

chmod 666 /var/log/.rec/encrypted

Encryption is obfuscation

LOG=root

PASS=$PASSGEN

expect << EOF

spawn passwd $LOG

expect "New Password:"

send "${PASS}\r"

expect "Retype New Password:"

send "${PASS}\r"

expect eof;

EOF

now add this to your startup rc.local / rc.d / rc.conf depending on your version of BSD.

Hope this helps someone out there, looks like this editor is filter some hashes and half quotes.

Thank You Sean Hulbert

Sean
  • 1
  • 1