How to add a linux user with a random or invalid password from a script

linux security unix user-management permissions
11,969

Solution 1

If you do not specify a password to useradd it won't get set (and the user will thus not be able to log in via password). Note that useradd and adduser are two different commands.

The following should create the new user with its own group, create it's home directory (at the default location, as we do not specify any location) and copy skeleton files.

useradd --create-home <user>

Then you just create the directory .ssh in its home directory, chmod it to 0700 (SSH will want this for security), and put the users public key in .ssh/authorized_keys (the private/public key pair should be generated by the user him-/herself, on his/her own computer).

If you want to disable the password of an already existing account you can use the following.

usermod --lock <user>

Solution 2

Utility /usr/sbin/useradd always created users for me without requiring passwords. I've written many a script that took another system's /etc/passwd and created users for me.

Alternatively, if you look at the documentation for mercurial-server, you'll see how to set up many SSH keys (clients) to run programs as just one user on the server side.

Solution 3

# cat user-pw_list
john:p455W0rD
geany:p455W0rD


# cat CreateUsers.sh
#!/bin/bash
#
# filename: CreateUsers.sh
# usage: cat "User:passwd" | $0
#
set -e
# set -x
while read ; do
  USER=${REPLY%%:*}
  PWD=${REPLY##*:}
  # alternative for random passwd, where $RANDOM is a bash function
  #PWD=${REPLY%%:*}$RANDOM$RANDOM

  echo -e "adding User $USER "
  # for disabled users: /usr/sbin/nologin, otherwise /bin/bash
  /usr/sbin/useradd -c automaticUser -m -k/dev/null -s /usr/sbin/nologin $USER
  echo "$USER:$PWD" | chpasswd --md5 $USER

  ## also add user to samba:
  #echo -e "$PWD\n$PWD" | pdbedit -t -u $USER
done

Ok, lets add our users:

cat user-pw_list | ./CreateUsers.sh

Solution 4

If you want just builtin commands for generating random passwords, you can try this:

dd if=/dev/urandom bs=16 count=1 2>/dev/null | uuencode - | head -n 2 | grep -v begin | cut -b 2-10

This will read 16 bytes of random data, uuencode them to convert them to printable characters, cut through the uuencode extra output, then only take the random characters from the encoding. Here is an example output:

$ dd if=/dev/urandom bs=16 count=1 2>/dev/null | uuencode - | head -n 2 | grep -v begin | cut -b 2-10

RJ<B6QYRO

Share:
11,969

Related videos on Youtube

user12096
Author by

user12096

Updated on September 17, 2022

Comments

  • user12096
    user12096 over 1 year

    I want to add a user to the linux system from a script, but I don't want to invent or care for the password. This should be done automatically.

    The goal is to generate ssh-keys and this user needs only to login remotely. Or alternatively this user will be use from a sudo user via sudo su - thatuser.

    I want to save the hassle inventing and typing some secure password every time I create such a user, and also do this from scripts.

    No one should be able to login with password as this user, so my idea is he gets a good random password but nobody knows it.

    I could write a script that generates something ramdom but mabye there is something built in? Or just deactivate the password (so that password login is not possible, but ssh login with keys and sudo su - thatuser works fine.

    Edit: There are already some answers, great, but I am still not sure how to do it. How would the script look like?

    It should behave like adduser and create everything standard (like std. home dir, skeleton copied, group with the same name)

    Edit2: In the end and with your the help I found a solution that works and I want to share it. This is a script that I call "adduser-nopasswd" and I put it into /usr/local/sbin (is this a good place?) and it can be executed only by root. It takes one argument, which is the name for the new group and user at the same time:

    #!/bin/sh -e
# the -e makes the script exit immediateley if one command fails
NAME=$1
groupadd $NAME
useradd --create-home -d /home/$NAME --shell /bin/bash -g $NAME $NAME

    Any comments on this function?

  • mj1531
    mj1531 over 14 years
    If you have set a user's password, then disabled it by locking it, you can re-enable it using: usermod -U <user> This works on CentOS, consult your usermod man pages to find the appropriate command line option

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to create dummy user?
Directory that a user can read, but root can't?
understanding and decoding the file mode value from stat function output
What is the meaning of hyphen in '-rwxrwxrwx'
adding local content in /etc/sudoers.d/ instead of directly modifying sodoers file via visudo
Why can't I cd into a directory that is owned by a group that I belong to?
Non sudo user prompted with message "rm: remove write-protected regular empty file" instead of permission denied
How to grant access permission on network interface?
Editing files in /var/www
Linux permissions and owner being preserved with cp