Tip of the Trade: Strong Passwords Made Easy
Digg
DZone
Reddit
Slashdot
StumbleUpon
del.icio.us
Facebook
FriendFeed
Furl
|
Adding new users to a Linux system is pretty easy, but you can still automate and save a few steps by using a simple script that incorporates standard commands. This simple script uses pwgen to generate a random 8-character password. Then it uses openssl to create an MD5 hash, which the useradd command then uses to enter the new hashed password into /etc/shadow. You don't need to use the passwd command.
#!/bin/sh
USER=$1
PASSWORD=`pwgen -cn -1`
PW_HASH=`openssl passwd -1 ${PASSWORD}`
useradd -p ${PW_HASH} ${USER}
echo Your new user account has been created with the username \"${USER}\", and the password \"${PASSWORD}\". |
Give the script a catchy name like usergen, and be sure to make it executable. The only option, and it is required, is to supply the username:
# ./usergen fcracker Password: Your new user account has been created with the username "fcracker", and the password "osh9ExiY". |
You can easily tweak it by using the standard options for the individual commands, such as adding your users to extra groups, or assigning a non-default login shell. There are some useradd differences in the various Linux distributions. For example, on Debian, the default is to not create a home directory. On Fedora, a home directory is created by default. So Debian users must use useradd -m to create a properly populated home directory. Adding users to extra groups is the same on both Fedora and Debian: useradd -G group1,group2,group3. The groups must already exist.
Want to know what the other openssl passwd options are? See man 1ssl passwd, or make a mistake on purpose:
$ openssl passwd -fffooo Usage: passwd [options] [passwords] where options are -crypt standard Unix password algorithm (default) -1 MD5-based password algorithm -apr1 MD5-based password algorithm, Apache variant [...] |
Notice that there is no automatic expiration on the password to force the user to create a new password at first login. This is because we went to the trouble of creating a strong password; that's the one the user retains.
