Oops, I forgot this very complete reply in my first summary. Thanks to Alan
from Digital Unix's Support Group and to the others who replied!
Best Regards,
Sheryl
>Hi Sheryl,
>
>
> Here is a write-up on something like you are asking about.
>If you need something similar for Enhanced Security take a
>look at :
>
>ftp://raven.alaska.edu/pub/randy/zuausr/zuausr-1.08a.tar.gz
>
>Alan Davis / DUSG
>
>
> ONE METHOD OF ADDING LARGE NUMBERS OF NEW USERS
>----------------------------------------------------------------------
>Copyright (c) Digital Equipment Corporation 1996. All rights reserved
>
>
>INTRODUCTION :
>
>This method uses only standard Unix utilities available with the base
>operating system. It requires that the new user set both password
>and default login shell once to activate the account. No special
>privileges or setuid programs are used. New accounts are vulnerable
>to loss of access attacks if a user other than the intended owner of
>the account logs in first and sets the password and shell.
>
>New user data is compiled into individual files. These files are
>fed into a modified adduser script that will create the basic user
>account and initializes the password file with a default shell.
>
>The default shell is a script that will prompt the user for a
>password and default login shell. Once the passwd and shell are set
>the account is available for normal use.
>
>USING THIS METHOD :
>
>Sample programs are provided. In order to use these programs, the
>actions to take are :
>
>1. Gather the user data and create the input files. In this example
>the files are stored together in a subdirectory named "accts".
>If this information is available online, scripts may be written to
>format it into the appropriate files. This is left as an exercise
>for the user due to the wide variation in data capture methods.
>
>2. Put an executable copy of the "init_shell" script in the directory
>"/usr/local/bin".
>
>3. Put executable copies of "driver", "massadd" and "madduser" in
>the directory along with the subdirectory "accts".
>
>4. As root, execute "./massadd" to create the default accounts for all files
>in the "accts" directory.
>
>When the user first logs in, they will be presented with :
>
> You will now be prompted to enter a password.
> Your username is newuser
> Changing password for newuser.
>
> New password:
> Retype new password:
>
> Please enter /bin/ksh or /bin/csh as your new shell
>
> Old shell: /usr/local/bin/init_shell
> New shell:
>
> Thank you, your account is now active.
>
> Please remember your password.
>
>The user is then logged out. The next time the user logs in they will
>get normal access to their account.
>
>
>USER DATA REQUIRED :
>
>The data required in the input files are:
>
>username
>uid
>fullname
>def group
>other group (end w/blank)
>parent directory
>login shell
>edit auth
>
>example :
>------------------------------------------------------------------------
>newuser <- username
> <- blank takes the default (next uid)
>john d newuser <- full name
>users <- default group
> <- no other groups
>/usr/users <- parent directory
>/usr/local/bin/init_shell <- custom shell
>n <- don't edit auth files
>------------------------------------------------------------------------
>
>THE ADDUSER SCRIPT :
>
>The adduser script used in this example has been modified in the
>following ways :
>
> 1. NIS checks have been removed.
> 2. The default passwd has been removed.
> 3. A $HOME/.hushlogin file is created in the user's home directory.
> 4. The messages relating to setting the password have been removed.
>
>A diff file has been provided that may be used to modify the system
>"adduser" script. The command to modify the file is :
>
> patch -i adduser.diff -n -o madduser /usr/sbin/adduser
>
>This will create the modified version in the current directory with the
>name "madduser".
>
>THE DEFAULT PASSWORD :
>
>This example doesn't set a default passwd on the new user accounts.
>A passwd may be added by putting a known encrypted string into the
>passwd field at line 460 of the modified adduser script.
>
>----------------------------------------------------------------------
>
>THE PROGRAMS :
>
>1. massadd
>
>#!/bin/ksh
>
>find accts -type f -print | xargs -L1 -p ./driver
>
>
>2. driver
>
>#!/bin/sh
>
>./madduser < $1
>
>
>3. init_shell
>
>#!/bin/ksh
>echo "
>
>You will now be prompted to enter a password."
>
>#(insert passed selection criteria here)
>
>echo "Your username is $USER"
>/usr/bin/passwd
>if [ $? -eq 1 ]
>then
> echo "\nPassword not set, exiting."
> exit 1
>fi
>echo "
>Please enter /bin/ksh or /bin/csh as your new shell
>"
>/usr/bin/chsh
>if [ $? -eq 1 ]
>then
> echo "\nDefault shell not set, exiting."
> exit 1
>fi
>echo "
>
>Thank you. Your account is now active.
>
>Please remember your password.
>"
>
>/usr/bin/rm -f $HOME/.hushlogin
>
>exit 0
>
>
>
>
>4. adduser diffs file
>
>59,67c59,67
>< tail -1 /etc/passwd | grep -q "^[+-]:"
>< yp_used="$?"
>< tail -1 /etc/group | grep -q "^[+-]:"
>< if [ $? -eq 0 ] || [ $yp_used -eq 0 ]
>< then
>< rmdir ${LOCKFILE}
>< dspmsg adduser.cat 2 '\nNIS in use. Refer to the network documentation
>for adding users.\n'
>< exit 5
>< fi
>---
>> #tail -1 /etc/passwd | grep -q "^[+-]:"
>> #yp_used="$?"
>> #tail -1 /etc/group | grep -q "^[+-]:"
>> #if [ $? -eq 0 ] || [ $yp_used -eq 0 ]
>> #then
>> # rmdir ${LOCKFILE}
>> # dspmsg adduser.cat 2 '\nNIS in use. Refer to the network documentation
>for adding users.\n'
>> # exit 5
>> #fi
>460c460
>< echo
"${USER}:Nologin:${UID}:${LOGGID}:${NAME}:${PARENT}/${USER}:${LSHELL}" >>
>/etc/passwd
>---
>> echo "${USER}::${UID}:${LOGGID}:${NAME}:${PARENT}/${USER}:${LSHELL}" >>
>/etc/passwd
>552c552,555
>< done )
>---
>> done
>> # add .hushlogin file
>> touch ${PARENT}/${USER}/.hushlogin
>> )
>556c559
>< dspmsg adduser.cat 30 'You must enter a new password for (%1$s).\n' "${USER}"
>---
>> #dspmsg adduser.cat 30 'You must enter a new password for (%1$s).\n'
"${USER}"
>558,563c561,566
>< if passwd "${USER}"
>< then
>< :
>< else
>< dspmsg adduser.cat 31 'Warning, the password for (%1$s) was not set.\n'
>"${USER}"
>< fi
>---
>> #if passwd "${USER}"
>> # then
>> # :
>> #else
>> # dspmsg adduser.cat 31 'Warning, the password for (%1$s) was not set.\n'
>"${USER}"
>> #fi
>
>
>
>
>----------------------------------------------------------------------
>Alan Davis
>Digital Unix Support Group
>Digital Equipment Corp
>Alpharetta, GA 30201
>
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Sheryl A. Campbell Internet: campbell_at_lvc.edu %
% Assistant Director Voice: (717)867-6060 %
% Administrative Computing FAX: (717)867-6019 %
% %
% L E B A N O N V A L L E Y C O L L E G E %
% %
% Never underestimate the power of a smile! %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Received on Wed Aug 28 1996 - 20:52:09 NZST