tags:

views:

154

answers:

5
+1  Q: 

How to create a linux user using C/C++?

I would like to build a program which takes a username as parameter and creates the user and its home folder (with some hard-coded specifications like folder, and security checks like username cannot be root or an existing user).

My application needs to create users in order to give SSH access.

The program will be executed using sudo. I've read it should be written in C or C++ instead of scripts because scripts could easily be exploited.

  • Can you give me some advices or good practices about how to achieve this?
  • Should I use some Pam library? Is there any examples?
  • What are the possible security flaws?

I know C/C++, and running Ubuntu Lucid.

Edit:

The user will only have sudo access to run that specific command, I do not want it to be able to run a shell or bypass some programs (by changing PATH environment, for example).

As a result, for example, I will need to override the PATH, what else should I worry about?

+5  A: 

You mean like adduser or useradd? Try looking at their source code.

Borealid  2010-08-10 22:50:20
+6  A: 

Probably your best bet is to invoke useradd; it will do the right things (given appropriate parameters).

Trying to create one manually by calling the appropriate APIs is possible but not desirable.

MarkR  2010-08-10 22:53:30
This sounds much more desirable to me. Putting together a Perl script and then calling useradd is how *I* would think to solve this problem.
Paul Nathan  2010-08-10 22:56:48
There are no "appropriate APIs" in the Linux C library.
Ken Bloom  2010-08-10 23:00:21
A: 

There is no API for this. You just write into /etc/passwd and /etc/group (and possibly the shadow versions as well) using normal file access system calls.

Ken Bloom  2010-08-10 22:59:31
Why the downvote?
Ken Bloom  2010-08-11 00:26:33
Don't forget that before modifying these values you should always acquire an exclusive lock on the files (all system commands that modify these files do that). Otherwise there is the possibility of file corruption and then you are in really bad shape.
Martin York  2010-08-11 03:29:22
+1  A: 

I believe that there is a system() function that you can call to run a shell command.

Get the username from your argv[] char array, then load it into a string that reads "useradd "

Then run system(myStr);

baultista  2010-08-10 23:07:46
A: 

I once wrote a quick script in perl. Other things needed to be done in this script that I can't disclose here for security reasons, but the useradd part is pretty obvious:

Subroutine to craete the account

sub CreateAccount
{
    my $uname = shift;
    system("runas root useradd -c \"$fullname\" -g yourgroup -d /home/users/\"$uname\"  -m -s /bin/ksh  $uname");
}

Subroutine that checks if the username is available

sub UserNameAvailable
{
    print "Checking name..."; 
    my $username = shift;
    my $exists   = `finger $username`;
    chomp $exists;
    if ($exists =~ /In real life: \?\?\?$/)
    {
        return 1;
    }

    return 0;
}
Hameed  2010-08-10 23:15:27

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS