0

I'm working on a home-grown user database tied to a larger sustainment application.

The idea has been floated around to tie our users to system users, creating matching /etc/passwd entries each time a new user is generated in our program. Other interaction such as querying uid/gid for username or vice-versa, verifying filesystem ownership, etc. We've already got standard fields defined like user.uid, user.gid, user.home, internal permissions, etc and just need a way to pass these through to the system.

The trouble is, searching for any info online is a needle in a haystack scenario- I haven't been able to find any standard libraries for user account getters and setters, and I'm starting to wonder if these even exist? Is the right approach here to spawnv useradd? It seems like there must be a better way!

Note that the system this is running on is single use (virtualized), for all intents and purposes.

Final edit: It turns out that the most economical solution is:

useradd -g group -c "firstname lastname" -d /export/home/username -m -s /bin/bash username
Improve this question
6
  • 1
    I doubt it is a good idea to establish a 1:1 relation between db-users and system-users. This binds the db-app tightly to the underlying OS structure which might not be what you really want, at least not on the long run. You might be better off setting up a third (independent) entity doing the authentication which then could be used to authenticate db-user and/or OS-users. LDAP might be the tools of choice to do so. Commented Mar 6, 2013 at 18:32
  • @OliCharlesworth Linux != Solaris Commented Mar 6, 2013 at 18:42
  • @Kay: Fair point! I read too quickly. Commented Mar 6, 2013 at 18:43
  • This is more appropriate for alt.se.prog Commented Mar 6, 2013 at 18:46
  • @ColeJohnson if it is out of scope in SO, then unix.stackexchange.com would be the appropriate place for that question. Commented Mar 6, 2013 at 18:50

2 Answers 2

Reset to default
2

Is useradd what you are looking for?

useradd -g group -c "firstname lastname" -d /export/home/username -s /bin/ksh username
mkdir -p /export/home/username
chown username /export/home/username
Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

Do not use your own implementation in production code. You will screw you system, that's for sure.
@Derek_6424246: Calling other programs is the Unix way of doing things. Doing it this way is highly encouraged and you should do it that way. Doing it in code is the worse solution, actually.
@ColeJohnson: Technically system level tools are libraries, you just use them differently. But there's another reason for doing this using separate program: SUID, which may be neccessary in certain system configuration. You don't want end user programs being SUID.
@ColeJohnson: SUID binaries, i.e. programs that are executed with the permissions of the user:group that owns the program executable file. A lot of tools related to user account management are or used to be SUID. /usr/sbin/passwd is one of them: It's SUID root, and if it were not, it could not update the system password database with a new password.
@ColeJohnson: Code that's executed SUID is security critical and hence it must be written carefully and with security in mind first and foremost. If there were a library for user management, the program that linked that binary would have to be SUID as well, implying very strong security requirements of the consumer program. Because of this, such kind of library would not be found in any well maintained Unix(-like) system, as such a library would be very dangerous by second degree.
|
2

You could make your program into a NIS. Can't help you actually do it, but it might be worth looking at for you.

Added: You might be able to use ldap as well.

But any of those two would mean that you only need to keep the DB up to date. The passwd would take care of itself

Improve this answer

2 Comments

Given my initial question, this is probably the better answer. However, given the expense of implementing this as a solution (and the relative low priority of the problem) I had to go with external OS calls.
Understandable. And I won't hold it against you. You're just being a good programmer, lazy by nature. :D

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.