[olug] Scripting

Andrew Embury drazak at materiamagica.com
Tue Nov 21 00:34:26 UTC 2000 

Thanks for all the help.  I don't need to worry about anyone gaining
access to the system, since as I mentioned before, these are ftp only
accounts (all shells are set to /dev/null).  I ended up solving the
problem by recreating the /etc/passwd file everytime the new users need to
be added (ignoring UID's under 1000).  I then crypt the passwords using
perl's built in crypt() function.  After the passwd file is generated,
theres a nifty little utility called "pwconv" the takes care of the shadow
file and the passwd file.  The system works perfectly.

Project done in about 4 hours, boss happy.  Ahh, the power of perl and
unix.

Thanks,

_Drew

On Sat, 18 Nov 2000, Mark A. Martin wrote:

> One of the points I was trying to make is that all you need is read
> access to a copy of the password file or part of the password file
> before it is shadowed to access other people's accounts.  Once you have
> the crypted version of any number of passwords from the password file,
> you can grind away at them with crack in the usual way to get other
> people's passwords.  Granted that it's not as fun as having root but it
> doesn't hurt to be able to use someone else's account to launch
> shenanigans from. Also, if someone has part of the password file, they
> could always share it with friends.  I wasn't suggesting that someone
> could gain root access.  It doesn't hurt to set the file permissions on
> your temporary file, just to make sure that the script won't do
> something foolish if the person launching the script has their umask set
> improperly.
> -- 
> ---------------------------------------------------------------------------
> Mark A. Martin					Dept of Applied Mathematics
> http://www.amath.washington.edu/~mmartin	University of Washington
> ---------------------------------------------------------------------------
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: olug-unsubscribe at bstc.net
> For additional commands, e-mail: olug-help at bstc.net
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net

More information about the OLUG mailing list