new user account via a script (cgi?)

[bcharna]

hey all, I am running a server and want to provide services to my friends (i.e. email, afp, ftp, etc.) I am looking for a script that could easily make a new unix user with a uid of lower than 500 so its not in my login screen. I know this is possible because Webmin uses cgi and you can create new users through there. If any one knows of a script (or wants to create one ) like this please let me know. thanks in advance.

 

[symphonix]

I found this bash script: http://www.geektimes.com/macintosh/os/x/10_3/and/add_user_script.html

#!/bin/sh
echo "Enter username:"
read newuser
echo "Enter the full name for user $newuser's:"
read long_name
echo "Will $newuser an Admin user (y/N)?"
read is_admin
new_uid=`nidump passwd . | awk -F: '{print $3f}' | sort -n|tail -1`
new_uid=`expr $new_uid + 1`
nicl . -create /users/$newuser
nicl . -create /users/$newuser uid $new_uid
nicl . -create /users/$newuser realname "$long_name"
nicl . -create /users/$newuser passwd ""
nicl . -create /users/$newuser gid 20
nicl . -create /users/$newuser shell "/bin/tcsh"
nicl . -create /users/$newuser home "/Users/$newuser"
nicl . -create /users/$newuser _writers_passwd $newuser
passwd $newuser
ditto /System/Library/UserTemplate/English.lproj /Users/$newuser
chown -R $newuser:staff /Users/$newuser
nicl . -read /users/$newuser
if [ "$is_admin" = Y -o "$is_admin" = y ]
then
nicl . -append /groups/wheel users $newuser
nicl . -append /groups/admin users $newuser
nicl . -read /groups/wheel
nicl . -read /groups/admin
fi

I suggest if you take out the two lines that determine a new uid, and replace them with a method of selecting a free uid under 500, you should be right as rain.

 

[bcharna]

The script must be accessible from a browser, and I know it can be done because you can do it in webmin. Is there a way to incorporate that script into a cgi, if so, how? thanks again in advance.

 

[bcharna]

wow, no one? All i need is a simple cgi script that can create new os x users... ??????

 

[ScottW]

Why not just use webmin? Obviously, there are ways to do this, or even call the bash script above via the web. You can do this in CGI, PHP or whatever it is you want to develop it in.

You also have security concerns, user permission issues and lots of other things to address, more than just a "simple" script.

Typically I find that the perfect solution exists, it is that people tend sandbox themselves into a corner and limit what those with the expertise can provide.

Why does it need to be web based? Remote access I assume? SSH can be used to do what you need remotely and provide a better solution.

 

[bcharna]

Hey Scott, I'd like it to be web based because it provides a better UI for my "people" and I wouldn't want them to mess around with a SSH client if they use Window$. I know Perl, and I tried to set it up in the same format for sh and it didn't work, obviously...

#!/bin/sh -wT

use CGI standard);

print header;
print start_html("Register");

echo "Enter username:"
read newuser
echo "Enter the full name for user $newuser's:"
read long_name
echo "Will $newuser an Admin user (y/N)?"
read is_admin
new_uid=`nidump passwd . | awk -F: '{print $3f}' | sort -n|tail -1`
new_uid=`expr $new_uid + 1`
nicl . -create /users/$newuser
nicl . -create /users/$newuser uid $new_uid
nicl . -create /users/$newuser realname "$long_name"
nicl . -create /users/$newuser passwd ""
nicl . -create /users/$newuser gid 20
nicl . -create /users/$newuser shell "/bin/tcsh"
nicl . -create /users/$newuser home "/Users/$newuser"
nicl . -create /users/$newuser _writers_passwd $newuser
passwd $newuser
ditto /System/Library/UserTemplate/English.lproj /Users/$newuser
chown -R $newuser:staff /Users/$newuser
nicl . -read /users/$newuser
if [ "$is_admin" = Y -o "$is_admin" = y ]
then
nicl . -append /groups/wheel users $newuser
nicl . -append /groups/admin users $newuser
nicl . -read /groups/wheel
nicl . -read /groups/admin
fi

print end_html;

this is what I did. If anyone can fix this up to work in CGI, I'd appreciate it greatly. Thanks in advance.

 

[bcharna]

Wow, these forums are pretty dead.::sleepy::

 

[cfr]

This isn't an answer (I know nothing about cgi scripts) but do you really need to make the users admin users? The sorts of services you described don't need that so you might want to make them standard accounts instead - especially given the remote access complications.

Also, if you're running Tiger you might want to check whether the changes to default group assignment changed in Server as they did in Client. On my machine, neither admin nor standard users are in group 20 anymore. Each user is in a user-specific group. This made many people very unhappy and certainly makes things a bit odd.

- cfr

 

[bcharna]

hey cfr, nah, i never said i needed the new users to be admins. yea, in my system the 'local' accounts are above 500 and the 'server' accounts are below 500.

 

[bcharna]

...wow...

 

[Captain Code]

You could always download webmin and look at their CGI to see how they do it.