How do I add users using Python scripts on a Linux machine

[Ramdas]

How do I add users using Python scripts on a Linux machine?

Someone has a script?

 

[Daniel Klein]

How do I add users using Python scripts on a Linux machine?

Someone has a script?

This should be as easy as something like:

os.system("/usr/sbin/useradd -m -d /home/newuser -s /bin/ksh")

Dan

 

[Hari Sekhon]

That is shell scripting with a python layer on top. Is there a
specific reason you have to use python? Why not just use shell, that's
what it's designed for? Unless you have some complex maths/networking
requirement or something on top.

-h

 

[Ramdas]

Well,

I need to add users from a web interface for a web server, which runs
only Python. I need to add users, set quotas and in future even look at
managing ip tables to limit bandwidth.

I know os.system(), but this has to be done through a form entry
through a web interface.

Anyways thanks, do advise if there more pythonic solutions

Ramdas

 

[Ivan Voras]

Well,

I need to add users from a web interface for a web server, which runs
only Python. I need to add users, set quotas and in future even look at
managing ip tables to limit bandwidth.

I know os.system(), but this has to be done through a form entry
through a web interface.

Anyways thanks, do advise if there more pythonic solutions

What you're looking for is actually a pretty complex thing. You *could*
in theory manage /etc/passwd (and its "shadow" file) - you can find
crypto primitives like MD5 and DES on the 'net, but note that you must
run your script under the 'root' account in order to write (and even
read!) the passwd database. The same goes for using os.system and the
built-in OS utility. Be aware of security implications if you're running
your web server under the root account.

 

[Ravi Teja]

What you're looking for is actually a pretty complex thing. You *could*
in theory manage /etc/passwd (and its "shadow" file) - you can find
crypto primitives like MD5 and DES on the 'net, but note that you must
run your script under the 'root' account in order to write (and even
read!) the passwd database. The same goes for using os.system and the
built-in OS utility. Be aware of security implications if you're running
your web server under the root account.

How about invoking scripts with SUID root set?

 

[Jan Dries]

What you're looking for is actually a pretty complex thing. You *could*
in theory manage /etc/passwd (and its "shadow" file) - you can find
crypto primitives like MD5 and DES on the 'net, but note that you must
run your script under the 'root' account in order to write (and even
read!) the passwd database. The same goes for using os.system and the
built-in OS utility. Be aware of security implications if you're running
your web server under the root account.

A solution that is both more pythonic and avoids the problems listed
above would be to migrate user management from /etc/passwd to an LDAP
(though pam_ldap). That's the approach I took in a similar situation.
Sure, it adds the overhead of setting up and running an LDAP, but
managing users and their quota through python_ldap is much cleaner and
more flexible than doing so using os.system(), certainly from within a
web application.
That doesn't alter the fact though that security must be properly
considered in any application that can add users.

Regards,
Jan

 

[Sebastian 'lunar' Wiesner]

How about invoking scripts with SUID root set?

Linux seems to ignore SUID bit on scripts:

[lunar@nargond]-[17:03:23] >> ~/test
--> cat uidtest.py
#!/usr/bin/python
import os

print 'uid:', os.getuid()
print 'effective uid:', os.geteuid()
os.system('whoami')

[lunar@nargond]-[17:03:28] >> ~/test
--> ls -l uidtest.py
-rwsr-xr-x 1 root root 112 2007-01-02 17:03 uidtest.py

[lunar@nargond]-[17:03:46] >> ~/test
--> /home/lunar/test/uidtest.py
uid: 1000
effective uid: 1000
lunar

Anyway, you should definitely think about security issues. Not all
people out there are friendly...

 

[Carsten Haese]

Linux seems to ignore SUID bit on scripts:

I don't think that that has anything to do with Linux or not. The script
is not the actual executable, hence its suid bit is irrelevant. You'd
have to set the suid bit on the python executable, but that would affect
all python scripts, which is probably bad.

-Carsten

 

[Sebastian 'lunar' Wiesner]

I don't think that that has anything to do with Linux or not. The
script is not the actual executable, hence its suid bit is irrelevant.

I don't think so. From what I know, the script is passed as executable
to the kernel loader, which interprets the shebang and feeds the script
through the correct interpreter. So the kernel loader sees the script
itself as executable instead of the interpreter binary. I've heard of
other Unix systems, which handle this differently (meaning that the
SUID bit on scripts has an effect), but I may be wrong.

You'd have to set the suid bit on the python executable, but that
would affect all python scripts, which is probably bad.

It _is_ bad!

 

[Ravi Teja]

Linux seems to ignore SUID bit on scripts:

Yes. My bad. The work around was to use native launchers. I don't
remember the details. Perhaps with the interpreter embedded to launch
it in-process and to hard code the script paths (or at least a config
file/script pointing to them) for security.

Anyway, you should definitely think about security issues. Not all
people out there are friendly...

I agree. SUID is often risky.

Web applications such as webmin that do administrative functions
through a web interface require extra precautions for security such as
restricting access to specific IPs.

 

[Piet van Oostrum]

SW> Linux seems to ignore SUID bit on scripts:

The reason is that obeying SUID bits on scripts would be a security risk.

 

[Tim Roberts]

I need to add users from a web interface for a web server, which runs
only Python. I need to add users, set quotas and in future even look at
managing ip tables to limit bandwidth.

I know os.system(), but this has to be done through a form entry
through a web interface.

Anyways thanks, do advise if there more pythonic solutions

os.system is perfectly Pythonic, and can be executed from a CGI script. The
challenge is becoming root, which is necessary to do what you ask. You can
write a simple C program that is setuid root that calls your script for
you.

 

[Sebastian 'lunar' Wiesner]

The reason is that obeying SUID bits on scripts would be a security
risk.

I don't see a problem with SUID on scripts. If you restrict write access
to the owner, modification is hardly possible.
However, if you allow world-wide write access to your binaries and
scripts, both can easily be modified...

 

[Ivan Voras]

Carsten Haese <[email protected]> typed

I don't think so. From what I know, the script is passed as executable
to the kernel loader, which interprets the shebang and feeds the script
through the correct interpreter. So the kernel loader sees the script
itself as executable instead of the interpreter binary. I've heard of
other Unix systems, which handle this differently (meaning that the
SUID bit on scripts has an effect), but I may be wrong.

Yes, the kernel parses #! but the suid-ness is still controlled by the
target interpreter (i.e. python executable). At least BSD systems also
behave this way.

 

[Sebastian 'lunar' Wiesner]

Carsten Haese <[email protected]> typed

I don't think so. From what I know, the script is passed as
executable to the kernel loader, which interprets the shebang and
feeds the script through the correct interpreter. So the kernel
loader sees the script itself as executable instead of the
interpreter binary. I've heard of other Unix systems, which handle
this differently (meaning that the SUID bit on scripts has an
effect), but I may be wrong.

Yes, the kernel parses #! but the suid-ness is still controlled by the
target interpreter (i.e. python executable). At least BSD systems also
behave this way.

I don't think, that the interpreter controls SUID-ness. Privileges are
always handled by the kernel. At least the kernel needs to agree, when
a normal user wants to execute a SUID scripts.

 

[garylinux]

I find that I can often live with a 0-60 sec. pause. and set command in
a queue like
then have a cron that runs once a min as the user you need to run this
on
that looks at the queue and sees if there are any pending

I often use a sql database for this

 

[Piet van Oostrum]

SW> I don't see a problem with SUID on scripts. If you restrict write access
SW> to the owner, modification is hardly possible.
SW> However, if you allow world-wide write access to your binaries and
SW> scripts, both can easily be modified...

The scenario is as follows: Suppose the script starts with the line:
#!/usr/bin/python

(using #!/usr/bin/env python would be disastrous because the user could
supply his own `python interpreter' in his PATH.)

Now a malicious user can make a link to this file in his own directory,
e.g. to /Users/eve/myscript1. Because permissions are part of the file
(inode), not of the file name, this one is also suid.

Now she execs /Users/eve/myscript1. The kernel, when honoring suid scripts,
would startup python with effective uid root with the command line:
/usr/bin/env /Users/eve/myscript1

Now in another process eve changes the link /Users/eve/myscript1 to
point to another script /Users/eve/myscript2. If she manages to change the
link between the startup of the python executable and the interpreter
opening the file /Users/eve/myscript1, she has her own script running as
root.

Of course the timing is a bit critical but if you try often enough some
time it will succeed. The problem is the time window between starting the
executable and opening the script. There is no guarantee that the file will
be the same. It can only be made safe if interpreters can be passed inodes
or opened files by the kernel, but that is not how most interpreters work.
At least not python.

 

[Lawrence D'Oliveiro]

The scenario is as follows: Suppose the script starts with the line:
#!/usr/bin/python

(using #!/usr/bin/env python would be disastrous because the user could
supply his own `python interpreter' in his PATH.)

Now a malicious user can make a link to this file in his own directory,
e.g. to /Users/eve/myscript1. Because permissions are part of the file
(inode), not of the file name, this one is also suid.

Now she execs /Users/eve/myscript1. The kernel, when honoring suid
scripts, would startup python with effective uid root with the command
line: /usr/bin/env /Users/eve/myscript1

No it wouldn't. This security hole was fixed years ago.

 

[Piet van Oostrum]

LD> No it wouldn't. This security hole was fixed years ago.

How?