Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Possible to Create a User in a Program

Posted on 2000-04-10
4
Medium Priority
?
275 Views
Last Modified: 2010-04-21
I would like to know if it possible to add a user to a Unix system within a program that does not require root privelege. I would like to do this using Java if possible.
0
Comment
Question by:andrewmchorney
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 2701659
Yes, it's possible to progamatically add a users, and no, you can't do it without root privs. Either the main task must have root privs or the external commands that the task could call would have to have root privs.
0
 

Author Comment

by:andrewmchorney
ID: 2702009
Suppose I have a Java application that would like to create a new user after a user id and passeord was entered in the screen. Could the Java application execute commands or a program that require root priveleges without the Java program running as root.

I would think that an average user application could not start up a program that requires root priveleges.

0
 

Author Comment

by:andrewmchorney
ID: 2702098
Suppose I have a Java application that would like to create a new user after a user id and passeord was entered in the screen. Could the Java application execute commands or a program that require root priveleges without the Java program running as root.

I would think that an average user application could not start up a program that requires root priveleges.

0
 
LVL 2

Accepted Solution

by:
festive earned 150 total points
ID: 2702355
Jlevie is quite correct: unix uses a heirachical permissions model, which gives only the superuser (or equivalent account) access to administrative functions such as adding new accounts.

I have done exactly what you are talking about in the following way:

I have created a Java Application (NOT APPLET - due to applet security restrictions) which talks to a native method (small c program).

The server (Java) does not need or warrant setuid (root) priviledges, so it runs as "nobody", and the c program after being compiled runs as SETUID root.

Care must be taken to ensure the following:
1) that the setuid program is not executable by anyone but the server process etc.

2) that there is some authentication for the account ( ie a checksum/key etc) we use a key and an LFSR (Linear Feedback Shift Register) to validate requests). Ideally all requests and responses to the program should be encrypted with one-time synchronised keys or public key encryption (ie the main program has a public and private key, and the c program has the same)

3) the account should be setup so that no one can log into it (through any services) and strong controls/SSL should be used if it is to be internet/intranet deployed.

Hope this helps
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question