Solved

Possible to Create a User in a Program

Posted on 2000-04-10
4
269 Views
Last Modified: 2010-04-21
I would like to know if it possible to add a user to a Unix system within a program that does not require root privelege. I would like to do this using Java if possible.
0
Comment
Question by:andrewmchorney
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 2701659
Yes, it's possible to progamatically add a users, and no, you can't do it without root privs. Either the main task must have root privs or the external commands that the task could call would have to have root privs.
0
 

Author Comment

by:andrewmchorney
ID: 2702009
Suppose I have a Java application that would like to create a new user after a user id and passeord was entered in the screen. Could the Java application execute commands or a program that require root priveleges without the Java program running as root.

I would think that an average user application could not start up a program that requires root priveleges.

0
 

Author Comment

by:andrewmchorney
ID: 2702098
Suppose I have a Java application that would like to create a new user after a user id and passeord was entered in the screen. Could the Java application execute commands or a program that require root priveleges without the Java program running as root.

I would think that an average user application could not start up a program that requires root priveleges.

0
 
LVL 2

Accepted Solution

by:
festive earned 50 total points
ID: 2702355
Jlevie is quite correct: unix uses a heirachical permissions model, which gives only the superuser (or equivalent account) access to administrative functions such as adding new accounts.

I have done exactly what you are talking about in the following way:

I have created a Java Application (NOT APPLET - due to applet security restrictions) which talks to a native method (small c program).

The server (Java) does not need or warrant setuid (root) priviledges, so it runs as "nobody", and the c program after being compiled runs as SETUID root.

Care must be taken to ensure the following:
1) that the setuid program is not executable by anyone but the server process etc.

2) that there is some authentication for the account ( ie a checksum/key etc) we use a key and an LFSR (Linear Feedback Shift Register) to validate requests). Ideally all requests and responses to the program should be encrypted with one-time synchronised keys or public key encryption (ie the main program has a public and private key, and the c program has the same)

3) the account should be setup so that no one can log into it (through any services) and strong controls/SSL should be used if it is to be internet/intranet deployed.

Hope this helps
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question