-1

I've been trying to run Linux terminal commands via a Python script, and I can't seem to do anything with what I've found so far.

This is what I've done so far:

import os
import crypt

def addnewuser():

    uname=raw_input("Select Username")
    upass=raw_input("Select Password")

    #The encryption module seems to solve the obvious security leak,
    #but I still don't know whether even the exposed encrypted password is safe or not.
    ucrypt=crypt.crypt(upass,"123")
    os.system("useradd -m -p "+upass+" "+uname)

addnewuser()

This has been asked before, but I can't seem to find a solution, because whenever I run the script, nothing changes when I try to display all user when I'm typing 

compgen -u

on the terminal.

Update 1: I want to make the process secure, and I've found that I can protect the sudo password from being recorded in the terminal history by using the stdout file. How can I write there with python to create users?

Update 2: I have managed to avoid some security leaks by encrypting the user password by using the encryption module in my code. But if the intruder has the encrypted password, isn't it the same thing?

The main purpose of this is for me to learn how to develop adminstration tools, preferrably in Python.

I use Python 2.7, as well as PythonIDLE, on Ubuntu 16.04.

Thank you for your help.

Community
  • 1
  • 1
Themistoklis Gkasios
  • 36
  • 1
  • 1
  • 10

2 Answers2

0

One of the very dirty solution is to run

os.system("sudo useradd -m -p "+upass+" "+uname)

and add to /etc/sudoers

user ALL=NOPASSWD: useradd

where user is the name of user which runs your script.

AGAIN IT IS VERY UNSAFE and HIGHLY NOT RECOMENDED

rth
  • 2,946
  • 1
  • 22
  • 27
  • I understand that it is unsafe; I'm trying to make it happen for a first milestone. – Themistoklis Gkasios Mar 20 '17 at 04:17
  • There are two big problems: (1) you give the root access to user which run network server; (2) you pass password as command line argument. I would suggest to rethink your application and keep everything inside python. – rth Mar 20 '17 at 04:24
  • For starters, I 'm thinking about using the stdin or stdout (still figuring out which one) to avoid having the sudo pass recorded in the terminal history. – Themistoklis Gkasios Mar 20 '17 at 04:32
  • I've found [this](http://stackoverflow.com/questions/3385201/confused-about-stdin-stdout-and-stderr) as resource on where to input the sudo password – Themistoklis Gkasios Mar 20 '17 at 04:36
  • you can try to use subprocess module to organize stdin/stdout pipes... but it should **not** work, because I afraid, useradd should read directly from tty device. – rth Mar 20 '17 at 04:43
  • many of the ways that go around most issues use shell scripts. Is there any case shell scripting works better than python? Where sould I start? – Themistoklis Gkasios Mar 20 '17 at 04:53
  • It is hard to say, I don't know what you are trying to do and what kind of application you are writing. Solution above should work but again it is **very insecure**. – rth Mar 20 '17 at 05:03
0

For my application, what I needed was a way to run sudo commands over a python script.

This answer is basically what I was looking for.

Thanks again for taking the time to help.

Codebling
  • 10,764
  • 2
  • 38
  • 66
Themistoklis Gkasios
  • 36
  • 1
  • 1
  • 10