Comments on: Script for disabling users (follow up for creating user) http://www.freetechie.com/blog/script-for-deleting-users-follow-up-for-creating-user/ In the world of linux your boundaries are free Sat, 19 May 2012 09:09:22 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: WorkatHomeJobs http://www.freetechie.com/blog/script-for-deleting-users-follow-up-for-creating-user/comment-page-1/#comment-8748 WorkatHomeJobs Mon, 31 Aug 2009 13:36:34 +0000 http://www.benkevan.com/blog/?p=217#comment-8748 There are a lot that we do not know, could you tell us more? There are a lot that we do not know, could you tell us more?

]]> By: ben.kevan http://www.freetechie.com/blog/script-for-deleting-users-follow-up-for-creating-user/comment-page-1/#comment-7433 ben.kevan Fri, 31 Oct 2008 15:19:22 +0000 http://www.benkevan.com/blog/?p=217#comment-7433 Hi Thomas, Great suggestions. Since you must be root while running this script I guess I am relying on the sysadmins (currently only me, but this is being built with expansion of our environment in mind) to use them correctly. the /tmp/passwd.tmp is written as root, thus a regular local user cannot modify it in the process (i'll verify that). I will also try to inject some commands in USER_TO_DIS to see if I should disallow some characters.. probably just ` .. thanks for the suggestions.. that's exactly the type of feedback I was looking for. Hi Thomas,

Great suggestions. Since you must be root while running this script I guess I am relying on the sysadmins (currently only me, but this is being built with expansion of our environment in mind) to use them correctly. the /tmp/passwd.tmp is written as root, thus a regular local user cannot modify it in the process (i’ll verify that).

I will also try to inject some commands in USER_TO_DIS to see if I should disallow some characters.. probably just ` .. thanks for the suggestions.. that’s exactly the type of feedback I was looking for.

]]> By: thomas http://www.freetechie.com/blog/script-for-deleting-users-follow-up-for-creating-user/comment-page-1/#comment-7432 thomas Fri, 31 Oct 2008 14:34:10 +0000 http://www.benkevan.com/blog/?p=217#comment-7432 hi, USER_TO_DIS can contain shell meta-chars which leads to execution of commands embedded in the user's name... unlikely. but what about local user owning/modifying /tmp/etc/passwd.tmp to add their own root account? bye thomas hi,
USER_TO_DIS can contain shell meta-chars which leads to execution of commands embedded in the user’s name… unlikely. but what about local user owning/modifying /tmp/etc/passwd.tmp to add their own root account?

bye
thomas

]]> By: ben.kevan http://www.freetechie.com/blog/script-for-deleting-users-follow-up-for-creating-user/comment-page-1/#comment-7431 ben.kevan Fri, 31 Oct 2008 13:32:45 +0000 http://www.benkevan.com/blog/?p=217#comment-7431 Sorry about that. I used the wrong title.. This is actually used to disable a user by adding X in front of the name. I disable the user for a quarter, and every quarter I run a script that then deletes a user that is connected out (with the X). This allows me to enable an account if a user did not leave. Again, reporting for an enterprise environment for controls for SOX. I'll modify the tittle since it should be "disable user" thanks Sorry about that. I used the wrong title.. This is actually used to disable a user by adding X in front of the name. I disable the user for a quarter, and every quarter I run a script that then deletes a user that is connected out (with the X). This allows me to enable an account if a user did not leave. Again, reporting for an enterprise environment for controls for SOX.

I’ll modify the tittle since it should be “disable user” thanks

]]> By: Marcus Meissner http://www.freetechie.com/blog/script-for-deleting-users-follow-up-for-creating-user/comment-page-1/#comment-7428 Marcus Meissner Fri, 31 Oct 2008 07:00:25 +0000 http://www.benkevan.com/blog/?p=217#comment-7428 What about just using userdel -r username ? What about just using

userdel -r username

?

]]>