Here is a script the will help you
------------------------------------------------------------------------------
#!/usr/bin/perl
# manage.pl
#
# A program designed to allow teachers on a campus to handle adding
# and changing students to the system.
#
# At my school, all students have an ID number that happens to start
# with 135 - you'll need to come up with some unique identifier as well
# if you want to limit the person running this script to only modifying
# those users.
#
# Assumptions:
# All students are entered into a single group (this is not
# the default for RedHat, not sure about other distros).
#
# Changelog:
#
# Version 0.2
# -----------
# November 6, 2000 - Added rudimentary locking to prevent overlapping
# users - could be a bad thing
#
# Version 0.1
# -----------
# February 21, 2000 - First version
#
# License: GPL - Don't blame me if it breaks your system!
#
# Chris Hobbs <chobbs@silvervalley.k12.ca.us>
use Expect;
$| =1;
# Set up some useful tokens
$TRUE = (1 == 1);
$FALSE = (0 == 1);
# User definable variables
$student_group = "502"; # Group all students belong to
$samba = $TRUE; # Using samba?
$nis = $TRUE; # Using NIS?
$quota = $TRUE; # Using quotas?
$quota_prototype = 'ttest'; # Username to duplicate for edquota
$lockfile = '/tmp/manage.lock'; # Lockfile to prevent multiple users
$touch = '/bin/touch'; # Location of touch commmand
# That's all for user definable variables...
$check_locked = $FALSE;
main ();
sub main {
# Check for exisitence of lockfile - if it exists, exit, otherwise
# touch the lockfile and move on - we'll delete it later.
# *** It would be very easy for a user to block access
# *** to the program by creating their own $lockfile. That's
# *** why I've got this chmod'ed to prevent reading
# *** Security Through Obscurity at it's best!
unless ($check_locked) {
-e $lockfile?
die ("$lockfile exists: try again in a few minutes.\n"
:
`$touch $lockfile`;
$check_locked = $TRUE;
}
print "\n";
$good_entry = ($FALSE);
until ($good_entry) {
print "Please enter student ID number (0 to quit): ";
$student_id = <STDIN>;
chomp $student_id;
if ($student_id =~ /^0$/) {
unlink $lockfile;
exit 0;
}
$good_entry = ($student_id =~ /^135\d{4}$/);
}
if (getpwnam $student_id) {
edit_student($student_id);
} else {
add_student($student_id);
}
}
sub edit_student {
$student_id = $_[0];
(undef, undef, undef, undef, undef, undef, $name, undef) = getpwnam $student_id;
print "Modify $name? (y/n): ";
$answer = <STDIN>;
chomp $answer;
main () unless ($answer eq "y"
;
open SHADOW, "/etc/shadow";
@shadow = <SHADOW>;
close SHADOW;
@lines = grep /^$student_id/, @shadow;
if (@lines > 1) {
print "\n Uh-oh! There's a major problem. There are multiple\n";
print " entries for $name in /etc/shadow. Exiting!\n\n";
unlink $lockfile;
exit (1);
}
(undef, $passwd, undef) = split (/:/, $lines[0]);
if ((substr $passwd, 0, 1) eq "*"
{
$enabled = $FALSE;
print "\n 1) Enable this account.\n";
} else {
$enabled = $TRUE;
print "\n 1) Disable this account.\n";
}
print " 2) Change password.\n";
print "\nEnter Choice (1/2): ";
$choice = <STDIN>;
chomp $choice;
if ($choice eq "1"
{
toggle_active ($enabled, $student_id);
} elsif ($choice eq "2"
{
change_passwd ($student_id);
} else {
print "\nSorry, your choice confused me! Exiting...\n\n";
unlink $lockfile;
exit (1);
}
}
sub toggle_active {
$enabled = $_[0];
$student_id = $_[1];
open SHADOW, "/etc/shadow";
@shadow = <SHADOW>;
close SHADOW;
foreach $line (@shadow) {
unless ($line =~ /^$student_id/) {next};
($name, $passwd, $therest) = split (/:/, $line, 3);
if ($enabled) {
$passwd = "*" . $passwd;
print `/usr/bin/smbpasswd -d $student_id\n`;
print "\n\n Student $student_id has been disabled.\n\n";
} else {
$passwd = substr $passwd, 1;
print `/usr/bin/smbpasswd -e $student_id\n`;
print "\n\n Student $student_id has been enabled.\n\n";
}
$line = "${name}:${passwd}:$therest";
last;
}
open SHADOW, ">/etc/shadow";
print SHADOW @shadow;
close SHADOW;
if ($nis) { nis_remake () };
unlink $lockfile;
exit (0);
}
sub change_passwd {
$student_id = $_[0];
$newpass = gen_passwd ();
# Change Linux passwd...
$command = Expect->spawn("/usr/bin/passwd $student_id"
or die "Couldn't start program: $!\n";
$command->log_stdout(0);
unless ($command->expect(5, "password:"
) {};
print $command "$newpass\r";
unless ($command->expect(5, "password:"
) {};
print $command "$newpass\r";
$command->soft_close();
# Call Samba passwd if neccessary...
if ($samba) { change_samba ($student_id, $newpass) }
# Call nis_remake to update the maps...
if ($nis) { nis_remake() }
# OK, we're done...
print "\n\n Complete: password changed for $student_id: $newpass\n\n";
unlink $lockfile;
exit (0);
}
sub change_samba {
$student_id = $_[0];
$newpass = $_[1];
open TEMP, ">/root/temppass";
print TEMP "$newpass\n$newpass";
close TEMP;
print `/usr/bin/smbpasswd -s $student_id < /root/temppass`;
unlink "/root/temppass";
}
sub nis_remake {
$curdir = `pwd`;
chdir "/var/yp";
`/usr/bin/make all\n`;
`cp /var/yp/*.* /var/yp/svhs/`;
chdir $curdir;
}
# This routine creates random passwords based on concatenating two short
# words with a symbol inbetween (DOG#puck or girl%PEN for example). Not as
# secure as truly random passwords, but much easier for a student to remember.
#
# @badwords is an array of words that I'm not using from he built-in dictionary,
# mainly to avoid getting sued by an irate parent!
sub gen_passwd {
@badwords = qw/put own list of bad words here/;
for (@badwords) {$is_badword{$_} = 1}
open DICT, "/usr/dict/linux.words";
foreach (<DICT>) {
chomp;
if ((length($_) == 3) && ($is_badword{lc($_)} != 1)) {push @three, $_}
if ((length($_) == 4) && ($is_badword{lc($_)} != 1)) {push @four, $_}
}
close DICT;
@nums = qw/! @ # $ % ^ & * ( ) - _ + = \\ \/ : ; ' " [ ] { }/;
$threeleft = int (rand() + 0.5);
$upperleft = int (rand() + 0.5);
if ($threeleft) {
if ($upperleft) {
$pass = uc ($three[rand(@three)]);
$pass .= $nums[rand(@nums)];
$pass .= lc ($four[rand(@four)]);
} else {
$pass = lc ($three[rand(@three)]);
$pass .= $nums[rand(@nums)];
$pass .= uc ($four[rand(@four)]);
}
} else {
if ($upperleft) {
$pass = uc ($four[rand(@four)]);
$pass .= $nums[rand(@nums)];
$pass .= lc ($three[rand(@three)]);
} else {
$pass = lc ($four[rand(@four)]);
$pass .= $nums[rand(@nums)];
$pass .= uc ($three[rand(@three)]);
}
}
return $pass;
}
sub add_student {
$student_id = $_[0];
$newpass = gen_passwd ();
print " Enter Name of Student ($student_id): ";
$desc = <STDIN>;
chomp $desc;
# Need to find the largest uid so we can go one above it...
open PASSWD, "/etc/passwd";
@passwd = <PASSWD>;
close PASSWD;
$max_id = 0;
foreach (@passwd) {
(undef, undef, $uid, undef) = split (/:/);
if ($uid > $max_id) {
$max_id = $uid;
}
}
$num_id = $max_id + 1;
# Write the info to a temp file for newusers to input...
open TEMP_ONE, ">temp_one" || die "Unable to open first output file: $!\n";
print TEMP_ONE "${student_id}:${newpass}:${num_id}:student:${desc}:/home/${student_id}:/bin/bash\n";
close TEMP_ONE;
print `/usr/sbin/newusers temp_one\n`;
print `/usr/bin/chage -m 0 -M 99999 $student_id\n`;
unlink "temp_one";
# Add to Samba if neccessary...
if ($samba) {
print `/usr/bin/smbpasswd -a -n $student_id\n`;
change_samba ($student_id, $newpass);
}
# Set user quota if neccessary
if ($quota) {
print `/usr/sbin/edquota -p $quota_prototype $student_id\n`;
}
# Enable account... (why is it it disabled????)
open PASSWD, "/etc/passwd";
@passwd = <PASSWD>;
close PASSWD;
foreach (@passwd) {
if (/^${student_id}:!:/) {
$_ =~ s/^${student_id}:!:/${student_id}:x:/;
}
}
open PASSWD, ">/etc/passwd";
print PASSWD @passwd;
close PASSWD;
# Remake NIS maps if neccessary...
if ($nis) { nis_remake() }
# Tell the user what we've done...
print "\n\n New user $student_id ($desc) created. Password: $newpass\n\n";
unlink $lockfile;
exit (0);
}
